[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 1 09:10:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e09046c1 by security tracker role at 2020-10-01T08:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2020-26204
+ RESERVED
+CVE-2020-26203
+ RESERVED
+CVE-2020-26202
+ RESERVED
+CVE-2020-26201
+ RESERVED
+CVE-2020-26200
+ RESERVED
+CVE-2020-26199
+ RESERVED
+CVE-2020-26198
+ RESERVED
+CVE-2020-26197
+ RESERVED
+CVE-2020-26196
+ RESERVED
+CVE-2020-26195
+ RESERVED
+CVE-2020-26194
+ RESERVED
+CVE-2020-26193
+ RESERVED
+CVE-2020-26192
+ RESERVED
+CVE-2020-26191
+ RESERVED
+CVE-2020-26190
+ RESERVED
+CVE-2020-26189
+ RESERVED
+CVE-2020-26188
+ RESERVED
+CVE-2020-26187
+ RESERVED
+CVE-2020-26186
+ RESERVED
+CVE-2020-26185
+ RESERVED
+CVE-2020-26184
+ RESERVED
+CVE-2020-26183
+ RESERVED
+CVE-2020-26182
+ RESERVED
+CVE-2020-26181
+ RESERVED
+CVE-2020-26180
+ RESERVED
+CVE-2020-26179
+ RESERVED
+CVE-2020-26178
+ RESERVED
+CVE-2020-26177
+ RESERVED
+CVE-2020-26176
+ RESERVED
+CVE-2020-26175
+ RESERVED
+CVE-2020-26174
+ RESERVED
+CVE-2020-26173
+ RESERVED
+CVE-2020-26172
+ RESERVED
+CVE-2020-26171
+ RESERVED
+CVE-2020-26170
+ RESERVED
+CVE-2020-26169
+ RESERVED
+CVE-2020-26168
+ RESERVED
CVE-2020-26167
RESERVED
CVE-2020-26166
@@ -738,8 +812,8 @@ CVE-2020-25832
RESERVED
CVE-2020-25831
RESERVED
-CVE-2020-25830
- RESERVED
+CVE-2020-25830 (An issue was discovered in MantisBT before 2.24.3. Improper escaping o ...)
+ TODO: check
CVE-2020-25829
RESERVED
CVE-2020-25828 (An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through ...)
@@ -772,8 +846,8 @@ CVE-2020-25818
RESERVED
CVE-2020-25817
RESERVED
-CVE-2020-25816
- RESERVED
+CVE-2020-25816 (HashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect A ...)
+ TODO: check
CVE-2020-25815 (An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34 ...)
- mediawiki 1:1.35.0-1
[buster] - mediawiki <not-affected> (Vulnerable code introduced in 1.32)
@@ -850,8 +924,8 @@ CVE-2020-25783
RESERVED
CVE-2020-25782
RESERVED
-CVE-2020-25781
- RESERVED
+CVE-2020-25781 (An issue was discovered in file_download.php in MantisBT before 2.24.3 ...)
+ TODO: check
CVE-2020-25796 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
- rust-sized-chunks <unfixed> (bug #970586)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
@@ -1004,7 +1078,8 @@ CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a broken
NOT-FOR-US: Reset Password add-on for Alfresco
CVE-2020-25727 (The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS- ...)
NOT-FOR-US: Reset Password add-on for Alfresco
-CVE-2020-25726 (A Directory Traversal issue was discovered on Hak5 WiFi Pineapple Mark ...)
+CVE-2020-25726
+ REJECTED
NOT-FOR-US: Hak5 WiFi Pineapple Mark VII devices
CVE-2020-25725
RESERVED
@@ -1226,8 +1301,7 @@ CVE-2020-25628
RESERVED
CVE-2020-25627
RESERVED
-CVE-2020-25626 [XSS Vulnerability in API viewer]
- RESERVED
+CVE-2020-25626 (A flaw was found in Django REST Framework versions before 3.12.0 and b ...)
- djangorestframework <unfixed>
NOTE: https://github.com/encode/django-rest-framework/commit/4121b01b912668c049b26194a9a107c27a332429
NOTE: Fixed upstream in 3.12.0 and 3.11.2
@@ -1943,8 +2017,8 @@ CVE-2020-25290
RESERVED
CVE-2020-25289 (The VPN service in AVAST SecureLine before 5.6.4982.470 allows local u ...)
