[Git][security-tracker-team/security-tracker][master] automatic update

Mon Oct 19 21:10:28 BST 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b6d5d70e by security tracker role at 2020-10-19T20:10:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,261 @@
+CVE-2020-27335
+	RESERVED
+CVE-2020-27334
+	RESERVED
+CVE-2020-27333
+	RESERVED
+CVE-2020-27332
+	RESERVED
+CVE-2020-27331
+	RESERVED
+CVE-2020-27330
+	RESERVED
+CVE-2020-27329
+	RESERVED
+CVE-2020-27328
+	RESERVED
+CVE-2020-27327
+	RESERVED
+CVE-2020-27326
+	RESERVED
+CVE-2020-27325
+	RESERVED
+CVE-2020-27324
+	RESERVED
+CVE-2020-27323
+	RESERVED
+CVE-2020-27322
+	RESERVED
+CVE-2020-27321
+	RESERVED
+CVE-2020-27320
+	RESERVED
+CVE-2020-27319
+	RESERVED
+CVE-2020-27318
+	RESERVED
+CVE-2020-27317
+	RESERVED
+CVE-2020-27316
+	RESERVED
+CVE-2020-27315
+	RESERVED
+CVE-2020-27314
+	RESERVED
+CVE-2020-27313
+	RESERVED
+CVE-2020-27312
+	RESERVED
+CVE-2020-27311
+	RESERVED
+CVE-2020-27310
+	RESERVED
+CVE-2020-27309
+	RESERVED
+CVE-2020-27308
+	RESERVED
+CVE-2020-27307
+	RESERVED
+CVE-2020-27306
+	RESERVED
+CVE-2020-27305
+	RESERVED
+CVE-2020-27304
+	RESERVED
+CVE-2020-27303
+	RESERVED
+CVE-2020-27302
+	RESERVED
+CVE-2020-27301
+	RESERVED
+CVE-2020-27300
+	RESERVED
+CVE-2020-27299
+	RESERVED
+CVE-2020-27298
+	RESERVED
+CVE-2020-27297
+	RESERVED
+CVE-2020-27296
+	RESERVED
+CVE-2020-27295
+	RESERVED
+CVE-2020-27294
+	RESERVED
+CVE-2020-27293
+	RESERVED
+CVE-2020-27292
+	RESERVED
+CVE-2020-27291
+	RESERVED
+CVE-2020-27290
+	RESERVED
+CVE-2020-27289
+	RESERVED
+CVE-2020-27288
+	RESERVED
+CVE-2020-27287
+	RESERVED
+CVE-2020-27286
+	RESERVED
+CVE-2020-27285
+	RESERVED
+CVE-2020-27284
+	RESERVED
+CVE-2020-27283
+	RESERVED
+CVE-2020-27282
+	RESERVED
+CVE-2020-27281
+	RESERVED
+CVE-2020-27280
+	RESERVED
+CVE-2020-27279
+	RESERVED
+CVE-2020-27278
+	RESERVED
+CVE-2020-27277
+	RESERVED
+CVE-2020-27276
+	RESERVED
+CVE-2020-27275
+	RESERVED
+CVE-2020-27274
+	RESERVED
+CVE-2020-27273
+	RESERVED
+CVE-2020-27272
+	RESERVED
+CVE-2020-27271
+	RESERVED
+CVE-2020-27270
+	RESERVED
+CVE-2020-27269
+	RESERVED
+CVE-2020-27268
+	RESERVED
+CVE-2020-27267
+	RESERVED
+CVE-2020-27266
+	RESERVED
+CVE-2020-27265
+	RESERVED
+CVE-2020-27264
+	RESERVED
+CVE-2020-27263
+	RESERVED
+CVE-2020-27262
+	RESERVED
+CVE-2020-27261
+	RESERVED
+CVE-2020-27260
+	RESERVED
+CVE-2020-27259
+	RESERVED
+CVE-2020-27258
+	RESERVED
+CVE-2020-27257
+	RESERVED
+CVE-2020-27256
+	RESERVED
+CVE-2020-27255
+	RESERVED
+CVE-2020-27254
+	RESERVED
+CVE-2020-27253
