[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62bad4a3 by security tracker role at 2020-11-18T08:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-28914 (An improper file permissions vulnerability affects Kata Containers pri ...)
+	TODO: check
+CVE-2020-28913
+	RESERVED
+CVE-2020-28912
+	RESERVED
 CVE-2020-28911
 	RESERVED
 CVE-2020-28910
@@ -4170,8 +4176,8 @@ CVE-2020-28185
 	RESERVED
 CVE-2020-28184
 	RESERVED
-CVE-2020-28183
-	RESERVED
+CVE-2020-28183 (SQL injection vulnerability in SourceCodester Water Billing System 1.0 ...)
+	TODO: check
 CVE-2020-28182
 	RESERVED
 CVE-2020-28181
@@ -4277,10 +4283,10 @@ CVE-2020-28132
 	RESERVED
 CVE-2020-28131
 	RESERVED
-CVE-2020-28130
-	RESERVED
-CVE-2020-28129
-	RESERVED
+CVE-2020-28130 (An Arbitrary File Upload in the Upload Image component in SourceCodest ...)
+	TODO: check
+CVE-2020-28129 (Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym  ...)
+	TODO: check
 CVE-2020-28128
 	RESERVED
 CVE-2020-28127
@@ -4353,8 +4359,8 @@ CVE-2020-28094
 	RESERVED
 CVE-2020-28093
 	RESERVED
-CVE-2020-28092
-	RESERVED
+CVE-2020-28092 (PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=T ...)
+	TODO: check
 CVE-2020-28091
 	RESERVED
 CVE-2020-28090
@@ -8325,18 +8331,18 @@ CVE-2020-26555
 	RESERVED
 CVE-2020-26554
 	RESERVED
-CVE-2020-26553
-	RESERVED
-CVE-2020-26552
-	RESERVED
-CVE-2020-26551
-	RESERVED
-CVE-2020-26550
-	RESERVED
-CVE-2020-26549
-	RESERVED
-CVE-2020-26548
-	RESERVED
+CVE-2020-26553 (An issue was discovered in Aviatrix Controller before R6.0.2483. Sever ...)
+	TODO: check
+CVE-2020-26552 (An issue was discovered in Aviatrix Controller before R6.0.2483. Multi ...)
+	TODO: check
+CVE-2020-26551 (An issue was discovered in Aviatrix Controller before R5.3.1151. Encry ...)
+	TODO: check
+CVE-2020-26550 (An issue was discovered in Aviatrix Controller before R5.3.1151. An en ...)
+	TODO: check
+CVE-2020-26549 (An issue was discovered in Aviatrix Controller before R5.4.1290. The h ...)
+	TODO: check
+CVE-2020-26548 (An issue was discovered in Aviatrix Controller before R5.4.1290. There ...)
+	TODO: check
 CVE-2020-26547
 	RESERVED
 CVE-2020-26546 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in HelpDeskZ 1 ...)
@@ -9012,8 +9018,8 @@ CVE-2020-26217 (XStream before version 1.4.14 is vulnerable to Remote Code Execu
 	NOTE: https://x-stream.github.io/CVE-2020-26217.html
 	NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
 	NOTE: https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a
-CVE-2020-26216
-	RESERVED
+CVE-2020-26216 (TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11  ...)
+	TODO: check
 CVE-2020-26215
 	RESERVED
 CVE-2020-26214 (In Alerta before version 8.1.0, users may be able to bypass LDAP authe ...)
@@ -9541,8 +9547,8 @@ CVE-2020-25990 (WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_
 	NOT-FOR-US: WebsiteBaker
 CVE-2020-25989
 	RESERVED
-CVE-2020-25988
-	RESERVED
+CVE-2020-25988 (UPNP/Freeciv Service on port 5555 in Genexis Platinum 4410 Router V2.1 ...)
+	TODO: check
 CVE-2020-25987 (MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in ...)
 	NOT-FOR-US: MonoCMS Blog
 CVE-2020-25986 (A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0  ...)
@@ -9737,8 +9743,8 @@ CVE-2020-25892
 	RESERVED
 CVE-2020-25891
 	RESERVED
-CVE-2020-25890
-	RESERVED
+CVE-2020-25890 (The web application of Kyocera printer (ECOSYS M2640IDW) is affected b ...)
+	TODO: check
 CVE-2020-25889
 	RESERVED
 CVE-2020-25888



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62bad4a32c1e060a61bcb3c1cf889f870c2f95df

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62bad4a32c1e060a61bcb3c1cf889f870c2f95df
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201118/6e721eab/attachment.html>