[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Mon Nov 16 08:10:21 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
824e31eb by security tracker role at 2020-11-16T08:10:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,505 @@
+CVE-2020-28889
+	RESERVED
+CVE-2020-28888
+	RESERVED
+CVE-2020-28887
+	RESERVED
+CVE-2020-28886
+	RESERVED
+CVE-2020-28885
+	RESERVED
+CVE-2020-28884
+	RESERVED
+CVE-2020-28883
+	RESERVED
+CVE-2020-28882
+	RESERVED
+CVE-2020-28881
+	RESERVED
+CVE-2020-28880
+	RESERVED
+CVE-2020-28879
+	RESERVED
+CVE-2020-28878
+	RESERVED
+CVE-2020-28877
+	RESERVED
+CVE-2020-28876
+	RESERVED
+CVE-2020-28875
+	RESERVED
+CVE-2020-28874
+	RESERVED
+CVE-2020-28873
+	RESERVED
+CVE-2020-28872
+	RESERVED
+CVE-2020-28871
+	RESERVED
+CVE-2020-28870
+	RESERVED
+CVE-2020-28869
+	RESERVED
+CVE-2020-28868
+	RESERVED
+CVE-2020-28867
+	RESERVED
+CVE-2020-28866
+	RESERVED
+CVE-2020-28865
+	RESERVED
+CVE-2020-28864
+	RESERVED
+CVE-2020-28863
+	RESERVED
+CVE-2020-28862
+	RESERVED
+CVE-2020-28861
+	RESERVED
+CVE-2020-28860
+	RESERVED
+CVE-2020-28859
+	RESERVED
+CVE-2020-28858
+	RESERVED
+CVE-2020-28857
+	RESERVED
+CVE-2020-28856
+	RESERVED
+CVE-2020-28855
+	RESERVED
+CVE-2020-28854
+	RESERVED
+CVE-2020-28853
+	RESERVED
+CVE-2020-28852
+	RESERVED
+CVE-2020-28851
+	RESERVED
+CVE-2020-28850
+	RESERVED
+CVE-2020-28849
+	RESERVED
+CVE-2020-28848
+	RESERVED
+CVE-2020-28847
+	RESERVED
+CVE-2020-28846
+	RESERVED
+CVE-2020-28845
+	RESERVED
+CVE-2020-28844
+	RESERVED
+CVE-2020-28843
+	RESERVED
+CVE-2020-28842
+	RESERVED
+CVE-2020-28841
+	RESERVED
+CVE-2020-28840
+	RESERVED
+CVE-2020-28839
+	RESERVED
+CVE-2020-28838
+	RESERVED
+CVE-2020-28837
+	RESERVED
+CVE-2020-28836
+	RESERVED
+CVE-2020-28835
+	RESERVED
+CVE-2020-28834
+	RESERVED
+CVE-2020-28833
+	RESERVED
+CVE-2020-28832
+	RESERVED
+CVE-2020-28831
+	RESERVED
+CVE-2020-28830
+	RESERVED
+CVE-2020-28829
+	RESERVED
+CVE-2020-28828
+	RESERVED
+CVE-2020-28827
+	RESERVED
+CVE-2020-28826
+	RESERVED
+CVE-2020-28825
+	RESERVED
+CVE-2020-28824
+	RESERVED
+CVE-2020-28823
+	RESERVED
+CVE-2020-28822
+	RESERVED
+CVE-2020-28821
+	RESERVED
+CVE-2020-28820
+	RESERVED
+CVE-2020-28819
+	RESERVED
+CVE-2020-28818
+	RESERVED
+CVE-2020-28817
+	RESERVED
+CVE-2020-28816
+	RESERVED
+CVE-2020-28815
+	RESERVED
+CVE-2020-28814
+	RESERVED
+CVE-2020-28813
+	RESERVED
+CVE-2020-28812
+	RESERVED
+CVE-2020-28811
+	RESERVED
+CVE-2020-28810
+	RESERVED
+CVE-2020-28809
+	RESERVED
+CVE-2020-28808
