[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 30 Sep 2020 13:10:41 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
025aef32 by security tracker role at 2020-09-30T20:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-26167
+       RESERVED
+CVE-2020-26166
+       RESERVED
+CVE-2020-26165
+       RESERVED
+CVE-2020-26164
+       RESERVED
+CVE-2020-26163 (BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host 
and Ori ...)
+       TODO: check
+CVE-2020-26162
+       RESERVED
+CVE-2020-26161
+       RESERVED
+CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass 
intended acces ...)
+       TODO: check
+CVE-2020-26159 (In Oniguruma 6.9.5_rev1, an attacker able to supply a regular 
expressi ...)
+       TODO: check
+CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of 
Service (R ...)
+       TODO: check
+CVE-2019-20921 (bootstrap-select before 1.13.6 allows Cross-Site Scripting 
(XSS). It d ...)
+       TODO: check
+CVE-2019-20920 (Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to 
Arbitrar ...)
+       TODO: check
 CVE-2020-26158 (Leanote Desktop through 2.6.2 allows XSS because a note's 
title is mis ...)
        TODO: check
 CVE-2020-26157 (Leanote Desktop through 2.6.2 allows XSS because a note's 
title is mis ...)
@@ -14,8 +38,8 @@ CVE-2020-26151
        RESERVED
 CVE-2020-26150 (info.php in Logaritmo Aware CallManager 2012 allows remote 
attackers t ...)
        TODO: check
-CVE-2020-26149
-       RESERVED
+CVE-2020-26149 (NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and 
nats.deno ...)
+       TODO: check
 CVE-2020-26154 (url.cpp in libproxy through 0.4.15 is prone to a buffer 
overflow when  ...)
        - libproxy <unfixed> (bug #968366)
        NOTE: https://github.com/libproxy/libproxy/pull/126
@@ -3169,8 +3193,8 @@ CVE-2020-24723
        RESERVED
 CVE-2020-24722
        RESERVED
-CVE-2020-24721
-       RESERVED
+CVE-2020-24721 (An issue was discovered in the GAEN (aka Google Apple 
Encounter Notifi ...)
+       TODO: check
 CVE-2020-24720
        RESERVED
 CVE-2020-24719
@@ -7765,8 +7789,8 @@ CVE-2020-22483
        RESERVED
 CVE-2020-22482
        RESERVED
-CVE-2020-22481
-       RESERVED
+CVE-2020-22481 (An issue was discovered in HFish 0.5.1. When a payload is 
inserted whe ...)
+       TODO: check
 CVE-2020-22480
        RESERVED
 CVE-2020-22479
@@ -9599,8 +9623,8 @@ CVE-2020-21566
        RESERVED
 CVE-2020-21565
        RESERVED
-CVE-2020-21564
-       RESERVED
+CVE-2020-21564 (An issue was discovered in Pluck CMS v4.7.11. There is a file 
upload v ...)
+       TODO: check
 CVE-2020-21563
        RESERVED
 CVE-2020-21562
@@ -9673,18 +9697,18 @@ CVE-2020-21529
        RESERVED
 CVE-2020-21528
        RESERVED
-CVE-2020-21527
-       RESERVED
-CVE-2020-21526
-       RESERVED
-CVE-2020-21525
-       RESERVED
-CVE-2020-21524
-       RESERVED
-CVE-2020-21523
-       RESERVED
-CVE-2020-21522
-       RESERVED
+CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo 
v1.1.3. A ba ...)
+       TODO: check
+CVE-2020-21526 (An Arbitrary file writing vulnerability in halo v1.1.3. In an 
interfac ...)
+       TODO: check
+CVE-2020-21525 (Halo V1.1.3 is affected by: Arbitrary File reading. In an 
interface th ...)
+       TODO: check
+CVE-2020-21524 (There is a XML external entity (XXE) vulnerability in halo 
v1.1.3, The ...)
+       TODO: check
+CVE-2020-21523 (A Server-Side Freemarker template injection vulnerability in 
halo CMS  ...)
+       TODO: check
+CVE-2020-21522 (An issue was discovered in halo V1.1.3. A Zip Slip Directory 
Traversal ...)
+       TODO: check
 CVE-2020-21521
        RESERVED
 CVE-2020-21520
@@ -10239,8 +10263,8 @@ CVE-2020-21246
        RESERVED
 CVE-2020-21245
        RESERVED
-CVE-2020-21244
-       RESERVED
+CVE-2020-21244 (An issue was discovered in FrontAccounting 2.4.7. There is a 
Directory ...)
