Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3571cc22 by security tracker role at 2020-10-28T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS
in the WL ...)
+ TODO: check
+CVE-2020-27979
+ RESERVED
+CVE-2020-27978 (Shibboleth Identify Provider 3.x before 3.4.6 has a denial of
service ...)
+ TODO: check
+CVE-2020-27977
+ RESERVED
+CVE-2020-27976 (osCommerce Phoenix CE before 1.0.5.4 allows OS command
injection remot ...)
+ TODO: check
+CVE-2020-27975 (osCommerce Phoenix CE before 1.0.5.4 allows
admin/define_language.php ...)
+ TODO: check
+CVE-2020-27974 (NeoPost Mail Accounting Software Pro 5.0.6 allows
php/Commun/FUS_SCM_B ...)
+ TODO: check
+CVE-2020-27973
+ RESERVED
+CVE-2020-27972
+ RESERVED
+CVE-2020-27971
+ RESERVED
+CVE-2020-27970
+ RESERVED
+CVE-2020-27969
+ RESERVED
CVE-2020-27968
RESERVED
CVE-2020-27967
@@ -651,14 +675,14 @@ CVE-2020-27744
CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a
failure of RAN ...)
- libpam-tacplus <unfixed> (bug #973250)
NOTE: https://github.com/kravietz/pam_tacplus/pull/163
-CVE-2020-27742
- RESERVED
-CVE-2020-27741
- RESERVED
-CVE-2020-27740
- RESERVED
-CVE-2020-27739
- RESERVED
+CVE-2020-27742 (An Insecure Direct Object Reference vulnerability in Citadel
WebCit th ...)
+ TODO: check
+CVE-2020-27741 (Multiple cross-site scripting (XSS) vulnerabilities in Citadel
WebCit ...)
+ TODO: check
+CVE-2020-27740 (Citadel WebCit through 926 allows unauthenticated remote
attackers to ...)
+ TODO: check
+CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit
through 926 ...)
+ TODO: check
CVE-2020-27738
RESERVED
CVE-2020-27737
@@ -2709,7 +2733,7 @@ CVE-2020-26949
RESERVED
CVE-2020-26948 (Emby Server before 4.5.0 allows SSRF via the
Items/RemoteSearch/Image ...)
NOT-FOR-US: Emby Server
-CVE-2020-26947 (monero-wallet-gui in Monero GUI 0.17.0.1 includes the .
directory in a ...)
+CVE-2020-26947 (monero-wallet-gui in Monero GUI before 0.17.1.0 includes the .
directo ...)
NOT-FOR-US: monero-wallet-gui
CVE-2020-26946
RESERVED
@@ -4448,14 +4472,14 @@ CVE-2020-26135 (Live Helper Chat before 3.44v allows
reflected XSS via the setse
NOT-FOR-US: Live Helper Chat
CVE-2020-26134 (Live Helper Chat before 3.44v allows stored XSS in chat
messages with ...)
NOT-FOR-US: Live Helper Chat
-CVE-2020-26133
- RESERVED
-CVE-2020-26132
- RESERVED
-CVE-2020-26131
- RESERVED
-CVE-2020-26130
- RESERVED
+CVE-2020-26133 (An issue was discovered in Dual DHCP DNS Server 7.40. Due to
insuffici ...)
+ TODO: check
+CVE-2020-26132 (An issue was discovered in Home DNS Server 0.10. Due to
insufficient a ...)
+ TODO: check
+CVE-2020-26131 (Issues were discovered in Open DHCP Server (Regular) 1.75 and
Open DHC ...)
+ TODO: check
+CVE-2020-26130 (Issues were discovered in Open TFTP Server multithreaded 1.66
and Open ...)
+ TODO: check
CVE-2020-26129
RESERVED
CVE-2020-26128
@@ -4807,8 +4831,8 @@ CVE-2020-25968
RESERVED
CVE-2020-25967
RESERVED
-CVE-2020-25966
- RESERVED
+CVE-2020-25966 (Sectona Spectra before 3.4.0 has a vulnerable SOAP API
endpoint that l ...)
+ TODO: check
CVE-2020-25965
RESERVED
CVE-2020-25964
@@ -6559,8 +6583,8 @@ CVE-2020-25206
RESERVED
CVE-2020-25205
RESERVED
-CVE-2020-25204
- RESERVED
+CVE-2020-25204 (The God Kings application 0.60.1 for Android exposes a
broadcast recei ...)
+ TODO: check
CVE-2020-25203 (The Framer Preview application 12 for Android exposes
com.framer.viewe ...)
NOT-FOR-US: Framer Preview application
CVE-2020-25576 (An issue was discovered in the rand_core crate before 0.4.2
for Rust. ...)
