[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Dec 23 08:10:25 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86ad3d5b by security tracker role at 2020-12-23T08:10:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2020-35658 (SpamTitan before 7.09 allows attackers to tamper with backups, because ...)
+	TODO: check
+CVE-2020-35657 (Jaws through 1.8.0 allows remote authenticated administrators to execu ...)
+	TODO: check
+CVE-2020-35656 (Jaws through 1.8.0 allows remote authenticated administrators to execu ...)
+	TODO: check
+CVE-2020-35655
+	RESERVED
+CVE-2020-35654
+	RESERVED
+CVE-2020-35653
+	RESERVED
+CVE-2020-35652
+	RESERVED
+CVE-2020-35651
+	RESERVED
+CVE-2020-35650
+	RESERVED
+CVE-2020-35649
+	RESERVED
+CVE-2020-35648
+	RESERVED
+CVE-2020-35647
+	RESERVED
+CVE-2020-35646
+	RESERVED
+CVE-2020-35645
+	RESERVED
+CVE-2020-35644
+	RESERVED
+CVE-2020-35643
+	RESERVED
+CVE-2020-35642
+	RESERVED
+CVE-2020-35641
+	RESERVED
+CVE-2020-35640
+	RESERVED
+CVE-2020-35639
+	RESERVED
+CVE-2020-35638
+	RESERVED
+CVE-2020-35637
+	RESERVED
+CVE-2020-35636
+	RESERVED
+CVE-2020-35635
+	RESERVED
+CVE-2020-35634
+	RESERVED
+CVE-2020-35633
+	RESERVED
+CVE-2020-35632
+	RESERVED
+CVE-2020-35631
+	RESERVED
+CVE-2020-35630
+	RESERVED
+CVE-2020-35629
+	RESERVED
+CVE-2020-35628
+	RESERVED
 CVE-2021-21433
 	RESERVED
 CVE-2021-21432
@@ -690,10 +752,10 @@ CVE-2020-35611
 	RESERVED
 CVE-2020-35610
 	RESERVED
-CVE-2020-35609
-	RESERVED
-CVE-2020-35608
-	RESERVED
+CVE-2020-35609 (A denial-of-service vulnerability exists in the asynchronous ioctl fun ...)
+	TODO: check
+CVE-2020-35608 (A code execution vulnerability exists in the normal world’s sign ...)
+	TODO: check
 CVE-2020-35607
 	RESERVED
 CVE-2020-35606 (Arbitrary command execution can occur in Webmin through 1.962. Any use ...)
@@ -3176,12 +3238,12 @@ CVE-2020-35482
 CVE-2020-35481
 	RESERVED
 CVE-2020-35480 (An issue was discovered in MediaWiki before 1.35.1. Missing users (acc ...)
-	{DSA-4816-1}
+	{DSA-4816-1 DLA-2504-1}
 	- mediawiki 1:1.35.1-1
 	NOTE: https://phabricator.wikimedia.org/T120883
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
 CVE-2020-35479 (MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language ...)
-	{DSA-4816-1}
+	{DSA-4816-1 DLA-2504-1}
 	- mediawiki 1:1.35.1-1
 	NOTE: https://phabricator.wikimedia.org/T268938
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
@@ -3192,7 +3254,7 @@ CVE-2020-35478 (MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Me
 	NOTE: https://phabricator.wikimedia.org/T268938
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
 CVE-2020-35477 (MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries ...)
-	{DSA-4816-1}
+	{DSA-4816-1 DLA-2504-1}
 	- mediawiki 1:1.35.1-1
 	NOTE: https://phabricator.wikimedia.org/T205908
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
@@ -5724,8 +5786,8 @@ CVE-2020-29585
 	RESERVED
 CVE-2020-29584
 	RESERVED
-CVE-2020-29583
-	RESERVED
+CVE-2020-29583 (Firmware version 4.60 of Zyxel USG devices contains an undocumented ac ...)
+	TODO: check
 CVE-2020-29582
 	RESERVED
 CVE-2020-29581 (The official spiped docker images before 1.5-alpine contain a blank pa ...)
@@ -8050,8 +8112,8 @@ CVE-2020-28643
 	RESERVED
 CVE-2020-28642 (In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail gener ...)
 	NOT-FOR-US: InfiniteWP Admin Panel
-CVE-2020-28641
-	RESERVED
+CVE-2020-28641 (In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an a ...)
+	TODO: check
 CVE-2020-28640
 	RESERVED
 CVE-2020-28639
@@ -14366,12 +14428,12 @@ CVE-2020-27340 (The online help portal of Mitel MiCollab before 9.2 could allow
 	NOT-FOR-US: Mitel
 CVE-2020-27339
 	RESERVED
-CVE-2020-27338
-	RESERVED
-CVE-2020-27337
-	RESERVED
-CVE-2020-27336
-	RESERVED
+CVE-2020-27338 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input  ...)
+	TODO: check
+CVE-2020-27337 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input  ...)
+	TODO: check
+CVE-2020-27336 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input  ...)
