[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Nov 16 20:10:33 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99d6ba4a by security tracker role at 2020-11-16T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-28890
+ RESERVED
CVE-2020-28889
RESERVED
CVE-2020-28888
@@ -330,8 +332,8 @@ CVE-2020-28725
RESERVED
CVE-2020-28724
RESERVED
-CVE-2020-28723
- RESERVED
+CVE-2020-28723 (Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. ...)
+ TODO: check
CVE-2020-28722
RESERVED
CVE-2020-28721
@@ -392,8 +394,8 @@ CVE-2020-28694
RESERVED
CVE-2020-28693
RESERVED
-CVE-2020-28692
- RESERVED
+CVE-2020-28692 (In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and ...)
+ TODO: check
CVE-2020-28691
RESERVED
CVE-2020-28690
@@ -4555,14 +4557,14 @@ CVE-2020-27993 (Hrsale 2.0.0 allows download?type=files&filename=../ directo
NOT-FOR-US: Hrsale
CVE-2020-27992 (Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse ...)
NOT-FOR-US: Dr.Fone
-CVE-2020-27991
- RESERVED
-CVE-2020-27990
- RESERVED
-CVE-2020-27989
- RESERVED
-CVE-2020-27988
- RESERVED
+CVE-2020-27991 (Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Em ...)
+ TODO: check
+CVE-2020-27990 (Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (ad ...)
+ TODO: check
+CVE-2020-27989 (Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit D ...)
+ TODO: check
+CVE-2020-27988 (Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username ...)
+ TODO: check
CVE-2020-27987
RESERVED
CVE-2020-27986 (** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discov ...)
@@ -5895,22 +5897,22 @@ CVE-2020-27631
RESERVED
CVE-2020-27630
RESERVED
-CVE-2020-27629
- RESERVED
-CVE-2020-27628
- RESERVED
-CVE-2020-27627
- RESERVED
-CVE-2020-27626
- RESERVED
-CVE-2020-27625
- RESERVED
-CVE-2020-27624
- RESERVED
-CVE-2020-27623
- RESERVED
-CVE-2020-27622
- RESERVED
+CVE-2020-27629 (In JetBrains TeamCity before 2020.1.5, secure dependency parameters co ...)
+ TODO: check
+CVE-2020-27628 (In JetBrains TeamCity before 2020.1.5, the Guest user had access to au ...)
+ TODO: check
+CVE-2020-27627 (JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. ...)
+ TODO: check
+CVE-2020-27626 (JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. ...)
+ TODO: check
+CVE-2020-27625 (In JetBrains YouTrack before 2020.3.888, notifications might have ment ...)
+ TODO: check
+CVE-2020-27624 (JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. ...)
+ TODO: check
+CVE-2020-27623 (JetBrains IdeaVim before version 0.58 might have caused an information ...)
+ TODO: check
+CVE-2020-27622 (In JetBrains IntelliJ IDEA before 2020.2, the built-in web server coul ...)
+ TODO: check
CVE-2020-27621 (The FileImporter extension in MediaWiki through 1.35.0 was not properl ...)
NOT-FOR-US: MediaWiki extension
CVE-2020-27620 (The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because Me ...)
@@ -6287,8 +6289,8 @@ CVE-2020-27461
RESERVED
CVE-2020-27460
RESERVED
-CVE-2020-27459
- RESERVED
+CVE-2020-27459 (Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a ...)
+ TODO: check
CVE-2020-27458
RESERVED
CVE-2020-27457
@@ -6359,10 +6361,10 @@ CVE-2020-27425
RESERVED
CVE-2020-27424
RESERVED
-CVE-2020-27423
- RESERVED
-CVE-2020-27422
- RESERVED
+CVE-2020-27423 (Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password rese ...)
+ TODO: check
+CVE-2020-27422 (In Anuko Time Tracker v1.19.23.5311, the password reset link emailed t ...)
