[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Tue Oct 13 21:10:28 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a965452 by security tracker role at 2020-10-13T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2857,8 +2857,8 @@ CVE-2020-25791 (An issue was discovered in the sized-chunks crate through 0.6.2
 	NOTE: https://github.com/bodil/sized-chunks/issues/11
 CVE-2020-25780
 	RESERVED
-CVE-2020-25779
-	RESERVED
+CVE-2020-25779 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in w ...)
+	TODO: check
 CVE-2020-25778
 	RESERVED
 CVE-2020-25777
@@ -19965,30 +19965,30 @@ CVE-2020-17419
 	RESERVED
 CVE-2020-17418
 	RESERVED
-CVE-2020-17417
-	RESERVED
-CVE-2020-17416
-	RESERVED
-CVE-2020-17415
-	RESERVED
-CVE-2020-17414
-	RESERVED
-CVE-2020-17413
-	RESERVED
-CVE-2020-17412
-	RESERVED
-CVE-2020-17411
-	RESERVED
-CVE-2020-17410
-	RESERVED
-CVE-2020-17409
-	RESERVED
+CVE-2020-17417 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17416 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17415 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2020-17414 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2020-17413 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17412 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17411 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+	TODO: check
+CVE-2020-17410 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17409 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+	TODO: check
 CVE-2020-17408 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	NOT-FOR-US: NEC
-CVE-2020-17407
-	RESERVED
-CVE-2020-17406
-	RESERVED
+CVE-2020-17407 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-17406 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2020-17405 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
 	NOT-FOR-US: Senstar Symphony
 CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -22678,8 +22678,8 @@ CVE-2020-16126
 	RESERVED
 CVE-2020-16125
 	RESERVED
-CVE-2020-16124
-	RESERVED
+CVE-2020-16124 (Integer Overflow or Wraparound vulnerability in the XML RPC library of ...)
+	TODO: check
 CVE-2020-16123
 	RESERVED
 CVE-2020-16122
@@ -23537,8 +23537,8 @@ CVE-2020-15799
 	RESERVED
 CVE-2020-15798
 	RESERVED
-CVE-2020-15797
-	RESERVED
+CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
+	TODO: check
 CVE-2020-15796
 	RESERVED
 CVE-2020-15795
@@ -24958,8 +24958,8 @@ CVE-2020-15253
 	RESERVED
 CVE-2020-15252
 	RESERVED
-CVE-2020-15251
-	RESERVED
+CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version ...)
+	TODO: check
 CVE-2020-15250 (In JUnit4 before version 4.13.1, the test rule TemporaryFolder contain ...)
 	TODO: check
 CVE-2020-15249
@@ -28496,8 +28496,8 @@ CVE-2020-13959
 	RESERVED
 CVE-2020-13958
 	RESERVED
-CVE-2020-13957
-	RESERVED
+CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 ...)
+	TODO: check
 CVE-2020-13956 [incorrect handling of malformed authority component in request URIs]
 	RESERVED
 	{DLA-2405-1}
@@ -45800,8 +45800,8 @@ CVE-2020-7745
 	RESERVED
 CVE-2020-7744
 	RESERVED
-CVE-2020-7743
-	RESERVED
+CVE-2020-7743 (The package mathjs before 7.5.1 are vulnerable to Prototype Pollution  ...)
+	TODO: check
 CVE-2020-7742 (This affects the package simpl-schema before 1.10.2. ...)
 	NOT-FOR-US: Node simpl-schema
 CVE-2020-7741 (This affects the package hellojs before 1.18.6. The code get the param ...)
@@ -46160,8 +46160,8 @@ CVE-2020-7592 (A vulnerability has been identified in SIMATIC HMI Basic Panels 1
 	NOT-FOR-US: Siemens
 CVE-2020-7591
 	RESERVED
-CVE-2020-7590
-	RESERVED
+CVE-2020-7590 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
+	TODO: check
 CVE-2020-7589 (A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS variant ...)
 	NOT-FOR-US: Siemens
 CVE-2020-7588 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...)
@@ -113287,8 +113287,7 @@ CVE-2018-20245 (The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth)
 	- airflow <itp> (bug #819700)
 CVE-2018-20244 (In Apache Airflow before 1.10.2, a malicious admin user could edit the ...)
 	- airflow <itp> (bug #819700)
-CVE-2018-20243
-	RESERVED
+CVE-2018-20243 (The implementation of POST with the username and password in the URL p ...)
 	NOT-FOR-US: Apache Fineract
 CVE-2018-20242 (A carefully crafted URL could trigger an XSS vulnerability on Apache J ...)
 	- jspwiki <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a9654529084c7b20191caefeb65175978d9c470

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a9654529084c7b20191caefeb65175978d9c470
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201013/758d017d/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list