+	RESERVED
+CVE-2020-27252
+	RESERVED
+CVE-2020-27251
+	RESERVED
+CVE-2020-27250
+	RESERVED
+CVE-2020-27249
+	RESERVED
+CVE-2020-27248
+	RESERVED
+CVE-2020-27247
+	RESERVED
+CVE-2020-27246
+	RESERVED
+CVE-2020-27245
+	RESERVED
+CVE-2020-27244
+	RESERVED
+CVE-2020-27243
+	RESERVED
+CVE-2020-27242
+	RESERVED
+CVE-2020-27241
+	RESERVED
+CVE-2020-27240
+	RESERVED
+CVE-2020-27239
+	RESERVED
+CVE-2020-27238
+	RESERVED
+CVE-2020-27237
+	RESERVED
+CVE-2020-27236
+	RESERVED
+CVE-2020-27235
+	RESERVED
+CVE-2020-27234
+	RESERVED
+CVE-2020-27233
+	RESERVED
+CVE-2020-27232
+	RESERVED
+CVE-2020-27231
+	RESERVED
+CVE-2020-27230
+	RESERVED
+CVE-2020-27229
+	RESERVED
+CVE-2020-27228
+	RESERVED
+CVE-2020-27227
+	RESERVED
+CVE-2020-27226
+	RESERVED
+CVE-2020-27225
+	RESERVED
+CVE-2020-27224
+	RESERVED
+CVE-2020-27223
+	RESERVED
+CVE-2020-27222
+	RESERVED
+CVE-2020-27221
+	RESERVED
+CVE-2020-27220
+	RESERVED
+CVE-2020-27219
+	RESERVED
+CVE-2020-27218
+	RESERVED
+CVE-2020-27217
+	RESERVED
+CVE-2020-27216
+	RESERVED
+CVE-2020-27215
+	RESERVED
+CVE-2020-27214
+	RESERVED
+CVE-2020-27213
+	RESERVED
+CVE-2020-27212
+	RESERVED
+CVE-2020-27211
+	RESERVED
+CVE-2020-27210
+	RESERVED
+CVE-2020-27209
+	RESERVED
+CVE-2020-27208
+	RESERVED
+CVE-2020-27207
+	RESERVED
 CVE-2020-27206
 	RESERVED
 CVE-2020-27205
@@ -640,8 +898,8 @@ CVE-2020-26893 (An issue was discovered in ClamXAV 3 before 3.1.1. A malicious a
 	NOT-FOR-US: ClamXAV
 CVE-2020-26892
 	RESERVED
-CVE-2020-26891
-	RESERVED
+CVE-2020-26891 (AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS d ...)
+	TODO: check
 CVE-2020-26890
 	RESERVED
 CVE-2020-26889
@@ -3335,11 +3593,13 @@ CVE-2020-25647
 CVE-2020-25646
 	RESERVED
 CVE-2020-25645 (A flaw was found in the Linux kernel in versions before 5.9-rc7. Traff ...)
+	{DSA-4774-1}
 	- linux 5.8.14-1
 	NOTE: https://git.kernel.org/linus/34beb21594519ce64a55a498c2fe7d567bc1ca20
 CVE-2020-25644 (A memory leak flaw was found in WildFly OpenSSL in versions prior to 1 ...)
 	- wildfly <itp> (bug #752018)
 CVE-2020-25643 (A flaw was found in the HDLC_PPP module of the Linux kernel in version ...)
+	{DSA-4774-1}
 	- linux 5.8.14-1
 	NOTE: https://git.kernel.org/linus/66d42ed8b25b64eb63111a2b8582c5afc8bf1105
 CVE-2020-25642
@@ -4332,6 +4592,7 @@ CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel bef
 	[buster] - linux 4.19.146-1
 	NOTE: https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21
 CVE-2020-25211 (In the Linux kernel through 5.8.7, local attackers able to inject conn ...)
