[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 1 21:10:37 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
761fe9ad by security tracker role at 2020-09-01T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-25068
+ RESERVED
CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command injecti ...)
NOT-FOR-US: Netgear
CVE-2020-25066
@@ -980,15 +982,13 @@ CVE-2020-24585 (An issue was discovered in the DTLS handshake implementation in
- wolfssl <unfixed>
NOTE: https://github.com/wolfSSL/wolfssl/pull/3219
NOTE: https://github.com/wolfSSL/wolfssl/commit/3be7f3ea3a56d178acf0f7f84ee4ae8cbfee8915 (v4.5.0-stable)
-CVE-2020-24584
- RESERVED
+CVE-2020-24584 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...)
- python-django 2:2.2.16-1 (bug #969367)
NOTE: https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71 (master)
NOTE: https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b (3.1.1)
NOTE: https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554 (3.0.10)
NOTE: https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f (2.2.16)
-CVE-2020-24583
- RESERVED
+CVE-2020-24583 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...)
- python-django 2:2.2.16-1 (bug #969367)
NOTE: https://github.com/django/django/commit/8d7271578d7b153435b40fe40236ebec43cbf1b9 (master)
NOTE: https://github.com/django/django/commit/934430d22aa5d90c2ba33495ff69a6a1d997d584 (3.1.1)
@@ -1040,14 +1040,14 @@ CVE-2020-24561
RESERVED
CVE-2020-24560
RESERVED
-CVE-2020-24559
- RESERVED
-CVE-2020-24558
- RESERVED
-CVE-2020-24557
- RESERVED
-CVE-2020-24556
- RESERVED
+CVE-2020-24559 (A vulnerability in Trend Micro Apex One on macOS may allow an attacker ...)
+ TODO: check
+CVE-2020-24558 (A vulnerability in an Trend Micro Apex One dll may allow an attacker t ...)
+ TODO: check
+CVE-2020-24557 (A vulnerability in Trend Micro Apex One on Microsoft Windows may allow ...)
+ TODO: check
+CVE-2020-24556 (A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Micro ...)
+ TODO: check
CVE-2020-24614 (Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 a ...)
- fossil 1:2.12.1-1
[buster] - fossil <no-dsa> (Minor issue)
@@ -1056,8 +1056,8 @@ CVE-2020-24614 (Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.
NOTE: https://fossil-scm.org/fossil/vdiff?branch=sec2020-2.12-patch&diff=1&w
CVE-2020-24555
RESERVED
-CVE-2020-24554
- RESERVED
+CVE-2020-24554 (The redirect module in Liferay Portal before 7.3.3 does not limit the ...)
+ TODO: check
CVE-2020-24553
RESERVED
CVE-2020-24552
@@ -2148,8 +2148,8 @@ CVE-2020-24036
RESERVED
CVE-2020-24035
RESERVED
-CVE-2020-24034
- RESERVED
+CVE-2020-24034 (Sagemcom F at ST 5280 routers using firmware version 1.150.61 have insecu ...)
+ TODO: check
CVE-2020-24033
RESERVED
CVE-2020-24032 (tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cm ...)
@@ -2274,8 +2274,8 @@ CVE-2020-23973 (KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'te
NOT-FOR-US: KandNconcepts Club CMS
CVE-2020-23972 (In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can ...)
NOT-FOR-US: Joomla Component GMapFP
-CVE-2020-23971
- RESERVED
+CVE-2020-23971 (gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Pe ...)
+ TODO: check
CVE-2020-23970
RESERVED
CVE-2020-23969
@@ -2538,28 +2538,28 @@ CVE-2020-23841
RESERVED
CVE-2020-23840
RESERVED
-CVE-2020-23839
- RESERVED
+CVE-2020-23839 (A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS ...)
+ TODO: check
CVE-2020-23838
RESERVED
CVE-2020-23837
RESERVED
-CVE-2020-23836
- RESERVED
-CVE-2020-23835
- RESERVED
+CVE-2020-23836 (A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in ...)
+ TODO: check
+CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...)
+ TODO: check
CVE-2020-23834
RESERVED
CVE-2020-23833
RESERVED
CVE-2020-23832
RESERVED
-CVE-2020-23831
- RESERVED
+CVE-2020-23831 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...)
+ TODO: check
CVE-2020-23830
RESERVED
-CVE-2020-23829
- RESERVED
+CVE-2020-23829 (interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suff ...)
+ TODO: check
CVE-2020-23828
RESERVED
CVE-2020-23827
@@ -3316,8 +3316,8 @@ CVE-2020-23452
RESERVED
CVE-2020-23451
RESERVED
-CVE-2020-23450
- RESERVED
+CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed ...)