+	RESERVED
+CVE-2020-28807
+	RESERVED
+CVE-2020-28806
+	RESERVED
+CVE-2020-28805
+	RESERVED
+CVE-2020-28804
+	RESERVED
+CVE-2020-28803
+	RESERVED
+CVE-2020-28802
+	RESERVED
+CVE-2020-28801
+	RESERVED
+CVE-2020-28800
+	RESERVED
+CVE-2020-28799
+	RESERVED
+CVE-2020-28798
+	RESERVED
+CVE-2020-28797
+	RESERVED
+CVE-2020-28796
+	RESERVED
+CVE-2020-28795
+	RESERVED
+CVE-2020-28794
+	RESERVED
+CVE-2020-28793
+	RESERVED
+CVE-2020-28792
+	RESERVED
+CVE-2020-28791
+	RESERVED
+CVE-2020-28790
+	RESERVED
+CVE-2020-28789
+	RESERVED
+CVE-2020-28788
+	RESERVED
+CVE-2020-28787
+	RESERVED
+CVE-2020-28786
+	RESERVED
+CVE-2020-28785
+	RESERVED
+CVE-2020-28784
+	RESERVED
+CVE-2020-28783
+	RESERVED
+CVE-2020-28782
+	RESERVED
+CVE-2020-28781
+	RESERVED
+CVE-2020-28780
+	RESERVED
+CVE-2020-28779
+	RESERVED
+CVE-2020-28778
+	RESERVED
+CVE-2020-28777
+	RESERVED
+CVE-2020-28776
+	RESERVED
+CVE-2020-28775
+	RESERVED
+CVE-2020-28774
+	RESERVED
+CVE-2020-28773
+	RESERVED
+CVE-2020-28772
+	RESERVED
+CVE-2020-28771
+	RESERVED
+CVE-2020-28770
+	RESERVED
+CVE-2020-28769
+	RESERVED
+CVE-2020-28768
+	RESERVED
+CVE-2020-28767
+	RESERVED
+CVE-2020-28766
+	RESERVED
+CVE-2020-28765
+	RESERVED
+CVE-2020-28764
+	RESERVED
+CVE-2020-28763
+	RESERVED
+CVE-2020-28762
+	RESERVED
+CVE-2020-28761
+	RESERVED
+CVE-2020-28760
+	RESERVED
+CVE-2020-28759
+	RESERVED
+CVE-2020-28758
+	RESERVED
+CVE-2020-28757
+	RESERVED
+CVE-2020-28756
+	RESERVED
+CVE-2020-28755
+	RESERVED
+CVE-2020-28754
+	RESERVED
+CVE-2020-28753
+	RESERVED
+CVE-2020-28752
+	RESERVED
+CVE-2020-28751
+	RESERVED
+CVE-2020-28750
+	RESERVED
+CVE-2020-28749
+	RESERVED
+CVE-2020-28748
+	RESERVED
+CVE-2020-28747
+	RESERVED
+CVE-2020-28746
+	RESERVED
+CVE-2020-28745
+	RESERVED
+CVE-2020-28744
+	RESERVED
+CVE-2020-28743
+	RESERVED
+CVE-2020-28742
+	RESERVED
+CVE-2020-28741
+	RESERVED
+CVE-2020-28740
+	RESERVED
+CVE-2020-28739
+	RESERVED
+CVE-2020-28738
+	RESERVED
+CVE-2020-28737
+	RESERVED
+CVE-2020-28736
+	RESERVED
+CVE-2020-28735
+	RESERVED
+CVE-2020-28734
+	RESERVED
+CVE-2020-28733
+	RESERVED
+CVE-2020-28732
+	RESERVED
+CVE-2020-28731
+	RESERVED
+CVE-2020-28730
+	RESERVED
+CVE-2020-28729
+	RESERVED
+CVE-2020-28728
+	RESERVED
+CVE-2020-28727
+	RESERVED
+CVE-2020-28726
+	RESERVED
+CVE-2020-28725
+	RESERVED
+CVE-2020-28724
+	RESERVED
+CVE-2020-28723
+	RESERVED
+CVE-2020-28722
+	RESERVED
+CVE-2020-28721
+	RESERVED
+CVE-2020-28720
+	RESERVED
+CVE-2020-28719
+	RESERVED
+CVE-2020-28718