+	{DSA-4774-1}
 	- linux 5.8.14-1
 	NOTE: https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
 CVE-2020-25210
@@ -4734,6 +4995,7 @@ CVE-2020-25034
 CVE-2020-25033 (The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for ...)
 	NOT-FOR-US: Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin for WordPress
 CVE-2020-25032 (An issue was discovered in Flask-CORS (aka CORS Middleware for Flask)  ...)
+	{DSA-4775-1}
 	- python-flask-cors <unfixed> (bug #969362)
 	NOTE: https://github.com/corydolphin/flask-cors/commit/67c4b2cc98ae87cf1fa7df4f97fd81b40c79b895
 CVE-2020-25031 (checkinstall 1.6.2, when used to create a package that contains a syml ...)
@@ -4851,7 +5113,7 @@ CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_t
 	[stretch] - nasm <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712
 	NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7
-CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global buffer over-re ...)
+CVE-2020-24977 (GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerabil ...)
 	{DLA-2369-1}
 	- libxml2 <unfixed> (bug #969529)
 	[buster] - libxml2 <no-dsa> (Minor issue)
@@ -5554,20 +5816,20 @@ CVE-2020-24654 (In KDE Ark before 20.08.1, a crafted TAR archive with symlinks c
 	NOTE: https://kde.org/info/security/advisory-20200827-1.txt
 CVE-2020-24653 (secure-store in Expo through 2.16.1 on iOS provides the insecure kSecA ...)
 	NOT-FOR-US: secure-store in Expo on iOS
-CVE-2020-24652
-	RESERVED
-CVE-2020-24651
-	RESERVED
-CVE-2020-24650
-	RESERVED
-CVE-2020-24649
-	RESERVED
-CVE-2020-24648
-	RESERVED
-CVE-2020-24647
-	RESERVED
-CVE-2020-24646
-	RESERVED
+CVE-2020-24652 (A addvsiinterfaceinfo expression language injection remote code execut ...)
+	TODO: check
+CVE-2020-24651 (A syslogtempletselectwin expression language injection remote code exe ...)
+	TODO: check
+CVE-2020-24650 (A legend expression language injection remote code execution vulnerabi ...)
+	TODO: check
+CVE-2020-24649 (A remote bytemessageresource transformentity" input validation code ex ...)
+	TODO: check
+CVE-2020-24648 (A accessmgrservlet classname deserialization of untrusted data remote  ...)
+	TODO: check
+CVE-2020-24647 (A remote accessmgrservlet classname input validation code execution vu ...)
+	TODO: check
+CVE-2020-24646 (A tftpserver stack-based buffer overflow remote code execution vulnera ...)
+	TODO: check
 CVE-2020-24645
 	RESERVED
 CVE-2020-24644
@@ -5598,10 +5860,10 @@ CVE-2020-24632
 	RESERVED
 CVE-2020-24631
 	RESERVED
-CVE-2020-24630
-	RESERVED
-CVE-2020-24629
-	RESERVED
+CVE-2020-24630 (A remote operatoronlinelist_content privilege escalation vulnerability ...)
+	TODO: check
+CVE-2020-24629 (A remote urlaccesscontroller authentication bypass vulnerability was d ...)
+	TODO: check
 CVE-2020-24628 (A remote code injection vulnerability was discovered in HPE KVM IP Con ...)
 	NOT-FOR-US: HPE
 CVE-2020-24627 (A remote stored xss vulnerability was discovered in HPE KVM IP Console ...)
@@ -6153,8 +6415,8 @@ CVE-2020-24377 (A DNS rebinding vulnerability in the Freebox OS web interface in
 	NOT-FOR-US: Freebox
 CVE-2020-24376 (A DNS rebinding vulnerability in the UPnP IGD implementations in Freeb ...)
 	NOT-FOR-US: Freebox
-CVE-2020-24375
-	RESERVED
+CVE-2020-24375 (A DNS rebinding vulnerability in the UPnP MediaServer implementation i ...)
