[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 20 Oct 2020 13:11:28 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
66120648 by security tracker role at 2020-10-20T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2020-27355
+       RESERVED
+CVE-2020-27354
+       RESERVED
+CVE-2020-27353
+       RESERVED
+CVE-2020-27352
+       RESERVED
+CVE-2020-27351
+       RESERVED
+CVE-2020-27350
+       RESERVED
+CVE-2020-27349
+       RESERVED
+CVE-2020-27348
+       RESERVED
+CVE-2020-27347
+       RESERVED
+CVE-2020-27346
+       RESERVED
+CVE-2020-27345
+       RESERVED
 CVE-2020-27344
        RESERVED
 CVE-2020-27343
@@ -22903,15 +22925,15 @@ CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox 
Exporter through 0.17.0 allow
        NOTE: that the refererred behaviour is intended functionality.
 CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and 
prior. Th ...)
        NOT-FOR-US: Philips
-CVE-2020-16246
-       RESERVED
+CVE-2020-16246 (The affected Reason S20 Ethernet Switch is vulnerable to 
cross-site sc ...)
+       TODO: check
 CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product 
is vulne ...)
        NOT-FOR-US: Advantech
 CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not 
used for h ...)
        NOT-FOR-US: GE Digital APM Classic
 CVE-2020-16243
        RESERVED
-CVE-2020-16242 (The affected product is vulnerable to cross-site scripting 
(XSS), whic ...)
+CVE-2020-16242 (The affected Reason S20 Ethernet Switch is vulnerable to 
cross-site sc ...)
        NOT-FOR-US: General Electric
 CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does 
not restr ...)
        NOT-FOR-US: Philips SureSigns
@@ -25620,6 +25642,7 @@ CVE-2020-15181 (The Alfresco Reset Password add-on 
before version 1.2.0 relies o
        NOT-FOR-US: Alfresco Reset Password add-on
 CVE-2020-15180
        RESERVED
+       {DSA-4776-1}
        - mariadb-10.5 1:10.5.6-1
        - mariadb-10.3 <unfixed>
        - mariadb-10.1 <removed>
@@ -46329,12 +46352,12 @@ CVE-2020-7751
        RESERVED
 CVE-2020-7750
        RESERVED
-CVE-2020-7749
-       RESERVED
-CVE-2020-7748
-       RESERVED
-CVE-2020-7747
-       RESERVED
+CVE-2020-7749 (This affects all versions of package osm-static-maps. User 
input given ...)
+       TODO: check
+CVE-2020-7748 (This affects the package @tsed/core before 5.65.7. This 
vulnerability  ...)
+       TODO: check
+CVE-2020-7747 (This affects all versions of package lightning-server. It is 
possible  ...)
+       TODO: check
 CVE-2020-7746
        RESERVED
 CVE-2020-7745 (This affects the package MintegralAdSDK before 6.6.0.0. The SDK 
distri ...)
@@ -47166,12 +47189,12 @@ CVE-2020-7373
        RESERVED
 CVE-2020-7372
        RESERVED
-CVE-2020-7371
-       RESERVED
-CVE-2020-7370
-       RESERVED
-CVE-2020-7369
-       RESERVED
+CVE-2020-7371 (User Interface (UI) Misrepresentation of Critical Information 
vulnerab ...)
+       TODO: check
+CVE-2020-7370 (User Interface (UI) Misrepresentation of Critical Information 
vulnerab ...)
+       TODO: check
+CVE-2020-7369 (User Interface (UI) Misrepresentation of Critical Information 
vulnerab ...)
+       TODO: check
 CVE-2020-7368
        RESERVED
 CVE-2020-7367
@@ -47180,10 +47203,10 @@ CVE-2020-7366
        RESERVED
 CVE-2020-7365
        RESERVED
-CVE-2020-7364
-       RESERVED
-CVE-2020-7363
-       RESERVED
+CVE-2020-7364 (User Interface (UI) Misrepresentation of Critical Information 
vulnerab ...)