+	RESERVED
+CVE-2020-28717
+	RESERVED
+CVE-2020-28716
+	RESERVED
+CVE-2020-28715
+	RESERVED
+CVE-2020-28714
+	RESERVED
+CVE-2020-28713
+	RESERVED
+CVE-2020-28712
+	RESERVED
+CVE-2020-28711
+	RESERVED
+CVE-2020-28710
+	RESERVED
+CVE-2020-28709
+	RESERVED
+CVE-2020-28708
+	RESERVED
+CVE-2020-28707
+	RESERVED
+CVE-2020-28706
+	RESERVED
+CVE-2020-28705
+	RESERVED
+CVE-2020-28704
+	RESERVED
+CVE-2020-28703
+	RESERVED
+CVE-2020-28702
+	RESERVED
+CVE-2020-28701
+	RESERVED
+CVE-2020-28700
+	RESERVED
+CVE-2020-28699
+	RESERVED
+CVE-2020-28698
+	RESERVED
+CVE-2020-28697
+	RESERVED
+CVE-2020-28696
+	RESERVED
+CVE-2020-28695
+	RESERVED
+CVE-2020-28694
+	RESERVED
+CVE-2020-28693
+	RESERVED
+CVE-2020-28692
+	RESERVED
+CVE-2020-28691
+	RESERVED
+CVE-2020-28690
+	RESERVED
+CVE-2020-28689
+	RESERVED
+CVE-2020-28688
+	RESERVED
+CVE-2020-28687
+	RESERVED
+CVE-2020-28686
+	RESERVED
+CVE-2020-28685
+	RESERVED
+CVE-2020-28684
+	RESERVED
+CVE-2020-28683
+	RESERVED
+CVE-2020-28682
+	RESERVED
+CVE-2020-28681
+	RESERVED
+CVE-2020-28680
+	RESERVED
+CVE-2020-28679
+	RESERVED
+CVE-2020-28678
+	RESERVED
+CVE-2020-28677
+	RESERVED
+CVE-2020-28676
+	RESERVED
+CVE-2020-28675
+	RESERVED
+CVE-2020-28674
+	RESERVED
+CVE-2020-28673
+	RESERVED
+CVE-2020-28672
+	RESERVED
+CVE-2020-28671
+	RESERVED
+CVE-2020-28670
+	RESERVED
+CVE-2020-28669
+	RESERVED
+CVE-2020-28668
+	RESERVED
+CVE-2020-28667
+	RESERVED
+CVE-2020-28666
+	RESERVED
+CVE-2020-28665
+	RESERVED
+CVE-2020-28664
+	RESERVED
+CVE-2020-28663
+	RESERVED
+CVE-2020-28662
+	RESERVED
+CVE-2020-28661
+	RESERVED
+CVE-2020-28660
+	RESERVED
+CVE-2020-28659
+	RESERVED
+CVE-2020-28658
+	RESERVED
+CVE-2020-28657
+	RESERVED
+CVE-2020-28656 (The update functionality of the Discover Media infotainment system in  ...)
+	TODO: check
+CVE-2020-28655
+	RESERVED
+CVE-2020-28654
+	RESERVED
+CVE-2020-28653
+	RESERVED
+CVE-2020-28652
+	RESERVED
+CVE-2020-28651
+	RESERVED
+CVE-2020-28650 (The WPBakery plugin before 6.4.1 for WordPress allows XSS because it c ...)
+	TODO: check
+CVE-2020-28649 (The orbisius-child-theme-creator plugin before 1.5.2 for WordPress all ...)
+	TODO: check
+CVE-2020-28648 (Improper input validation in the Auto-Discovery component of Nagios XI ...)
+	TODO: check
+CVE-2020-28647
+	RESERVED
+CVE-2020-28646
+	RESERVED
+CVE-2020-28645
+	RESERVED
+CVE-2020-28644
+	RESERVED
+CVE-2020-28643
+	RESERVED
+CVE-2020-28642 (In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail gener ...)