+       TODO: check
 CVE-2020-21243
        RESERVED
 CVE-2020-21242
@@ -13375,20 +13399,20 @@ CVE-2020-19678
        RESERVED
 CVE-2020-19677
        RESERVED
-CVE-2020-19676
-       RESERVED
+CVE-2020-19676 (Nacos 1.1.4 is affected by: Incorrect Access Control. An 
environment c ...)
+       TODO: check
 CVE-2020-19675
        RESERVED
 CVE-2020-19674
        RESERVED
 CVE-2020-19673
        RESERVED
-CVE-2020-19672
-       RESERVED
+CVE-2020-19672 (Niushop B2B2C Multi-business basic version V1.11, can bypass 
the admin ...)
+       TODO: check
 CVE-2020-19671
        RESERVED
-CVE-2020-19670
-       RESERVED
+CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, 
authentication ca ...)
+       TODO: check
 CVE-2020-19669
        RESERVED
 CVE-2020-19668
@@ -21286,8 +21310,8 @@ CVE-2020-15851 (Lack of access control in Nakivo Backup 
&amp; Replication Transp
        NOT-FOR-US: Nakivo Backup
 CVE-2020-15850 (Insecure permissions in Nakivo Backup &amp; Replication 
Director versi ...)
        NOT-FOR-US: Nakivo Backup
-CVE-2020-15849
-       RESERVED
+CVE-2020-15849 (Re:Desk 2.3 has a blind authenticated SQL injection 
vulnerability in t ...)
+       TODO: check
 CVE-2020-15848
        RESERVED
 CVE-2020-15847
@@ -21582,8 +21606,8 @@ CVE-2020-15733
        RESERVED
 CVE-2020-15732
        RESERVED
-CVE-2020-15731
-       RESERVED
+CVE-2020-15731 (An improper Input Validation vulnerability in the code 
handling file r ...)
+       TODO: check
 CVE-2020-15730
        RESERVED
 CVE-2020-15729
@@ -22320,10 +22344,10 @@ CVE-2020-15490 (An issue was discovered on Wavlink 
WL-WN530HG4 M30HG4.V5030.1911
        NOT-FOR-US: Wavlink WL-WN530HG4
 CVE-2020-15489 (An issue was discovered on Wavlink WL-WN530HG4 
M30HG4.V5030.191116 dev ...)
        NOT-FOR-US: Wavlink WL-WN530HG4
-CVE-2020-15488
-       RESERVED
-CVE-2020-15487
-       RESERVED
+CVE-2020-15488 (Re:Desk 2.3 allows insecure file upload. ...)
+       TODO: check
+CVE-2020-15487 (Re:Desk 2.3 contains a blind unauthenticated SQL injection 
vulnerabili ...)
+       TODO: check
 CVE-2020-15486 (An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. 
Because t ...)
        NOT-FOR-US: Dr Trust ECG Pen 2.00.08 devices
 CVE-2020-15485 (An issue was discovered on Nescomed Multipara Monitor M1000 
devices. T ...)
@@ -25127,7 +25151,7 @@ CVE-2020-14391
        RESERVED
        - gnome-settings-daemon <not-affected> (Red Hat-specific plugin)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093
-CVE-2020-14390 (A flaw was found in the Linux kernel in versions from 2.2.3 
through 5. ...)
+CVE-2020-14390 (A flaw was found in the Linux kernel in versions before 
5.9-rc6. When  ...)
        {DLA-2385-1}
        - linux 5.8.10-1
        [buster] - linux 4.19.146-1
@@ -25182,23 +25206,19 @@ CVE-2020-14380
        NOT-FOR-US: Red Hat Satellite
 CVE-2020-14379
        RESERVED
-CVE-2020-14378
-       RESERVED
+CVE-2020-14378 (An integer underflow in dpdk versions before 18.11.10 and 
before 19.11 ...)
        - dpdk 19.11.5-1 (bug #971269)
        [buster] - dpdk <no-dsa> (Minor issue)
        NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
-CVE-2020-14377
-       RESERVED
+CVE-2020-14377 (A flaw was found in dpdk in versions before 18.11.10 and 
before 19.11. ...)
        - dpdk 19.11.5-1 (bug #971269)
        [buster] - dpdk <no-dsa> (Minor issue)
        NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
-CVE-2020-14376
-       RESERVED
+CVE-2020-14376 (A flaw was found in dpdk in versions before 18.11.10 and 
before 19.11. ...)
