Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1f4aff4 by security tracker role at 2020-10-29T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-28000
+ RESERVED
+CVE-2020-27999
+ RESERVED
+CVE-2020-27998 (An issue was discovered in FastReport before 2020.4.0. It
lacks a Scri ...)
+ TODO: check
+CVE-2020-27997
+ RESERVED
+CVE-2020-27996 (An issue was discovered in SmartStoreNET before 4.0.1. It does
not pro ...)
+ TODO: check
+CVE-2020-27995 (SQL Injection in Zoho ManageEngine Applications Manager 14
before 1456 ...)
+ TODO: check
+CVE-2020-27994
+ RESERVED
+CVE-2020-27993 (Hrsale 2.0.0 allows download?type=files&filename=../
directory tra ...)
+ TODO: check
+CVE-2020-27992
+ RESERVED
CVE-2020-27991
RESERVED
CVE-2020-27990
@@ -406,10 +424,10 @@ CVE-2021-0202
RESERVED
CVE-2021-0201
RESERVED
-CVE-2020-27887
- RESERVED
-CVE-2020-27886
- RESERVED
+CVE-2020-27887 (An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An
authent ...)
+ TODO: check
+CVE-2020-27886 (An issue was discovered in EyesOfNetwork eonweb 5.3-7 through
5.3-8. T ...)
+ TODO: check
CVE-2020-27885
RESERVED
CVE-2020-27884
@@ -686,14 +704,14 @@ CVE-2020-27749
RESERVED
CVE-2020-27748
RESERVED
-CVE-2020-27747
- RESERVED
+CVE-2020-27747 (An issue was discovered in Click Studios Passwordstate 8.9
(Build 8973 ...)
+ TODO: check
CVE-2020-27746
RESERVED
CVE-2020-27745
RESERVED
-CVE-2020-27744
- RESERVED
+CVE-2020-27744 (An issue was discovered on Western Digital My Cloud NAS
devices before ...)
+ TODO: check
CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a
failure of RAN ...)
- libpam-tacplus <unfixed> (bug #973250)
NOTE: https://github.com/kravietz/pam_tacplus/pull/163
@@ -1265,28 +1283,28 @@ CVE-2020-27660
RESERVED
CVE-2020-27659
RESERVED
-CVE-2020-27658
- RESERVED
-CVE-2020-27657
- RESERVED
-CVE-2020-27656
- RESERVED
-CVE-2020-27655
- RESERVED
-CVE-2020-27654
- RESERVED
-CVE-2020-27653
- RESERVED
-CVE-2020-27652
- RESERVED
-CVE-2020-27651
- RESERVED
-CVE-2020-27650
- RESERVED
-CVE-2020-27649
- RESERVED
-CVE-2020-27648
- RESERVED
+CVE-2020-27658 (Synology Router Manager (SRM) before 1.2.4-8081 does not
include the H ...)
+ TODO: check
+CVE-2020-27657 (Cleartext transmission of sensitive information vulnerability
in DDNS ...)
+ TODO: check
+CVE-2020-27656 (Cleartext transmission of sensitive information vulnerability
in DDNS ...)
+ TODO: check
+CVE-2020-27655 (Improper access control vulnerability in Synology Router
Manager (SRM) ...)
+ TODO: check
+CVE-2020-27654 (Improper access control vulnerability in lbd in Synology
Router Manage ...)
+ TODO: check
+CVE-2020-27653 (Algorithm downgrade vulnerability in QuickConnect in Synology
Router M ...)
+ TODO: check
+CVE-2020-27652 (Algorithm downgrade vulnerability in QuickConnect in Synology
DiskStat ...)
+ TODO: check
+CVE-2020-27651 (Synology Router Manager (SRM) before 1.2.4-8081 does not set
the Secur ...)
+ TODO: check
+CVE-2020-27650 (Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does
not set t ...)
+ TODO: check
+CVE-2020-27649 (Improper certificate validation vulnerability in OpenVPN
client in Syn ...)
