Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c37451a by security tracker role at 2020-10-02T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2020-26527
+ RESERVED
+CVE-2020-26526
+ RESERVED
+CVE-2020-26525
+ RESERVED
+CVE-2020-26524 (CodeLathe FileCloud before 20.2.0.11915 allows username
enumeration. ...)
+ TODO: check
+CVE-2020-26523 (Froala Editor before 3.2.2 allows XSS via pasted content. ...)
+ TODO: check
+CVE-2020-26522
+ RESERVED
+CVE-2020-26521
+ RESERVED
+CVE-2020-26520
+ RESERVED
+CVE-2020-26519 (fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during
pixmap si ...)
+ TODO: check
+CVE-2020-26518 (Artica Pandora FMS before 743 allows unauthenticated attackers
to cond ...)
+ TODO: check
+CVE-2020-26517
+ RESERVED
+CVE-2020-26516
+ RESERVED
+CVE-2020-26515
+ RESERVED
+CVE-2020-26514
+ RESERVED
+CVE-2020-26513
+ RESERVED
+CVE-2020-26512
+ RESERVED
+CVE-2020-26511 (The wpo365-login plugin before v11.7 for WordPress allows use
of a sym ...)
+ TODO: check
CVE-2020-26510
RESERVED
CVE-2020-26509
@@ -961,7 +995,8 @@ CVE-2020-26055
RESERVED
CVE-2020-26054
RESERVED
-CVE-2020-26053 (Cybereason Endpoint Solutions Cybereason Endpoint Protection
Version 2 ...)
+CVE-2020-26053
+ REJECTED
NOT-FOR-US: Cybereason
CVE-2020-26052
RESERVED
@@ -26376,8 +26411,8 @@ CVE-2020-14225
RESERVED
CVE-2020-14224
RESERVED
-CVE-2020-14223
- RESERVED
+CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to
cross-site scri ...)
+ TODO: check
CVE-2020-14222
RESERVED
CVE-2020-14221
@@ -27148,8 +27183,8 @@ CVE-2020-13941 (Reported in SOLR-14515 (private) and
fixed in SOLR-14561 (public
NOTE: https://www.openwall.com/lists/oss-security/2020/08/15/1
NOTE: https://issues.apache.org/jira/browse/SOLR-14561
NOTE:
https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2
-CVE-2020-13940
- RESERVED
+CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service
manager and v ...)
+ TODO: check
CVE-2020-13939
RESERVED
CVE-2020-13938
@@ -32216,8 +32251,8 @@ CVE-2020-11981 (An issue was found in Apache Airflow
versions 1.10.10 and below.
- airflow <itp> (bug #819700)
CVE-2020-11980 (In Karaf, JMX authentication takes place using JAAS and
authorization ...)
- apache-karaf <itp> (bug #881297)
-CVE-2020-11979
- RESERVED
+CVE-2020-11979 (As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the
permissi ...)
+ TODO: check
CVE-2020-11978 (An issue was found in Apache Airflow versions 1.10.10 and
below. A rem ...)
- airflow <itp> (bug #819700)
CVE-2020-11977 (In Apache Syncope 2.1.X releases prior to 2.1.7, when the
Flowable ext ...)
@@ -39951,8 +39986,8 @@ CVE-2020-9493
RESERVED
CVE-2020-9492
RESERVED
-CVE-2020-9491
- RESERVED
+CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were
protected by ...)
+ TODO: check
CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially
crafted valu ...)
{DSA-4757-1}
- apache2 2.4.46-1
@@ -39976,10 +40011,10 @@ CVE-2020-9488 (Improper validation of certificate
with host mismatch in Apache L
NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819
NOTE:
https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b
(release-2.x)
NOTE:
https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb
(master)
-CVE-2020-9487
- RESERVED
-CVE-2020-9486
- RESERVED
+CVE-2020-9487 (In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token
(one-time pass ...)
+ TODO: check
+CVE-2020-9486 (In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution
engine p ...)
+ TODO: check
CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and
below. A sto ...)
- airflow <itp> (bug #819700)
CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4,
9.0.0.M1 to ...)
@@ -49236,18 +49271,18 @@ CVE-2020-5791
RESERVED
CVE-2020-5790
RESERVED
-CVE-2020-5789
- RESERVED
-CVE-2020-5788
- RESERVED
-CVE-2020-5787
- RESERVED
-CVE-2020-5786
- RESERVED
-CVE-2020-5785
- RESERVED
-CVE-2020-5784
- RESERVED
+CVE-2020-5789 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3
allows ...)
+ TODO: check
+CVE-2020-5788 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3
allows ...)
+ TODO: check
+CVE-2020-5787 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3
allows ...)
+ TODO: check
+CVE-2020-5786 (Cross-site request forgery in Teltonika firmware
TRB2_R_00.02.04.3 all ...)
+ TODO: check
+CVE-2020-5785 (Insufficient output sanitization in Teltonika firmware
TRB2_R_00.02.04 ...)
+ TODO: check
+CVE-2020-5784 (Server-Side Request Forgery in Teltonika firmware
TRB2_R_00.02.04.3 al ...)
+ TODO: check
CVE-2020-5783 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality
does n ...)
NOT-FOR-US: IgniteNet HeliOS GLinq
CVE-2020-5782 (In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and
sets the ...)
@@ -50126,8 +50161,8 @@ CVE-2020-5389
RESERVED
CVE-2020-5388
RESERVED
-CVE-2020-5387
- RESERVED
+CVE-2020-5387 (Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an
Improper Ex ...)
+ TODO: check
CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of
Resource ...)
NOT-FOR-US: EMC
CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint
Security Suit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c37451a20254123106169d82e3bc3c3caec30a1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c37451a20254123106169d82e3bc3c3caec30a1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
