[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 24 20:10:36 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8233150f by security tracker role at 2020-11-24T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2020-29049
+ RESERVED
+CVE-2020-29048
+ RESERVED
+CVE-2020-29047
+ RESERVED
+CVE-2020-29046
+ RESERVED
+CVE-2020-29045
+ RESERVED
+CVE-2020-29044
+ RESERVED
+CVE-2020-29043
+ RESERVED
+CVE-2020-29042
+ RESERVED
+CVE-2020-29041
+ RESERVED
+CVE-2020-29040 (An issue was discovered in Xen through 4.14.x allowing x86 HVM guest O ...)
+ TODO: check
+CVE-2020-29039
+ RESERVED
+CVE-2020-29038
+ RESERVED
+CVE-2020-29037
+ RESERVED
+CVE-2020-29036
+ RESERVED
+CVE-2020-29035
+ RESERVED
+CVE-2020-29034
+ RESERVED
+CVE-2020-29033
+ RESERVED
+CVE-2020-29032
+ RESERVED
+CVE-2020-29031
+ RESERVED
+CVE-2020-29030
+ RESERVED
+CVE-2020-29029
+ RESERVED
+CVE-2020-29028
+ RESERVED
+CVE-2020-29027
+ RESERVED
+CVE-2020-29026
+ RESERVED
+CVE-2020-29025
+ RESERVED
+CVE-2020-29024
+ RESERVED
+CVE-2020-29023
+ RESERVED
+CVE-2020-29022
+ RESERVED
+CVE-2020-29021
+ RESERVED
+CVE-2020-29020
+ RESERVED
+CVE-2020-29019
+ RESERVED
+CVE-2020-29018
+ RESERVED
+CVE-2020-29017
+ RESERVED
+CVE-2020-29016
+ RESERVED
+CVE-2020-29015
+ RESERVED
+CVE-2020-29014
+ RESERVED
+CVE-2020-29013
+ RESERVED
+CVE-2020-29012
+ RESERVED
+CVE-2020-29011
+ RESERVED
+CVE-2020-29010
+ RESERVED
+CVE-2020-29009
+ RESERVED
+CVE-2020-29008
+ RESERVED
+CVE-2020-29007
+ RESERVED
+CVE-2020-29006 (MISP before 2.4.135 lacks an ACL check, related to app/Controller/Gala ...)
+ TODO: check
CVE-2020-29005
RESERVED
CVE-2020-29004
@@ -20,8 +108,8 @@ CVE-2020-28996
RESERVED
CVE-2020-28995
RESERVED
-CVE-2020-28994
- RESERVED
+CVE-2020-28994 (A SQL injection vulnerability was discovered in Karenderia Multiple Re ...)
+ TODO: check
CVE-2020-28993
RESERVED
CVE-2020-28992
@@ -174,8 +262,7 @@ CVE-2020-28930
RESERVED
CVE-2020-28929
RESERVED
-CVE-2020-28928 [wcsnrtombs destination buffer overflow]
- RESERVED
+CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...)
- musl <unfixed> (bug #975365)
[buster] - musl <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4
@@ -602,8 +689,8 @@ CVE-2020-28728
RESERVED
CVE-2020-28727
RESERVED
-CVE-2020-28726
- RESERVED
+CVE-2020-28726 (Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter ...)
+ TODO: check
CVE-2020-28725
RESERVED
CVE-2020-28724 (Open redirect vulnerability in werkzeug before 0.11.6 via a double sla ...)
@@ -4084,16 +4171,16 @@ CVE-2021-0301
RESERVED
CVE-2020-28335
RESERVED
-CVE-2020-28334
- RESERVED
-CVE-2020-28333
- RESERVED
-CVE-2020-28332
- RESERVED
-CVE-2020-28331
- RESERVED
-CVE-2020-28330
- RESERVED
+CVE-2020-28334 (Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 ...)
+ TODO: check
+CVE-2020-28333 (Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affect ...)
+ TODO: check
+CVE-2020-28332 (Barco wePresent WiPG-1600W devices download code without an Integrity ...)
+ TODO: check
+CVE-2020-28331 (Barco wePresent WiPG-1600W devices have Improper Access Control. Affec ...)
+ TODO: check
+CVE-2020-28330 (Barco wePresent WiPG-1600W devices have Unprotected Transport of Crede ...)
+ TODO: check
CVE-2020-28329
RESERVED
CVE-2020-28328 (SuiteCRM before 7.11.17 is vulnerable to remote code execution via the ...)
@@ -8540,8 +8627,8 @@ CVE-2019-20927
RESERVED
CVE-2019-20926
RESERVED
-CVE-2019-20925
- RESERVED
+CVE-2019-20925 (An unauthenticated client can trigger denial of service by issuing spe ...)
+ TODO: check
CVE-2019-20924 (A user authorized to perform database queries may trigger denial of se ...)
- mongodb <removed>
NOTE: https://jira.mongodb.org/browse/SERVER-44377
@@ -10655,8 +10742,7 @@ CVE-2020-25656
NOTE: https://www.openwall.com/lists/oss-security/2020/10/16/1
CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could allow se ...)
NOT-FOR-US: Red Hat open-cluster-management
-CVE-2020-25654 [ACL restrictions bypass]
- RESERVED
+CVE-2020-25654 (An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5- ...)