+ TODO: check
+CVE-2020-27648 (Improper certificate validation vulnerability in OpenVPN
client in Syn ...)
+ TODO: check
CVE-2020-27647
RESERVED
CVE-2020-27646 (Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x
before 6.0.1 ...)
@@ -2919,6 +2937,7 @@ CVE-2020-26872
CVE-2020-26871
RESERVED
CVE-2020-26870 (Cure53 DOMPurify before 2.0.17 allows mutation XSS. This
occurs becaus ...)
+ {DLA-2419-1}
- dompurify.js <removed>
NOTE:
https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/
NOTE:
https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d
@@ -5282,8 +5301,8 @@ CVE-2020-25791 (An issue was discovered in the
sized-chunks crate through 0.6.2
- rust-sized-chunks <unfixed> (bug #970586)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
NOTE: https://github.com/bodil/sized-chunks/issues/11
-CVE-2020-25780
- RESERVED
+CVE-2020-25780 (In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x
before ...)
+ TODO: check
CVE-2020-25779 (Trend Micro Antivirus for Mac 2020 (Consumer) has a
vulnerability in w ...)
NOT-FOR-US: Trend Micro
CVE-2020-25778 (Trend Micro Antivirus for Mac 2020 (Consumer) has a
vulnerability in a ...)
@@ -5924,8 +5943,8 @@ CVE-2020-25518
RESERVED
CVE-2020-25517
RESERVED
-CVE-2020-25516
- RESERVED
+CVE-2020-25516 (WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored
cross-si ...)
+ TODO: check
CVE-2020-25515 (Sourcecodester Simple Library Management System 1.0 is
affected by Ins ...)
NOT-FOR-US: Sourcecodester Simple Library Management System
CVE-2020-25514 (Sourcecodester Simple Library Management System 1.0 is
affected by Inc ...)
@@ -14692,8 +14711,8 @@ CVE-2020-21268
RESERVED
CVE-2020-21267
RESERVED
-CVE-2020-21266
- RESERVED
+CVE-2020-21266 (Broadleaf Commerce 5.1.14-GA is affected by cross-site
scripting (XSS) ...)
+ TODO: check
CVE-2020-21265
RESERVED
CVE-2020-21264
@@ -48389,8 +48408,8 @@ CVE-2020-7748 (This affects the package @tsed/core
before 5.65.7. This vulnerabi
NOT-FOR-US: Ts.ED
CVE-2020-7747 (This affects all versions of package lightning-server. It is
possible ...)
NOT-FOR-US: lightning-server nodejs module
-CVE-2020-7746
- RESERVED
+CVE-2020-7746 (This affects the package chart.js before 2.9.4. The options
parameter ...)
+ TODO: check
CVE-2020-7745 (This affects the package MintegralAdSDK before 6.6.0.0. The SDK
distri ...)
NOT-FOR-US: MintegralAdSDK
CVE-2020-7744 (This affects all versions of package com.mintegral.msdk:alphab.
The An ...)
@@ -49194,8 +49213,8 @@ CVE-2020-7386
RESERVED
CVE-2020-7385
RESERVED
-CVE-2020-7384
- RESERVED
+CVE-2020-7384 (Rapid7's Metasploit msfvenom framework handles APK files in a
way that ...)
+ TODO: check
CVE-2020-7383 (A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49
that m ...)
NOT-FOR-US: Rapid7 Nexpose
CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an
Unquoted ...)
@@ -53006,22 +53025,22 @@ CVE-2020-5940
RESERVED
CVE-2020-5939
RESERVED
-CVE-2020-5938
- RESERVED
-CVE-2020-5937
- RESERVED
-CVE-2020-5936
- RESERVED
-CVE-2020-5935
- RESERVED
-CVE-2020-5934
- RESERVED
-CVE-2020-5933
- RESERVED
-CVE-2020-5932
- RESERVED
-CVE-2020-5931
- RESERVED
+CVE-2020-5938 (On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and
11.6.1-11.6.5.2, when ...)
