[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 17 20:10:39 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
614c8a91 by security tracker role at 2020-11-17T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-28911
+ RESERVED
+CVE-2020-28910
+ RESERVED
+CVE-2020-28909
+ RESERVED
+CVE-2020-28908
+ RESERVED
+CVE-2020-28907
+ RESERVED
+CVE-2020-28906
+ RESERVED
+CVE-2020-28905
+ RESERVED
+CVE-2020-28904
+ RESERVED
+CVE-2020-28903
+ RESERVED
+CVE-2020-28902
+ RESERVED
+CVE-2020-28901
+ RESERVED
+CVE-2020-28900
+ RESERVED
CVE-2020-28899
RESERVED
CVE-2020-28898
@@ -420,10 +444,10 @@ CVE-2020-28690
RESERVED
CVE-2020-28689
RESERVED
-CVE-2020-28688
- RESERVED
-CVE-2020-28687
- RESERVED
+CVE-2020-28688 (The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCR ...)
+ TODO: check
+CVE-2020-28687 (The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASC ...)
+ TODO: check
CVE-2020-28686
RESERVED
CVE-2020-28685
@@ -502,8 +526,8 @@ CVE-2020-28649 (The orbisius-child-theme-creator plugin before 1.5.2 for WordPre
NOT-FOR-US: orbisius-child-theme-creator plugin for WordPress
CVE-2020-28648 (Improper input validation in the Auto-Discovery component of Nagios XI ...)
NOT-FOR-US: Nagios XI
-CVE-2020-28647
- RESERVED
+CVE-2020-28647 (In Progress MOVEit Transfer before 2020.1, a malicious user could craf ...)
+ TODO: check
CVE-2020-28646
RESERVED
CVE-2020-28645
@@ -2123,11 +2147,13 @@ CVE-2020-28416
RESERVED
CVE-2020-25710 [assertion failure in CSN normalization with invalid input]
RESERVED
+ {DSA-4792-1}
- openldap 2.4.56+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9384
NOTE: https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2 (OPENLDAP_REL_ENG_2_4_56)
CVE-2020-25709 [assertion failure in Certificate List syntax validation]
RESERVED
+ {DSA-4792-1}
- openldap 2.4.56+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383
NOTE: https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65 (OPENLDAP_REL_ENG_2_4_56)
@@ -4231,22 +4257,22 @@ CVE-2020-28142
RESERVED
CVE-2020-28141
RESERVED
-CVE-2020-28140
- RESERVED
-CVE-2020-28139
- RESERVED
-CVE-2020-28138
- RESERVED
+CVE-2020-28140 (SourceCodester Online Clothing Store 1.0 is affected by an arbitrary f ...)
+ TODO: check
+CVE-2020-28139 (SourceCodester Online Clothing Store 1.0 is affected by a cross-site s ...)
+ TODO: check
+CVE-2020-28138 (SourceCodester Online Clothing Store 1.0 is affected by a SQL Injectio ...)
+ TODO: check
CVE-2020-28137
RESERVED
-CVE-2020-28136
- RESERVED
+CVE-2020-28136 (An Arbitrary File Upload is discovered in SourceCodester Tourism Manag ...)
+ TODO: check
CVE-2020-28135
RESERVED
CVE-2020-28134
RESERVED
-CVE-2020-28133
- RESERVED
+CVE-2020-28133 (An issue was discovered in SourceCodester Simple Grocery Store Sales A ...)
+ TODO: check
CVE-2020-28132
RESERVED
CVE-2020-28131
@@ -4423,7 +4449,7 @@ CVE-2020-28048
RESERVED
CVE-2020-28047 (AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scr ...)
NOT-FOR-US: AudimexEE
-CVE-2020-27347 (The function input_csi_dispatch_sgr_colon() in file input.c contained ...)
+CVE-2020-27347 (In tmux before version 3.1c the function input_csi_dispatch_sgr_colon( ...)
- tmux 3.1c-1
[buster] - tmux <not-affected> (Vulnerable code introduced later)
[stretch] - tmux <not-affected> (Vulnerable code introduced later)
@@ -6112,18 +6138,18 @@ CVE-2020-27560 (ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFr
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6e3b13c7ef94d72b40fba91987897c4326717a46
CVE-2020-27559
RESERVED
-CVE-2020-27558
- RESERVED
-CVE-2020-27557
- RESERVED
-CVE-2020-27556
- RESERVED
-CVE-2020-27555
- RESERVED
-CVE-2020-27554
- RESERVED
-CVE-2020-27553
- RESERVED
+CVE-2020-27558 (Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 201 ...)
+ TODO: check
+CVE-2020-27557 (Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT ...)
+ TODO: check
+CVE-2020-27556 (A predictable device ID in BASETech GE-131 BT-1837836 firmware 2018092 ...)
+ TODO: check
+CVE-2020-27555 (Use of default credentials for the telnet server in BASETech GE-131 BT ...)
+ TODO: check
+CVE-2020-27554 (Cleartext Transmission of Sensitive Information vulnerability in BASET ...)
+ TODO: check
+CVE-2020-27553 (A directory traversal vulnerability in BASETech GE-131 BT-1837836 firm ...)
+ TODO: check
CVE-2020-27552
RESERVED
CVE-2020-27551
@@ -7952,8 +7978,8 @@ CVE-2020-26703
RESERVED
CVE-2020-26702
RESERVED
-CVE-2020-26701
- RESERVED
+CVE-2020-26701 (Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa ...)