+       TODO: check
+CVE-2020-7363 (User Interface (UI) Misrepresentation of Critical Information 
vulnerab ...)
+       TODO: check
 CVE-2020-7362
        RESERVED
 CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command 
injecti ...)
@@ -49969,24 +49992,24 @@ CVE-2020-6372 (SAP 3D Visual Enterprise Viewer, 
version - 9, allows a user to op
        NOT-FOR-US: SAP
 CVE-2020-6371 (User enumeration vulnerability can be exploited to get a list 
of user  ...)
        NOT-FOR-US: SAP
-CVE-2020-6370
-       RESERVED
-CVE-2020-6369
-       RESERVED
+CVE-2020-6370 (SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 
7.30, 7.3 ...)
+       TODO: check
+CVE-2020-6369 (SAP Solution Manager and SAP Focused Run (update provided in 
WILY_INTR ...)
+       TODO: check
 CVE-2020-6368 (SAP Business Planning and Consolidation, versions - 750, 751, 
752, 753 ...)
        NOT-FOR-US: SAP
-CVE-2020-6367
-       RESERVED
-CVE-2020-6366
-       RESERVED
+CVE-2020-6367 (There is a reflected cross site scripting vulnerability in SAP 
NetWeav ...)
+       TODO: check
+CVE-2020-6366 (SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 
7.50, doe ...)
+       TODO: check
 CVE-2020-6365 (SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 
7.40,  ...)
        NOT-FOR-US: SAP
 CVE-2020-6364 (SAP Solution Manager and SAP Focused Run (update provided in 
WILY_INTR ...)
        NOT-FOR-US: SAP
 CVE-2020-6363 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes 
several ...)
        NOT-FOR-US: SAP
-CVE-2020-6362
-       RESERVED
+CVE-2020-6362 (SAP Banking Services version 500, use an incorrect 
authorization objec ...)
+       TODO: check
 CVE-2020-6361 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
        NOT-FOR-US: SAP
 CVE-2020-6360 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
@@ -50079,8 +50102,8 @@ CVE-2020-6317
        RESERVED
 CVE-2020-6316
        RESERVED
-CVE-2020-6315
-       RESERVED
+CVE-2020-6315 (SAP 3D Visual Enterprise Viewer, version 9, allows an attacker 
to send ...)
+       TODO: check
 CVE-2020-6314 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to 
open ma ...)
        NOT-FOR-US: SAP
 CVE-2020-6313 (SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 
7.31,  ...)
@@ -50093,8 +50116,8 @@ CVE-2020-6310 (Improper access control in SOA 
Configuration Trace component in S
        NOT-FOR-US: SAP
 CVE-2020-6309 (SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 
7.11, 7. ...)
        NOT-FOR-US: SAP
-CVE-2020-6308
-       RESERVED
+CVE-2020-6308 (SAP BusinessObjects Business Intelligence Platform (Web 
Services) vers ...)
+       TODO: check
 CVE-2020-6307 (Automated Note Search Tool (update provided in SAP Basis 7.0, 
7.01, 7. ...)
        NOT-FOR-US: SAP
 CVE-2020-6306 (Missing authorization check in a transaction within SAP Leasing 
(updat ...)
@@ -51549,8 +51572,8 @@ CVE-2020-5642 (Cross-site request forgery (CSRF) 
vulnerability in Live Chat - Li
        NOT-FOR-US: Live Chat
 CVE-2020-5641
        RESERVED
-CVE-2020-5640
-       RESERVED
+CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and 
earlier  ...)
+       TODO: check
 CVE-2020-5639
        RESERVED
 CVE-2020-5638
@@ -54011,10 +54034,10 @@ CVE-2020-4758
        RESERVED
 CVE-2020-4757
        RESERVED
-CVE-2020-4756
-       RESERVED
-CVE-2020-4755
-       RESERVED
+CVE-2020-4756 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 
through V5. ...)
+       TODO: check
+CVE-2020-4755 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to 
cross-site s ...)
