[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 29 20:10:37 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9142747c by security tracker role at 2020-12-29T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-35775
+ RESERVED
+CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (a ...)
+ TODO: check
+CVE-2020-35773 (The site-offline plugin before 1.4.4 for WordPress lacks certain wp_cr ...)
+ TODO: check
+CVE-2020-35772
+ RESERVED
+CVE-2020-35771
+ RESERVED
+CVE-2020-35770
+ RESERVED
CVE-2020-35769 (miniserv.pl in Webmin 1.962 on Windows mishandles special characters i ...)
- webmin <removed>
CVE-2020-35768
@@ -68,8 +80,8 @@ CVE-2020-35737
RESERVED
CVE-2020-35736 (GateOne 1.1 allows arbitrary file download without authentication via ...)
NOT-FOR-US: GateOne
-CVE-2020-35735
- RESERVED
+CVE-2020-35735 (Vidyo 02-09-/D allows clickjacking via the portal/ URI. ...)
+ TODO: check
CVE-2020-35734
RESERVED
CVE-2020-35733
@@ -6592,18 +6604,18 @@ CVE-2020-29477
RESERVED
CVE-2020-29476
RESERVED
-CVE-2020-29475
- RESERVED
+CVE-2020-29475 (nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in th ...)
+ TODO: check
CVE-2020-29474 (EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerabi ...)
NOT-FOR-US: EGavilan Media EGM Address Book
CVE-2020-29473
RESERVED
CVE-2020-29472 (EGavilan Media Under Construction page with cPanel 1.0 contains a SQL ...)
NOT-FOR-US: cPanel
-CVE-2020-29471
- RESERVED
-CVE-2020-29470
- RESERVED
+CVE-2020-29471 (OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Prof ...)
+ TODO: check
+CVE-2020-29470 (OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subj ...)
+ TODO: check
CVE-2020-29469
RESERVED
CVE-2020-29468
@@ -11834,24 +11846,24 @@ CVE-2020-28285
RESERVED
CVE-2020-28284
RESERVED
-CVE-2020-28283
- RESERVED
-CVE-2020-28282
- RESERVED
-CVE-2020-28281
- RESERVED
-CVE-2020-28280
- RESERVED
-CVE-2020-28279
- RESERVED
-CVE-2020-28278
- RESERVED
-CVE-2020-28277
- RESERVED
-CVE-2020-28276
- RESERVED
-CVE-2020-28275
- RESERVED
+CVE-2020-28283 (Prototype pollution vulnerability in ‘libnested’ versions ...)
+ TODO: check
+CVE-2020-28282 (Prototype pollution vulnerability in ‘getobject’ version 0 ...)
+ TODO: check
+CVE-2020-28281 (Prototype pollution vulnerability in ‘set-object-value’ ve ...)
+ TODO: check
+CVE-2020-28280 (Prototype pollution vulnerability in ‘predefine’ versions ...)
+ TODO: check
+CVE-2020-28279 (Prototype pollution vulnerability in ‘flattenizer’ version ...)
+ TODO: check
+CVE-2020-28278 (Prototype pollution vulnerability in ‘shvl’ versions 1.0.0 ...)
+ TODO: check
+CVE-2020-28277 (Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0 ...)
+ TODO: check
+CVE-2020-28276 (Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through ...)
+ TODO: check
+CVE-2020-28275 (Prototype pollution vulnerability in 'cache-base' versions 0.7.0 throu ...)
+ TODO: check
CVE-2020-28274 (Prototype pollution vulnerability in 'deepref' versions 1.1.1 through ...)
NOT-FOR-US: Node deepref
CVE-2020-28273 (Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2 ...)
@@ -18092,8 +18104,8 @@ CVE-2020-25849 (MailGates and MailAudit products contain Command Injection flaw,
NOT-FOR-US: MailGates and MailAudit
CVE-2020-25848
RESERVED
-CVE-2020-25847
- RESERVED
+CVE-2020-25847 (This command injection vulnerability allows attackers to execute arbit ...)
+ TODO: check
CVE-2020-25846
RESERVED
CVE-2020-25845
@@ -35334,8 +35346,8 @@ CVE-2020-17535
RESERVED
CVE-2020-17534
RESERVED
-CVE-2020-17533
- RESERVED
+CVE-2020-17533 (Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not ...)
