[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 20 21:10:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
66120648 by security tracker role at 2020-10-20T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2020-27355
+ RESERVED
+CVE-2020-27354
+ RESERVED
+CVE-2020-27353
+ RESERVED
+CVE-2020-27352
+ RESERVED
+CVE-2020-27351
+ RESERVED
+CVE-2020-27350
+ RESERVED
+CVE-2020-27349
+ RESERVED
+CVE-2020-27348
+ RESERVED
+CVE-2020-27347
+ RESERVED
+CVE-2020-27346
+ RESERVED
+CVE-2020-27345
+ RESERVED
CVE-2020-27344
RESERVED
CVE-2020-27343
@@ -22903,15 +22925,15 @@ CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allow
NOTE: that the refererred behaviour is intended functionality.
CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
NOT-FOR-US: Philips
-CVE-2020-16246
- RESERVED
+CVE-2020-16246 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...)
+ TODO: check
CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...)
NOT-FOR-US: Advantech
CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...)
NOT-FOR-US: GE Digital APM Classic
CVE-2020-16243
RESERVED
-CVE-2020-16242 (The affected product is vulnerable to cross-site scripting (XSS), whic ...)
+CVE-2020-16242 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...)
NOT-FOR-US: General Electric
CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...)
NOT-FOR-US: Philips SureSigns
@@ -25620,6 +25642,7 @@ CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies o
NOT-FOR-US: Alfresco Reset Password add-on
CVE-2020-15180
RESERVED
+ {DSA-4776-1}
- mariadb-10.5 1:10.5.6-1
- mariadb-10.3 <unfixed>
- mariadb-10.1 <removed>
@@ -46329,12 +46352,12 @@ CVE-2020-7751
RESERVED
CVE-2020-7750
RESERVED
-CVE-2020-7749
- RESERVED
-CVE-2020-7748
- RESERVED
-CVE-2020-7747
- RESERVED
+CVE-2020-7749 (This affects all versions of package osm-static-maps. User input given ...)
+ TODO: check
+CVE-2020-7748 (This affects the package @tsed/core before 5.65.7. This vulnerability ...)
+ TODO: check
+CVE-2020-7747 (This affects all versions of package lightning-server. It is possible ...)
+ TODO: check
CVE-2020-7746
RESERVED
CVE-2020-7745 (This affects the package MintegralAdSDK before 6.6.0.0. The SDK distri ...)
@@ -47166,12 +47189,12 @@ CVE-2020-7373
RESERVED
CVE-2020-7372
RESERVED
-CVE-2020-7371
- RESERVED
-CVE-2020-7370
- RESERVED
-CVE-2020-7369
- RESERVED
+CVE-2020-7371 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ TODO: check
+CVE-2020-7370 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ TODO: check
+CVE-2020-7369 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ TODO: check
CVE-2020-7368
RESERVED
CVE-2020-7367
@@ -47180,10 +47203,10 @@ CVE-2020-7366
RESERVED
CVE-2020-7365
RESERVED
-CVE-2020-7364
- RESERVED
-CVE-2020-7363
- RESERVED
+CVE-2020-7364 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ TODO: check
+CVE-2020-7363 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ TODO: check
CVE-2020-7362
RESERVED
CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command injecti ...)
@@ -49969,24 +49992,24 @@ CVE-2020-6372 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to op
NOT-FOR-US: SAP
CVE-2020-6371 (User enumeration vulnerability can be exploited to get a list of user ...)
NOT-FOR-US: SAP
-CVE-2020-6370
- RESERVED
-CVE-2020-6369
- RESERVED
+CVE-2020-6370 (SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.3 ...)
+ TODO: check
+CVE-2020-6369 (SAP Solution Manager and SAP Focused Run (update provided in WILY_INTR ...)
+ TODO: check
CVE-2020-6368 (SAP Business Planning and Consolidation, versions - 750, 751, 752, 753 ...)
NOT-FOR-US: SAP
-CVE-2020-6367
- RESERVED
-CVE-2020-6366
- RESERVED
+CVE-2020-6367 (There is a reflected cross site scripting vulnerability in SAP NetWeav ...)
+ TODO: check
+CVE-2020-6366 (SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, doe ...)
+ TODO: check
CVE-2020-6365 (SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, ...)
NOT-FOR-US: SAP
CVE-2020-6364 (SAP Solution Manager and SAP Focused Run (update provided in WILY_INTR ...)
NOT-FOR-US: SAP
CVE-2020-6363 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several ...)
NOT-FOR-US: SAP
-CVE-2020-6362
- RESERVED
+CVE-2020-6362 (SAP Banking Services version 500, use an incorrect authorization objec ...)
+ TODO: check
CVE-2020-6361 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
NOT-FOR-US: SAP
CVE-2020-6360 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
@@ -50079,8 +50102,8 @@ CVE-2020-6317
RESERVED
CVE-2020-6316
RESERVED
-CVE-2020-6315
- RESERVED
+CVE-2020-6315 (SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send ...)