+ TODO: check
CVE-2020-23449
RESERVED
CVE-2020-23448
@@ -15434,8 +15434,8 @@ CVE-2020-17407
RESERVED
CVE-2020-17406
RESERVED
-CVE-2020-17405
- RESERVED
+CVE-2020-17405 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit
CVE-2020-17403 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -20504,8 +20504,8 @@ CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Si
NOT-FOR-US: Node ftp-srv
CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...)
NOT-FOR-US: OpenMage
-CVE-2020-15150
- RESERVED
+CVE-2020-15150 (There is a vulnerability in Paginator (Elixir/Hex package) which makes ...)
+ TODO: check
CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...)
NOT-FOR-US: NodeBB
CVE-2020-15148
@@ -21924,8 +21924,8 @@ CVE-2020-14516
RESERVED
CVE-2020-14515
RESERVED
-CVE-2020-14514
- RESERVED
+CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus traffic ca ...)
+ TODO: check
CVE-2020-14513
RESERVED
CVE-2020-14512 (GateManager versions prior to 9.2c, The affected product uses a weak h ...)
@@ -26663,8 +26663,8 @@ CVE-2020-12778 (Combodo iTop does not validate inputted parameters, attackers ca
NOT-FOR-US: Combodo iTop
CVE-2020-12777 (A function in Combodo iTop contains a vulnerability of Broken Access C ...)
NOT-FOR-US: Combodo iTop
-CVE-2020-12776
- RESERVED
+CVE-2020-12776 (Openfind Mail2000 contains Broken Access Control vulnerability, which ...)
+ TODO: check
CVE-2020-12775
RESERVED
CVE-2020-12774 (D-Link DSL-7740C does not properly validate user input, which allows a ...)
@@ -40138,8 +40138,8 @@ CVE-2020-8025 (A Incorrect Execution-Assigned Permissions vulnerability in the p
NOT-FOR-US: SAP
CVE-2020-8024 (A Incorrect Default Permissions vulnerability in the packaging of hyla ...)
- hylafax <not-affected> (SuSE-specific packaging issue)
-CVE-2020-8023
- RESERVED
+CVE-2020-8023 (A acceptance of Extraneous Untrusted Data With Trusted Data vulnerabil ...)
+ TODO: check
CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...)
NOT-FOR-US: SAP
CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...)
@@ -40929,36 +40929,36 @@ CVE-2020-7729
RESERVED
CVE-2020-7728
RESERVED
-CVE-2020-7727
- RESERVED
-CVE-2020-7726
- RESERVED
-CVE-2020-7725
- RESERVED
-CVE-2020-7724
- RESERVED
-CVE-2020-7723
- RESERVED
-CVE-2020-7722
- RESERVED
-CVE-2020-7721
- RESERVED
-CVE-2020-7720
- RESERVED
-CVE-2020-7719
- RESERVED
-CVE-2020-7718
- RESERVED
-CVE-2020-7717
- RESERVED
-CVE-2020-7716
- RESERVED
-CVE-2020-7715
- RESERVED
-CVE-2020-7714
- RESERVED
-CVE-2020-7713
- RESERVED
+CVE-2020-7727 (All versions of package gedi are vulnerable to Prototype Pollution via ...)
+ TODO: check
+CVE-2020-7726 (All versions of package safe-object2 are vulnerable to Prototype Pollu ...)
+ TODO: check
+CVE-2020-7725 (All versions of package worksmith are vulnerable to Prototype Pollutio ...)
+ TODO: check
+CVE-2020-7724 (All versions of package tiny-conf are vulnerable to Prototype Pollutio ...)
+ TODO: check
+CVE-2020-7723 (All versions of package promisehelpers are vulnerable to Prototype Pol ...)
+ TODO: check
+CVE-2020-7722 (All versions of package nodee-utils are vulnerable to Prototype Pollut ...)
+ TODO: check
+CVE-2020-7721 (All versions of package node-oojs are vulnerable to Prototype Pollutio ...)
+ TODO: check
+CVE-2020-7720 (All versions of package node-forge are vulnerable to Prototype Polluti ...)
+ TODO: check
+CVE-2020-7719 (All versions of package locutus are vulnerable to Prototype Pollution ...)
+ TODO: check
+CVE-2020-7718 (All versions of package gammautils are vulnerable to Prototype Polluti ...)
+ TODO: check
+CVE-2020-7717 (All versions of package dot-notes are vulnerable to Prototype Pollutio ...)
+ TODO: check
+CVE-2020-7716 (All versions of package deeps are vulnerable to Prototype Pollution vi ...)
+ TODO: check
+CVE-2020-7715 (All versions of package deep-get-set are vulnerable to Prototype Pollu ...)