+       TODO: check
 CVE-2020-4754
        RESERVED
 CVE-2020-4753
@@ -54025,10 +54048,10 @@ CVE-2020-4751
        RESERVED
 CVE-2020-4750
        RESERVED
-CVE-2020-4749
-       RESERVED
-CVE-2020-4748
-       RESERVED
+CVE-2020-4749 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the 
secure attri ...)
+       TODO: check
+CVE-2020-4748 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to 
cross-site s ...)
+       TODO: check
 CVE-2020-4747
        RESERVED
 CVE-2020-4746
@@ -54395,8 +54418,8 @@ CVE-2020-4566
        RESERVED
 CVE-2020-4565 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an 
attacke ...)
        NOT-FOR-US: IBM
-CVE-2020-4564
-       RESERVED
+CVE-2020-4564 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 
6.0.3.1 a ...)
+       TODO: check
 CVE-2020-4563
        RESERVED
 CVE-2020-4562
@@ -54541,8 +54564,8 @@ CVE-2020-4493 (IBM Maximo Asset Management 7.6.0 and 
7.6.1 could allow an attack
        NOT-FOR-US: IBM
 CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 
through V4.2 ...)
        NOT-FOR-US: IBM
-CVE-2020-4491
-       RESERVED
+CVE-2020-4491 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 
through V5. ...)
+       TODO: check
 CVE-2020-4490 (IBM Business Automation Workflow 18 and 19, and IBM Business 
Process M ...)
        NOT-FOR-US: IBM
 CVE-2020-4489
@@ -55562,14 +55585,14 @@ CVE-2020-3997
        RESERVED
 CVE-2020-3996
        RESERVED
-CVE-2020-3995
-       RESERVED
-CVE-2020-3994
-       RESERVED
-CVE-2020-3993
-       RESERVED
-CVE-2020-3992
-       RESERVED
+CVE-2020-3995 (In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before 
ESXi650-20 ...)
+       TODO: check
+CVE-2020-3994 (VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) 
contains a ...)
+       TODO: check
+CVE-2020-3993 (VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) 
contains a sec ...)
+       TODO: check
+CVE-2020-3992 (OpenSLP as used in VMware ESXi (7.0 before 
ESXi_7.0.1-0.0.16850804, 6. ...)
+       TODO: check
 CVE-2020-3991 (VMware Horizon Client for Windows (5.x before 5.5.0) contains a 
denial ...)
        NOT-FOR-US: VMware
 CVE-2020-3990 (VMware Workstation (15.x) and Horizon Client for Windows (5.x 
before 5 ...)
@@ -55588,10 +55611,10 @@ CVE-2020-3984
        RESERVED
 CVE-2020-3983
        RESERVED
-CVE-2020-3982
-       RESERVED
-CVE-2020-3981
-       RESERVED
+CVE-2020-3982 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before 
ESXi670-20 ...)
+       TODO: check
+CVE-2020-3981 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before 
ESXi670-20 ...)
+       TODO: check
 CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation 
vulnerability due ...)
        NOT-FOR-US: VMware
 CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) 
installers lo ...)
@@ -98218,8 +98241,8 @@ CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open 
Source BMS v1.1.1 and othe
        NOT-FOR-US: ThinkPHP
 CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a 
deserializat ...)
        NOT-FOR-US: Laravel Framework
-CVE-2019-9080
-       RESERVED
+CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password 
storage. ...)
+       TODO: check
 CVE-2019-9079
        RESERVED
 CVE-2019-9078 (zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify 
parameter b ...)
@@ -109483,8 +109506,8 @@ CVE-2019-4682
        RESERVED
 CVE-2019-4681 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is 
vulnerable to cr ...)
        NOT-FOR-US: IBM
-CVE-2019-4680
-       RESERVED
+CVE-2019-4680 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 
6.0.2.2 i ...)
+       TODO: check
 CVE-2019-4679 (IBM Content Navigator 3.0CD could allow an authenticated user 
to gain  ...)
        NOT-FOR-US: IBM
 CVE-2019-4678



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66120648b06193e9669d6fd5b847c2380ce81bcb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66120648b06193e9669d6fd5b847c2380ce81bcb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to