[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Dec 21 20:10:32 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
20e190a4 by security tracker role at 2020-12-21T20:10:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-35600
+	RESERVED
+CVE-2020-35599
+	RESERVED
+CVE-2020-35598
+	RESERVED
+CVE-2020-35597
+	RESERVED
+CVE-2020-35596
+	RESERVED
+CVE-2020-35595
+	RESERVED
+CVE-2020-35594
+	RESERVED
 CVE-2020-35593
 	RESERVED
 CVE-2020-35592
@@ -2275,8 +2289,7 @@ CVE-2020-35499
 	RESERVED
 CVE-2020-35498
 	RESERVED
-CVE-2020-35497
-	RESERVED
+CVE-2020-35497 (A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authent ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2020-35496
 	RESERVED
@@ -2884,14 +2897,14 @@ CVE-2020-35278
 	RESERVED
 CVE-2020-35277
 	RESERVED
-CVE-2020-35276
-	RESERVED
-CVE-2020-35275
-	RESERVED
-CVE-2020-35274
-	RESERVED
-CVE-2020-35273
-	RESERVED
+CVE-2020-35276 (EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An at ...)
+	TODO: check
+CVE-2020-35275 (Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user c ...)
+	TODO: check
+CVE-2020-35274 (DotCMS Add Template with admin panel 20.11 is affected by cross-site S ...)
+	TODO: check
+CVE-2020-35273 (EgavilanMedia User Registration & Login System with Admin Panel 1. ...)
+	TODO: check
 CVE-2020-35272
 	RESERVED
 CVE-2020-35271
@@ -11908,8 +11921,7 @@ CVE-2020-27848
 CVE-2020-27847
 	RESERVED
 	NOT-FOR-US: github.com/dexidp/dex
-CVE-2020-27846
-	RESERVED
+CVE-2020-27846 (A signature verification vulnerability exists in crewjam/saml. This fl ...)
 	NOT-FOR-US: github.com/crewjam/saml
 CVE-2020-27845
 	RESERVED
@@ -13804,8 +13816,8 @@ CVE-2020-27256
 	RESERVED
 CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
 	NOT-FOR-US: FactoryTalk
-CVE-2020-27254
-	RESERVED
+CVE-2020-27254 (Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, X ...)
+	TODO: check
 CVE-2020-27253 (A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx ...)
 	NOT-FOR-US: FactoryTalk
 CVE-2020-27252 (Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race ...)
@@ -15707,8 +15719,8 @@ CVE-2020-26424
 	RESERVED
 CVE-2020-26423
 	RESERVED
-CVE-2020-26422
-	RESERVED
+CVE-2020-26422 (Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows d ...)
+	TODO: check
 CVE-2020-26421 (Crash in USB HID protocol dissector and possibly other dissectors in W ...)
 	- wireshark 3.4.1-1
 	[buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
@@ -16018,8 +16030,8 @@ CVE-2020-26277
 	RESERVED
 CVE-2020-26276 (Fleet is an open source osquery manager. In Fleet before version 3.5.1 ...)
 	NOT-FOR-US: Fleet (osquery frontend)
-CVE-2020-26275
-	RESERVED
+CVE-2020-26275 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...)
+	TODO: check
 CVE-2020-26274 (In systeminformation (npm package) before version 4.31.1 there is a co ...)
 	NOT-FOR-US: Node systeminformation
 CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, monitoring, ...)
@@ -16042,8 +16054,8 @@ CVE-2020-26265 (Go Ethereum, or "Geth", is the official Golang implementation of
 	- golang-github-go-ethereum <itp> (bug #890541)
 CVE-2020-26264 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...)
 	- golang-github-go-ethereum <itp> (bug #890541)
-CVE-2020-26263
-	RESERVED
+CVE-2020-26263 (tlslite-ng is an open source python library that implements SSL and TL ...)
+	TODO: check
 CVE-2020-26262
 	RESERVED
 CVE-2020-26261 (jupyterhub-systemdspawner enables JupyterHub to spawn single-user note ...)
