[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 2 21:10:31 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
748dec94 by security tracker role at 2020-09-02T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-25083
+ RESERVED
+CVE-2020-25082
+ RESERVED
+CVE-2020-25081
+ RESERVED
+CVE-2020-25080
+ RESERVED
+CVE-2020-25079 (An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and ...)
+ TODO: check
+CVE-2020-25078 (An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and ...)
+ TODO: check
+CVE-2020-25077
+ RESERVED
+CVE-2020-25076
+ RESERVED
+CVE-2020-25075
+ RESERVED
CVE-2020-25074
RESERVED
CVE-2020-25072
@@ -100,10 +118,10 @@ CVE-2020-25028
RESERVED
CVE-2020-25027
RESERVED
-CVE-2020-25026
- RESERVED
-CVE-2020-25025
- RESERVED
+CVE-2020-25026 (The sf_event_mgt (aka Event management and registration) extension bef ...)
+ TODO: check
+CVE-2020-25025 (The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x bef ...)
+ TODO: check
CVE-2020-25024
RESERVED
CVE-2020-25023
@@ -852,8 +870,8 @@ CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...)
NOT-FOR-US: Maltego
CVE-2020-24655
RESERVED
-CVE-2020-24654
- RESERVED
+CVE-2020-24654 (In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can ins ...)
+ TODO: check
CVE-2020-24653 (secure-store in Expo through 2.16.1 on iOS provides the insecure kSecA ...)
NOT-FOR-US: secure-store in Expo on iOS
CVE-2020-24652
@@ -956,14 +974,14 @@ CVE-2020-24607
RESERVED
CVE-2020-24605
RESERVED
-CVE-2020-24604
- RESERVED
+CVE-2020-24604 (A Reflected XSS vulnerability was discovered in Ignite Realtime Openfi ...)
+ TODO: check
CVE-2020-24603
RESERVED
-CVE-2020-24602
- RESERVED
-CVE-2020-24601
- RESERVED
+CVE-2020-24602 (Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vu ...)
+ TODO: check
+CVE-2020-24601 (In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability al ...)
+ TODO: check
CVE-2020-24600
RESERVED
CVE-2020-24599 (An issue was discovered in Joomla! before 3.9.21. Lack of escaping in ...)
@@ -1076,8 +1094,8 @@ CVE-2020-24555
RESERVED
CVE-2020-24554 (The redirect module in Liferay Portal before 7.3.3 does not limit the ...)
NOT-FOR-US: Liferay
-CVE-2020-24553
- RESERVED
+CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html ...)
+ TODO: check
CVE-2020-24552
RESERVED
CVE-2020-24551
@@ -1495,8 +1513,8 @@ CVE-2020-24357
RESERVED
CVE-2020-24356
RESERVED
-CVE-2020-24355
- RESERVED
+CVE-2020-24355 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...)
+ TODO: check
CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...)
NOT-FOR-US: Zyxel
CVE-2020-24353
@@ -2174,12 +2192,12 @@ CVE-2020-24032 (tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances all
NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD
CVE-2020-24031
RESERVED
-CVE-2020-24030
- RESERVED
-CVE-2020-24029
- RESERVED
-CVE-2020-24028
- RESERVED
+CVE-2020-24030 (ForLogic Qualiex v1 and v3 has weak token expiration. This allows remo ...)
+ TODO: check
+CVE-2020-24029 (Because of unauthenticated password changes in ForLogic Qualiex v1 and ...)
+ TODO: check
+CVE-2020-24028 (ForLogic Qualiex v1 and v3 allows any authenticated customer to achiev ...)
+ TODO: check
CVE-2020-24027
RESERVED
CVE-2020-24026
@@ -2574,8 +2592,8 @@ CVE-2020-23832
RESERVED
CVE-2020-23831 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...)
NOT-FOR-US: SourceCodester Stock Management System
-CVE-2020-23830
- RESERVED
+CVE-2020-23830 (A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.ph ...)
+ TODO: check
CVE-2020-23829 (interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suff ...)
NOT-FOR-US: LibreHealth EHR
CVE-2020-23828
@@ -15344,8 +15362,8 @@ CVE-2020-17460
RESERVED
CVE-2020-17459
RESERVED
-CVE-2020-17458
- RESERVED
+CVE-2020-17458 (A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via th ...)
+ TODO: check
CVE-2020-17457
RESERVED
CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...)
@@ -17083,8 +17101,8 @@ CVE-2020-16604
RESERVED
CVE-2020-16603
RESERVED
-CVE-2020-16602
- RESERVED
+CVE-2020-16602 (Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers t ...)
+ TODO: check
CVE-2020-16601
RESERVED
CVE-2020-16600
@@ -18031,13 +18049,13 @@ CVE-2020-16172
RESERVED
CVE-2020-16171
RESERVED
-CVE-2020-16170 (Use of Hard-coded Credentials in Robotemi Global Ltd Temi Firmware up ...)
+CVE-2020-16170 (Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Andr ...)
NOT-FOR-US: Temi application fo Android
-CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in Robotemi G ...)
+CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in temi Robox ...)
NOT-FOR-US: Temi Robox OS
-CVE-2020-16168 (Origin Validation Error in Robotemi Global Ltd Temi Firmware up to 201 ...)
+CVE-2020-16168 (Origin Validation Error in temi Robox OS prior to 120, temi Android ap ...)
