[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 30 21:10:27 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
025aef32 by security tracker role at 2020-09-30T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-26167
+ RESERVED
+CVE-2020-26166
+ RESERVED
+CVE-2020-26165
+ RESERVED
+CVE-2020-26164
+ RESERVED
+CVE-2020-26163 (BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Ori ...)
+ TODO: check
+CVE-2020-26162
+ RESERVED
+CVE-2020-26161
+ RESERVED
+CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended acces ...)
+ TODO: check
+CVE-2020-26159 (In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expressi ...)
+ TODO: check
+CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ...)
+ TODO: check
+CVE-2019-20921 (bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It d ...)
+ TODO: check
+CVE-2019-20920 (Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrar ...)
+ TODO: check
CVE-2020-26158 (Leanote Desktop through 2.6.2 allows XSS because a note's title is mis ...)
TODO: check
CVE-2020-26157 (Leanote Desktop through 2.6.2 allows XSS because a note's title is mis ...)
@@ -14,8 +38,8 @@ CVE-2020-26151
RESERVED
CVE-2020-26150 (info.php in Logaritmo Aware CallManager 2012 allows remote attackers t ...)
TODO: check
-CVE-2020-26149
- RESERVED
+CVE-2020-26149 (NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno ...)
+ TODO: check
CVE-2020-26154 (url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when ...)
- libproxy <unfixed> (bug #968366)
NOTE: https://github.com/libproxy/libproxy/pull/126
@@ -3169,8 +3193,8 @@ CVE-2020-24723
RESERVED
CVE-2020-24722
RESERVED
-CVE-2020-24721
- RESERVED
+CVE-2020-24721 (An issue was discovered in the GAEN (aka Google Apple Encounter Notifi ...)
+ TODO: check
CVE-2020-24720
RESERVED
CVE-2020-24719
@@ -7765,8 +7789,8 @@ CVE-2020-22483
RESERVED
CVE-2020-22482
RESERVED
-CVE-2020-22481
- RESERVED
+CVE-2020-22481 (An issue was discovered in HFish 0.5.1. When a payload is inserted whe ...)
+ TODO: check
CVE-2020-22480
RESERVED
CVE-2020-22479
@@ -9599,8 +9623,8 @@ CVE-2020-21566
RESERVED
CVE-2020-21565
RESERVED
-CVE-2020-21564
- RESERVED
+CVE-2020-21564 (An issue was discovered in Pluck CMS v4.7.11. There is a file upload v ...)
+ TODO: check
CVE-2020-21563
RESERVED
CVE-2020-21562
@@ -9673,18 +9697,18 @@ CVE-2020-21529
RESERVED
CVE-2020-21528
RESERVED
-CVE-2020-21527
- RESERVED
-CVE-2020-21526
- RESERVED
-CVE-2020-21525
- RESERVED
-CVE-2020-21524
- RESERVED
-CVE-2020-21523
- RESERVED
-CVE-2020-21522
- RESERVED
+CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo v1.1.3. A ba ...)
+ TODO: check
+CVE-2020-21526 (An Arbitrary file writing vulnerability in halo v1.1.3. In an interfac ...)
+ TODO: check
+CVE-2020-21525 (Halo V1.1.3 is affected by: Arbitrary File reading. In an interface th ...)
+ TODO: check
+CVE-2020-21524 (There is a XML external entity (XXE) vulnerability in halo v1.1.3, The ...)
+ TODO: check
+CVE-2020-21523 (A Server-Side Freemarker template injection vulnerability in halo CMS ...)
+ TODO: check
+CVE-2020-21522 (An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal ...)
+ TODO: check
CVE-2020-21521
RESERVED
CVE-2020-21520
@@ -10239,8 +10263,8 @@ CVE-2020-21246
RESERVED
CVE-2020-21245
RESERVED
-CVE-2020-21244
- RESERVED
+CVE-2020-21244 (An issue was discovered in FrontAccounting 2.4.7. There is a Directory ...)
+ TODO: check
CVE-2020-21243
RESERVED
CVE-2020-21242
@@ -13375,20 +13399,20 @@ CVE-2020-19678
RESERVED
CVE-2020-19677
RESERVED
-CVE-2020-19676
- RESERVED
+CVE-2020-19676 (Nacos 1.1.4 is affected by: Incorrect Access Control. An environment c ...)
+ TODO: check
CVE-2020-19675
RESERVED
CVE-2020-19674
RESERVED
CVE-2020-19673
RESERVED
-CVE-2020-19672
- RESERVED
+CVE-2020-19672 (Niushop B2B2C Multi-business basic version V1.11, can bypass the admin ...)
+ TODO: check
CVE-2020-19671
RESERVED
-CVE-2020-19670
- RESERVED
+CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication ca ...)
+ TODO: check
CVE-2020-19669
RESERVED
CVE-2020-19668
@@ -21286,8 +21310,8 @@ CVE-2020-15851 (Lack of access control in Nakivo Backup & Replication Transp
NOT-FOR-US: Nakivo Backup
CVE-2020-15850 (Insecure permissions in Nakivo Backup & Replication Director versi ...)
NOT-FOR-US: Nakivo Backup
-CVE-2020-15849
- RESERVED
+CVE-2020-15849 (Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in t ...)
+ TODO: check
CVE-2020-15848
RESERVED
CVE-2020-15847
@@ -21582,8 +21606,8 @@ CVE-2020-15733
RESERVED
CVE-2020-15732
RESERVED
-CVE-2020-15731
- RESERVED
+CVE-2020-15731 (An improper Input Validation vulnerability in the code handling file r ...)