+ TODO: check
CVE-2020-6314 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
NOT-FOR-US: SAP
CVE-2020-6313 (SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, ...)
@@ -50093,8 +50116,8 @@ CVE-2020-6310 (Improper access control in SOA Configuration Trace component in S
NOT-FOR-US: SAP
CVE-2020-6309 (SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7. ...)
NOT-FOR-US: SAP
-CVE-2020-6308
- RESERVED
+CVE-2020-6308 (SAP BusinessObjects Business Intelligence Platform (Web Services) vers ...)
+ TODO: check
CVE-2020-6307 (Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7. ...)
NOT-FOR-US: SAP
CVE-2020-6306 (Missing authorization check in a transaction within SAP Leasing (updat ...)
@@ -51549,8 +51572,8 @@ CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Li
NOT-FOR-US: Live Chat
CVE-2020-5641
RESERVED
-CVE-2020-5640
- RESERVED
+CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and earlier ...)
+ TODO: check
CVE-2020-5639
RESERVED
CVE-2020-5638
@@ -54011,10 +54034,10 @@ CVE-2020-4758
RESERVED
CVE-2020-4757
RESERVED
-CVE-2020-4756
- RESERVED
-CVE-2020-4755
- RESERVED
+CVE-2020-4756 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5. ...)
+ TODO: check
+CVE-2020-4755 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site s ...)
+ TODO: check
CVE-2020-4754
RESERVED
CVE-2020-4753
@@ -54025,10 +54048,10 @@ CVE-2020-4751
RESERVED
CVE-2020-4750
RESERVED
-CVE-2020-4749
- RESERVED
-CVE-2020-4748
- RESERVED
+CVE-2020-4749 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attri ...)
+ TODO: check
+CVE-2020-4748 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site s ...)
+ TODO: check
CVE-2020-4747
RESERVED
CVE-2020-4746
@@ -54395,8 +54418,8 @@ CVE-2020-4566
RESERVED
CVE-2020-4565 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacke ...)
NOT-FOR-US: IBM
-CVE-2020-4564
- RESERVED
+CVE-2020-4564 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 a ...)
+ TODO: check
CVE-2020-4563
RESERVED
CVE-2020-4562
@@ -54541,8 +54564,8 @@ CVE-2020-4493 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attack
NOT-FOR-US: IBM
CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2 ...)
NOT-FOR-US: IBM
-CVE-2020-4491
- RESERVED
+CVE-2020-4491 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5. ...)
+ TODO: check
CVE-2020-4490 (IBM Business Automation Workflow 18 and 19, and IBM Business Process M ...)
NOT-FOR-US: IBM
CVE-2020-4489
@@ -55562,14 +55585,14 @@ CVE-2020-3997
RESERVED
CVE-2020-3996
RESERVED
-CVE-2020-3995
- RESERVED
-CVE-2020-3994
- RESERVED
-CVE-2020-3993
- RESERVED
-CVE-2020-3992
- RESERVED
+CVE-2020-3995 (In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-20 ...)
+ TODO: check
+CVE-2020-3994 (VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a ...)
+ TODO: check
+CVE-2020-3993 (VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a sec ...)
+ TODO: check
+CVE-2020-3992 (OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6. ...)
+ TODO: check
CVE-2020-3991 (VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial ...)
NOT-FOR-US: VMware
CVE-2020-3990 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
@@ -55588,10 +55611,10 @@ CVE-2020-3984
RESERVED
CVE-2020-3983
RESERVED
-CVE-2020-3982
- RESERVED
-CVE-2020-3981
- RESERVED
+CVE-2020-3982 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...)
+ TODO: check
+CVE-2020-3981 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...)
+ TODO: check
CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...)
NOT-FOR-US: VMware
CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) installers lo ...)
@@ -98218,8 +98241,8 @@ CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and othe
NOT-FOR-US: ThinkPHP
CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...)
NOT-FOR-US: Laravel Framework
-CVE-2019-9080
- RESERVED
+CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...)
+ TODO: check
CVE-2019-9079
RESERVED
CVE-2019-9078 (zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter b ...)
@@ -109483,8 +109506,8 @@ CVE-2019-4682
RESERVED
CVE-2019-4681 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
NOT-FOR-US: IBM
-CVE-2019-4680
- RESERVED
+CVE-2019-4680 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 i ...)
+ TODO: check
CVE-2019-4679 (IBM Content Navigator 3.0CD could allow an authenticated user to gain ...)
NOT-FOR-US: IBM
CVE-2019-4678
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66120648b06193e9669d6fd5b847c2380ce81bcb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66120648b06193e9669d6fd5b847c2380ce81bcb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201020/5d94bcec/attachment.html>
More information about the debian-security-tracker-commits
mailing list