@@ -16573,8 +16585,8 @@ CVE-2020-26051
 	RESERVED
 CVE-2020-26050
 	RESERVED
-CVE-2020-26049
-	RESERVED
+CVE-2020-26049 (Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is r ...)
+	TODO: check
 CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows an authen ...)
 	NOT-FOR-US: CuppaCMS
 CVE-2020-26047
@@ -16967,8 +16979,7 @@ CVE-2020-25862 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.2
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16816
 CVE-2020-25861
 	RESERVED
-CVE-2020-25860
-	RESERVED
+CVE-2020-25860 (The install.c module in the Pengutronix RAUC update client prior to ve ...)
 	- rauc 1.5-1
 	NOTE: https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv
 CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to ve ...)
@@ -20360,7 +20371,7 @@ CVE-2020-24423 (Adobe Media Encoder version 14.4 (and earlier) for Windows is af
 	NOT-FOR-US: Adobe
 CVE-2020-24422 (Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and ...)
 	NOT-FOR-US: Adobe
-CVE-2020-24421 (Adobe InDesign version 15.1.2 (and earlier) is affected by a memory co ...)
+CVE-2020-24421 (Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL poin ...)
 	NOT-FOR-US: Adobe
 CVE-2020-24420 (Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected b ...)
 	NOT-FOR-US: Adobe
@@ -34259,8 +34270,8 @@ CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache Tomc
 	- tomcat8 <removed>
 	NOTE: https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65 (9.0.40)
 	NOTE: https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29 (8.5.60)
-CVE-2020-17526
-	RESERVED
+CVE-2020-17526 (Incorrect Session Validation in Apache Airflow Webserver versions prio ...)
+	TODO: check
 CVE-2020-17525
 	RESERVED
 CVE-2020-17524
@@ -42584,8 +42595,8 @@ CVE-2020-14227
 	RESERVED
 CVE-2020-14226
 	RESERVED
-CVE-2020-14225
-	RESERVED
+CVE-2020-14225 (HCL iNotes is susceptible to a Tabnabbing vulnerability caused by impr ...)
+	TODO: check
 CVE-2020-14224 (A vulnerability in the MIME message handling of the HCL Notes v9 clien ...)
 	NOT-FOR-US: HCL Notes
 CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scri ...)
@@ -60703,6 +60714,7 @@ CVE-2020-7790 (This affects the package spatie/browsershot from 0.0.0. By specif
 CVE-2020-7789 (This affects the package node-notifier before 9.0.0. It allows an atta ...)
 	NOT-FOR-US: Node node-notifier
 CVE-2020-7788 (This affects the package ini before 1.3.6. If an attacker submits a ma ...)
+	{DLA-2503-1}
 	- node-ini 2.0.0-1 (bug #977718)
 	[buster] - node-ini <no-dsa> (Minor issue)
 	NOTE: https://snyk.io/vuln/SNYK-JS-INI-1048974
@@ -62813,10 +62825,10 @@ CVE-2020-6884
 	RESERVED
 CVE-2020-6883
 	RESERVED
-CVE-2020-6882
-	RESERVED
-CVE-2020-6881
-	RESERVED
+CVE-2020-6882 (ZTE E8810/E8820/E8822 series routers have an information leak vulnerab ...)
+	TODO: check
+CVE-2020-6881 (ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, w ...)
+	TODO: check
 CVE-2020-6880 (A ZXELINK wireless controller has a SQL injection vulnerability. A rem ...)
 	NOT-FOR-US: ZXELINK
 CVE-2020-6879 (Some ZTE devices have input verification vulnerabilities. The devices  ...)
@@ -65694,8 +65706,8 @@ CVE-2020-5810
 	RESERVED
 CVE-2020-5809
 	RESERVED
-CVE-2020-5808
-	RESERVED
+CVE-2020-5808 (In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could po ...)