+ TODO: check
+CVE-2020-7714 (All versions of package confucious are vulnerable to Prototype Polluti ...)
+ TODO: check
+CVE-2020-7713 (All versions of package arr-flatten-unflatten are vulnerable to Protot ...)
+ TODO: check
CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to inject ...)
TODO: check
CVE-2020-7711 (This affects all versions of package github.com/russellhaering/goxmlds ...)
@@ -41061,17 +41061,17 @@ CVE-2020-7671 (goliath through 1.0.6 allows request smuggling attacks where goli
NOT-FOR-US: Ruby gem goliath
CVE-2020-7670 (agoo through 2.12.3 allows request smuggling attacks where agoo is use ...)
NOT-FOR-US: Ruby gem agoo
-CVE-2020-7669
- RESERVED
+CVE-2020-7669 (This affects all versions of package github.com/u-root/u-root/pkg/taru ...)
+ TODO: check
CVE-2020-7668 (In all versions of the package github.com/unknwon/cae/tz, the ExtractT ...)
- golang-github-unknwon-cae <removed> (bug #967956)
NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384
CVE-2020-7667 (In package github.com/sassoftware/go-rpmutils/cpio before version 0.1. ...)
NOT-FOR-US: github.com/sassoftware/go-rpmutils/cpio go module
-CVE-2020-7666
- RESERVED
-CVE-2020-7665
- RESERVED
+CVE-2020-7666 (This affects all versions of package github.com/u-root/u-root/pkg/cpio ...)
+ TODO: check
+CVE-2020-7665 (This affects all versions of package github.com/u-root/u-root/pkg/uzip ...)
+ TODO: check
CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the Extract ...)
- golang-github-unknwon-cae <removed> (bug #967955)
NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383
@@ -45012,8 +45012,8 @@ CVE-2020-6143
RESERVED
CVE-2020-6142
RESERVED
-CVE-2020-6141
- RESERVED
+CVE-2020-6141 (An exploitable SQL injection vulnerability exists in the login functio ...)
+ TODO: check
CVE-2020-6140
RESERVED
CVE-2020-6139
@@ -45022,46 +45022,46 @@ CVE-2020-6138
RESERVED
CVE-2020-6137
RESERVED
-CVE-2020-6136
- RESERVED
-CVE-2020-6135
- RESERVED
-CVE-2020-6134
- RESERVED
-CVE-2020-6133
- RESERVED
-CVE-2020-6132
- RESERVED
-CVE-2020-6131
- RESERVED
-CVE-2020-6130
- RESERVED
-CVE-2020-6129
- RESERVED
-CVE-2020-6128
- RESERVED
-CVE-2020-6127
- RESERVED
-CVE-2020-6126
- RESERVED
-CVE-2020-6125
- RESERVED
-CVE-2020-6124
- RESERVED
-CVE-2020-6123
- RESERVED
-CVE-2020-6122
- RESERVED
-CVE-2020-6121
- RESERVED
-CVE-2020-6120
- RESERVED
-CVE-2020-6119
- RESERVED
-CVE-2020-6118
- RESERVED
-CVE-2020-6117
- RESERVED
+CVE-2020-6136 (An exploitable SQL injection vulnerability exists in the DownloadWindo ...)
+ TODO: check
+CVE-2020-6135 (An exploitable SQL injection vulnerability exists in the Validator.php ...)
+ TODO: check
+CVE-2020-6134 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...)
+ TODO: check
+CVE-2020-6133 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...)
+ TODO: check
+CVE-2020-6132 (SQL injection vulnerability exists in the ID parameters of OS4Ed openS ...)
+ TODO: check
+CVE-2020-6131 (SQL injection vulnerabilities exist in the course_period_id parameters ...)
+ TODO: check
+CVE-2020-6130 (SQL injection vulnerabilities exist in the course_period_id parameters ...)
+ TODO: check
+CVE-2020-6129 (SQL injection vulnerabilities exist in the course_period_id parameters ...)
+ TODO: check
+CVE-2020-6128 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...)
+ TODO: check
+CVE-2020-6127 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...)
+ TODO: check
+CVE-2020-6126 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...)
+ TODO: check
+CVE-2020-6125 (An exploitable SQL injection vulnerability exists in the GetSchool.php ...)
+ TODO: check
+CVE-2020-6124 (An exploitable sql injection vulnerability exists in the email paramet ...)
+ TODO: check
+CVE-2020-6123 (An exploitable sql injection vulnerability exists in the email paramet ...)
+ TODO: check
+CVE-2020-6122 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...)
+ TODO: check
+CVE-2020-6121 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
+ TODO: check
+CVE-2020-6120 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...)
