[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 30 Sep 2020 01:10:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
298f59e2 by security tracker role at 2020-09-30T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,22 @@
-CVE-2020-26154 [buffer overflow when PAC is enabled]
+CVE-2020-26158 (Leanote Desktop through 2.6.2 allows XSS because a note's 
title is mis ...)
+       TODO: check
+CVE-2020-26157 (Leanote Desktop through 2.6.2 allows XSS because a note's 
title is mis ...)
+       TODO: check
+CVE-2020-26156
+       RESERVED
+CVE-2020-26155
+       RESERVED
+CVE-2020-26153
+       RESERVED
+CVE-2020-26152
+       RESERVED
+CVE-2020-26151
+       RESERVED
+CVE-2020-26150 (info.php in Logaritmo Aware CallManager 2012 allows remote 
attackers t ...)
+       TODO: check
+CVE-2020-26149
+       RESERVED
+CVE-2020-26154 (url.cpp in libproxy through 0.4.15 is prone to a buffer 
overflow when  ...)
        - libproxy <unfixed> (bug #968366)
        NOTE: https://github.com/libproxy/libproxy/pull/126
 CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers 
to trigge ...)
@@ -855,10 +873,10 @@ CVE-2020-25765
        RESERVED
 CVE-2020-25764
        RESERVED
-CVE-2020-25763
-       RESERVED
-CVE-2020-25762
-       RESERVED
+CVE-2020-25763 (Seat Reservation System version 1.0 suffers from an 
Unauthenticated Fi ...)
+       TODO: check
+CVE-2020-25762 (An issue was discovered in SourceCodester Seat Reservation 
System 1.0. ...)
+       TODO: check
 CVE-2020-25761 (Projectworlds Visitor Management System in PHP 1.0 allows XSS. 
The fil ...)
        NOT-FOR-US: Projectworlds Visitor Management System in PHP
 CVE-2020-25760 (Projectworlds Visitor Management System in PHP 1.0 allows SQL 
Injectio ...)
@@ -1628,7 +1646,7 @@ CVE-2020-25414
        RESERVED
 CVE-2020-25413
        RESERVED
-CVE-2020-25412 (gnuplot 5.4 is affected by a segmentation fault in com_line () 
at comm ...)
+CVE-2020-25412 (com_line() in command.c in gnuplot 5.4 leads to an 
out-of-bounds-write ...)
        - gnuplot <unfixed> (unimportant)
        NOTE: https://sourceforge.net/p/gnuplot/bugs/2303/
        NOTE: No security impact, gnuplot can execute arbitrary commands and 
need to
@@ -3494,10 +3512,10 @@ CVE-2020-24572 (An issue was discovered in 
includes/webconsole.php in RaspAP 2.5
        NOT-FOR-US: RaspAP
 CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via 
../ dir ...)
        NOT-FOR-US: NexusDB
-CVE-2020-24570
-       RESERVED
-CVE-2020-24569
-       RESERVED
+CVE-2020-24570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and 
mbCONNECT ...)
+       TODO: check
+CVE-2020-24569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and 
mbCONNECT ...)
+       TODO: check
 CVE-2020-24568
        RESERVED
 CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 
2020-08- ...)
@@ -7025,8 +7043,8 @@ CVE-2020-22844
        RESERVED
 CVE-2020-22843
        RESERVED
-CVE-2020-22842
-       RESERVED
+CVE-2020-22842 (CMS Made Simple before 2.2.15 allows XSS via the m1_mod 
parameter in a ...)
+       TODO: check
 CVE-2020-22841
        RESERVED
 CVE-2020-22840
@@ -26791,8 +26809,8 @@ CVE-2020-13796 (An issue was discovered in Navigate CMS 
through 2.8.7. It allows
        NOT-FOR-US: Navigate CMS
 CVE-2020-13795 (An issue was discovered in Navigate CMS through 2.8.7. It 
allows Direc ...)
        NOT-FOR-US: Navigate CMS
-CVE-2020-13794
-       RESERVED
+CVE-2020-13794 (Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive 
Information ...)
+       TODO: check
 CVE-2020-13793 (Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due 
to a st ...)