@@ -7035,8 +7059,8 @@ CVE-2020-24992
RESERVED
CVE-2020-24991
RESERVED
-CVE-2020-24990
- RESERVED
+CVE-2020-24990 (An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By
utilizing ...)
+ TODO: check
CVE-2020-24989
RESERVED
CVE-2020-24988
@@ -8551,8 +8575,8 @@ CVE-2020-24305
RESERVED
CVE-2020-24304
RESERVED
-CVE-2020-24303
- RESERVED
+CVE-2020-24303 (Grafana before 7.1.0-beta 1 allows XSS via a query alias for
the Elast ...)
+ TODO: check
CVE-2020-24302
RESERVED
CVE-2020-24301 (Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can
use a spec ...)
@@ -12070,8 +12094,8 @@ CVE-2020-22554
RESERVED
CVE-2020-22553
RESERVED
-CVE-2020-22552
- RESERVED
+CVE-2020-22552 (The Snap7 server component in version 1.4.1, when an attacker
sends a ...)
+ TODO: check
CVE-2020-22551
RESERVED
CVE-2020-22550
@@ -24794,22 +24818,22 @@ CVE-2020-16265
RESERVED
CVE-2020-16264
RESERVED
-CVE-2020-16263
- RESERVED
-CVE-2020-16262
- RESERVED
-CVE-2020-16261
- RESERVED
-CVE-2020-16260
- RESERVED
-CVE-2020-16259
- RESERVED
-CVE-2020-16258
- RESERVED
-CVE-2020-16257
- RESERVED
-CVE-2020-16256
- RESERVED
+CVE-2020-16263 (Winston 1.5.4 devices have a CORS configuration that trusts
arbitrary ...)
+ TODO: check
+CVE-2020-16262 (Winston 1.5.4 devices have a local www-data user that is
overly permis ...)
+ TODO: check
+CVE-2020-16261 (Winston 1.5.4 devices allow a U-Boot interrupt, resulting in
local roo ...)
+ TODO: check
+CVE-2020-16260 (Winston 1.5.4 devices do not enforce authorization. This is
exploitabl ...)
+ TODO: check
+CVE-2020-16259 (Winston 1.5.4 devices have an SSH user account with access
from bastio ...)
+ TODO: check
+CVE-2020-16258 (Winston 1.5.4 devices make use of a Monit service (not managed
during ...)
+ TODO: check
+CVE-2020-16257 (Winston 1.5.4 devices are vulnerable to command injection via
the API. ...)
+ TODO: check
+CVE-2020-16256 (The API on Winston 1.5.4 devices is vulnerable to CSRF. ...)
+ TODO: check
CVE-2020-16255
RESERVED
CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading
Style Sheets ...)
@@ -27354,8 +27378,8 @@ CVE-2020-15280
RESERVED
CVE-2020-15279
RESERVED
-CVE-2020-15278
- RESERVED
+CVE-2020-15278 (Red Discord Bot before version 3.4.1 has an unauthorized
privilege esc ...)
+ TODO: check
CVE-2020-15277
RESERVED
CVE-2020-15276
@@ -46935,14 +46959,14 @@ CVE-2020-8264 [Possible XSS Vulnerability in Action
Pack in Development Mode]
[buster] - rails <not-affected> (Vulnerable code not present)
[stretch] - rails <not-affected> (Vulnerable code not present)
NOTE:
https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ
-CVE-2020-8263
- RESERVED
-CVE-2020-8262
- RESERVED
-CVE-2020-8261
- RESERVED
-CVE-2020-8260
- RESERVED
+CVE-2020-8263 (A vulnerability in the authenticated user web interface of
Pulse Conne ...)
+ TODO: check
+CVE-2020-8262 (A vulnerability in the Pulse Connect Secure / Pulse Policy
Secure belo ...)
+ TODO: check
+CVE-2020-8261 (A vulnerability in the Pulse Connect Secure / Pulse Policy
Secure < ...)
+ TODO: check
+CVE-2020-8260 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin
web inter ...)
+ TODO: check
CVE-2020-8259
RESERVED
CVE-2020-8258
@@ -46951,10 +46975,10 @@ CVE-2020-8257
RESERVED
CVE-2020-8256 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin
web int ...)
NOT-FOR-US: Pulse Connect Secure
-CVE-2020-8255
- RESERVED
-CVE-2020-8254
- RESERVED
+CVE-2020-8255 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin
web inter ...)
+ TODO: check
+CVE-2020-8254 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9
has Remo ...)
+ TODO: check
CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before
RP2, C ...)
NOT-FOR-US: Citrix
CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, <
12.18.4, an ...)
@@ -46972,12 +46996,12 @@ CVE-2020-8252 (The implementation of realpath in
libuv < 10.22.1, < 12.18.
CVE-2020-8251 (Node.js < 14.11.0 is vulnerable to HTTP denial of service
(DoS) att ...)
