[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 13 20:10:31 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3b0827fa by security tracker role at 2020-11-13T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5670,7 +5670,7 @@ CVE-2020-26951
RESERVED
CVE-2020-26950
RESERVED
- {DSA-4790-1 DSA-4788-1 DLA-2448-1}
+ {DSA-4790-1 DSA-4788-1 DLA-2449-1 DLA-2448-1}
- firefox 82.0.3-1
- firefox-esr 78.4.1esr-1
- thunderbird 1:78.4.2-1
@@ -5941,8 +5941,8 @@ CVE-2020-26827
RESERVED
CVE-2020-26826
RESERVED
-CVE-2020-26825
- RESERVED
+CVE-2020-26825 (SAP Fiori Launchpad (News tile Application), versions - 750,751,752,75 ...)
+ TODO: check
CVE-2020-26824 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
NOT-FOR-US: SAP
CVE-2020-26823 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
@@ -7192,8 +7192,8 @@ CVE-2020-26232
RESERVED
CVE-2020-26231
RESERVED
-CVE-2020-26230
- RESERVED
+CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app for Spa ...)
+ TODO: check
CVE-2020-26229
RESERVED
CVE-2020-26228
@@ -7206,10 +7206,10 @@ CVE-2020-26225
RESERVED
CVE-2020-26224
RESERVED
-CVE-2020-26223
- RESERVED
-CVE-2020-26222
- RESERVED
+CVE-2020-26223 (Spree is a complete open source e-commerce solution built with Ruby on ...)
+ TODO: check
+CVE-2020-26222 (Dependabot is a set of packages for automated dependency management fo ...)
+ TODO: check
CVE-2020-26221 (touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting ...)
NOT-FOR-US: touchbase.ai
CVE-2020-26220 (toucbase.ai before version 2.0 leaks information by not stripping exif ...)
@@ -7393,6 +7393,7 @@ CVE-2020-26150 (info.php in Logaritmo Aware CallManager 2012 allows remote attac
CVE-2020-26149 (NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno ...)
NOT-FOR-US: nats.js
CVE-2020-26154 (url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when ...)
+ {DLA-2450-1}
- libproxy <unfixed> (bug #968366)
NOTE: https://github.com/libproxy/libproxy/pull/126
NOTE: https://github.com/libproxy/libproxy/commit/4411b523545b22022b4be7d0cac25aa170ae1d3e
@@ -8550,7 +8551,7 @@ CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could al
NOT-FOR-US: Red Hat open-cluster-management
CVE-2020-25654 [ACL restrictions bypass]
RESERVED
- {DLA-2447-1}
+ {DSA-4791-1 DLA-2447-1}
- pacemaker 2.0.5~rc2-1 (bug #973254)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191
@@ -8854,8 +8855,8 @@ CVE-2020-25559 (gnuplot 5.5 is affected by double free when executing print_set_
NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
CVE-2020-25558
RESERVED
-CVE-2020-25557
- RESERVED
+CVE-2020-25557 (In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "usern ...)
+ TODO: check
CVE-2020-25556
RESERVED
CVE-2020-25555
@@ -8892,8 +8893,8 @@ CVE-2020-25540 (ThinkAdmin v6 is affected by a directory traversal vulnerability
NOT-FOR-US: ThinkAdmin
CVE-2020-25539
RESERVED
-CVE-2020-25538
- RESERVED
+CVE-2020-25538 (An authenticated attacker can inject malicious code into "lang" parame ...)
+ TODO: check
CVE-2020-25537
RESERVED
CVE-2020-25536
@@ -9724,8 +9725,8 @@ CVE-2020-25167
RESERVED
CVE-2020-25166
RESERVED
-CVE-2020-25165
- RESERVED
+CVE-2020-25165 (BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alar ...)
+ TODO: check
CVE-2020-25164
RESERVED
CVE-2020-25163
@@ -9744,16 +9745,16 @@ CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL inj
NOT-FOR-US: R-SeeNet
CVE-2020-25156
RESERVED
-CVE-2020-25155
- RESERVED
+CVE-2020-25155 (The affected product transmits unencrypted sensitive information, whic ...)
+ TODO: check
CVE-2020-25154
RESERVED
CVE-2020-25153
RESERVED
CVE-2020-25152
RESERVED
-CVE-2020-25151
- RESERVED
+CVE-2020-25151 (The affected product does not properly validate input, which may allow ...)
+ TODO: check
CVE-2020-25150
RESERVED
CVE-2020-25149 (An issue was discovered in Observium Professional, Enterprise & Co ...)
