[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 23 20:10:33 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dee6950f by security tracker role at 2020-12-23T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-35665 (An unauthenticated command-execution vulnerability exists in TerraMast ...)
+ TODO: check
+CVE-2020-35664
+ RESERVED
+CVE-2020-35663
+ RESERVED
+CVE-2020-35662
+ RESERVED
+CVE-2020-35661
+ RESERVED
+CVE-2020-35660
+ RESERVED
+CVE-2020-35659
+ RESERVED
CVE-2020-35658 (SpamTitan before 7.09 allows attackers to tamper with backups, because ...)
NOT-FOR-US: SpamTitan
CVE-2020-35657 (Jaws through 1.8.0 allows remote authenticated administrators to execu ...)
@@ -14,8 +28,8 @@ CVE-2020-35652
RESERVED
CVE-2020-35651
RESERVED
-CVE-2020-35650
- RESERVED
+CVE-2020-35650 (Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups ...)
+ TODO: check
CVE-2020-35649
RESERVED
CVE-2020-35648
@@ -776,8 +790,8 @@ CVE-2020-35600
RESERVED
CVE-2020-35599
RESERVED
-CVE-2020-35598
- RESERVED
+CVE-2020-35598 (ACS Advanced Comment System 1.0 is affected by Directory Traversal via ...)
+ TODO: check
CVE-2020-35597
RESERVED
CVE-2020-35596
@@ -798,14 +812,14 @@ CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for WordP
NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress
CVE-2020-35588
RESERVED
-CVE-2020-35587
- RESERVED
-CVE-2020-35586
- RESERVED
-CVE-2020-35585
- RESERVED
-CVE-2020-35584
- RESERVED
+CVE-2020-35587 (** DISPUTED ** In Solstice Pod before 3.0.3, the firmware can easily b ...)
+ TODO: check
+CVE-2020-35586 (In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password ...)
+ TODO: check
+CVE-2020-35585 (In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enume ...)
+ TODO: check
+CVE-2020-35584 (In Solstice Pod before 3.0.3, the web services allow users to connect ...)
+ TODO: check
CVE-2020-35583
RESERVED
CVE-2020-35582
@@ -3484,8 +3498,8 @@ CVE-2020-35372
RESERVED
CVE-2020-35371
RESERVED
-CVE-2020-35370
- RESERVED
+CVE-2020-35370 (A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticate ...)
+ TODO: check
CVE-2020-35369
RESERVED
CVE-2020-35368
@@ -3686,8 +3700,8 @@ CVE-2020-35271
RESERVED
CVE-2020-35270
RESERVED
-CVE-2020-35269
- RESERVED
+CVE-2020-35269 (There is a Cross Site Request Forgery (CSRF) vulnerability in Nagios C ...)
+ TODO: check
CVE-2020-35268
RESERVED
CVE-2020-35267
@@ -3720,8 +3734,8 @@ CVE-2020-35254
RESERVED
CVE-2020-35253
RESERVED
-CVE-2020-35252
- RESERVED
+CVE-2020-35252 (Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter ...)
+ TODO: check
CVE-2020-35251
RESERVED
CVE-2020-35250
@@ -3873,6 +3887,7 @@ CVE-2020-35178
CVE-2020-35177 (HashiCorp Vault and Vault Enterprise allowed the enumeration of users ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-35176 (In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial a ...)
+ {DLA-2506-1}
- awstats <unfixed> (bug #977190)
NOTE: https://github.com/eldy/awstats/issues/195
CVE-2020-35175 (Frappe Framework 12 and 13 does not properly validate the HTTP method ...)
@@ -3953,8 +3968,8 @@ CVE-2020-35138
RESERVED
CVE-2020-35137
RESERVED
-CVE-2020-35136
- RESERVED
+CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. ...)
+ TODO: check
CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress allows ...)
NOT-FOR-US: ultimate-category-excluder plugin for WordPress
CVE-2020-35134
@@ -5739,6 +5754,7 @@ CVE-2020-29602 (The official irssi docker images before 1.1-alpine (Alpine speci
CVE-2020-29601 (The official notary docker images before signer-0.6.1-1 contain a blan ...)