+ TODO: check
CVE-2020-17532
RESERVED
CVE-2020-17531 (A Java Serialization vulnerability was found in Apache Tapestry 4. Apa ...)
@@ -58162,8 +58174,8 @@ CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions managem
NOT-FOR-US: Huawei
CVE-2020-9224
RESERVED
-CVE-2020-9223
- RESERVED
+CVE-2020-9223 (There is a denial of service vulnerability in some Huawei smartphones. ...)
+ TODO: check
CVE-2020-9222
RESERVED
CVE-2020-9221
@@ -58192,10 +58204,10 @@ CVE-2020-9210
RESERVED
CVE-2020-9209
RESERVED
-CVE-2020-9208
- RESERVED
-CVE-2020-9207
- RESERVED
+CVE-2020-9208 (There is an information leak vulnerability in iManager NetEco 6000 ver ...)
+ TODO: check
+CVE-2020-9207 (There is an improper authentication vulnerability in some verisons of ...)
+ TODO: check
CVE-2020-9206
RESERVED
CVE-2020-9205
@@ -58358,10 +58370,10 @@ CVE-2020-9127 (Some Huawei products have a command injection vulnerability. Due
NOT-FOR-US: Huawei
CVE-2020-9126
RESERVED
-CVE-2020-9125
- RESERVED
-CVE-2020-9124
- RESERVED
+CVE-2020-9125 (There is an out-of-bound read vulnerability in huawei smartphone Mate ...)
+ TODO: check
+CVE-2020-9124 (There is a memory leak vulnerability in some versions of Huawei CloudE ...)
+ TODO: check
CVE-2020-9123 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versi ...)
NOT-FOR-US: Huawei
CVE-2020-9122 (Some Huawei products have an insufficient input verification vulnerabi ...)
@@ -58420,10 +58432,10 @@ CVE-2020-9096 (HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(
NOT-FOR-US: Huawei
CVE-2020-9095 (HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E16 ...)
NOT-FOR-US: Huawei
-CVE-2020-9094
- RESERVED
-CVE-2020-9093
- RESERVED
+CVE-2020-9094 (There is an out of bound read vulnerability in some verisons of Huawei ...)
+ TODO: check
+CVE-2020-9093 (There is a use after free vulnerability in Taurus-AL00A versions 10.0. ...)
+ TODO: check
CVE-2020-9092 (HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a Ja ...)
NOT-FOR-US: Huawei
CVE-2020-9091 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out ...)
@@ -66794,20 +66806,20 @@ CVE-2020-5809
RESERVED
CVE-2020-5808 (In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could po ...)
NOT-FOR-US: Tenable
-CVE-2020-5807
- RESERVED
-CVE-2020-5806
- RESERVED
+CVE-2020-5807 (An unauthenticated remote attacker can send data to RsvcHost.exe liste ...)
+ TODO: check
+CVE-2020-5806 (An attacker-controlled memory allocation size can be passed to the C++ ...)
+ TODO: check
CVE-2020-5805
RESERVED
CVE-2020-5804
RESERVED
CVE-2020-5803 (Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allow ...)
NOT-FOR-US: Marvell QConvergeConsole GUI
-CVE-2020-5802
- RESERVED
-CVE-2020-5801
- RESERVED
+CVE-2020-5802 (An attacker-controlled memory allocation size can be passed to the C++ ...)
+ TODO: check
+CVE-2020-5801 (An attacker can craft and send an OpenNamespace message to port 4241 w ...)
+ TODO: check
CVE-2020-5800 (The Eat Spray Love mobile app for both iOS and Android contains logic ...)
NOT-FOR-US: Eat Spray Love mobile app
CVE-2020-5799 (The Eat Spray Love mobile app for both iOS and Android contains a back ...)
@@ -77798,8 +77810,8 @@ CVE-2020-1850
RESERVED
CVE-2020-1849
RESERVED
-CVE-2020-1848
- RESERVED
+CVE-2020-1848 (There is a resource management error vulnerability in Jackman-AL00D ve ...)
+ TODO: check
CVE-2020-1847 (There is a denial of service vulnerability in some Huawei products. Th ...)
NOT-FOR-US: Huawei
CVE-2020-1846
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9142747ccc46643595f1b5246d27a0568a66565d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9142747ccc46643595f1b5246d27a0568a66565d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201229/665e1498/attachment.html>
More information about the debian-security-tracker-commits
mailing list