+ TODO: check
CVE-2020-27421
RESERVED
CVE-2020-27420
@@ -6828,8 +6830,8 @@ CVE-2020-27193 (A cross-site scripting (XSS) vulnerability in the Color Dialog p
NOT-FOR-US: CKEditor plugin
CVE-2020-27192
RESERVED
-CVE-2020-27191
- RESERVED
+CVE-2020-27191 (LionWiki before 3.2.12 allows an unauthenticated user to read files as ...)
+ TODO: check
CVE-2020-27194 (An issue was discovered in the Linux kernel before 5.8.15. scalar32_mi ...)
- linux 5.9.1-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -8292,12 +8294,12 @@ CVE-2020-26512
RESERVED
CVE-2020-26511 (The wpo365-login plugin before v11.7 for WordPress allows use of a sym ...)
NOT-FOR-US: wpo365-login plugin for WordPress
-CVE-2020-26510
- RESERVED
-CVE-2020-26509
- RESERVED
-CVE-2020-26508
- RESERVED
+CVE-2020-26510 (Airleader Master <= 6.21 devices have default credentials that can ...)
+ TODO: check
+CVE-2020-26509 (Airleader Master and Easy <= 6.21 devices have default credentials ...)
+ TODO: check
+CVE-2020-26508 (The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices all ...)
+ TODO: check
CVE-2020-26507 (A CSV Injection (also known as Formula Injection) vulnerability in the ...)
NOT-FOR-US: Marmind web application
CVE-2020-26506 (An Authorization Bypass vulnerability in the Marmind web application w ...)
@@ -9104,8 +9106,8 @@ CVE-2020-26131 (Issues were discovered in Open DHCP Server (Regular) 1.75 and Op
NOT-FOR-US: Open DHCP Server
CVE-2020-26130 (Issues were discovered in Open TFTP Server multithreaded 1.66 and Open ...)
NOT-FOR-US: Open TFTP Server
-CVE-2020-26129
- RESERVED
+CVE-2020-26129 (In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. ...)
+ TODO: check
CVE-2020-26128
RESERVED
CVE-2020-26127
@@ -9483,8 +9485,8 @@ CVE-2020-25954
RESERVED
CVE-2020-25953
RESERVED
-CVE-2020-25952
- RESERVED
+CVE-2020-25952 (SQL injection vulnerability in PHPGurukul User Registration & Logi ...)
+ TODO: check
CVE-2020-25951
RESERVED
CVE-2020-25950
@@ -11281,14 +11283,14 @@ CVE-2020-25211 (In the Linux kernel through 5.8.7, local attackers able to injec
{DSA-4774-1 DLA-2420-1 DLA-2417-1}
- linux 5.8.14-1
NOTE: https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
-CVE-2020-25210
- RESERVED
-CVE-2020-25209
- RESERVED
+CVE-2020-25210 (In JetBrains YouTrack before 2020.3.7955, an attacker could access wor ...)
+ TODO: check
+CVE-2020-25209 (In JetBrains YouTrack before 2020.3.6638, improper access control for ...)
+ TODO: check
CVE-2020-25208
RESERVED
-CVE-2020-25207
- RESERVED
+CVE-2020-25207 (JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Exe ...)
+ TODO: check
CVE-2020-25206
RESERVED
CVE-2020-25205
@@ -11727,8 +11729,8 @@ CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. G
NOT-FOR-US: Genexis Platinum 4410 V2-1.28
CVE-2020-25014
RESERVED
-CVE-2020-25013
- RESERVED
+CVE-2020-25013 (JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Ser ...)
+ TODO: check
CVE-2020-25012
RESERVED
CVE-2020-25011
@@ -13146,8 +13148,8 @@ CVE-2020-24368 (Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Di
NOTE: https://github.com/Icinga/icingaweb2/commit/3035efac65ca2f7977916bd117056aa411776dfd (master)
CVE-2020-24367 (Incorrect file permissions in BlueStacks 4 through 4.230 on Windows al ...)