+	TODO: check
 CVE-2020-5807
 	RESERVED
 CVE-2020-5806
@@ -68032,8 +68044,8 @@ CVE-2020-4990
 	RESERVED
 CVE-2020-4989
 	RESERVED
-CVE-2020-4988
-	RESERVED
+CVE-2020-4988 (Loopback 8.0.0 contains a vulnerability that could allow an attacker t ...)
+	TODO: check
 CVE-2020-4987
 	RESERVED
 CVE-2020-4986
@@ -68268,8 +68280,8 @@ CVE-2020-4872
 	RESERVED
 CVE-2020-4871
 	RESERVED
-CVE-2020-4870
-	RESERVED
+CVE-2020-4870 (IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack cau ...)
+	TODO: check
 CVE-2020-4869
 	RESERVED
 CVE-2020-4868
@@ -68322,14 +68334,14 @@ CVE-2020-4845 (IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to
 	NOT-FOR-US: IBM
 CVE-2020-4844
 	RESERVED
-CVE-2020-4843
-	RESERVED
-CVE-2020-4842
-	RESERVED
-CVE-2020-4841
-	RESERVED
-CVE-2020-4840
-	RESERVED
+CVE-2020-4843 (IBM Security Secret Server 10.6 stores potentially sensitive informati ...)
+	TODO: check
+CVE-2020-4842 (IBM Security Secret Server 10.6 could allow a remote attacker to obtai ...)
+	TODO: check
+CVE-2020-4841 (IBM Security Secret Server 10.6 could allow a remote attacker to obtai ...)
+	TODO: check
+CVE-2020-4840 (IBM Security Secret Server 10.6 could allow a remote attacker to condu ...)
+	TODO: check
 CVE-2020-4839
 	RESERVED
 CVE-2020-4838
@@ -68420,8 +68432,8 @@ CVE-2020-4796
 	RESERVED
 CVE-2020-4795
 	RESERVED
-CVE-2020-4794
-	RESERVED
+CVE-2020-4794 (IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Busines ...)
+	TODO: check
 CVE-2020-4793
 	RESERVED
 CVE-2020-4792
@@ -68497,8 +68509,8 @@ CVE-2020-4759 (IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulner
 	NOT-FOR-US: IBM
 CVE-2020-4758
 	RESERVED
-CVE-2020-4757
-	RESERVED
+CVE-2020-4757 (IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulner ...)
+	TODO: check
 CVE-2020-4756 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5. ...)
 	NOT-FOR-US: IBM
 CVE-2020-4755 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site s ...)
@@ -68901,8 +68913,8 @@ CVE-2020-4557 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Bus
 	NOT-FOR-US: IBM
 CVE-2020-4556
 	RESERVED
-CVE-2020-4555
-	RESERVED
+CVE-2020-4555 (IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate  ...)
+	TODO: check
 CVE-2020-4554 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
 	NOT-FOR-US: IBM
 CVE-2020-4553 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
@@ -70042,8 +70054,8 @@ CVE-2020-4001 (The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passw
 	NOT-FOR-US: VMware
 CVE-2020-4000 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, ...)
 	NOT-FOR-US: VMware
-CVE-2020-3999
-	RESERVED
+CVE-2020-3999 (VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16. ...)
+	TODO: check
 CVE-2020-3998 (VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an inf ...)
 	NOT-FOR-US: VMware
 CVE-2020-3997 (VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross ...)
@@ -87230,8 +87242,8 @@ CVE-2019-16961
 	RESERVED
 CVE-2019-16960
 	RESERVED
-CVE-2019-16959
-	RESERVED
+CVE-2019-16959 (SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Fo ...)
+	TODO: check
 CVE-2019-16958 (Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 1 ...)
 	NOT-FOR-US: SolarWinds Web Help Desk
 CVE-2019-16957 (SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20e190a40d44abcc63c21383ca6e150c4b6111ac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20e190a40d44abcc63c21383ca6e150c4b6111ac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201221/d369d91b/attachment.html>

More information about the debian-security-tracker-commits mailing list