Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2bbcdc91 by security tracker role at 2020-10-29T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2020-27991
+ RESERVED
+CVE-2020-27990
+ RESERVED
+CVE-2020-27989
+ RESERVED
+CVE-2020-27988
+ RESERVED
+CVE-2020-27987
+ RESERVED
+CVE-2020-27986 (** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers
to discov ...)
+ TODO: check
+CVE-2020-27985
+ RESERVED
+CVE-2020-27984
+ RESERVED
+CVE-2020-27983
+ RESERVED
+CVE-2020-27982
+ RESERVED
+CVE-2020-27981 (An XSS vulnerability in the auto-complete function of the
description ...)
+ TODO: check
CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS
in the WL ...)
NOT-FOR-US: Genexis Platinum-4410 P4410-V2-1.28 devices
CVE-2020-27979
@@ -6188,8 +6210,8 @@ CVE-2020-25376
RESERVED
CVE-2020-25375 (Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7
is affect ...)
NOT-FOR-US: Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM
-CVE-2020-25374
- RESERVED
+CVE-2020-25374 (CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows
attackers t ...)
+ TODO: check
CVE-2020-25373
RESERVED
CVE-2020-25372
@@ -7650,20 +7672,20 @@ CVE-2020-24715 (The Scalyr Agent before 2.1.10 has
Missing SSL Certificate Valid
NOT-FOR-US: Scalyr
CVE-2020-24714 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate
Validation ...)
NOT-FOR-US: Scalyr
-CVE-2020-24713
- RESERVED
-CVE-2020-24712
- RESERVED
-CVE-2020-24711
- RESERVED
-CVE-2020-24710
- RESERVED
-CVE-2020-24709
- RESERVED
-CVE-2020-24708
- RESERVED
-CVE-2020-24707
- RESERVED
+CVE-2020-24713 (Gophish through 0.10.1 does not invalidate the gophish cookie
upon log ...)
+ TODO: check
+CVE-2020-24712 (Cross Site Scripting (XSS) vulnerability in Gophish before
0.11.0 via ...)
+ TODO: check
+CVE-2020-24711 (The Reset button on the Account Settings page in Gophish
before 0.11.0 ...)
+ TODO: check
+CVE-2020-24710 (Gophish before 0.11.0 allows SSRF attacks. ...)
+ TODO: check
+CVE-2020-24709 (Cross Site Scripting (XSS) vulnerability in Gophish through
0.10.1 via ...)
+ TODO: check
+CVE-2020-24708 (Cross Site Scripting (XSS) vulnerability in Gophish before
0.11.0 via ...)
+ TODO: check
+CVE-2020-24707 (Gophish before 0.11.0 allows the creation of CSV sheets that
contain m ...)
+ TODO: check
CVE-2020-24706 (An issue was discovered in certain WSO2 products. The Try It
tool allo ...)
NOT-FOR-US: WSO2
CVE-2020-24705 (An issue was discovered in certain WSO2 products. A valid
Carbon Manag ...)
@@ -37123,7 +37145,7 @@ CVE-2020-11855 (An Authorization Bypass vulnerability
on Micro Focus Operation B
NOT-FOR-US: Micro Focus
CVE-2020-11854 (Arbitrary code execution vlnerability in Operation bridge
Manager, App ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11853 (An arbitrary code execution vulnerability exists in Micro
Focus Operat ...)
+CVE-2020-11853 (Arbitrary code execution vulnerability affecting multiple
Micro Focus ...)
NOT-FOR-US: Micro Focus
CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure
Messaging ...)
NOT-FOR-US: Micro Focus
@@ -38040,10 +38062,10 @@ CVE-2020-11618 (THOMSON THT741FTA 2.2.1 and Philips
DTR3502BFTA DVB-T2 2.2.1 set
NOT-FOR-US: THOMSON
CVE-2020-11617 (The RSS application on THOMSON THT741FTA 2.2.1 and Philips
DTR3502BFTA ...)
NOT-FOR-US: THOMSON
-CVE-2020-11616
- RESERVED
-CVE-2020-11615
- RESERVED
+CVE-2020-11616 (NVIDIA DGX servers, all BMC firmware versions prior to
3.38.30, contai ...)
+ TODO: check
+CVE-2020-11615 (NVIDIA DGX servers, all BMC firmware versions prior to
3.38.30, contai ...)
+ TODO: check
CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update
manifest, as w ...)
NOT-FOR-US: Mids' Reborn Hero Designer
CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of
privilege vulne ...)
@@ -38637,20 +38659,20 @@ CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer
3.10.1 allows remote authe
NOT-FOR-US: Zen Load Balancer
CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote
authent ...)
NOT-FOR-US: Zen Load Balancer
-CVE-2020-11489
- RESERVED
-CVE-2020-11488
- RESERVED
-CVE-2020-11487
- RESERVED
-CVE-2020-11486
- RESERVED
-CVE-2020-11485
- RESERVED
-CVE-2020-11484
- RESERVED
-CVE-2020-11483
- RESERVED
+CVE-2020-11489 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior
to 3.38 ...)
+ TODO: check
+CVE-2020-11488 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior
to 3.38 ...)
+ TODO: check
+CVE-2020-11487 (NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to
3.38.30. ...)
+ TODO: check
+CVE-2020-11486 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior
to 3.38 ...)
+ TODO: check
+CVE-2020-11485 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior
to 3.38 ...)
+ TODO: check
+CVE-2020-11484 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior
to 3.38 ...)
+ TODO: check
+CVE-2020-11483 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior
to 3.38 ...)
+ TODO: check
CVE-2019-20635 (codeBeamer before 9.5.0-RC3 does not properly restrict the
ability to ...)
NOT-FOR-US: codeBeamer
CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for
DTLS. The e ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bbcdc913f19733990d81bd90857d85b490d87d3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bbcdc913f19733990d81bd90857d85b490d87d3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