NOT-FOR-US: VPN service in AVAST SecureLine
-CVE-2020-25288
- RESERVED
+CVE-2020-25288 (An issue was discovered in MantisBT before 2.24.3. When editing an Iss ...)
+ TODO: check
CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute arbitrary com ...)
NOT-FOR-US: Pligg CMS
CVE-2020-25285 (A race condition between hugetlb sysctl handlers in mm/hugetlb.c in th ...)
@@ -20453,8 +20527,8 @@ CVE-2020-16236
RESERVED
CVE-2020-16235
RESERVED
-CVE-2020-16234
- RESERVED
+CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer overf ...)
+ TODO: check
CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...)
NOT-FOR-US: CodeMeter
CVE-2020-16232
@@ -22088,10 +22162,10 @@ CVE-2019-20905
RESERVED
CVE-2019-20904
RESERVED
-CVE-2019-20903
- RESERVED
-CVE-2019-20902
- RESERVED
+CVE-2019-20903 (The hyperlinks functionality in atlaskit/editor-core in before version ...)
+ TODO: check
+CVE-2019-20902 (Upgrading Crowd via XML Data Transfer can reactivate a disabled user f ...)
+ TODO: check
CVE-2019-20901 (The login.jsp resource in Jira before version 8.5.2, and from version ...)
NOT-FOR-US: Atlassian
CVE-2019-20900 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -25245,8 +25319,7 @@ CVE-2020-14375 (A flaw was found in dpdk in versions before 18.11.10 and before
- dpdk 19.11.5-1 (bug #971269)
[buster] - dpdk <no-dsa> (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
-CVE-2020-14374
- RESERVED
+CVE-2020-14374 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
- dpdk 19.11.5-1 (bug #971269)
[buster] - dpdk <no-dsa> (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
@@ -26448,8 +26521,7 @@ CVE-2020-13954
RESERVED
CVE-2020-13953 (In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an att ...)
NOT-FOR-US: Apache Tapestry
-CVE-2020-13952
- RESERVED
+CVE-2020-13952 (In the course of work on the open source project it was discovered tha ...)
NOT-FOR-US: Apache Superset
CVE-2020-13951 (Attackers can use public NetTest web service of Apache OpenMeetings 4. ...)
NOT-FOR-US: Apache OpenMeetings
@@ -28048,8 +28120,8 @@ CVE-2020-13338
RESERVED
CVE-2020-13337
RESERVED
-CVE-2020-13336
- RESERVED
+CVE-2020-13336 (An issue has been discovered in GitLab affecting versions from 11.8 be ...)
+ TODO: check
CVE-2020-13335
RESERVED
CVE-2020-13334
@@ -29130,10 +29202,10 @@ CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolet
NOTE: for discussion.
CVE-2020-12871
RESERVED
-CVE-2020-12870
- RESERVED
-CVE-2020-12869
- RESERVED
+CVE-2020-12870 (RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username ...)
+ TODO: check
+CVE-2020-12869 (RainbowFish PacsOne Server 6.8.4 allows XSS. ...)
+ TODO: check
CVE-2020-12868
RESERVED
CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...)
@@ -29600,8 +29672,8 @@ CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remot
NOT-FOR-US: COVIDSafe (Australia) app
CVE-2020-12716
RESERVED
-CVE-2020-12715
- RESERVED
+CVE-2020-12715 (RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. ...)
+ TODO: check
CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual Applia ...)
NOT-FOR-US: CipherMail
CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...)
@@ -46296,8 +46368,8 @@ CVE-2020-6656
RESERVED
CVE-2020-6655
RESERVED
-CVE-2020-6654
- RESERVED
+CVE-2020-6654 (A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configu ...)
+ TODO: check
CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 & prior stores the user l ...)
NOT-FOR-US: Eaton
CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e09046c1eb643671d4b0ef52785efce4755e5c9c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e09046c1eb643671d4b0ef52785efce4755e5c9c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201001/ddcb9ecf/attachment.html>
More information about the debian-security-tracker-commits
mailing list