NOT-FOR-US: notary Docker images
CVE-2020-29600 (In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute ...)
+ {DLA-2506-1}
- awstats 7.8-1 (bug #891469)
NOTE: https://github.com/eldy/awstats/issues/90
NOTE: https://github.com/eldy/awstats/commit/d4d815d0caae3dbae83ac70a1ae4581bd57cf376
@@ -5879,12 +5895,12 @@ CVE-2020-29554
RESERVED
CVE-2020-29553
RESERVED
-CVE-2020-29552
- RESERVED
-CVE-2020-29551
- RESERVED
-CVE-2020-29550
- RESERVED
+CVE-2020-29552 (An issue was discovered in URVE Build 24.03.2020. By using the _intern ...)
+ TODO: check
+CVE-2020-29551 (An issue was discovered in URVE Build 24.03.2020. Using the _internal/ ...)
+ TODO: check
+CVE-2020-29550 (An issue was discovered in URVE Build 24.03.2020. The password of an i ...)
+ TODO: check
CVE-2020-29549
RESERVED
CVE-2020-29548
@@ -7376,7 +7392,7 @@ CVE-2020-28977 (The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnera
CVE-2020-28976 (The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerabili ...)
NOT-FOR-US: Canto plugin for WordPress
CVE-2020-28984 (prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does ...)
- {DSA-4798-1}
+ {DSA-4798-1 DLA-2505-1}
- spip 3.2.8-1
NOTE: https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8
CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used i ...)
@@ -11985,16 +12001,16 @@ CVE-2020-28076
RESERVED
CVE-2020-28075
RESERVED
-CVE-2020-28074
- RESERVED
-CVE-2020-28073
- RESERVED
+CVE-2020-28074 (SourceCodester Online Health Care System 1.0 is affected by SQL Inject ...)
+ TODO: check
+CVE-2020-28073 (SourceCodester Library Management System 1.0 is affected by SQL Inject ...)
+ TODO: check
CVE-2020-28072 (A Remote Code Execution vulnerability exists in DourceCodester Alumni ...)
NOT-FOR-US: DourceCodester Alumni Management System
-CVE-2020-28071
- RESERVED
-CVE-2020-28070
- RESERVED
+CVE-2020-28071 (SourceCodester Alumni Management System 1.0 is affected by cross-site ...)
+ TODO: check
+CVE-2020-28070 (SourceCodester Alumni Management System 1.0 is affected by SQL injecti ...)
+ TODO: check
CVE-2020-28069
RESERVED
CVE-2020-28068
@@ -14312,8 +14328,8 @@ CVE-2020-27399
RESERVED
CVE-2020-27398
RESERVED
-CVE-2020-27397
- RESERVED
+CVE-2020-27397 (Marital - Online Matrimonial Project In PHP version 1.0 suffers from a ...)
+ TODO: check
CVE-2020-27396
RESERVED
CVE-2020-27395
@@ -19483,24 +19499,24 @@ CVE-2019-20916 (The pip package before 19.2 for Python allows Directory Traversa
NOTE: https://github.com/pypa/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace (19.2)
CVE-2020-25199 (A heap-based buffer overflow vulnerability exists within the WECON Lev ...)
NOT-FOR-US: WECON LeviStudioU
-CVE-2020-25198
- RESERVED
+CVE-2020-25198 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
+ TODO: check
CVE-2020-25197
RESERVED
-CVE-2020-25196
- RESERVED
+CVE-2020-25196 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
+ TODO: check
CVE-2020-25195 (The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM ...)
NOT-FOR-US: Host Engineering
-CVE-2020-25194
- RESERVED
+CVE-2020-25194 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
+ TODO: check
CVE-2020-25193
RESERVED
-CVE-2020-25192
- RESERVED
+CVE-2020-25192 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
+ TODO: check
CVE-2020-25191 (Incorrect permissions are set by default for an API entry-point of a s ...)
NOT-FOR-US: National Instruments Corp. (NI)
-CVE-2020-25190
- RESERVED
+CVE-2020-25190 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
+ TODO: check
CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer overflo ...)