+	TODO: check
 CVE-2020-24374 (A DNS rebinding vulnerability in Freebox HD before 1.5.29. ...)
 	NOT-FOR-US: Freebox
 CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in Freebox ...)
@@ -6411,10 +6673,10 @@ CVE-2020-24268
 	RESERVED
 CVE-2020-24267
 	RESERVED
-CVE-2020-24266
-	RESERVED
-CVE-2020-24265
-	RESERVED
+CVE-2020-24266 (An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap b ...)
+	TODO: check
+CVE-2020-24265 (An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap b ...)
+	TODO: check
 CVE-2020-24264
 	RESERVED
 CVE-2020-24263
@@ -22559,7 +22821,7 @@ CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0
 	NOT-FOR-US: Kee Vault KeePassRPC
 CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...)
 	NOT-FOR-US: Kee Vault KeePassRPC
-CVE-2020-16270 (OLIMPOKS before 5.1.0 allows Auth/Admin ErrorMessage XSS. ...)
+CVE-2020-16270 (OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attac ...)
 	NOT-FOR-US: OLIMPOKS
 CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...)
 	- radare2 <unfixed>
@@ -22788,14 +23050,14 @@ CVE-2020-16163 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validato
 	NOT-FOR-US: RIPE NCC RPKI Validator
 CVE-2020-16162 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x  ...)
 	NOT-FOR-US: RIPE NCC RPKI Validator
-CVE-2020-16161
-	RESERVED
-CVE-2020-16160
-	RESERVED
-CVE-2020-16159
-	RESERVED
-CVE-2020-16158
-	RESERVED
+CVE-2020-16161 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Sca ...)
+	TODO: check
+CVE-2020-16160 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Dec ...)
+	TODO: check
+CVE-2020-16159 (GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GP ...)
+	TODO: check
+CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerab ...)
+	TODO: check
 CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...)
 	NOT-FOR-US: Nagios Log Server
 CVE-2020-16156
@@ -23426,10 +23688,10 @@ CVE-2020-15912 (** DISPUTED ** Tesla Model 3 vehicles allow attackers to open a
 	NOT-FOR-US: Tesla
 CVE-2020-15911
 	RESERVED
-CVE-2020-15910
-	RESERVED
-CVE-2020-15909
-	RESERVED
+CVE-2020-15910 (SolarWinds N-Central version 12.3 GA and lower does not set the JSESSI ...)
+	TODO: check
+CVE-2020-15909 (SolarWinds N-central through 2020.1 allows session hijacking and requi ...)
+	TODO: check
 CVE-2020-15908 (tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6. ...)
 	NOT-FOR-US: Cauldron cbang
 CVE-2020-15907 (In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before ...)
@@ -23636,8 +23898,8 @@ CVE-2020-15824 (In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is n
 	- kotlin <itp> (bug #892842)
 CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Wor ...)
 	NOT-FOR-US: JetBrains YouTrack
-CVE-2020-15822
-	RESERVED
+CVE-2020-15822 (In JetBrains YouTrack before 2020.2.10514, SSRF is possible because UR ...)
+	TODO: check
 CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without permission is ...)
 	NOT-FOR-US: JetBrains YouTrack
 CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser could di ...)
@@ -29257,8 +29519,8 @@ CVE-2020-13780
 	RESERVED
 CVE-2020-13779
 	RESERVED
-CVE-2020-13778
-	RESERVED
+CVE-2020-13778 (rConfig 3.9.4 and earlier allows authenticated code execution (of syst ...)
+	TODO: check
 CVE-2020-13777 (GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting  ...)
 	{DSA-4697-1}
 	- gnutls28 3.6.14-1 (bug #962289)
@@ -32891,12 +33153,14 @@ CVE-2020-12353
 	RESERVED
 CVE-2020-12352
 	RESERVED
+	{DSA-4774-1}
 	- linux 5.9.1-1
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
 	NOTE: https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq
 	NOTE: Fixed by: https://git.kernel.org/linus/eddb7732119d53400f48a02536a84c509692faa8
 CVE-2020-12351
 	RESERVED
+	{DSA-4774-1}
 	- linux 5.9.1-1
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
 	NOTE: https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
@@ -36285,8 +36549,8 @@ CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerabilit
 	NOT-FOR-US: Slack Nebula
 CVE-2020-11497 (An issue was discovered in the NAB Transact extension 2.1.0 for the Wo ...)