+ TODO: check
+CVE-2020-6119 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
+ TODO: check
+CVE-2020-6118 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
+ TODO: check
+CVE-2020-6117 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
+ TODO: check
CVE-2020-6116
RESERVED
CVE-2020-6115
@@ -55458,34 +55458,34 @@ CVE-2020-2253
RESERVED
CVE-2020-2252
RESERVED
-CVE-2020-2251
- RESERVED
-CVE-2020-2250
- RESERVED
-CVE-2020-2249
- RESERVED
-CVE-2020-2248
- RESERVED
-CVE-2020-2247
- RESERVED
-CVE-2020-2246
- RESERVED
-CVE-2020-2245
- RESERVED
-CVE-2020-2244
- RESERVED
-CVE-2020-2243
- RESERVED
-CVE-2020-2242
- RESERVED
-CVE-2020-2241
- RESERVED
-CVE-2020-2240
- RESERVED
-CVE-2020-2239
- RESERVED
-CVE-2020-2238
- RESERVED
+CVE-2020-2251 (Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits ...)
+ TODO: check
+CVE-2020-2250 (Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores pr ...)
+ TODO: check
+CVE-2020-2249 (Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a web ...)
+ TODO: check
+CVE-2020-2248 (Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code ...)
+ TODO: check
+CVE-2020-2247 (Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configu ...)
+ TODO: check
+CVE-2020-2246 (Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Va ...)
+ TODO: check
+CVE-2020-2245 (Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML pa ...)
+ TODO: check
+CVE-2020-2244 (Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not esca ...)
+ TODO: check
+CVE-2020-2243 (Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape buil ...)
+ TODO: check
+CVE-2020-2242 (A missing permission check in Jenkins database Plugin 1.6 and earlier ...)
+ TODO: check
+CVE-2020-2241 (A cross-site request forgery (CSRF) vulnerability in Jenkins database ...)
+ TODO: check
+CVE-2020-2240 (A cross-site request forgery (CSRF) vulnerability in Jenkins database ...)
+ TODO: check
+CVE-2020-2239 (Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a ...)
+ TODO: check
+CVE-2020-2238 (Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the re ...)
+ TODO: check
CVE-2020-2237 (A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Tes ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2236 (Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not ...)
@@ -101771,8 +101771,8 @@ CVE-2019-5647 (The Chrome Plugin for Rapid7 AppSpider can incorrectly keep brows
NOT-FOR-US: Chrome Plugin for Rapid7 AppSpider
CVE-2019-5646
RESERVED
-CVE-2019-5645
- RESERVED
+CVE-2019-5645 (By sending a specially crafted HTTP GET request to a listening Rapid7 ...)
+ TODO: check
CVE-2019-5644 (Computing For Good's Basic Laboratory Information System (also known a ...)
NOT-FOR-US: Computing For Good's Basic Laboratory Information System
CVE-2019-5643 (Computing For Good's Basic Laboratory Information System (also known a ...)
@@ -136058,8 +136058,8 @@ CVE-2018-12477 (A Improper Neutralization of CRLF Sequences vulnerability in Ope
NOTE: https://github.com/openSUSE/obs-service-refresh_patches/commit/d6244245dda5367767efc989446fe4b5e4609cce
CVE-2018-12476 (Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE L ...)
NOT-FOR-US: obs-service-tar_scm
-CVE-2018-12475
- RESERVED
+CVE-2018-12475 (A Externally Controlled Reference to a Resource in Another Sphere vuln ...)
+ TODO: check
CVE-2018-12474 (Improper input validation in obs-service-tar_scm of Open Build Service ...)
NOT-FOR-US: obs-service-tar_scm of Open Build Service
CVE-2018-12473 (A path traversal traversal vulnerability in obs-service-tar_scm of Ope ...)
@@ -332520,18 +332520,18 @@ CVE-2010-5141 (wxBitcoin and bitcoind before 0.3.5 do not properly handle script
CVE-2012-3342 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2012-3341
- RESERVED
-CVE-2012-3340
- RESERVED
+CVE-2012-3341 (IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross ...)
+ TODO: check
+CVE-2012-3340 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML extern ...)
+ TODO: check
CVE-2012-3339
RESERVED
-CVE-2012-3338
- RESERVED
-CVE-2012-3337
- RESERVED
-CVE-2012-3336
- RESERVED
+CVE-2012-3338 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attack ...)
+ TODO: check
+CVE-2012-3337 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attack ...)
+ TODO: check
+CVE-2012-3336 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL inject ...)
+ TODO: check
CVE-2012-3335
RESERVED
CVE-2012-3334 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/761fe9ad8756f2392f395ed6b22094efc996a3e7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/761fe9ad8756f2392f395ed6b22094efc996a3e7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200901/0d76ba04/attachment.html>
More information about the debian-security-tracker-commits
mailing list