+	TODO: check
+CVE-2020-28641
+	RESERVED
+CVE-2020-28640
+	RESERVED
+CVE-2020-28639
+	RESERVED
 CVE-2021-1625
 	RESERVED
 CVE-2021-1624
@@ -3432,8 +3934,8 @@ CVE-2020-28270 (Overview:Prototype pollution vulnerability in ‘object-hier
 	NOT-FOR-US: Node object-hierarchy-access
 CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1 through 1. ...)
 	NOT-FOR-US: Node field
-CVE-2020-28268
-	RESERVED
+CVE-2020-28268 (Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 ...)
+	TODO: check
 CVE-2020-28267 (Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0  ...)
 	NOT-FOR-US: Node strikeentco/set
 CVE-2017-18926 (raptor_xml_writer_start_element_common in raptor_xml_writer.c in Rapto ...)
@@ -9541,6 +10043,7 @@ CVE-2020-25711
 	NOT-FOR-US: Infinispan
 CVE-2020-25708 [libvncserver/rfbserver.c has a divide by zero which could result in DoS]
 	RESERVED
+	{DLA-2451-1}
 	- libvncserver 0.9.13+dfsg-1
 	NOTE: https://github.com/LibVNC/libvncserver/issues/409
 	NOTE: https://github.com/LibVNC/libvncserver/commit/673c07a75ed844d74676f3ccdcfdc706a7052dba
@@ -9589,8 +10092,7 @@ CVE-2020-25696 [psql's \gset allows overwriting specially treated variables]
 	- postgresql-9.6 <removed>
 	[stretch] - postgresql-9.6 <no-dsa> (Minor issue)
 	NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
-CVE-2020-25695 [Multiple features escape "security restricted operation" sandbox]
-	RESERVED
+CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...)
 	- postgresql-13 13.1-1
 	- postgresql-12 <unfixed>
 	- postgresql-11 <removed>
@@ -9598,8 +10100,7 @@ CVE-2020-25695 [Multiple features escape "security restricted operation" sandbox
 	- postgresql-9.6 <removed>
 	[stretch] - postgresql-9.6 <no-dsa> (Minor issue)
 	NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
-CVE-2020-25694 [Reconnection can downgrade connection security settings]
-	RESERVED
+CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...)
 	- postgresql-13 13.1-1
 	- postgresql-12 <unfixed>
 	- postgresql-11 <removed>
@@ -51217,16 +51718,16 @@ CVE-2020-8275
 	RESERVED
 CVE-2020-8274
 	RESERVED
-CVE-2020-8273
-	RESERVED
-CVE-2020-8272
-	RESERVED
-CVE-2020-8271
-	RESERVED
-CVE-2020-8270
-	RESERVED
-CVE-2020-8269
-	RESERVED
+CVE-2020-8273 (Privilege escalation of an authenticated user to root in Citrix SD-WAN ...)
+	TODO: check
+CVE-2020-8272 (Authentication Bypass resulting in exposure of SD-WAN functionality in ...)
+	TODO: check
+CVE-2020-8271 (Unauthenticated remote code execution with root privileges in Citrix S ...)
+	TODO: check
+CVE-2020-8270 (An unprivileged Windows user on the VDA or an SMB user can perform arb ...)
+	TODO: check
+CVE-2020-8269 (An unprivileged Windows user on the VDA can perform arbitrary command  ...)
+	TODO: check
 CVE-2020-8268 (Prototype pollution vulnerability in json8-merge-patch npm package &lt ...)
 	NOT-FOR-US: Node json8-merge-patch
 CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10 and ea ...)
@@ -51249,8 +51750,8 @@ CVE-2020-8261 (A vulnerability in the Pulse Connect Secure / Pulse Policy Secure
 	NOT-FOR-US: Pulse Secure Pulse Connect Secure / Pulse Policy Secure
 CVE-2020-8260 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web inter ...)
 	NOT-FOR-US: Pulse Secure Pulse Connect Secure
-CVE-2020-8259
-	RESERVED
+CVE-2020-8259 (Insufficient protection of the server-side encryption keys in Nextclou ...)
