[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 22 Sep 2020 13:10:53 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7ec2ab11 by security tracker role at 2020-09-22T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -626,10 +626,10 @@ CVE-2020-25517
        RESERVED
 CVE-2020-25516
        RESERVED
-CVE-2020-25515
-       RESERVED
-CVE-2020-25514
-       RESERVED
+CVE-2020-25515 (Sourcecodester Simple Library Management System 1.0 is 
affected by Ins ...)
+       TODO: check
+CVE-2020-25514 (Sourcecodester Simple Library Management System 1.0 is 
affected by Inc ...)
+       TODO: check
 CVE-2020-25513
        RESERVED
 CVE-2020-25512
@@ -682,8 +682,8 @@ CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka 
Python Mini Racer) be
        NOT-FOR-US: Sqreen
 CVE-2020-25488
        RESERVED
-CVE-2020-25487
-       RESERVED
+CVE-2020-25487 (PHPGURUKUL Zoo Management System Using PHP and MySQL version 
1.0 is af ...)
+       TODO: check
 CVE-2020-25486
        RESERVED
 CVE-2020-25485
@@ -2572,8 +2572,8 @@ CVE-2020-24621
        RESERVED
 CVE-2020-24620
        RESERVED
-CVE-2020-24619
-       RESERVED
+CVE-2020-24619 (In mainwindow.cpp in Shotcut before 20.09.13, the upgrade 
check misuse ...)
+       TODO: check
 CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 
2020.2.11008, 2020. ...)
        NOT-FOR-US: JetBrains
 CVE-2020-24617
@@ -3210,8 +3210,8 @@ CVE-2020-24335
        RESERVED
 CVE-2020-24334
        RESERVED
-CVE-2020-24333
-       RESERVED
+CVE-2020-24333 (A vulnerability in Arista&#8217;s CloudVision Portal (CVP) 
prior to 20 ...)
+       TODO: check
 CVE-2020-24332 (An issue was discovered in TrouSerS through 0.3.14. If the 
tcsd daemon ...)
        - trousers <unfixed> (unimportant)
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
@@ -5006,8 +5006,8 @@ CVE-2020-23448
        RESERVED
 CVE-2020-23447
        RESERVED
-CVE-2020-23446
-       RESERVED
+CVE-2020-23446 (Verint Workforce Optimization suite 15.1 (15.1.0.37634) has 
Unauthenti ...)
+       TODO: check
 CVE-2020-23445
        RESERVED
 CVE-2020-23444
@@ -19639,8 +19639,8 @@ CVE-2020-16204 (The affected product is vulnerable due 
to an undocumented interf
        NOT-FOR-US: N-Tron
 CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 
1.01.23 and ...)
        NOT-FOR-US: Delta Industrial Automation
-CVE-2020-16202
-       RESERVED
+CVE-2020-16202 (WebAccess Node (All versions prior to 9.0.1) has incorrect 
permissions ...)
+       TODO: check
 CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 
1.01.23 and ...)
        NOT-FOR-US: Delta Industrial Automation
 CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and 
prior. Th ...)
@@ -20468,8 +20468,8 @@ CVE-2020-15841 (Liferay Portal before 7.3.0, and 
Liferay DXP 7.0 before fix pack
        NOT-FOR-US: Liferay
 CVE-2020-15840
        RESERVED
-CVE-2020-15839
-       RESERVED
+CVE-2020-15839 (Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix 
pack 18 an ...)
+       TODO: check
 CVE-2020-15838
        RESERVED
 CVE-2020-15837
@@ -25328,26 +25328,26 @@ CVE-2020-14033 (An issue was discovered in 
janus-gateway (aka Janus WebRTC Serve
        NOTE: 
https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80
 CVE-2020-14032
        RESERVED
-CVE-2020-14031
-       RESERVED
+CVE-2020-14031 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. The ou ...)
+       TODO: check
 CVE-2020-14030
        RESERVED
 CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. The RS ...)
        NOT-FOR-US: Ozeki NG SMS Gateway
-CVE-2020-14028
-       RESERVED
-CVE-2020-14027
-       RESERVED
-CVE-2020-14026
-       RESERVED
-CVE-2020-14025
-       RESERVED
-CVE-2020-14024
-       RESERVED
-CVE-2020-14023
-       RESERVED
-CVE-2020-14022
-       RESERVED
+CVE-2020-14028 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. By lev ...)
+       TODO: check
+CVE-2020-14027 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. The da ...)
+       TODO: check
+CVE-2020-14026 (CSV Injection (aka Excel Macro Injection or Formula Injection) 
exists  ...)