+ TODO: check
CVE-2020-15730
RESERVED
CVE-2020-15729
@@ -22320,10 +22344,10 @@ CVE-2020-15490 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.1911
NOT-FOR-US: Wavlink WL-WN530HG4
CVE-2020-15489 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
NOT-FOR-US: Wavlink WL-WN530HG4
-CVE-2020-15488
- RESERVED
-CVE-2020-15487
- RESERVED
+CVE-2020-15488 (Re:Desk 2.3 allows insecure file upload. ...)
+ TODO: check
+CVE-2020-15487 (Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerabili ...)
+ TODO: check
CVE-2020-15486 (An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because t ...)
NOT-FOR-US: Dr Trust ECG Pen 2.00.08 devices
CVE-2020-15485 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...)
@@ -25127,7 +25151,7 @@ CVE-2020-14391
RESERVED
- gnome-settings-daemon <not-affected> (Red Hat-specific plugin)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093
-CVE-2020-14390 (A flaw was found in the Linux kernel in versions from 2.2.3 through 5. ...)
+CVE-2020-14390 (A flaw was found in the Linux kernel in versions before 5.9-rc6. When ...)
{DLA-2385-1}
- linux 5.8.10-1
[buster] - linux 4.19.146-1
@@ -25182,23 +25206,19 @@ CVE-2020-14380
NOT-FOR-US: Red Hat Satellite
CVE-2020-14379
RESERVED
-CVE-2020-14378
- RESERVED
+CVE-2020-14378 (An integer underflow in dpdk versions before 18.11.10 and before 19.11 ...)
- dpdk 19.11.5-1 (bug #971269)
[buster] - dpdk <no-dsa> (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
-CVE-2020-14377
- RESERVED
+CVE-2020-14377 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
- dpdk 19.11.5-1 (bug #971269)
[buster] - dpdk <no-dsa> (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
-CVE-2020-14376
- RESERVED
+CVE-2020-14376 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
- dpdk 19.11.5-1 (bug #971269)
[buster] - dpdk <no-dsa> (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
-CVE-2020-14375
- RESERVED
+CVE-2020-14375 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
- dpdk 19.11.5-1 (bug #971269)
[buster] - dpdk <no-dsa> (Minor issue)
NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
@@ -26403,14 +26423,12 @@ CVE-2020-13955
RESERVED
CVE-2020-13954
RESERVED
-CVE-2020-13953
- RESERVED
+CVE-2020-13953 (In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an att ...)
NOT-FOR-US: Apache Tapestry
CVE-2020-13952
RESERVED
NOT-FOR-US: Apache Superset
-CVE-2020-13951
- RESERVED
+CVE-2020-13951 (Attackers can use public NetTest web service of Apache OpenMeetings 4. ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2020-13950
RESERVED
@@ -30073,10 +30091,10 @@ CVE-2020-12508
RESERVED
CVE-2020-12507
RESERVED
-CVE-2020-12506
- RESERVED
-CVE-2020-12505
- RESERVED
+CVE-2020-12506 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...)
+ TODO: check
+CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...)
+ TODO: check
CVE-2020-12504
RESERVED
CVE-2020-12503
@@ -51529,8 +51547,8 @@ CVE-2020-4631 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in n
NOT-FOR-US: IBM
CVE-2020-4630
RESERVED
-CVE-2020-4629
- RESERVED
+CVE-2020-4629 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ TODO: check
CVE-2020-4628
RESERVED
CVE-2020-4627
@@ -61305,12 +61323,12 @@ CVE-2019-18993 (OpenWrt 18.06.4 allows XSS via the "New port forward" Name field
NOT-FOR-US: OpenWrt
CVE-2019-18992 (OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/a ...)
NOT-FOR-US: OpenWrt
-CVE-2019-18991
- RESERVED
-CVE-2019-18990
- RESERVED
-CVE-2019-18989
- RESERVED
+CVE-2019-18991 (A partial authentication bypass vulnerability exists on Atheros AR9132 ...)
+ TODO: check
+CVE-2019-18990 (A partial authentication bypass vulnerability exists on Realtek RTL881 ...)
+ TODO: check
+CVE-2019-18989 (A partial authentication bypass vulnerability exists on Mediatek MT762 ...)
+ TODO: check
CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login a ...)
NOT-FOR-US: TeamViewer
CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for ...)
@@ -69508,8 +69526,8 @@ CVE-2019-17100 (An Untrusted Search Path vulnerability in bdserviceshost.exe as
NOT-FOR-US: Bitdefender Total Security
CVE-2019-17099 (An Untrusted Search Path vulnerability in EPSecurityService.exe as use ...)
NOT-FOR-US: Bitdefender Endpoint Security Tools
-CVE-2019-17098
- RESERVED
+CVE-2019-17098 (Use of hard-coded cryptographic key vulnerability in August Connect Wi ...)
+ TODO: check
CVE-2019-17097
RESERVED
CVE-2019-17096 (A OS Command Injection vulnerability in the bootstrap stage of Bitdefe ...)
@@ -140948,8 +140966,7 @@ CVE-2018-11767 (In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6,
- hadoop <itp> (bug #793644)
CVE-2018-11766 (In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is ...)
- hadoop <itp> (bug #793644)
-CVE-2018-11765
- RESERVED
+CVE-2018-11765 (In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 ...)
- hadoop <itp> (bug #793644)
CVE-2018-11764
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/025aef32b3b7f47d266e64483f5c28690221c9a6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/025aef32b3b7f47d266e64483f5c28690221c9a6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200930/50051a36/attachment.html>
More information about the debian-security-tracker-commits
mailing list