[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 24 20:10:24 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f71fa802 by security tracker role at 2020-12-24T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2020-35696
+ RESERVED
+CVE-2020-35695
+ RESERVED
+CVE-2020-35694
+ RESERVED
+CVE-2020-35693 (On some Samsung phones and tablets running Android through 7.1.1, it i ...)
+ TODO: check
+CVE-2020-35692
+ RESERVED
+CVE-2020-35691
+ RESERVED
+CVE-2020-35690
+ RESERVED
+CVE-2020-35689
+ RESERVED
+CVE-2020-35688
+ RESERVED
+CVE-2020-35687
+ RESERVED
+CVE-2020-35686
+ RESERVED
+CVE-2020-35685
+ RESERVED
+CVE-2020-35684
+ RESERVED
+CVE-2020-35683
+ RESERVED
+CVE-2020-35682
+ RESERVED
+CVE-2020-35681
+ RESERVED
+CVE-2020-35680 (smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurati ...)
+ TODO: check
+CVE-2020-35679 (smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, whi ...)
+ TODO: check
CVE-2020-35678
RESERVED
CVE-2020-35677 (BigProf Online Invoicing System before 4.0 fails to adequately sanitiz ...)
@@ -36,8 +72,8 @@ CVE-2020-35661
RESERVED
CVE-2020-35660
RESERVED
-CVE-2020-35659
- RESERVED
+CVE-2020-35659 (The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. ...)
+ TODO: check
CVE-2020-35658 (SpamTitan before 7.09 allows attackers to tamper with backups, because ...)
NOT-FOR-US: SpamTitan
CVE-2020-35657 (Jaws through 1.8.0 allows remote authenticated administrators to execu ...)
@@ -6969,8 +7005,8 @@ CVE-2020-29191
RESERVED
CVE-2020-29190
RESERVED
-CVE-2020-29189
- RESERVED
+CVE-2020-29189 (Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 ...)
+ TODO: check
CVE-2020-29188
RESERVED
CVE-2020-29187
@@ -11790,20 +11826,20 @@ CVE-2020-28192
RESERVED
CVE-2020-28191
RESERVED
-CVE-2020-28190
- RESERVED
+CVE-2020-28190 (TerraMaster TOS <= 4.2.06 was found to check for updates (of both s ...)
+ TODO: check
CVE-2020-28189
- RESERVED
-CVE-2020-28188
- RESERVED
-CVE-2020-28187
- RESERVED
-CVE-2020-28186
- RESERVED
-CVE-2020-28185
- RESERVED
-CVE-2020-28184
- RESERVED
+ REJECTED
+CVE-2020-28188 (Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= ...)
+ TODO: check
+CVE-2020-28187 (Multiple directory traversal vulnerabilities in TerraMaster TOS <= ...)
+ TODO: check
+CVE-2020-28186 (Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthen ...)
+ TODO: check
+CVE-2020-28185 (User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows ...)
+ TODO: check
+CVE-2020-28184 (Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2. ...)
+ TODO: check
CVE-2020-28183 (SQL injection vulnerability in SourceCodester Water Billing System 1.0 ...)
NOT-FOR-US: SourceCodester Water Billing System
CVE-2020-28182
@@ -11832,8 +11868,8 @@ CVE-2020-28171
RESERVED
CVE-2020-28170
RESERVED
-CVE-2020-28169
- RESERVED
+CVE-2020-28169 (The td-agent-builder plugin before 2020-12-18 for Fluentd allows attac ...)
+ TODO: check
CVE-2020-28168 (Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) ...)
- node-axios <unfixed> (bug #975305)
[buster] - node-axios <no-dsa> (Minor issue)
@@ -13234,38 +13270,38 @@ CVE-2020-27731
RESERVED
CVE-2020-27730 (In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller ...)
NOT-FOR-US: NGINX Controller
-CVE-2020-27729
- RESERVED
-CVE-2020-27728
- RESERVED
-CVE-2020-27727
- RESERVED
-CVE-2020-27726
- RESERVED
-CVE-2020-27725
- RESERVED
-CVE-2020-27724
- RESERVED
-CVE-2020-27723
- RESERVED
-CVE-2020-27722
- RESERVED
-CVE-2020-27721
- RESERVED
-CVE-2020-27720
- RESERVED
-CVE-2020-27719
- RESERVED
-CVE-2020-27718
- RESERVED
-CVE-2020-27717
- RESERVED
-CVE-2020-27716
- RESERVED
-CVE-2020-27715
- RESERVED
-CVE-2020-27714
- RESERVED
+CVE-2020-27729 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13 ...)