+	TODO: check
 CVE-2020-8258
 	RESERVED
 CVE-2020-8257
@@ -51569,8 +52070,8 @@ CVE-2020-8154 (An Insecure direct object reference vulnerability in Nextcloud Se
 	- nextcloud-server <itp> (bug #941708)
 CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to delete hi ...)
 	NOT-FOR-US: Nextcloud Groupfolders app
-CVE-2020-8152
-	RESERVED
+CVE-2020-8152 (Insufficient protection of the server-side encryption keys in Nextclou ...)
+	TODO: check
 CVE-2020-8151 (There is a possible information disclosure issue in Active Resource &l ...)
 	- rails <not-affected> (Vulnerable code splitted out upstream before initial upload to Debian)
 	NOTE: ActiveResource was extracted to a separate gem in starting in the 4.0 rails
@@ -57816,22 +58317,22 @@ CVE-2020-5668
 	RESERVED
 CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS ...)
 	NOT-FOR-US: Studyplus
-CVE-2020-5666
-	RESERVED
+CVE-2020-5666 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series  ...)
+	TODO: check
 CVE-2020-5665
 	RESERVED
-CVE-2020-5664
-	RESERVED
-CVE-2020-5663
-	RESERVED
-CVE-2020-5662
-	RESERVED
+CVE-2020-5664 (Deserialization of untrusted data vulnerability in XooNIps 3.49 and ea ...)
+	TODO: check
+CVE-2020-5663 (Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier  ...)
+	TODO: check
+CVE-2020-5662 (Reflected cross-site scripting vulnerability in XooNIps 3.49 and earli ...)
+	TODO: check
 CVE-2020-5661
 	RESERVED
 CVE-2020-5660
 	RESERVED
-CVE-2020-5659
-	RESERVED
+CVE-2020-5659 (SQL injection vulnerability in the XooNIps 3.49 and earlier allows rem ...)
+	TODO: check
 CVE-2020-5658 (Resource Management Errors vulnerability in TCP/IP function included i ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2020-5657 (Improper neutralization of argument delimiters in a command ('Argument ...)
@@ -66467,12 +66968,12 @@ CVE-2020-2494
 	RESERVED
 CVE-2020-2493
 	RESERVED
-CVE-2020-2492
-	RESERVED
+CVE-2020-2492 (If exploited, the command injection vulnerability could allow remote a ...)
+	TODO: check
 CVE-2020-2491
 	RESERVED
-CVE-2020-2490
-	RESERVED
+CVE-2020-2490 (If exploited, the command injection vulnerability could allow remote a ...)
+	TODO: check
 CVE-2019-19701
 	RESERVED
 CVE-2019-19700
@@ -67881,22 +68382,22 @@ CVE-2019-19565
 	RESERVED
 CVE-2019-19564
 	RESERVED
-CVE-2019-19563
-	RESERVED
-CVE-2019-19562
-	RESERVED
-CVE-2019-19561
-	RESERVED
-CVE-2019-19560
-	RESERVED
+CVE-2019-19563 (A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1  ...)
+	TODO: check
+CVE-2019-19562 (An authentication bypass in the debug interface in Mercedes-Benz HERME ...)
+	TODO: check
+CVE-2019-19561 (A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5  ...)
+	TODO: check
+CVE-2019-19560 (An authentication bypass in the debug interface in Mercedes-Benz HERME ...)
+	TODO: check
 CVE-2019-19559
 	RESERVED
 CVE-2019-19558
 	RESERVED
-CVE-2019-19557
-	RESERVED
-CVE-2019-19556
-	RESERVED
+CVE-2019-19557 (A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 al ...)
+	TODO: check
+CVE-2019-19556 (An authentication bypass in the debug interface in Mercedes-Benz HERME ...)
+	TODO: check
 CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buf ...)
 	{DLA-2073-1}
 	- fig2dev 1:3.2.7b-2 (unimportant; bug #946176)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/824e31eb77adaf15d633ddac093681393c0541c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/824e31eb77adaf15d633ddac093681393c0541c9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201116/5abd2bc3/attachment.html>

More information about the debian-security-tracker-commits mailing list