{DSA-4791-1}
- pacemaker 2.0.5~rc2-1 (bug #973254)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1
@@ -10722,8 +10808,7 @@ CVE-2020-25641 (A flaw was found in the Linux kernel's implementation of biovecs
- linux 5.8.10-1
[buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124
-CVE-2020-25640
- RESERVED
+CVE-2020-25640 (A flaw was discovered in WildFly before 21.0.0.Final where, Resource a ...)
- wildfly <itp> (bug #752018)
CVE-2020-25639 [NULL pointer dereference via nouveau ioctl can lead to DoS]
RESERVED
@@ -11125,14 +11210,14 @@ CVE-2020-25477
RESERVED
CVE-2020-25476
RESERVED
-CVE-2020-25475
- RESERVED
-CVE-2020-25474
- RESERVED
-CVE-2020-25473
- RESERVED
-CVE-2020-25472
- RESERVED
+CVE-2020-25475 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injectio ...)
+ TODO: check
+CVE-2020-25474 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site S ...)
+ TODO: check
+CVE-2020-25473 (SimplePHPscripts News Script PHP Pro 2.3 does not properly set the Htt ...)
+ TODO: check
+CVE-2020-25472 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site R ...)
+ TODO: check
CVE-2020-25471
RESERVED
CVE-2020-25470 (AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability i ...)
@@ -12588,8 +12673,8 @@ CVE-2020-24817
RESERVED
CVE-2020-24816
RESERVED
-CVE-2020-24815
- RESERVED
+CVE-2020-24815 (A Server-Side Request Forgery (SSRF) affecting the PDF generation in M ...)
+ TODO: check
CVE-2020-24814
RESERVED
CVE-2020-24813
@@ -36326,8 +36411,7 @@ CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.
- tomcat8 <removed>
NOTE: https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b (9.0.38)
NOTE: https://github.com/apache/tomcat/commit/9d7def063b47407a09a2f9202beed99f4dcb292a (8.5.58)
-CVE-2020-13942
- RESERVED
+CVE-2020-13942 (It is possible to inject malicious OGNL or MVEL scripts into the /cont ...)
NOT-FOR-US: Apache Unomi
CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...)
- lucene-solr <unfixed>
@@ -37280,8 +37364,8 @@ CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service
NOT-FOR-US: JerryScript
CVE-2020-13621
RESERVED
-CVE-2020-13620
- RESERVED
+CVE-2020-13620 (Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF ...)
+ TODO: check
CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attack ...)
NOT-FOR-US: Locutus PHP
CVE-2020-13618
@@ -46099,11 +46183,9 @@ CVE-2020-10765
RESERVED
CVE-2020-10764
RESERVED
-CVE-2020-10763
- RESERVED
+CVE-2020-10763 (An information-disclosure flaw was found in the way Heketi before 10.1 ...)
- heketi <itp> (bug #903384)
-CVE-2020-10762
- RESERVED
+CVE-2020-10762 (An information-disclosure flaw was found in the way that gluster-block ...)
NOT-FOR-US: gluster-block
CVE-2020-10761 (An assertion failure issue was found in the Network Block Device(NBD) ...)
- qemu 1:5.0-6
@@ -54527,8 +54609,8 @@ CVE-2020-7380
RESERVED
CVE-2020-7379
RESERVED
-CVE-2020-7378
- RESERVED
+CVE-2020-7378 (CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an ...)
+ TODO: check
CVE-2020-7377 (The Metasploit Framework module "auxiliary/admin/http/telpho10_credent ...)
NOT-FOR-US: Metasploit Framework module
CVE-2020-7376 (The Metasploit Framework module "post/osx/gather/enum_osx module" is a ...)
@@ -62928,14 +63010,14 @@ CVE-2020-4005 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-20
NOT-FOR-US: VMware
CVE-2020-4004 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...)
NOT-FOR-US: VMware
-CVE-2020-4003
- RESERVED
-CVE-2020-4002
- RESERVED
-CVE-2020-4001
- RESERVED
-CVE-2020-4000
- RESERVED
+CVE-2020-4003 (VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4 ...)
+ TODO: check
+CVE-2020-4002 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, ...)
+ TODO: check
+CVE-2020-4001 (The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords ...)
+ TODO: check
+CVE-2020-4000 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, ...)
+ TODO: check
CVE-2020-3999
RESERVED
CVE-2020-3998 (VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an inf ...)
@@ -62965,10 +63047,10 @@ CVE-2020-3987 (VMware Workstation (15.x) and Horizon Client for Windows (5.x bef
NOT-FOR-US: VMware
CVE-2020-3986 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
NOT-FOR-US: VMware
-CVE-2020-3985
- RESERVED
-CVE-2020-3984
- RESERVED
+CVE-2020-3985 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4 ...)
+ TODO: check
+CVE-2020-3984 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4 ...)
+ TODO: check
CVE-2020-3983
RESERVED
CVE-2020-3982 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8233150f8201e7a18a5bdede4348be141a7ad47f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8233150f8201e7a18a5bdede4348be141a7ad47f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201124/79128e37/attachment.html>
More information about the debian-security-tracker-commits
mailing list