+       TODO: check
+CVE-2020-14025 (Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF 
vulnerabilities. ...)
+       TODO: check
+CVE-2020-14024 (Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated 
stored  ...)
+       TODO: check
+CVE-2020-14023 (Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or 
RSS To  ...)
+       TODO: check
+CVE-2020-14022 (Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the 
file typ ...)
+       TODO: check
 CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. The AS ...)
        NOT-FOR-US: Ozeki NG SMS Gateway
 CVE-2020-14020
@@ -31546,12 +31546,12 @@ CVE-2020-11859
        RESERVED
 CVE-2020-11858
        RESERVED
-CVE-2020-11857
-       RESERVED
-CVE-2020-11856
-       RESERVED
-CVE-2020-11855
-       RESERVED
+CVE-2020-11857 (An Authorization Bypass vulnerability on Micro Focus Operation 
Bridge  ...)
+       TODO: check
+CVE-2020-11856 (Arbitrary code execution vulnerability on Micro Focus 
Operation Bridge ...)
+       TODO: check
+CVE-2020-11855 (An Authorization Bypass vulnerability on Micro Focus Operation 
Bridge  ...)
+       TODO: check
 CVE-2020-11854
        RESERVED
 CVE-2020-11853
@@ -39812,8 +39812,8 @@ CVE-2020-8889
        RESERVED
 CVE-2020-8888
        RESERVED
-CVE-2020-8887
-       RESERVED
+CVE-2020-8887 (Telestream Tektronix Medius before 10.7.5 and Sentry before 
10.7.5 hav ...)
+       TODO: check
 CVE-2020-8886
        RESERVED
 CVE-2020-8885
@@ -42736,8 +42736,8 @@ CVE-2020-7736
        RESERVED
 CVE-2020-7735
        RESERVED
-CVE-2020-7734
-       RESERVED
+CVE-2020-7734 (All versions of package cabot are vulnerable to Cross-site 
Scripting ( ...)
+       TODO: check
 CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to 
Regular Expre ...)
        - node-ua-parser-js <not-affected> (No affected version present in the 
archive, introduced after 0.7.14 and fixed in 0.7.22)
        NOTE: 
https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d
@@ -50631,30 +50631,30 @@ CVE-2020-4624
        RESERVED
 CVE-2020-4623
        RESERVED
-CVE-2020-4622
-       RESERVED
-CVE-2020-4621
-       RESERVED
-CVE-2020-4620
-       RESERVED
-CVE-2020-4619
-       RESERVED
-CVE-2020-4618
-       RESERVED
-CVE-2020-4617
-       RESERVED
-CVE-2020-4616
-       RESERVED
-CVE-2020-4615
-       RESERVED
-CVE-2020-4614
-       RESERVED
-CVE-2020-4613
-       RESERVED
-CVE-2020-4612
-       RESERVED
-CVE-2020-4611
-       RESERVED
+CVE-2020-4622 (IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded 
credentials, su ...)
+       TODO: check
+CVE-2020-4621 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated 
user t ...)
+       TODO: check
+CVE-2020-4620 (IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote 
authenticated  ...)
+       TODO: check
+CVE-2020-4619 (IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in 
plain in ...)
+       TODO: check
+CVE-2020-4618 (IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged 
user to ca ...)
+       TODO: check
+CVE-2020-4617 (IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site 
request ...)
+       TODO: check
+CVE-2020-4616 (IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive 
username i ...)
+       TODO: check
+CVE-2020-4615 (IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site 
scripti ...)
+       TODO: check
+CVE-2020-4614 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected 
cryptogra ...)
+       TODO: check
+CVE-2020-4613 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected 
cryptogra ...)
+       TODO: check
+CVE-2020-4612 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated 
user t ...)
+       TODO: check
+CVE-2020-4611 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated 
user t ...)
+       TODO: check
 CVE-2020-4610
        RESERVED
 CVE-2020-4609
@@ -51950,8 +51950,8 @@ CVE-2020-3979 (InstallBuilder for Qt Windows (versions 
prior to 20.7.0) installe
        NOT-FOR-US: InstallBuilder for Qt Windows installers
 CVE-2020-3978
        RESERVED
-CVE-2020-3977
-       RESERVED
+CVE-2020-3977 (VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) 
contains a bro ...)
+       TODO: check
 CVE-2020-3976 (VMware ESXi and vCenter Server contain a partial denial of 
service vul ...)
        NOT-FOR-US: VMware
 CVE-2020-3975 (VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 
prior  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ec2ab11e6a725e9388fe3afc8a60762f81be65a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ec2ab11e6a725e9388fe3afc8a60762f81be65a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to