NOT-FOR-US: BlueStacks
-CVE-2020-24366
- RESERVED
+CVE-2020-24366 (Sensitive information could be disclosed in the JetBrains YouTrack app ...)
+ TODO: check
CVE-2020-24365 (An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-12 ...)
NOT-FOR-US: Gemtek devices
CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via the note ...)
@@ -14937,10 +14939,10 @@ CVE-2020-23492
RESERVED
CVE-2020-23491
RESERVED
-CVE-2020-23490
- RESERVED
-CVE-2020-23489
- RESERVED
+CVE-2020-23490 (There was a local file disclosure vulnerability in AVideo < 8.9 via ...)
+ TODO: check
+CVE-2020-23489 (The import.json.php file before 8.9 for Avideo is vulnerable to a File ...)
+ TODO: check
CVE-2020-23488
RESERVED
CVE-2020-23487
@@ -36359,16 +36361,16 @@ CVE-2020-13775 (ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger
NOTE: Introduced with: https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001 (znc-1.8.0)
CVE-2020-13774 (An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivant ...)
NOT-FOR-US: Ivanti
-CVE-2020-13773
- RESERVED
-CVE-2020-13772
- RESERVED
+CVE-2020-13773 (Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_spli ...)
+ TODO: check
+CVE-2020-13772 (In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, a ...)
+ TODO: check
CVE-2020-13771 (Various components in Ivanti Endpoint Manager through 2020.1.1 rely on ...)
NOT-FOR-US: Ivanti
CVE-2020-13770 (Several services are accessing named pipes in Ivanti Endpoint Manager ...)
NOT-FOR-US: Ivanti
-CVE-2020-13769
- RESERVED
+CVE-2020-13769 (LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows S ...)
+ TODO: check
CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via ...)
NOT-FOR-US: MiniShare
CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could allow an u ...)
@@ -50189,8 +50191,8 @@ CVE-2020-8899 (There is a buffer overwrite vulnerability in the Quram qmg librar
NOT-FOR-US: Samsung
CVE-2020-8898
RESERVED
-CVE-2020-8897
- RESERVED
+CVE-2020-8897 (A weak robustness vulnerability exists in the AWS Encryption SDKs for ...)
+ TODO: check
CVE-2020-8896 (A Buffer Overflow vulnerability in the khcrypt implementation in Googl ...)
NOT-FOR-US: Google Earth Pro
CVE-2020-8895 (Untrusted Search Path vulnerability in the windows installer of Google ...)
@@ -53095,8 +53097,8 @@ CVE-2020-7775
RESERVED
CVE-2020-7774
RESERVED
-CVE-2020-7773
- RESERVED
+CVE-2020-7773 (This affects the package markdown-it-highlightjs before 3.3.1. It is p ...)
+ TODO: check
CVE-2020-7772 (This affects the package doc-path before 2.1.2. ...)
NOT-FOR-US: Node doc-path
CVE-2020-7771
@@ -53111,8 +53113,8 @@ CVE-2020-7767 (All versions of package express-validators are vulnerable to Regu
TODO: check
CVE-2020-7766 (This affects all versions of package json-ptr. The issue occurs in the ...)
TODO: check
-CVE-2020-7765
- RESERVED
+CVE-2020-7765 (This affects the package @firebase/util before 0.3.4. This vulnerabili ...)
+ TODO: check
CVE-2020-7764 (This affects the package find-my-way before 2.2.5, from 3.0.0 and befo ...)
NOT-FOR-US: Node find-my-way
CVE-2020-7763 (This affects the package phantom-html-to-pdf before 0.6.1. ...)
@@ -60827,8 +60829,8 @@ CVE-2020-4765
RESERVED
CVE-2020-4764
RESERVED
-CVE-2020-4763
- RESERVED
+CVE-2020-4763 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through ...)