NOT-FOR-US: Temi firmware
-CVE-2020-16167 (Missing Authentication for Critical Function in Robotemi Global Ltd Te ...)
+CVE-2020-16167 (Missing Authentication for Critical Function in temi Robox OS prior to ...)
NOT-FOR-US: Temi Launcher OS
CVE-2020-16166 (The Linux kernel through 5.7.11 allows remote attackers to make observ ...)
- linux 5.7.17-1
@@ -18072,8 +18090,8 @@ CVE-2020-16152
RESERVED
CVE-2020-16151
RESERVED
-CVE-2020-16150
- RESERVED
+CVE-2020-16150 (A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/s ...)
+ TODO: check
CVE-2020-16149
RESERVED
CVE-2020-16148
@@ -18858,8 +18876,7 @@ CVE-2020-15813 (Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP s
- graylog2 <itp> (bug #652273)
CVE-2020-15812
RESERVED
-CVE-2020-15811
- RESERVED
+CVE-2020-15811 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...)
{DSA-4751-1}
- squid 4.13-1 (bug #968932)
- squid3 <removed>
@@ -18871,8 +18888,7 @@ CVE-2020-24606 (Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch
-CVE-2020-15810
- RESERVED
+CVE-2020-15810 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...)
{DSA-4751-1}
- squid 4.13-1 (bug #968934)
- squid3 <removed>
@@ -20488,8 +20504,8 @@ CVE-2020-15169
RESERVED
CVE-2020-15168
RESERVED
-CVE-2020-15167
- RESERVED
+CVE-2020-15167 (In Miller (command line utility) using the configuration file support ...)
+ TODO: check
CVE-2020-15166
RESERVED
CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Stor ...)
@@ -20670,8 +20686,8 @@ CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an inf
[buster] - npm <no-dsa> (Minor issue)
NOTE: https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
NOTE: https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
-CVE-2020-15094
- RESERVED
+CVE-2020-15094 (In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient cla ...)
+ TODO: check
CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does not pro ...)
NOT-FOR-US: Rust tough
CVE-2020-15092 (In TimelineJS before version 3.7.0, some user data renders as HTML. An ...)
@@ -23076,8 +23092,8 @@ CVE-2020-14211
RESERVED
CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected ...)
NOT-FOR-US: MONITORAPP
-CVE-2020-14209
- RESERVED
+CVE-2020-14209 (Dolibarr before 11.0.5 allows low-privilege users to upload files of d ...)
+ TODO: check
CVE-2020-14208
RESERVED
CVE-2020-14207
@@ -24140,8 +24156,8 @@ CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.
NOT-FOR-US: Foxit Reader
CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...)
NOT-FOR-US: Foxit Reader
-CVE-2020-13802
- RESERVED
+CVE-2020-13802 (The rebar3 tool 3.0.0-beta.3 through 3.13.2 for Erlang allows remote c ...)
+ TODO: check
CVE-2020-13801
RESERVED
CVE-2020-13799
@@ -27158,8 +27174,8 @@ CVE-2020-12623
RESERVED
CVE-2020-12622
RESERVED
-CVE-2020-12621
- RESERVED
+CVE-2020-12621 (The Teamwire application 5.3.0 for Android allows physically proximate ...)
+ TODO: check
CVE-2020-12620 (Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.con ...)
NOT-FOR-US: Pi-hole
CVE-2020-12619 (MailMate before 1.11 automatically imported S/MIME certificates and th ...)
@@ -48705,8 +48721,8 @@ CVE-2020-4695
RESERVED
CVE-2020-4694
RESERVED
-CVE-2020-4693
- RESERVED
+CVE-2020-4693 (IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8. ...)
+ TODO: check
CVE-2020-4692
RESERVED
CVE-2020-4691
@@ -48999,8 +49015,8 @@ CVE-2020-4548 (IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper i
NOT-FOR-US: IBM
CVE-2020-4547
RESERVED
-CVE-2020-4546
- RESERVED
+CVE-2020-4546 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
+ TODO: check
CVE-2020-4545
RESERVED
CVE-2020-4544
@@ -49047,8 +49063,8 @@ CVE-2020-4524
RESERVED
CVE-2020-4523
RESERVED
-CVE-2020-4522
- RESERVED
+CVE-2020-4522 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
+ TODO: check
CVE-2020-4521
RESERVED
CVE-2020-4520
@@ -49201,8 +49217,8 @@ CVE-2020-4447 (IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cros
NOT-FOR-US: IBM
CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automa ...)
NOT-FOR-US: IBM
-CVE-2020-4445
- RESERVED
+CVE-2020-4445 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
+ TODO: check
CVE-2020-4444
RESERVED
CVE-2020-4443
@@ -61724,7 +61740,7 @@ CVE-2019-18627
RESERVED
CVE-2019-18626 (Harris Ormed Self Service before 2019.1.4 allows an authenticated user ...)
NOT-FOR-US: Harris Ormed Self Service
-CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate signed ...)
+CVE-2018-21029 (** DISPUTED ** systemd 239 through 245 accepts any certificate signed ...)
- systemd 244-1 (low)
[buster] - systemd <not-affected> (Only affected v243)
[stretch] - systemd <not-affected> (Only affected v243)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/748dec94ae4c53e63ca06d13cbe0234a9e211ea1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/748dec94ae4c53e63ca06d13cbe0234a9e211ea1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200902/a69a7b0c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list