[Git][security-tracker-team/security-tracker][master] automatic update

Thu Dec 24 08:10:27 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
be756f3f by security tracker role at 2020-12-24T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-35678
+	RESERVED
+CVE-2020-35677 (BigProf Online Invoicing System before 4.0 fails to adequately sanitiz ...)
+	TODO: check
+CVE-2020-35676 (BigProf Online Invoicing System before 3.1 fails to correctly sanitize ...)
+	TODO: check
+CVE-2020-35675 (BigProf Online Invoicing System before 3.0 offers a functionality that ...)
+	TODO: check
+CVE-2020-35674 (BigProf Online Invoicing System before 2.9 suffers from an unauthentic ...)
+	TODO: check
+CVE-2020-35673
+	RESERVED
+CVE-2020-35672
+	RESERVED
+CVE-2020-35671
+	RESERVED
+CVE-2020-35670
+	RESERVED
+CVE-2020-35669 (An issue was discovered in the http package through 0.12.2 for Dart. I ...)
+	TODO: check
+CVE-2020-35668 (RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that lead ...)
+	TODO: check
+CVE-2020-35667
+	RESERVED
+CVE-2020-35666 (Steedos Platform through 1.21.24 allows NoSQL injection because the /a ...)
+	TODO: check
 CVE-2020-35665 (An unauthenticated command-execution vulnerability exists in TerraMast ...)
 	TODO: check
 CVE-2020-35664
@@ -4077,7 +4103,7 @@ CVE-2020-29670
 CVE-2020-29669 (In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Gue ...)
 	NOT-FOR-US: Macally WIFISD2-2A82 Media and Travel Router
 CVE-2020-29668 (Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API ...)
-	{DLA-2499-1}
+	{DSA-4818-1 DLA-2499-1}
 	- sympa 6.2.58~dfsg-2 (bug #976020)
 	NOTE: https://github.com/sympa-community/sympa/issues/1041
 	NOTE: https://github.com/sympa-community/sympa/pull/1044
@@ -53316,7 +53342,7 @@ CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resulta
 CVE-2020-10937 (An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can  ...)
 	- ipfs <itp> (bug #779893)
 CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
-	{DLA-2401-1}
+	{DSA-4818-1 DLA-2401-1}
 	- sympa 6.2.40~dfsg-5 (bug #961491)
 	NOTE: https://sympa-community.github.io/security/2020-002.html
 	NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch
@@ -53324,7 +53350,7 @@ CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
 	NOTE: https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/
 	NOTE: https://github.com/sympa-community/sympa/issues/943
 CVE-2020-26932 (debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg- ...)
-	{DLA-2401-1}
+	{DSA-4818-1 DLA-2401-1}
 	- sympa 6.2.40~dfsg-7 (bug #971904)
 	NOTE: Debian specific issue where sympa_newaliases-wrapper had loose permissions
 	NOTE: (already suid root and word-executable) allowing to gain root privileges
@@ -57485,6 +57511,7 @@ CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin befo
 CVE-2020-9370 (HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. ...)
 	NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices
 CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial  ...)
+	{DSA-4818-1}
 	- sympa 6.2.40~dfsg-4 (low; bug #952428)
 	[stretch] - sympa <not-affected> (Vulnerability introduced later in 6.2.38)
 	[jessie] - sympa <not-affected> (Vulnerability introduced later in 6.2.38)
@@ -66757,14 +66784,14 @@ CVE-2020-5686
 	RESERVED
 CVE-2020-5685
 	RESERVED
-CVE-2020-5684
-	RESERVED
+CVE-2020-5684 (iSM client versions from V5.1 prior to V12.1 running on NEC Storage Ma ...)
+	TODO: check
 CVE-2020-5683 (Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v ...)
 	NOT-FOR-US: GROWI
 CVE-2020-5682 (Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Seri ...)
 	NOT-FOR-US: GROWI
-CVE-2020-5681
-	RESERVED
+CVE-2020-5681 (Untrusted search path vulnerability in self-extracting files created b ...)
+	TODO: check
 CVE-2020-5680 (Improper input validation vulnerability in EC-CUBE versions from 3.0.5 ...)
 	NOT-FOR-US: EC-CUBE
 CVE-2020-5679 (Improper restriction of rendered UI layers or frames in EC-CUBE versio ...)
@@ -75430,20 +75457,20 @@ CVE-2020-2507
 	RESERVED
 CVE-2020-2506
 	RESERVED
-CVE-2020-2505
-	RESERVED
-CVE-2020-2504
-	RESERVED
-CVE-2020-2503
-	RESERVED
+CVE-2020-2505 (If exploited, this vulnerability could allow attackers to gain sensiti ...)
+	TODO: check
+CVE-2020-2504 (If exploited, this absolute path traversal vulnerability could allow a ...)
+	TODO: check
+CVE-2020-2503 (If exploited, this stored cross-site scripting vulnerability could all ...)
+	TODO: check
 CVE-2020-2502
 	RESERVED
 CVE-2020-2501
 	RESERVED
 CVE-2020-2500 (This improper access control vulnerability in Helpdesk allows attacker ...)
 	NOT-FOR-US: QNAP
-CVE-2020-2499
-	RESERVED
+CVE-2020-2499 (A hard-coded password vulnerability has been reported to affect earlie ...)
+	TODO: check
 CVE-2020-2498 (If exploited, this cross-site scripting vulnerability could allow remo ...)
 	NOT-FOR-US: QNAP
 CVE-2020-2497 (If exploited, this cross-site scripting vulnerability could allow remo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be756f3ff4a4c443a1915a2a35e9ea4d480dcfc2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be756f3ff4a4c443a1915a2a35e9ea4d480dcfc2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201224/d8ddb839/attachment-0001.html>