NOT-FOR-US: Paradox IP150
CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...)
@@ -19573,8 +19589,8 @@ CVE-2020-25155 (The affected product transmits unencrypted sensitive information
NOT-FOR-US: NEXCOM
CVE-2020-25154
RESERVED
-CVE-2020-25153
- RESERVED
+CVE-2020-25153 (The built-in web service for MOXA NPort IAW5000A-I/O firmware version ...)
+ TODO: check
CVE-2020-25152
RESERVED
CVE-2020-25151 (The affected product does not properly validate input, which may allow ...)
@@ -37860,7 +37876,7 @@ CVE-2020-16232
RESERVED
CVE-2020-16231
RESERVED
-CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...)
+CVE-2020-16230 (The WADashboard component of WebAccess/SCADA may allow an attacker to ...)
NOT-FOR-US: HMS Networks
CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
NOT-FOR-US: Advantech WebAccess
@@ -44108,10 +44124,10 @@ CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to use
NOT-FOR-US: Shopware
CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery ( ...)
NOT-FOR-US: Shopware
-CVE-2020-13969
- RESERVED
-CVE-2020-13968
- RESERVED
+CVE-2020-13969 (CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx ...)
+ TODO: check
+CVE-2020-13968 (CRK Business Platform <= 2019.1 allows can inject SQL statements ag ...)
+ TODO: check
CVE-2020-13967
RESERVED
CVE-2020-13966
@@ -50909,12 +50925,12 @@ CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an unin
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/134
-CVE-2020-11720
- RESERVED
-CVE-2020-11719
- RESERVED
-CVE-2020-11718
- RESERVED
+CVE-2020-11720 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)
+ TODO: check
+CVE-2020-11719 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)
+ TODO: check
+CVE-2020-11718 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)
+ TODO: check
CVE-2020-11717 (An issue was discovered in Programi 014 31.01.2020. It has multiple SQ ...)
NOT-FOR-US: Programi
CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices throu ...)
@@ -57290,8 +57306,8 @@ CVE-2020-9441
RESERVED
CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin through 5 ...)
NOT-FOR-US: CKEditor plugin
-CVE-2020-9439
- RESERVED
+CVE-2020-9439 (Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin ...)
+ TODO: check
CVE-2020-9438 (Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a d ...)
NOT-FOR-US: Tinxy Door Lock
CVE-2020-9437 (SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side tem ...)
@@ -65698,8 +65714,8 @@ CVE-2020-6161
RESERVED
CVE-2020-6160
RESERVED
-CVE-2020-6159
- RESERVED
+CVE-2020-6159 (URLs using “javascript:” have the protocol removed when pa ...)
+ TODO: check
CVE-2020-6158
RESERVED
CVE-2020-6157 (Opera Touch for iOS before version 2.4.5 is vulnerable to an address b ...)
@@ -69535,8 +69551,8 @@ CVE-2020-4644 (IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a
NOT-FOR-US: IBM
CVE-2020-4643 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
-CVE-2020-4642
- RESERVED
+CVE-2020-4642 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2020-4641
RESERVED
CVE-2020-4640
@@ -128105,12 +128121,12 @@ CVE-2018-20552 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in pack
NOTE: initial set of fixes got additional hardening, see:
NOTE: https://github.com/appneta/tcpreplay/issues/530#issuecomment-480312372
NOTE: https://github.com/appneta/tcpreplay/pull/584
-CVE-2018-1000893
- RESERVED
-CVE-2018-1000892
- RESERVED
-CVE-2018-1000891
- RESERVED
+CVE-2018-1000893 (Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when ...)
+ TODO: check
+CVE-2018-1000892 (Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when ...)
+ TODO: check
+CVE-2018-1000891 (Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when ...)
+ TODO: check
CVE-2018-20551 (A reachable Object::getString assertion in Poppler 0.72.0 allows attac ...)
- poppler 0.71.0-4 (low; bug #917525)
[stretch] - poppler <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dee6950f9403477be8762a3d3c7a8485b41fd010
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dee6950f9403477be8762a3d3c7a8485b41fd010
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201223/9e50ca0a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list