+	TODO: check
 CVE-2020-27335
 	RESERVED
 CVE-2020-27334
@@ -19699,8 +19761,8 @@ CVE-2020-25068 (Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusio
 	NOT-FOR-US: Setelsa Conacwin
 CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command injecti ...)
 	NOT-FOR-US: Netgear
-CVE-2020-25066
-	RESERVED
+CVE-2020-25066 (A heap-based buffer overflow in the Treck HTTP Server component before ...)
+	TODO: check
 CVE-2020-25065 (An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, ...)
 	NOT-FOR-US: LG mobile devices
 CVE-2020-25064 (An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, ...)
@@ -20514,28 +20576,28 @@ CVE-2020-24685
 	RESERVED
 CVE-2020-24684
 	RESERVED
-CVE-2020-24683
-	RESERVED
+CVE-2020-24683 (The affected versions of S+ Operations (version 2.1 SP1 and earlier) u ...)
+	TODO: check
 CVE-2020-24682
 	RESERVED
 CVE-2020-24681
 	RESERVED
-CVE-2020-24680
-	RESERVED
-CVE-2020-24679
-	RESERVED
-CVE-2020-24678
-	RESERVED
-CVE-2020-24677
-	RESERVED
-CVE-2020-24676
-	RESERVED
-CVE-2020-24675
-	RESERVED
-CVE-2020-24674
-	RESERVED
-CVE-2020-24673
-	RESERVED
+CVE-2020-24680 (In S+ Operations and S+ Historian, the passwords of internal users (no ...)
+	TODO: check
+CVE-2020-24679 (A S+ Operations and S+ Historian service is subject to a DoS by specia ...)
+	TODO: check
+CVE-2020-24678 (An authenticated user might execute malicious code under the user cont ...)
+	TODO: check
+CVE-2020-24677 (Vulnerabilities in the S+ Operations and S+ Historian web applications ...)
+	TODO: check
+CVE-2020-24676 (In Symphony Plus Operations and Symphony Plus Historian, some services ...)
+	TODO: check
+CVE-2020-24675 (In S+ Operations and S+ History, it is possible that an unauthenticate ...)
+	TODO: check
+CVE-2020-24674 (In S+ Operations and S+ Historian, not all client commands correctly c ...)
+	TODO: check
+CVE-2020-24673 (In S+ Operations and S+ Historian, a successful SQL injection exploit  ...)
+	TODO: check
 CVE-2020-24672
 	RESERVED
 CVE-2020-24671
@@ -38698,7 +38760,7 @@ CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __g
 	NOTE: https://github.com/LuaJIT/LuaJIT/issues/601
 	NOTE: https://github.com/LuaJIT/LuaJIT/commit/53f82e6e2e858a0a62fd1a2ff47e9866693382e6
 	NOTE: No security impact, only "exploitable" with untrusted Lua code
-CVE-2020-15889 (Lua through 5.4.0 has a getobjname heap-based buffer over-read because ...)
+CVE-2020-15889 (Lua 5.4.0 has a getobjname heap-based buffer over-read because youngco ...)
 	- lua5.4 5.4.0-2
 	NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00078.html
 	NOTE: https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312
@@ -41021,7 +41083,7 @@ CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in
 CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document ...)
 	NOT-FOR-US: Bludit
 CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34. ...)
-	{DSA-4767-1}
+	{DSA-4767-1 DLA-2504-1}
 	- mediawiki 1:1.31.8-1
 	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
 CVE-2020-15004 (OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. ...)
@@ -41336,8 +41398,8 @@ CVE-2020-14876 (Vulnerability in the Oracle Trade Management product of Oracle E
 	- mysql-8.0 8.0.22-1 (bug #972623)
 CVE-2020-14875 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
 	NOT-FOR-US: Oracle
-CVE-2020-14874
-	RESERVED
+CVE-2020-14874 (Vulnerability in the Oracle Cloud Infrastructure Identity and Access M ...)
+	TODO: check
 CVE-2020-14873 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.22-1 (bug #972623)
 CVE-2020-14872 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -43231,8 +43293,8 @@ CVE-2020-14272
 	RESERVED
 CVE-2020-14271 (HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scrip ...)
 	NOT-FOR-US: HCL iNotes
-CVE-2020-14270
-	RESERVED
+CVE-2020-14270 (HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vu ...)
+	TODO: check
 CVE-2020-14269
 	RESERVED
 CVE-2020-14268 (A vulnerability in the MIME message handling of the Notes client (vers ...)
@@ -43309,8 +43371,8 @@ CVE-2020-14233
 	RESERVED
 CVE-2020-14232 (A vulnerability in the input parameter handling of HCL Notes v9 could  ...)
 	NOT-FOR-US: HCL Notes
-CVE-2020-14231
-	RESERVED
+CVE-2020-14231 (A vulnerability in the input parameter handling of HCL Client Applicat ...)
+	TODO: check
 CVE-2020-14230 (HCL Domino is susceptible to a Denial of Service vulnerability caused  ...)
 	NOT-FOR-US: HCL
 CVE-2020-14229



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86ad3d5b906d74b66a0a579cc17205aef720e6bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86ad3d5b906d74b66a0a579cc17205aef720e6bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201223/df99cc14/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list