        NOT-FOR-US: Ivanti
 CVE-2020-13792 (PlayTube 1.8 allows disclosure of user details via 
ajax.php?type=../ad ...)
@@ -27560,7 +27578,8 @@ CVE-2020-13523 (An exploitable information disclosure 
vulnerability exists in So
        NOT-FOR-US: SoftPerfect
 CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in 
SoftPerfe ...)
        NOT-FOR-US: SoftPerfect
-CVE-2020-13521 (Parameter psAttribute in ednareporting.asmx is vulnerable to 
unauthent ...)
+CVE-2020-13521
+       REJECTED
        NOT-FOR-US: ednareporting.asmx
 CVE-2020-13520
        RESERVED
@@ -27586,19 +27605,23 @@ CVE-2020-13510
        RESERVED
 CVE-2020-13509
        RESERVED
-CVE-2020-13508 (An SQL injection vulnerability exists in the Alias.asmx Web 
Service fu ...)
+CVE-2020-13508
+       REJECTED
        NOT-FOR-US: Alias.asmx
-CVE-2020-13507 (An SQL injection vulnerability exists in the Alias.asmx Web 
Service fu ...)
+CVE-2020-13507
+       REJECTED
        NOT-FOR-US: Alias.asmx
 CVE-2020-13506
-       RESERVED
+       REJECTED
 CVE-2020-13505 (Parameter psClass in ednareporting.asmx is vulnerable to 
unauthenticat ...)
        NOT-FOR-US: ednareporting.asmx
 CVE-2020-13504 (Parameter AttFilterValue in ednareporting.asmx is vulnerable 
to unauth ...)
        NOT-FOR-US: ednareporting.asmx
-CVE-2020-13503 (Parameter AttFilterName in ednareporting.asmx is vulnerable to 
unauthe ...)
+CVE-2020-13503
+       REJECTED
        NOT-FOR-US: ednareporting.asmx
-CVE-2020-13502 (An exploitable SQL injection vulnerability exists in the 
DNAPoints.asm ...)
+CVE-2020-13502
+       REJECTED
        NOT-FOR-US: DNAPoints.asmx
 CVE-2020-13501 (An SQL injection vulnerability exists in the CHaD.asmx web 
service fun ...)
        NOT-FOR-US: CHaD.asmx
@@ -47679,7 +47702,8 @@ CVE-2020-6155
        RESERVED
 CVE-2020-6154
        RESERVED
-CVE-2020-6153 (An exploitable SQL injection vulnerability exists in the 
FavoritesServ ...)
+CVE-2020-6153
+       REJECTED
        NOT-FOR-US: eDNA Enterprise Data Historian
 CVE-2020-6152 (A code execution vulnerability exists in the DICOM 
parse_dicom_meta_in ...)
        NOT-FOR-US: Accusoft
@@ -50345,8 +50369,8 @@ CVE-2020-5134
        RESERVED
 CVE-2020-5133
        RESERVED
-CVE-2020-5132
-       RESERVED
+CVE-2020-5132 (SonicWall SSL-VPN products and SonicWall firewall SSL-VPN 
feature misc ...)
+       TODO: check
 CVE-2020-5131 (SonicWall NetExtender Windows client vulnerable to arbitrary 
file writ ...)
        NOT-FOR-US: SonicWall NetExtender Windows client
 CVE-2020-5130 (SonicOS SSLVPN LDAP login request allows remote attackers to 
cause ext ...)
@@ -159371,10 +159395,10 @@ CVE-2018-5356
        RESERVED
 CVE-2018-5355
        RESERVED
-CVE-2018-5354
-       RESERVED
-CVE-2018-5353
-       RESERVED
+CVE-2018-5354 (The custom GINA/CP module in ANIXIS Password Reset Client 
before versi ...)
+       TODO: check
+CVE-2018-5353 (The custom GINA/CP module in Zoho ManageEngine ADSelfService 
Plus befo ...)
+       TODO: check
 CVE-2018-5352
        RESERVED
 CVE-2018-5351



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/298f59e215ebcc1e8be12b08122674914edc59ca

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/298f59e215ebcc1e8be12b08122674914edc59ca
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to