[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Nov 13 20:10:31 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b0827fa by security tracker role at 2020-11-13T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5670,7 +5670,7 @@ CVE-2020-26951
 	RESERVED
 CVE-2020-26950
 	RESERVED
-	{DSA-4790-1 DSA-4788-1 DLA-2448-1}
+	{DSA-4790-1 DSA-4788-1 DLA-2449-1 DLA-2448-1}
 	- firefox 82.0.3-1
 	- firefox-esr 78.4.1esr-1
 	- thunderbird 1:78.4.2-1
@@ -5941,8 +5941,8 @@ CVE-2020-26827
 	RESERVED
 CVE-2020-26826
 	RESERVED
-CVE-2020-26825
-	RESERVED
+CVE-2020-26825 (SAP Fiori Launchpad (News tile Application), versions - 750,751,752,75 ...)
+	TODO: check
 CVE-2020-26824 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
 	NOT-FOR-US: SAP
 CVE-2020-26823 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
@@ -7192,8 +7192,8 @@ CVE-2020-26232
 	RESERVED
 CVE-2020-26231
 	RESERVED
-CVE-2020-26230
-	RESERVED
+CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app for Spa ...)
+	TODO: check
 CVE-2020-26229
 	RESERVED
 CVE-2020-26228
@@ -7206,10 +7206,10 @@ CVE-2020-26225
 	RESERVED
 CVE-2020-26224
 	RESERVED
-CVE-2020-26223
-	RESERVED
-CVE-2020-26222
-	RESERVED
+CVE-2020-26223 (Spree is a complete open source e-commerce solution built with Ruby on ...)
+	TODO: check
+CVE-2020-26222 (Dependabot is a set of packages for automated dependency management fo ...)
+	TODO: check
 CVE-2020-26221 (touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting  ...)
 	NOT-FOR-US: touchbase.ai
 CVE-2020-26220 (toucbase.ai before version 2.0 leaks information by not stripping exif ...)
@@ -7393,6 +7393,7 @@ CVE-2020-26150 (info.php in Logaritmo Aware CallManager 2012 allows remote attac
 CVE-2020-26149 (NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno ...)
 	NOT-FOR-US: nats.js
 CVE-2020-26154 (url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when  ...)
+	{DLA-2450-1}
 	- libproxy <unfixed> (bug #968366)
 	NOTE: https://github.com/libproxy/libproxy/pull/126
 	NOTE: https://github.com/libproxy/libproxy/commit/4411b523545b22022b4be7d0cac25aa170ae1d3e
@@ -8550,7 +8551,7 @@ CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could al
 	NOT-FOR-US: Red Hat open-cluster-management
 CVE-2020-25654 [ACL restrictions bypass]
 	RESERVED
-	{DLA-2447-1}
+	{DSA-4791-1 DLA-2447-1}
 	- pacemaker 2.0.5~rc2-1 (bug #973254)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191
@@ -8854,8 +8855,8 @@ CVE-2020-25559 (gnuplot 5.5 is affected by double free when executing print_set_
 	NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
 CVE-2020-25558
 	RESERVED
-CVE-2020-25557
-	RESERVED
+CVE-2020-25557 (In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "usern ...)
+	TODO: check
 CVE-2020-25556
 	RESERVED
 CVE-2020-25555
@@ -8892,8 +8893,8 @@ CVE-2020-25540 (ThinkAdmin v6 is affected by a directory traversal vulnerability
 	NOT-FOR-US: ThinkAdmin
 CVE-2020-25539
 	RESERVED
-CVE-2020-25538
-	RESERVED
+CVE-2020-25538 (An authenticated attacker can inject malicious code into "lang" parame ...)
+	TODO: check
 CVE-2020-25537
 	RESERVED
 CVE-2020-25536
@@ -9724,8 +9725,8 @@ CVE-2020-25167
 	RESERVED
 CVE-2020-25166
 	RESERVED
-CVE-2020-25165
-	RESERVED
+CVE-2020-25165 (BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alar ...)
+	TODO: check
 CVE-2020-25164
 	RESERVED
 CVE-2020-25163
@@ -9744,16 +9745,16 @@ CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL inj
 	NOT-FOR-US: R-SeeNet
 CVE-2020-25156
 	RESERVED
-CVE-2020-25155
-	RESERVED
+CVE-2020-25155 (The affected product transmits unencrypted sensitive information, whic ...)
+	TODO: check
 CVE-2020-25154
 	RESERVED
 CVE-2020-25153
 	RESERVED
 CVE-2020-25152
 	RESERVED
-CVE-2020-25151
-	RESERVED
+CVE-2020-25151 (The affected product does not properly validate input, which may allow ...)
+	TODO: check
 CVE-2020-25150
 	RESERVED
 CVE-2020-25149 (An issue was discovered in Observium Professional, Enterprise & Co ...)