        - dpdk 19.11.5-1 (bug #971269)
        [buster] - dpdk <no-dsa> (Minor issue)
        NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
-CVE-2020-14375
-       RESERVED
+CVE-2020-14375 (A flaw was found in dpdk in versions before 18.11.10 and 
before 19.11. ...)
        - dpdk 19.11.5-1 (bug #971269)
        [buster] - dpdk <no-dsa> (Minor issue)
        NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
@@ -26403,14 +26423,12 @@ CVE-2020-13955
        RESERVED
 CVE-2020-13954
        RESERVED
-CVE-2020-13953
-       RESERVED
+CVE-2020-13953 (In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific 
URLs, an att ...)
        NOT-FOR-US: Apache Tapestry
 CVE-2020-13952
        RESERVED
        NOT-FOR-US: Apache Superset
-CVE-2020-13951
-       RESERVED
+CVE-2020-13951 (Attackers can use public NetTest web service of Apache 
OpenMeetings 4. ...)
        NOT-FOR-US: Apache OpenMeetings
 CVE-2020-13950
        RESERVED
@@ -30073,10 +30091,10 @@ CVE-2020-12508
        RESERVED
 CVE-2020-12507
        RESERVED
-CVE-2020-12506
-       RESERVED
-CVE-2020-12505
-       RESERVED
+CVE-2020-12506 (Improper Authentication vulnerability in WAGO 750-8XX series 
with FW v ...)
+       TODO: check
+CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series 
with FW v ...)
+       TODO: check
 CVE-2020-12504
        RESERVED
 CVE-2020-12503
@@ -51529,8 +51547,8 @@ CVE-2020-4631 (IBM Spectrum Protect Plus 10.1.0 through 
10.1.6 agent files, in n
        NOT-FOR-US: IBM
 CVE-2020-4630
        RESERVED
-CVE-2020-4629
-       RESERVED
+CVE-2020-4629 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could 
allow a  ...)
+       TODO: check
 CVE-2020-4628
        RESERVED
 CVE-2020-4627
@@ -61305,12 +61323,12 @@ CVE-2019-18993 (OpenWrt 18.06.4 allows XSS via the 
"New port forward" Name field
        NOT-FOR-US: OpenWrt
 CVE-2019-18992 (OpenWrt 18.06.4 allows XSS via these Name fields to the 
cgi-bin/luci/a ...)
        NOT-FOR-US: OpenWrt
-CVE-2019-18991
-       RESERVED
-CVE-2019-18990
-       RESERVED
-CVE-2019-18989
-       RESERVED
+CVE-2019-18991 (A partial authentication bypass vulnerability exists on 
Atheros AR9132 ...)
+       TODO: check
+CVE-2019-18990 (A partial authentication bypass vulnerability exists on 
Realtek RTL881 ...)
+       TODO: check
+CVE-2019-18989 (A partial authentication bypass vulnerability exists on 
Mediatek MT762 ...)
+       TODO: check
 CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of 
remote-login a ...)
        NOT-FOR-US: TeamViewer
 CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 
1.34 for  ...)
@@ -69508,8 +69526,8 @@ CVE-2019-17100 (An Untrusted Search Path vulnerability 
in bdserviceshost.exe as
        NOT-FOR-US: Bitdefender Total Security
 CVE-2019-17099 (An Untrusted Search Path vulnerability in 
EPSecurityService.exe as use ...)
        NOT-FOR-US: Bitdefender Endpoint Security Tools
-CVE-2019-17098
-       RESERVED
+CVE-2019-17098 (Use of hard-coded cryptographic key vulnerability in August 
Connect Wi ...)
+       TODO: check
 CVE-2019-17097
        RESERVED
 CVE-2019-17096 (A OS Command Injection vulnerability in the bootstrap stage of 
Bitdefe ...)
@@ -140948,8 +140966,7 @@ CVE-2018-11767 (In Apache Hadoop 2.9.0 to 2.9.1, 
2.8.3 to 2.8.4, 2.7.5 to 2.7.6,
        - hadoop <itp> (bug #793644)
 CVE-2018-11766 (In Apache Hadoop 2.7.4 to 2.7.6, the security fix for 
CVE-2016-6811 is ...)
        - hadoop <itp> (bug #793644)
-CVE-2018-11765
-       RESERVED
+CVE-2018-11765 (In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 
2.9.2, 2.8.0 ...)
        - hadoop <itp> (bug #793644)
 CVE-2018-11764
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/025aef32b3b7f47d266e64483f5c28690221c9a6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/025aef32b3b7f47d266e64483f5c28690221c9a6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to