 	NOT-FOR-US: NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress
-CVE-2020-11496
-	RESERVED
+CVE-2020-11496 (Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers ...)
+	TODO: check
 CVE-2020-11495
 	REJECTED
 CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the  ...)
@@ -43003,8 +43267,8 @@ CVE-2020-8931
 	RESERVED
 CVE-2020-8930
 	RESERVED
-CVE-2020-8929
-	RESERVED
+CVE-2020-8929 (A mis-handling of invalid unicode characters in the Java implementatio ...)
+	TODO: check
 CVE-2020-8928
 	RESERVED
 CVE-2020-8927 (A buffer overflow exists in the Brotli library versions prior to 1.0.8 ...)
@@ -46024,8 +46288,8 @@ CVE-2020-7747
 	RESERVED
 CVE-2020-7746
 	RESERVED
-CVE-2020-7745
-	RESERVED
+CVE-2020-7745 (This affects the package MintegralAdSDK before 6.6.0.0. The SDK distri ...)
+	TODO: check
 CVE-2020-7744 (This affects all versions of package com.mintegral.msdk:alphab. The An ...)
 	NOT-FOR-US: com.mintegral.msdk:alphab
 CVE-2020-7743 (The package mathjs before 7.5.1 are vulnerable to Prototype Pollution  ...)
@@ -47264,116 +47528,116 @@ CVE-2020-7197
 	RESERVED
 CVE-2020-7196
 	RESERVED
-CVE-2020-7195
-	RESERVED
-CVE-2020-7194
-	RESERVED
-CVE-2020-7193
-	RESERVED
-CVE-2020-7192
-	RESERVED
-CVE-2020-7191
-	RESERVED
-CVE-2020-7190
-	RESERVED
-CVE-2020-7189
-	RESERVED
-CVE-2020-7188
-	RESERVED
-CVE-2020-7187
-	RESERVED
-CVE-2020-7186
-	RESERVED
-CVE-2020-7185
-	RESERVED
-CVE-2020-7184
-	RESERVED
-CVE-2020-7183
-	RESERVED
-CVE-2020-7182
-	RESERVED
-CVE-2020-7181
-	RESERVED
-CVE-2020-7180
-	RESERVED
-CVE-2020-7179
-	RESERVED
-CVE-2020-7178
-	RESERVED
-CVE-2020-7177
-	RESERVED
-CVE-2020-7176
-	RESERVED
-CVE-2020-7175
-	RESERVED
-CVE-2020-7174
-	RESERVED
-CVE-2020-7173
-	RESERVED
-CVE-2020-7172
-	RESERVED
-CVE-2020-7171
-	RESERVED
-CVE-2020-7170
-	RESERVED
-CVE-2020-7169
-	RESERVED
-CVE-2020-7168
-	RESERVED
-CVE-2020-7167
-	RESERVED
-CVE-2020-7166
-	RESERVED
-CVE-2020-7165
-	RESERVED
-CVE-2020-7164
-	RESERVED
-CVE-2020-7163
-	RESERVED
-CVE-2020-7162
-	RESERVED
-CVE-2020-7161
-	RESERVED
-CVE-2020-7160
-	RESERVED
-CVE-2020-7159
-	RESERVED
-CVE-2020-7158
-	RESERVED
-CVE-2020-7157
-	RESERVED
-CVE-2020-7156
-	RESERVED
-CVE-2020-7155
-	RESERVED
-CVE-2020-7154
-	RESERVED
-CVE-2020-7153
-	RESERVED
-CVE-2020-7152
-	RESERVED
-CVE-2020-7151
-	RESERVED
-CVE-2020-7150
-	RESERVED
-CVE-2020-7149
-	RESERVED
-CVE-2020-7148
-	RESERVED
-CVE-2020-7147
-	RESERVED
-CVE-2020-7146
-	RESERVED
-CVE-2020-7145
-	RESERVED
-CVE-2020-7144
-	RESERVED
-CVE-2020-7143
-	RESERVED
-CVE-2020-7142
-	RESERVED
-CVE-2020-7141
-	RESERVED
+CVE-2020-7195 (A iccselectrules expression language injection remote code execution v ...)
