[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Nov 5 08:10:33 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eb78de54 by security tracker role at 2020-11-05T08:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1291,14 +1291,14 @@ CVE-2020-27693
 CVE-2017-18925 (opentmpfiles through 0.3.1 allows local users to take ownership of arb ...)
 	- opentmpfiles <unfixed> (bug #973242)
 	NOTE: https://github.com/OpenRC/opentmpfiles/issues/4
-CVE-2020-27692
-	RESERVED
-CVE-2020-27691
-	RESERVED
-CVE-2020-27690
-	RESERVED
-CVE-2020-27689
-	RESERVED
+CVE-2020-27692 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...)
+	TODO: check
+CVE-2020-27691 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...)
+	TODO: check
+CVE-2020-27690 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...)
+	TODO: check
+CVE-2020-27689 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...)
+	TODO: check
 CVE-2020-27688
 	RESERVED
 CVE-2020-27687
@@ -2343,8 +2343,8 @@ CVE-2020-27389
 	RESERVED
 CVE-2020-27388 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in th ...)
 	NOT-FOR-US: YOURLS Admin Panel
-CVE-2020-27387
-	RESERVED
+CVE-2020-27387 (An unrestricted file upload issue in HorizontCMS through 1.0.0-beta al ...)
+	TODO: check
 CVE-2020-27386
 	RESERVED
 CVE-2020-27385
@@ -4805,8 +4805,8 @@ CVE-2020-26209
 	RESERVED
 CVE-2020-26208
 	RESERVED
-CVE-2020-26207
-	RESERVED
+CVE-2020-26207 (DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary ...)
+	TODO: check
 CVE-2020-26206
 	RESERVED
 CVE-2020-26205 (Sal is a multi-tenanted reporting dashboard for Munki with the ability ...)
@@ -7173,8 +7173,8 @@ CVE-2020-25575 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the f
 	NOTE: https://github.com/rust-lang-nursery/failure/issues/336
 CVE-2020-25202
 	RESERVED
-CVE-2020-25201
-	RESERVED
+CVE-2020-25201 (HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a names ...)
+	TODO: check
 CVE-2020-25200 (Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames ...)
 	NOT-FOR-US: Pritunl
 CVE-2019-20916 (The pip package before 19.2 for Python allows Directory Traversal when ...)
@@ -50300,10 +50300,10 @@ CVE-2020-7131 (This document describes a security vulnerability in Blade Mainten
 	NOT-FOR-US: HPE
 CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote information discl ...)
 	NOT-FOR-US: HPE
-CVE-2020-7129
-	RESERVED
-CVE-2020-7128
-	RESERVED
+CVE-2020-7129 (A remote execution of arbitrary commands vulnerability was discovered  ...)
+	TODO: check
+CVE-2020-7128 (A remote unauthenticated arbitrary code execution vulnerability was di ...)
+	TODO: check
 CVE-2020-7127 (A remote unauthenticated arbitrary code execution vulnerability was di ...)
 	NOT-FOR-US: Aruba
 CVE-2020-7126 (A remote server-side request forgery (ssrf) vulnerability was discover ...)
@@ -105299,8 +105299,8 @@ CVE-2019-7358 (An exploitable heap overflow vulnerability in the DXF-parsing fun
 	NOT-FOR-US: Autodesk
 CVE-2019-7357
 	RESERVED
-CVE-2019-7356
-	RESERVED
+CVE-2019-7356 (Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter. ...)
+	TODO: check
 CVE-2019-1000024 (OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cro ...)
 	NOT-FOR-US: OPT/NET BV
 CVE-2019-1000023 (OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) versio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb78de5471bd1debc43c9c613bd9c2afcd35663b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb78de5471bd1debc43c9c613bd9c2afcd35663b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201105/19cdcc8e/attachment.html>

More information about the debian-security-tracker-commits mailing list