[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 26 20:10:58 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0796916a by security tracker role at 2020-10-26T20:10:48+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2020-27734
+ RESERVED
+CVE-2020-27733
+ RESERVED
+CVE-2020-27732
+ RESERVED
+CVE-2020-27731
+ RESERVED
+CVE-2020-27730
+ RESERVED
+CVE-2020-27729
+ RESERVED
+CVE-2020-27728
+ RESERVED
+CVE-2020-27727
+ RESERVED
+CVE-2020-27726
+ RESERVED
+CVE-2020-27725
+ RESERVED
+CVE-2020-27724
+ RESERVED
+CVE-2020-27723
+ RESERVED
+CVE-2020-27722
+ RESERVED
+CVE-2020-27721
+ RESERVED
+CVE-2020-27720
+ RESERVED
+CVE-2020-27719
+ RESERVED
+CVE-2020-27718
+ RESERVED
+CVE-2020-27717
+ RESERVED
+CVE-2020-27716
+ RESERVED
+CVE-2020-27715
+ RESERVED
+CVE-2020-27714
+ RESERVED
+CVE-2020-27713
+ RESERVED
+CVE-2020-27712
+ RESERVED
+CVE-2020-27711
+ RESERVED
+CVE-2020-27710
+ RESERVED
+CVE-2020-27709
+ RESERVED
+CVE-2020-27708
+ RESERVED
+CVE-2020-27707
+ RESERVED
+CVE-2020-27706
+ RESERVED
+CVE-2020-27705
+ RESERVED
+CVE-2020-27704
+ RESERVED
+CVE-2020-27703
+ RESERVED
+CVE-2020-27702
+ RESERVED
+CVE-2020-27701
+ RESERVED
+CVE-2020-27700
+ RESERVED
+CVE-2020-27699
+ RESERVED
+CVE-2020-27698
+ RESERVED
+CVE-2020-27697
+ RESERVED
+CVE-2020-27696
+ RESERVED
+CVE-2020-27695
+ RESERVED
+CVE-2020-27694
+ RESERVED
+CVE-2020-27693
+ RESERVED
+CVE-2017-18925 (opentmpfiles through 0.3.1 allows local users to take ownership of arb ...)
+ TODO: check
CVE-2020-27692
RESERVED
CVE-2020-27691
@@ -1451,8 +1537,7 @@ CVE-2020-27189
RESERVED
CVE-2020-27188
RESERVED
-CVE-2020-27187 [kpmcore_externalcommand helper can be exploited in local privilege escalation]
- RESERVED
+CVE-2020-27187 (An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. T ...)
- kpmcore 4.2.0-1
[buster] - kpmcore <not-affected> (kpmcore_externalcommand not yet present)
[stretch] - kpmcore <not-affected> (kpmcore_externalcommand not yet present)
@@ -2763,8 +2848,8 @@ CVE-2020-26568
RESERVED
CVE-2020-26567 (An issue was discovered on D-Link DSR-250N before 3.17B devices. The C ...)
NOT-FOR-US: D-Link
-CVE-2020-26566
- RESERVED
+CVE-2020-26566 (A Denial of Service condition in Motion-Project Motion 3.2 through 4.3 ...)
+ TODO: check
CVE-2020-26565
RESERVED
CVE-2020-26564
@@ -3594,8 +3679,8 @@ CVE-2020-26163 (BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host a
NOT-FOR-US: BigBlueButton Greenlight
CVE-2020-26162 (Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073 ...)
NOT-FOR-US: Xerox
-CVE-2020-26161
- RESERVED
+CVE-2020-26161 (In Octopus Deploy through 2020.4.2, an attacker could redirect users t ...)
+ TODO: check
CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended acces ...)
- golang-github-dgrijalva-jwt-go <unfixed> (bug #971556)
NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
@@ -5193,8 +5278,8 @@ CVE-2020-25472
RESERVED
CVE-2020-25471
RESERVED
-CVE-2020-25470
- RESERVED
+CVE-2020-25470 (AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2020-25469
RESERVED
CVE-2020-25468
@@ -6166,8 +6251,8 @@ CVE-2020-25036
RESERVED
CVE-2020-25035
RESERVED
-CVE-2020-25034
- RESERVED
+CVE-2020-25034 (eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authentic ...)
+ TODO: check
CVE-2020-25033 (The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for ...)
NOT-FOR-US: Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin for WordPress
CVE-2020-25032 (An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) ...)
@@ -7032,10 +7117,10 @@ CVE-2020-24634
RESERVED
CVE-2020-24633
RESERVED
-CVE-2020-24632
- RESERVED
-CVE-2020-24631
- RESERVED
+CVE-2020-24632 (A remote execution of arbitrary commandss vulnerability was discovered ...)
+ TODO: check
+CVE-2020-24631 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ TODO: check
CVE-2020-24630 (A remote operatoronlinelist_content privilege escalation vulnerability ...)
NOT-FOR-US: HPE Intelligent Management Center (iMC)
CVE-2020-24629 (A remote urlaccesscontroller authentication bypass vulnerability was d ...)