+ TODO: check
+CVE-2020-27728 (On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1 ...)
+ TODO: check
+CVE-2020-27727 (On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and ...)
+ TODO: check
+CVE-2020-27726 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13 ...)
+ TODO: check
+CVE-2020-27725 (In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12. ...)
+ TODO: check
+CVE-2020-27724 (In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1 ...)
+ TODO: check
+CVE-2020-27723 (In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual se ...)
+ TODO: check
+CVE-2020-27722 (In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1 ...)
+ TODO: check
+CVE-2020-27721 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1 ...)
+ TODO: check
+CVE-2020-27720 (On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-1 ...)
+ TODO: check
+CVE-2020-27719 (On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross ...)
+ TODO: check
+CVE-2020-27718 (When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0 ...)
+ TODO: check
+CVE-2020-27717 (On BIG-IP DNS 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0- ...)
+ TODO: check
+CVE-2020-27716 (On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12 ...)
+ TODO: check
+CVE-2020-27715 (On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to th ...)
+ TODO: check
+CVE-2020-27714 (On the BIG-IP AFM version 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-1 ...)
+ TODO: check
CVE-2020-27713 (In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-27712
@@ -20687,8 +20723,8 @@ CVE-2020-24659 (An issue was discovered in GnuTLS before 3.6.15. A server can tr
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1071
NOTE: https://gitlab.com/gnutls/gnutls/-/commit/29ee67c205855e848a0a26e6d0e4f65b6b943e0a
-CVE-2020-24658
- RESERVED
+CVE-2020-24658 (Arm Compiler 5 through 5.06u6 has an error in a stack protection featu ...)
+ TODO: check
CVE-2020-24657
RESERVED
CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...)
@@ -57951,12 +57987,12 @@ CVE-2020-9204
RESERVED
CVE-2020-9203
RESERVED
-CVE-2020-9202
- RESERVED
-CVE-2020-9201
- RESERVED
-CVE-2020-9200
- RESERVED
+CVE-2020-9202 (There is an information disclosure vulnerability in TE Mobile software ...)
+ TODO: check
+CVE-2020-9201 (There is an out-of-bounds read vulnerability in some versions of NIP68 ...)
+ TODO: check
+CVE-2020-9200 (There has a CSV injection vulnerability in iManager NetEco 6000 versio ...)
+ TODO: check
CVE-2020-9199 (B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a ...)
NOT-FOR-US: Huawei
CVE-2020-9198
@@ -58081,8 +58117,8 @@ CVE-2020-9139
RESERVED
CVE-2020-9138
RESERVED
-CVE-2020-9137
- RESERVED
+CVE-2020-9137 (There is a privilege escalation vulnerability in some versions of Clou ...)
+ TODO: check
CVE-2020-9136
RESERVED
CVE-2020-9135
@@ -58115,10 +58151,10 @@ CVE-2020-9122 (Some Huawei products have an insufficient input verification vuln
NOT-FOR-US: Huawei
CVE-2020-9121
RESERVED
-CVE-2020-9120
- RESERVED
-CVE-2020-9119
- RESERVED
+CVE-2020-9120 (CloudEngine 1800V versions V100R019C10SPC500 has a resource management ...)
+ TODO: check
+CVE-2020-9119 (There is a privilege escalation vulnerability on some Huawei smart pho ...)
+ TODO: check
CVE-2020-9118
RESERVED
CVE-2020-9117 (HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM ...)
@@ -61575,7 +61611,7 @@ CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The
TODO: check
CVE-2020-7775
RESERVED
-CVE-2020-7774 (This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = ...)
+CVE-2020-7774 (This affects the package y18n before 4.0.1 and 5.0.5. PoC by po6ix: co ...)
- node-y18n 4.0.0-3 (bug #976390)
[buster] - node-y18n <no-dsa> (Minor issue)
[stretch] - node-y18n <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f71fa8023e05b2ec4f98a800db81f266f788965b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f71fa8023e05b2ec4f98a800db81f266f788965b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201224/a0d4dd90/attachment.html>
More information about the debian-security-tracker-commits
mailing list