@@ -16915,8 +16916,8 @@ CVE-2020-21669
RESERVED
CVE-2020-21668
RESERVED
-CVE-2020-21667
- RESERVED
+CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the ' ...)
+ TODO: check
CVE-2020-21666
RESERVED
CVE-2020-21665
@@ -47956,12 +47957,12 @@ CVE-2020-9131
RESERVED
CVE-2020-9130
RESERVED
-CVE-2020-9129
- RESERVED
+CVE-2020-9129 (HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vu ...)
+ TODO: check
CVE-2020-9128 (FusionCompute versions 8.0.0 have an insecure encryption algorithm vul ...)
NOT-FOR-US: Uawei FusionCompute
-CVE-2020-9127
- RESERVED
+CVE-2020-9127 (Some Huawei products have a command injection vulnerability. Due to in ...)
+ TODO: check
CVE-2020-9126
RESERVED
CVE-2020-9125
@@ -49312,10 +49313,10 @@ CVE-2020-8585
RESERVED
CVE-2020-8584
RESERVED
-CVE-2020-8583
- RESERVED
-CVE-2020-8582
- RESERVED
+CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)
+ TODO: check
+CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)
+ TODO: check
CVE-2020-8581
RESERVED
CVE-2020-8580 (SANtricity OS Controller Software versions 11.30 and higher are suscep ...)
@@ -50894,8 +50895,8 @@ CVE-2015-9541 (Qt through 5.14 allows an exponential XML entity expansion attack
NOTE: https://bugreports.qt.io/browse/QTBUG-47417
NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=fd4be84d23a0db4186cb42e736a9de3af722c7f7
NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f432c08882ffebe5074ea28de871559a98a4d094 (5.12 backport)
-CVE-2020-7962
- RESERVED
+CVE-2020-7962 (An issue was discovered in One Identity Password Manager 5.8. An attac ...)
+ TODO: check
CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE ...)
NOT-FOR-US: Liferay Portal
CVE-2020-7960
@@ -55548,10 +55549,10 @@ CVE-2020-6158
RESERVED
CVE-2020-6157
RESERVED
-CVE-2020-6156
- RESERVED
-CVE-2020-6155
- RESERVED
+CVE-2020-6156 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+ TODO: check
+CVE-2020-6155 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while ...)
+ TODO: check
CVE-2020-6154
RESERVED
CVE-2020-6153
@@ -55560,14 +55561,14 @@ CVE-2020-6152 (A code execution vulnerability exists in the DICOM parse_dicom_me
NOT-FOR-US: Accusoft
CVE-2020-6151 (A memory corruption vulnerability exists in the TIFF handle_COMPRESSIO ...)
NOT-FOR-US: Accusoft
-CVE-2020-6150
- RESERVED
-CVE-2020-6149
- RESERVED
-CVE-2020-6148
- RESERVED
-CVE-2020-6147
- RESERVED
+CVE-2020-6150 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+ TODO: check
+CVE-2020-6149 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+ TODO: check
+CVE-2020-6148 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+ TODO: check
+CVE-2020-6147 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+ TODO: check
CVE-2020-6146 (An exploitable code execution vulnerability exists in the rendering fu ...)
NOT-FOR-US: Nitro Pro
CVE-2020-6145 (An SQL injection vulnerability exists in the frappe.desk.reportview.ge ...)
@@ -55887,8 +55888,8 @@ CVE-2020-6021
RESERVED
CVE-2020-6020 (Check Point Security Management's Internal CA web management before Ju ...)
NOT-FOR-US: Check Point
-CVE-2020-6019
- RESERVED
+CVE-2020-6019 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
+ TODO: check
CVE-2020-6018
RESERVED
CVE-2020-6017
@@ -58887,8 +58888,8 @@ CVE-2020-4888
RESERVED
CVE-2020-4887
RESERVED
-CVE-2020-4886
- RESERVED
+CVE-2020-4886 (IBM InfoSphere Information Server 11.7 stores sensitive information in ...)
+ TODO: check
CVE-2020-4885
RESERVED
CVE-2020-4884
@@ -67332,8 +67333,8 @@ CVE-2020-1849
RESERVED
CVE-2020-1848
RESERVED
-CVE-2020-1847
- RESERVED
+CVE-2020-1847 (There is a denial of service vulnerability in some Huawei products. Th ...)
+ TODO: check
CVE-2020-1846
RESERVED
CVE-2020-1845 (Huawei PCManager product with versions earlier than 10.0.5.53 have a l ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b0827fa17a95df8b16ff2b0bb4dec8f00992ef8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b0827fa17a95df8b16ff2b0bb4dec8f00992ef8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201113/08b320b2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list