+	TODO: check
+CVE-2020-7194 (A perfaddormoddevicemonitor expression language injection remote code  ...)
+	TODO: check
+CVE-2020-7193 (A ictexpertcsvdownload expression language injection remote code execu ...)
+	TODO: check
+CVE-2020-7192 (A devicethresholdconfig expression language injection remote code exec ...)
+	TODO: check
+CVE-2020-7191 (A devsoftsel expression language injection remote code execution vulne ...)
+	TODO: check
+CVE-2020-7190 (A deviceselect expression language injection remote code execution vul ...)
+	TODO: check
+CVE-2020-7189 (A faultflasheventselectfact expression language injectionremote code e ...)
+	TODO: check
+CVE-2020-7188 (A userselectpagingcontent expression language injection remote code ex ...)
+	TODO: check
+CVE-2020-7187 (A reportpage index expression language injection remote code execution ...)
+	TODO: check
+CVE-2020-7186 (A powershellconfigcontent expression language injection remote code ex ...)
+	TODO: check
+CVE-2020-7185 (A tvxlanlegend expression language injection remote code execution vul ...)
+	TODO: check
+CVE-2020-7184 (A viewbatchtaskresultdetailfact expression language injection remote c ...)
+	TODO: check
+CVE-2020-7183 (A forwardredirect expression language injection remote code execution  ...)
+	TODO: check
+CVE-2020-7182 (A sshconfig expression language injection remote code execution vulner ...)
+	TODO: check
+CVE-2020-7181 (A smsrulesdownload expression language injection remote code execution ...)
+	TODO: check
+CVE-2020-7180 (A ictexpertdownload expression language injection remote code executio ...)
+	TODO: check
+CVE-2020-7179 (A thirdpartyperfselecttask expression language injection remote code e ...)
+	TODO: check
+CVE-2020-7178 (A mediaforaction expression language injection remote code execution v ...)
+	TODO: check
+CVE-2020-7177 (A wmiconfigcontent expression language injection remote code execution ...)
+	TODO: check
+CVE-2020-7176 (A viewtaskresultdetailfact expression language injection remote code e ...)
+	TODO: check
+CVE-2020-7175 (A iccselectdymicparam expression language injection remote code execut ...)
+	TODO: check
+CVE-2020-7174 (A soapconfigcontent expression language injection remote code executio ...)
+	TODO: check
+CVE-2020-7173 (A actionselectcontent expression language injection remote code execut ...)
+	TODO: check
+CVE-2020-7172 (A templateselect expression language injection remote code execution v ...)
+	TODO: check
+CVE-2020-7171 (A guidatadetail expression language injection remote code execution vu ...)
+	TODO: check
+CVE-2020-7170 (A select expression language injection remote code execution vulnerabi ...)
+	TODO: check
+CVE-2020-7169 (A ictexpertcsvdownload expression language injection remote code execu ...)
+	TODO: check
+CVE-2020-7168 (A selectusergroup expression language injection remote code execution  ...)
+	TODO: check
+CVE-2020-7167 (A quicktemplateselect expression language injection remote code execut ...)
+	TODO: check
+CVE-2020-7166 (A operatorgrouptreeselectcontent expression language injection remote  ...)
+	TODO: check
+CVE-2020-7165 (A iccselectcommand expression language injection remote code execution ...)
+	TODO: check
+CVE-2020-7164 (A operationselect expression language injection remote code execution  ...)
+	TODO: check
+CVE-2020-7163 (A navigationto expression language injection remote code execution vul ...)