+ TODO: check
CVE-2020-4762
RESERVED
CVE-2020-4761
@@ -60943,8 +60945,8 @@ CVE-2020-4707
RESERVED
CVE-2020-4706
RESERVED
-CVE-2020-4705
- RESERVED
+CVE-2020-4705 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
+ TODO: check
CVE-2020-4704 (IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripti ...)
NOT-FOR-US: IBM
CVE-2020-4703 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console ...)
@@ -60953,8 +60955,8 @@ CVE-2020-4702 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cr
NOT-FOR-US: IBM
CVE-2020-4701
RESERVED
-CVE-2020-4700
- RESERVED
+CVE-2020-4700 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
+ TODO: check
CVE-2020-4699 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
NOT-FOR-US: IBM
CVE-2020-4698 (IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Work ...)
@@ -60969,8 +60971,8 @@ CVE-2020-4694
RESERVED
CVE-2020-4693 (IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8. ...)
NOT-FOR-US: IBM
-CVE-2020-4692
- RESERVED
+CVE-2020-4692 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
+ TODO: check
CVE-2020-4691
RESERVED
CVE-2020-4690
@@ -61009,10 +61011,10 @@ CVE-2020-4674
RESERVED
CVE-2020-4673
RESERVED
-CVE-2020-4672
- RESERVED
-CVE-2020-4671
- RESERVED
+CVE-2020-4672 (IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site ...)
+ TODO: check
+CVE-2020-4671 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
+ TODO: check
CVE-2020-4670
RESERVED
CVE-2020-4669
@@ -61023,8 +61025,8 @@ CVE-2020-4667
RESERVED
CVE-2020-4666
RESERVED
-CVE-2020-4665
- RESERVED
+CVE-2020-4665 (IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through ...)
+ TODO: check
CVE-2020-4664
RESERVED
CVE-2020-4663
@@ -61043,8 +61045,8 @@ CVE-2020-4657
RESERVED
CVE-2020-4656
RESERVED
-CVE-2020-4655
- RESERVED
+CVE-2020-4655 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
+ TODO: check
CVE-2020-4654
RESERVED
CVE-2020-4653 (IBM Planning Analytics 2.0 could allow a remote attacker to conduct ph ...)
@@ -61059,8 +61061,8 @@ CVE-2020-4649 (IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics W
NOT-FOR-US: IBM
CVE-2020-4648 (A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars ...)
NOT-FOR-US: IBM
-CVE-2020-4647
- RESERVED
+CVE-2020-4647 (IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through ...)
+ TODO: check
CVE-2020-4646
RESERVED
CVE-2020-4645 (IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cr ...)
@@ -61221,8 +61223,8 @@ CVE-2020-4568 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user
NOT-FOR-US: IBM
CVE-2020-4567 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate acco ...)
NOT-FOR-US: IBM
-CVE-2020-4566
- RESERVED
+CVE-2020-4566 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 a ...)
+ TODO: check
CVE-2020-4565 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacke ...)
NOT-FOR-US: IBM
CVE-2020-4564 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 a ...)
@@ -61401,10 +61403,10 @@ CVE-2020-4478
RESERVED
CVE-2020-4477 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensi ...)
NOT-FOR-US: IBM
-CVE-2020-4476
- RESERVED
-CVE-2020-4475
- RESERVED
+CVE-2020-4476 (IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through ...)
+ TODO: check
+CVE-2020-4475 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 a ...)
+ TODO: check
CVE-2020-4474
RESERVED
CVE-2020-4473
@@ -180427,7 +180429,7 @@ CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest a
{DSA-4164-1 DLA-1389-1}
- apache2 2.4.33-1
NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/7
-CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-fre ...)
+CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-fre ...)
- xerces-c <unfixed> (bug #947431)
[buster] - xerces-c <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - xerces-c <postponed> (Minor issue, revisit when fixed upstream)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99d6ba4ad010b5021530acab549ccf3194de5634
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99d6ba4ad010b5021530acab549ccf3194de5634
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201116/813197ba/attachment.html>
More information about the debian-security-tracker-commits
mailing list