@@ -16915,8 +16916,8 @@ CVE-2020-21669
 	RESERVED
 CVE-2020-21668
 	RESERVED
-CVE-2020-21667
-	RESERVED
+CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the ' ...)
+	TODO: check
 CVE-2020-21666
 	RESERVED
 CVE-2020-21665
@@ -47956,12 +47957,12 @@ CVE-2020-9131
 	RESERVED
 CVE-2020-9130
 	RESERVED
-CVE-2020-9129
-	RESERVED
+CVE-2020-9129 (HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vu ...)
+	TODO: check
 CVE-2020-9128 (FusionCompute versions 8.0.0 have an insecure encryption algorithm vul ...)
 	NOT-FOR-US: Uawei FusionCompute
-CVE-2020-9127
-	RESERVED
+CVE-2020-9127 (Some Huawei products have a command injection vulnerability. Due to in ...)
+	TODO: check
 CVE-2020-9126
 	RESERVED
 CVE-2020-9125
@@ -49312,10 +49313,10 @@ CVE-2020-8585
 	RESERVED
 CVE-2020-8584
 	RESERVED
-CVE-2020-8583
-	RESERVED
-CVE-2020-8582
-	RESERVED
+CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)
+	TODO: check
+CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)
+	TODO: check
 CVE-2020-8581
 	RESERVED
 CVE-2020-8580 (SANtricity OS Controller Software versions 11.30 and higher are suscep ...)
@@ -50894,8 +50895,8 @@ CVE-2015-9541 (Qt through 5.14 allows an exponential XML entity expansion attack
 	NOTE: https://bugreports.qt.io/browse/QTBUG-47417
 	NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=fd4be84d23a0db4186cb42e736a9de3af722c7f7
 	NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f432c08882ffebe5074ea28de871559a98a4d094 (5.12 backport)
-CVE-2020-7962
-	RESERVED
+CVE-2020-7962 (An issue was discovered in One Identity Password Manager 5.8. An attac ...)
+	TODO: check
 CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE  ...)
 	NOT-FOR-US: Liferay Portal
 CVE-2020-7960
@@ -55548,10 +55549,10 @@ CVE-2020-6158
 	RESERVED
 CVE-2020-6157
 	RESERVED
-CVE-2020-6156
-	RESERVED
-CVE-2020-6155
-	RESERVED
+CVE-2020-6156 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+	TODO: check
+CVE-2020-6155 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while  ...)
+	TODO: check
 CVE-2020-6154
 	RESERVED
 CVE-2020-6153
@@ -55560,14 +55561,14 @@ CVE-2020-6152 (A code execution vulnerability exists in the DICOM parse_dicom_me
 	NOT-FOR-US: Accusoft
 CVE-2020-6151 (A memory corruption vulnerability exists in the TIFF handle_COMPRESSIO ...)
 	NOT-FOR-US: Accusoft
-CVE-2020-6150
-	RESERVED
-CVE-2020-6149
-	RESERVED
-CVE-2020-6148
-	RESERVED
-CVE-2020-6147
-	RESERVED
+CVE-2020-6150 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+	TODO: check
+CVE-2020-6149 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+	TODO: check
+CVE-2020-6148 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+	TODO: check
+CVE-2020-6147 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+	TODO: check
 CVE-2020-6146 (An exploitable code execution vulnerability exists in the rendering fu ...)
 	NOT-FOR-US: Nitro Pro
 CVE-2020-6145 (An SQL injection vulnerability exists in the frappe.desk.reportview.ge ...)
@@ -55887,8 +55888,8 @@ CVE-2020-6021
 	RESERVED
 CVE-2020-6020 (Check Point Security Management's Internal CA web management before Ju ...)
 	NOT-FOR-US: Check Point
-CVE-2020-6019
-	RESERVED
+CVE-2020-6019 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
+	TODO: check
 CVE-2020-6018
 	RESERVED
 CVE-2020-6017
@@ -58887,8 +58888,8 @@ CVE-2020-4888
 	RESERVED
 CVE-2020-4887
 	RESERVED
-CVE-2020-4886
-	RESERVED
+CVE-2020-4886 (IBM InfoSphere Information Server 11.7 stores sensitive information in ...)
+	TODO: check
 CVE-2020-4885
 	RESERVED
 CVE-2020-4884
@@ -67332,8 +67333,8 @@ CVE-2020-1849
 	RESERVED
 CVE-2020-1848
 	RESERVED
-CVE-2020-1847
-	RESERVED
+CVE-2020-1847 (There is a denial of service vulnerability in some Huawei products. Th ...)
+	TODO: check
 CVE-2020-1846
 	RESERVED
 CVE-2020-1845 (Huawei PCManager product with versions earlier than 10.0.5.53 have a l ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b0827fa17a95df8b16ff2b0bb4dec8f00992ef8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b0827fa17a95df8b16ff2b0bb4dec8f00992ef8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201113/08b320b2/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list