+ TODO: check
CVE-2020-26700
RESERVED
CVE-2020-26699
@@ -8603,8 +8629,7 @@ CVE-2020-26407
RESERVED
CVE-2020-26406 (Certain SAST CiConfiguration information could be viewed by unauthoriz ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2020-26405
- RESERVED
+CVE-2020-26405 (Path traversal vulnerability in package upload functionality in GitLab ...)
- gitlab 13.3.9-1
NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
CVE-2020-26404
@@ -9933,8 +9958,8 @@ CVE-2020-25800
RESERVED
CVE-2020-25799
RESERVED
-CVE-2020-25798
- RESERVED
+CVE-2020-25798 (A stored cross-site scripting (XSS) vulnerability in LimeSurvey before ...)
+ TODO: check
CVE-2020-25797
RESERVED
CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload ...)
@@ -10056,8 +10081,8 @@ CVE-2020-25748 (A Cleartext Transmission issue was discovered on Rubetek RV-3406
NOT-FOR-US: Rubetek
CVE-2020-25747 (The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (f ...)
NOT-FOR-US: Rubetek
-CVE-2020-25746
- RESERVED
+CVE-2020-25746 (QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local att ...)
+ TODO: check
CVE-2020-25745
RESERVED
CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to ...)
@@ -10952,8 +10977,8 @@ CVE-2020-25402
RESERVED
CVE-2020-25401
RESERVED
-CVE-2020-25400
- RESERVED
+CVE-2020-25400 (Cross domain policies in Taskcafe Project Management tool before versi ...)
+ TODO: check
CVE-2020-25399 (Stored XSS in InterMind iMind Server through 3.13.65 allows any user t ...)
NOT-FOR-US: InterMind iMind Server
CVE-2020-25398 (CSV Injection exists in InterMind iMind Server through 3.13.65 via the ...)
@@ -18699,8 +18724,8 @@ CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php
NOT-FOR-US: fastadmin-tp6
CVE-2020-21666
RESERVED
-CVE-2020-21665
- RESERVED
+CVE-2020-21665 (In fastadmin V1.0.0.20191212_beta, when a user with administrator righ ...)
+ TODO: check
CVE-2020-21664
RESERVED
CVE-2020-21663
@@ -35884,8 +35909,7 @@ CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices
NOT-FOR-US: D-Link
CVE-2020-13959
RESERVED
-CVE-2020-13958
- RESERVED
+CVE-2020-13958 (A vulnerability in Apache OpenOffice scripting events allows an attack ...)
NOT-FOR-US: Apache OpenOffice
CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 ...)
- lucene-solr <not-affected> (Vulnerable functionality not yet present)
@@ -37493,19 +37517,15 @@ CVE-2020-13353 (When importing repos via URL, one time use git credentials were
CVE-2020-13352 (Private group info is leaked leaked in GitLab CE/EE version 10.2 and a ...)
- gitlab 13.3.9-1
NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
-CVE-2020-13351
- RESERVED
+CVE-2020-13351 (Insufficient permission checks in scheduled pipeline API in GitLab CE/ ...)
- gitlab 13.3.9-1
NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
-CVE-2020-13350
- RESERVED
+CVE-2020-13350 (CSRF in runner administration page in all versions of GitLab CE/EE all ...)
- gitlab 13.3.9-1
NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
-CVE-2020-13349
- RESERVED
+CVE-2020-13349 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2020-13348
- RESERVED
+CVE-2020-13348 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2020-13347 (A command injection vulnerability was discovered in Gitlab runner vers ...)
- gitlab-ci-multi-runner <not-affected> (Only affects gitlab-runner when configured on Windows)
@@ -53069,8 +53089,8 @@ CVE-2020-7843
RESERVED
CVE-2020-7842
RESERVED
-CVE-2020-7841
- RESERVED
+CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT XPLATFORM w ...)
+ TODO: check
CVE-2020-7840
RESERVED
CVE-2020-7839
@@ -53203,8 +53223,8 @@ CVE-2020-7776
RESERVED
CVE-2020-7775
RESERVED
-CVE-2020-7774
- RESERVED
+CVE-2020-7774 (This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = ...)
+ TODO: check
CVE-2020-7773 (This affects the package markdown-it-highlightjs before 3.3.1. It is p ...)
TODO: check
CVE-2020-7772 (This affects the package doc-path before 2.1.2. ...)
@@ -53239,7 +53259,7 @@ CVE-2020-7760 (This affects the package codemirror before 5.58.2; the package or
NOTE: https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
CVE-2020-7759 (The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable ...)
NOT-FOR-US: pimcore
-CVE-2020-7758 (This affects all versions of package browserless-chrome. User input fl ...)
+CVE-2020-7758 (This affects versions of package browserless-chrome before 1.40.2-chro ...)
NOT-FOR-US: Node browserless-chrome
CVE-2020-7757 (This affects all versions of package droppy. It is possible to travers ...)
NOT-FOR-US: droppy
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/614c8a91b4047f09e8ee8e49f14a74a257daf454
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/614c8a91b4047f09e8ee8e49f14a74a257daf454
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201117/39582568/attachment.html>
More information about the debian-security-tracker-commits
mailing list