- nodejs <not-affected> (Only affects 14.x series)
NOTE:
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251
-CVE-2020-8250
- RESERVED
-CVE-2020-8249
- RESERVED
-CVE-2020-8248
- RESERVED
+CVE-2020-8250 (A vulnerability in the Pulse Secure Desktop Client (Linux) <
9.1R9 ...)
+ TODO: check
+CVE-2020-8249 (A vulnerability in the Pulse Secure Desktop Client (Linux) <
9.1R9 ...)
+ TODO: check
+CVE-2020-8248 (A vulnerability in the Pulse Secure Desktop Client (Linux) <
9.1R9 ...)
+ TODO: check
CVE-2020-8247 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix
ADC and N ...)
NOT-FOR-US: Citrix
CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix
ADC and N ...)
@@ -46994,12 +47018,12 @@ CVE-2020-8243 (A vulnerability in the Pulse Connect
Secure < 9.1R8.2 admin we
NOT-FOR-US: Pulse Connect Secure
CVE-2020-8242
RESERVED
-CVE-2020-8241
- RESERVED
-CVE-2020-8240
- RESERVED
-CVE-2020-8239
- RESERVED
+CVE-2020-8241 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9
could al ...)
+ TODO: check
+CVE-2020-8240 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9
allows a ...)
+ TODO: check
+CVE-2020-8239 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9
is vulne ...)
+ TODO: check
CVE-2020-8238 (A vulnerability in the authenticated user web interface of
Pulse Conne ...)
NOT-FOR-US: Pulse Connect Secure
CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may
lead to ...)
@@ -50487,8 +50511,7 @@ CVE-2020-6831 (A buffer overflow could occur when
parsing and validating SCTP ch
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831
CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to
be passe ...)
- firefox <not-affected> (Firefox on iOS)
-CVE-2020-6829 [Side channel attack on ECDSA signature generation]
- RESERVED
+CVE-2020-6829 (When performing EC scalar point multiplication, the wNAF point
multipl ...)
{DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
@@ -55077,10 +55100,10 @@ CVE-2020-5147
RESERVED
CVE-2020-5146
RESERVED
-CVE-2020-5145
- RESERVED
-CVE-2020-5144
- RESERVED
+CVE-2020-5145 (SonicWall Global VPN client version 4.10.4.0314 and earlier
have an in ...)
+ TODO: check
+CVE-2020-5144 (SonicWall Global VPN client version 4.10.4.0314 and earlier
allows unp ...)
+ TODO: check
CVE-2020-5143 (SonicOS SSLVPN login page allows a remote unauthenticated
attacker to ...)
NOT-FOR-US: SonicOS SSLVPN
CVE-2020-5142 (A stored cross-site scripting (XSS) vulnerability exists in the
SonicO ...)
@@ -55961,8 +55984,8 @@ CVE-2020-4784
RESERVED
CVE-2020-4783
RESERVED
-CVE-2020-4782
- RESERVED
+CVE-2020-4782 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could
allow a ...)
+ TODO: check
CVE-2020-4781 (An improper input validation before calling java readLine()
method may ...)
NOT-FOR-US: IBM
CVE-2020-4780 (OOTB build scripts does not set the secure attribute on session
cookie ...)
@@ -55991,8 +56014,8 @@ CVE-2020-4769
RESERVED
CVE-2020-4768
RESERVED
-CVE-2020-4767
- RESERVED
+CVE-2020-4767 (IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8,
6.0, and 6 ...)
+ TODO: check
CVE-2020-4766
RESERVED
CVE-2020-4765
@@ -119885,16 +119908,16 @@ CVE-2018-19955
RESERVED
CVE-2018-19954
RESERVED
-CVE-2018-19953
- RESERVED
+CVE-2018-19953 (If exploited, this cross-site scripting vulnerability could
allow remo ...)
+ TODO: check
CVE-2018-19952
RESERVED
CVE-2018-19951
RESERVED
CVE-2018-19950
RESERVED
-CVE-2018-19949
- RESERVED
+CVE-2018-19949 (If exploited, this command injection vulnerability could allow
remote ...)
+ TODO: check
CVE-2018-19948 (The vulnerability have been reported to affect earlier
versions of Hel ...)
NOT-FOR-US: QNAP
CVE-2018-19947 (The vulnerability have been reported to affect earlier
versions of Hel ...)
@@ -119905,8 +119928,8 @@ CVE-2018-19945
RESERVED
CVE-2018-19944
RESERVED
-CVE-2018-19943
- RESERVED
+CVE-2018-19943 (If exploited, this cross-site scripting vulnerability could
allow remo ...)
+ TODO: check
CVE-2018-19942
RESERVED
CVE-2018-19941
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3571cc2203364d147398e65a1155d3b9e801a7dc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3571cc2203364d147398e65a1155d3b9e801a7dc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