+	TODO: check
+CVE-2020-7162 (A operatorgroupselectcontent expression language injection remote code ...)
+	TODO: check
+CVE-2020-7161 (A reporttaskselect expression language injection remote code execution ...)
+	TODO: check
+CVE-2020-7160 (A iccselectdeviceseries expression language injection remote code exec ...)
+	TODO: check
+CVE-2020-7159 (A customtemplateselect expression language injection remote code execu ...)
+	TODO: check
+CVE-2020-7158 (A perfselecttask expression language injection remote code execution v ...)
+	TODO: check
+CVE-2020-7157 (A selviewnavcontent expression language injection remote code executio ...)
+	TODO: check
+CVE-2020-7156 (A faultinfo_content expression language injection remote code executio ...)
+	TODO: check
+CVE-2020-7155 (A select expression language injection remote code execution vulnerabi ...)
+	TODO: check
+CVE-2020-7154 (A ifviewselectpage expression language injection remote code execution ...)
+	TODO: check
+CVE-2020-7153 (A iccselectdevtype expression language injection remote code execution ...)
+	TODO: check
+CVE-2020-7152 (A faultparasset expression language injection remote code execution vu ...)
+	TODO: check
+CVE-2020-7151 (A faulttrapgroupselect expression language injection remote code execu ...)
+	TODO: check
+CVE-2020-7150 (A faultstatchoosefaulttype expression language injection remote code e ...)
+	TODO: check
+CVE-2020-7149 (A ictexpertcsvdownload expression language injection remote code execu ...)
+	TODO: check
+CVE-2020-7148 (A deployselectsoftware expression language injection remote code execu ...)
+	TODO: check
+CVE-2020-7147 (A deployselectbootrom expression language injection remote code execut ...)
+	TODO: check
+CVE-2020-7146 (A devgroupselect expression language injection remote code execution v ...)
+	TODO: check
+CVE-2020-7145 (A chooseperfview expression language injection remote code execution v ...)
+	TODO: check
+CVE-2020-7144 (A comparefilesresult expression language injection remote code executi ...)
+	TODO: check
+CVE-2020-7143 (A faultdevparasset expression language injection remote code execution ...)
+	TODO: check
+CVE-2020-7142 (A eventinfo_content expression language injection remote code executio ...)
+	TODO: check
+CVE-2020-7141 (A adddevicetoview expression language injection remote code execution  ...)
+	TODO: check
 CVE-2020-7140 (A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gatew ...)
 	NOT-FOR-US: HPE
 CVE-2020-7139 (Potential remote access security vulnerabilities have been identified  ...)
@@ -57564,7 +57828,7 @@ CVE-2020-3429 (A vulnerability in the WPA2 and WPA3 security implementation of C
 	NOT-FOR-US: Cisco
 CVE-2020-3428 (A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wi ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3427 (A privilege escalation vulnerability exists in the Duo Authentication  ...)
+CVE-2020-3427 (The Windows Logon installer prior to 4.1.2 did not properly validate f ...)
 	NOT-FOR-US: Duo
 CVE-2020-3426 (A vulnerability in the implementation of the Low Power, Wide Area (LPW ...)
 	NOT-FOR-US: Cisco
@@ -95384,7 +95648,7 @@ CVE-2019-1010024 (GNU Libc current is affected by: Mitigation bypass. The impact
 	- glibc <unfixed> (unimportant)
 	NOTE: Not treated as a security issue by upstream
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22852
-CVE-2019-1010023 (GNU Libc current is affected by: Re-mapping current loaded libray with ...)
+CVE-2019-1010023 (GNU Libc current is affected by: Re-mapping current loaded library wit ...)
 	- glibc <unfixed> (unimportant)
 	NOTE: Not treated as a security issue by upstream
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22851



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6d5d70e4f5ac304847cf7b4e1e2e5a69376d0f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6d5d70e4f5ac304847cf7b4e1e2e5a69376d0f1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201019/a5153a2d/attachment-0001.html>