@@ -18867,8 +18952,8 @@ CVE-2020-18768
RESERVED
CVE-2020-18767
RESERVED
-CVE-2020-18766
- RESERVED
+CVE-2020-18766 (A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotel ...)
+ TODO: check
CVE-2020-18765
RESERVED
CVE-2020-18764
@@ -24917,8 +25002,8 @@ CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data rela
NOT-FOR-US: Grin
CVE-2020-15898
RESERVED
-CVE-2020-15897
- RESERVED
+CVE-2020-15897 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...)
+ TODO: check
CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link DAP-1522 devic ...)
NOT-FOR-US: D-Link
CVE-2020-15895 (An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10 ...)
@@ -26583,14 +26668,14 @@ CVE-2020-15276
RESERVED
CVE-2020-15275
RESERVED
-CVE-2020-15274
- RESERVED
+CVE-2020-15274 (In Wiki.js before version 2.5.162, an XSS payload can be injected in a ...)
+ TODO: check
CVE-2020-15273
RESERVED
-CVE-2020-15272
- RESERVED
-CVE-2020-15271
- RESERVED
+CVE-2020-15272 (In the git-tag-annotation-action (open source GitHub Action) before ve ...)
+ TODO: check
+CVE-2020-15271 (In lookatme (python/pypi package) versions prior to 2.3.0, the package ...)
+ TODO: check
CVE-2020-15270 (Parse Server (npm package parse-server) broadcasts events to all clien ...)
NOT-FOR-US: Node parse-server
CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens ...)
@@ -31856,7 +31941,8 @@ CVE-2020-13334 (In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper
- gitlab 13.2.10-1
CVE-2020-13333 (A potential DOS vulnerability was discovered in GitLab versions 13.1, ...)
- gitlab 13.2.10-1
-CVE-2020-13332 (Improper access expiration date validation in GitLab version >=8.11 ...)
+CVE-2020-13332
+ REJECTED
- gitlab 13.2.10-1
CVE-2020-13331 (An issue has been discovered in GitLab affecting versions prior to 12. ...)
- gitlab 13.2.3-2
@@ -32459,8 +32545,8 @@ CVE-2020-13102
RESERVED
CVE-2020-13101 (In OASIS Digital Signature Services (DSS) 1.0, an attacker can control ...)
NOT-FOR-US: OASIS Digital Signature Services (DSS)
-CVE-2020-13100
- RESERVED
+CVE-2020-13100 (Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22 ...)
+ TODO: check
CVE-2020-13099
RESERVED
CVE-2020-13098
@@ -47530,8 +47616,8 @@ CVE-2020-7754
RESERVED
CVE-2020-7753
RESERVED
-CVE-2020-7752
- RESERVED
+CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This packag ...)
+ TODO: check
CVE-2020-7751 (This affects all versions of package pathval. ...)
- node-pathval 1.1.0-4 (bug #972895)
[buster] - node-pathval <no-dsa> (Minor issue)
@@ -48783,10 +48869,10 @@ CVE-2020-7199
RESERVED
CVE-2020-7198
RESERVED
-CVE-2020-7197
- RESERVED
-CVE-2020-7196
- RESERVED
+CVE-2020-7197 (SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreSe ...)
+ TODO: check
+CVE-2020-7196 (The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Co ...)
+ TODO: check
CVE-2020-7195 (A iccselectrules expression language injection remote code execution v ...)
NOT-FOR-US: HPE Intelligent Management Center (iMC)
CVE-2020-7194 (A perfaddormoddevicemonitor expression language injection remote code ...)
@@ -48923,14 +49009,14 @@ CVE-2020-7129
RESERVED
CVE-2020-7128
RESERVED
-CVE-2020-7127
- RESERVED
-CVE-2020-7126
- RESERVED
-CVE-2020-7125
- RESERVED
-CVE-2020-7124
- RESERVED
+CVE-2020-7127 (A remote unauthenticated arbitrary code execution vulnerability was di ...)
+ TODO: check
+CVE-2020-7126 (A remote server-side request forgery (ssrf) vulnerability was discover ...)
+ TODO: check
+CVE-2020-7125 (A remote escalation of privilege vulnerability was discovered in Aruba ...)
+ TODO: check
+CVE-2020-7124 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
+ TODO: check
CVE-2020-7123
RESERVED
CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches Series ...)
@@ -49564,8 +49650,8 @@ CVE-2020-6878
RESERVED
CVE-2020-6877
RESERVED
-CVE-2020-6876
- RESERVED
+CVE-2020-6876 (A ZTE product is impacted by an XSS vulnerability. The vulnerability i ...)
+ TODO: check
CVE-2020-6875 (A ZTE product is impacted by the improper access control vulnerability ...)
NOT-FOR-US: ZTE
CVE-2020-6874 (A ZTE product is impacted by the cryptographic issues vulnerability. T ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0796916a3377c5b8d6f5ae120a6e22292eddf0d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0796916a3377c5b8d6f5ae120a6e22292eddf0d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201026/e68a212b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list