[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Sep 30 09:10:25 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
298f59e2 by security tracker role at 2020-09-30T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,22 @@
-CVE-2020-26154 [buffer overflow when PAC is enabled]
+CVE-2020-26158 (Leanote Desktop through 2.6.2 allows XSS because a note's title is mis ...)
+	TODO: check
+CVE-2020-26157 (Leanote Desktop through 2.6.2 allows XSS because a note's title is mis ...)
+	TODO: check
+CVE-2020-26156
+	RESERVED
+CVE-2020-26155
+	RESERVED
+CVE-2020-26153
+	RESERVED
+CVE-2020-26152
+	RESERVED
+CVE-2020-26151
+	RESERVED
+CVE-2020-26150 (info.php in Logaritmo Aware CallManager 2012 allows remote attackers t ...)
+	TODO: check
+CVE-2020-26149
+	RESERVED
+CVE-2020-26154 (url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when  ...)
 	- libproxy <unfixed> (bug #968366)
 	NOTE: https://github.com/libproxy/libproxy/pull/126
 CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigge ...)
@@ -855,10 +873,10 @@ CVE-2020-25765
 	RESERVED
 CVE-2020-25764
 	RESERVED
-CVE-2020-25763
-	RESERVED
-CVE-2020-25762
-	RESERVED
+CVE-2020-25763 (Seat Reservation System version 1.0 suffers from an Unauthenticated Fi ...)
+	TODO: check
+CVE-2020-25762 (An issue was discovered in SourceCodester Seat Reservation System 1.0. ...)
+	TODO: check
 CVE-2020-25761 (Projectworlds Visitor Management System in PHP 1.0 allows XSS. The fil ...)
 	NOT-FOR-US: Projectworlds Visitor Management System in PHP
 CVE-2020-25760 (Projectworlds Visitor Management System in PHP 1.0 allows SQL Injectio ...)
@@ -1628,7 +1646,7 @@ CVE-2020-25414
 	RESERVED
 CVE-2020-25413
 	RESERVED
-CVE-2020-25412 (gnuplot 5.4 is affected by a segmentation fault in com_line () at comm ...)
+CVE-2020-25412 (com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write ...)
 	- gnuplot <unfixed> (unimportant)
 	NOTE: https://sourceforge.net/p/gnuplot/bugs/2303/
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to
@@ -3494,10 +3512,10 @@ CVE-2020-24572 (An issue was discovered in includes/webconsole.php in RaspAP 2.5
 	NOT-FOR-US: RaspAP
 CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via ../ dir ...)
 	NOT-FOR-US: NexusDB
-CVE-2020-24570
-	RESERVED
-CVE-2020-24569
-	RESERVED
+CVE-2020-24570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+	TODO: check
+CVE-2020-24569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+	TODO: check
 CVE-2020-24568
 	RESERVED
 CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08- ...)
@@ -7025,8 +7043,8 @@ CVE-2020-22844
 	RESERVED
 CVE-2020-22843
 	RESERVED
-CVE-2020-22842
-	RESERVED
+CVE-2020-22842 (CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ...)
+	TODO: check
 CVE-2020-22841
 	RESERVED
 CVE-2020-22840
@@ -26791,8 +26809,8 @@ CVE-2020-13796 (An issue was discovered in Navigate CMS through 2.8.7. It allows
 	NOT-FOR-US: Navigate CMS
 CVE-2020-13795 (An issue was discovered in Navigate CMS through 2.8.7. It allows Direc ...)
 	NOT-FOR-US: Navigate CMS
-CVE-2020-13794
-	RESERVED
+CVE-2020-13794 (Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information ...)
+	TODO: check
 CVE-2020-13793 (Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a st ...)
 	NOT-FOR-US: Ivanti
 CVE-2020-13792 (PlayTube 1.8 allows disclosure of user details via ajax.php?type=../ad ...)
@@ -27560,7 +27578,8 @@ CVE-2020-13523 (An exploitable information disclosure vulnerability exists in So
 	NOT-FOR-US: SoftPerfect
 CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in SoftPerfe ...)
 	NOT-FOR-US: SoftPerfect
-CVE-2020-13521 (Parameter psAttribute in ednareporting.asmx is vulnerable to unauthent ...)
+CVE-2020-13521
+	REJECTED
 	NOT-FOR-US: ednareporting.asmx
 CVE-2020-13520
 	RESERVED
@@ -27586,19 +27605,23 @@ CVE-2020-13510
 	RESERVED
 CVE-2020-13509
 	RESERVED
-CVE-2020-13508 (An SQL injection vulnerability exists in the Alias.asmx Web Service fu ...)
+CVE-2020-13508
+	REJECTED
 	NOT-FOR-US: Alias.asmx
-CVE-2020-13507 (An SQL injection vulnerability exists in the Alias.asmx Web Service fu ...)
+CVE-2020-13507
+	REJECTED
 	NOT-FOR-US: Alias.asmx
 CVE-2020-13506
-	RESERVED
+	REJECTED
 CVE-2020-13505 (Parameter psClass in ednareporting.asmx is vulnerable to unauthenticat ...)
 	NOT-FOR-US: ednareporting.asmx
 CVE-2020-13504 (Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauth ...)
 	NOT-FOR-US: ednareporting.asmx
-CVE-2020-13503 (Parameter AttFilterName in ednareporting.asmx is vulnerable to unauthe ...)
+CVE-2020-13503
+	REJECTED
 	NOT-FOR-US: ednareporting.asmx
-CVE-2020-13502 (An exploitable SQL injection vulnerability exists in the DNAPoints.asm ...)
+CVE-2020-13502
+	REJECTED
 	NOT-FOR-US: DNAPoints.asmx
 CVE-2020-13501 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...)
 	NOT-FOR-US: CHaD.asmx
@@ -47679,7 +47702,8 @@ CVE-2020-6155
 	RESERVED
 CVE-2020-6154
 	RESERVED
-CVE-2020-6153 (An exploitable SQL injection vulnerability exists in the FavoritesServ ...)
+CVE-2020-6153
+	REJECTED
 	NOT-FOR-US: eDNA Enterprise Data Historian
 CVE-2020-6152 (A code execution vulnerability exists in the DICOM parse_dicom_meta_in ...)
 	NOT-FOR-US: Accusoft
@@ -50345,8 +50369,8 @@ CVE-2020-5134
 	RESERVED
 CVE-2020-5133
 	RESERVED
-CVE-2020-5132
-	RESERVED
+CVE-2020-5132 (SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misc ...)
+	TODO: check
 CVE-2020-5131 (SonicWall NetExtender Windows client vulnerable to arbitrary file writ ...)
 	NOT-FOR-US: SonicWall NetExtender Windows client
 CVE-2020-5130 (SonicOS SSLVPN LDAP login request allows remote attackers to cause ext ...)
@@ -159371,10 +159395,10 @@ CVE-2018-5356
 	RESERVED
 CVE-2018-5355
 	RESERVED
-CVE-2018-5354
-	RESERVED
-CVE-2018-5353
-	RESERVED
+CVE-2018-5354 (The custom GINA/CP module in ANIXIS Password Reset Client before versi ...)
+	TODO: check
+CVE-2018-5353 (The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus befo ...)
+	TODO: check
 CVE-2018-5352
 	RESERVED
 CVE-2018-5351



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/298f59e215ebcc1e8be12b08122674914edc59ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/298f59e215ebcc1e8be12b08122674914edc59ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200930/634b64ee/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list