+ TODO: check
+CVE-2020-5937 (On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management
Microkernel (TMM ...)
+ TODO: check
+CVE-2020-5936 (On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7,
13.1.0-13.1.3.4, and 1 ...)
+ TODO: check
+CVE-2020-5935 (On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM,
Link Con ...)
+ TODO: check
+CVE-2020-5934 (On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and
13.1.0-13.1.3.3, w ...)
+ TODO: check
+CVE-2020-5933 (On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4,
12.1.0- ...)
+ TODO: check
+CVE-2020-5932 (On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS)
vulnerabil ...)
+ TODO: check
+CVE-2020-5931 (On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4,
12.1.0-12 ...)
+ TODO: check
CVE-2020-5930 (In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3,
12.1.0-12 ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5929 (In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and
11.6.1-11.6.2, B ...)
@@ -55849,8 +55868,8 @@ CVE-2020-4866
RESERVED
CVE-2020-4865
RESERVED
-CVE-2020-4864
- RESERVED
+CVE-2020-4864 (IBM Resilient SOAR V38.0 could allow an attacker on the
internal net w ...)
+ TODO: check
CVE-2020-4863
RESERVED
CVE-2020-4862
@@ -56129,14 +56148,14 @@ CVE-2020-4726
RESERVED
CVE-2020-4725
RESERVED
-CVE-2020-4724
- RESERVED
-CVE-2020-4723
- RESERVED
-CVE-2020-4722
- RESERVED
-CVE-2020-4721
- RESERVED
+CVE-2020-4724 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local
attacker t ...)
+ TODO: check
+CVE-2020-4723 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local
attacker t ...)
+ TODO: check
+CVE-2020-4722 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local
attacker t ...)
+ TODO: check
+CVE-2020-4721 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local
attacker t ...)
+ TODO: check
CVE-2020-4720
RESERVED
CVE-2020-4719
@@ -75432,6 +75451,7 @@ CVE-2019-16731 (The udpServerSys service in Petwant
PF-103 firmware 4.22.2.42 an
CVE-2019-16730 (processCommandUpgrade() in libcommon.so in Petwant PF-103
firmware 4.2 ...)
NOT-FOR-US: Petwant PF-103 and Petalk AI
CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS because of innerHTML
mutation XSS (m ...)
+ {DLA-2419-1}
- dompurify.js <removed>
NOTE: https://research.securitum.com/dompurify-bypass-using-mxss/
CVE-2019-16746 (An issue was discovered in net/wireless/nl80211.c in the Linux
kernel ...)
@@ -111765,8 +111785,8 @@ CVE-2019-4565 (IBM Security Key Lifecycle Manager 3.0
and 3.0.1 does not require
NOT-FOR-US: IBM
CVE-2019-4564 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is
vulnera ...)
NOT-FOR-US: IBM
-CVE-2019-4563
- RESERVED
+CVE-2019-4563 (IBM Security Directory Server 6.4.0 does not set the secure
attribute ...)
+ TODO: check
CVE-2019-4562 (IBM Security Directory Server 6.4.0 stores sensitive
information in UR ...)
NOT-FOR-US: IBM
CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote
attacker to e ...)
@@ -111797,8 +111817,8 @@ CVE-2019-4549 (IBM Security Directory Server 6.4.0
discloses sensitive informati
NOT-FOR-US: IBM
CVE-2019-4548 (IBM Security Directory Server 6.4.0 could allow a remote
attacker to h ...)
NOT-FOR-US: IBM
-CVE-2019-4547
- RESERVED
+CVE-2019-4547 (IBM Security Directory Server 6.4.0 generates an error message
that in ...)
+ TODO: check
CVE-2019-4546 (After installing the IBM Maximo Health- Safety and Environment
Manager ...)
NOT-FOR-US: IBM
CVE-2019-4545 (IBM QRadar SIEM 7.3 and 7.4 when configured to use Active
Directory Au ...)
@@ -113443,7 +113463,7 @@ CVE-2019-3834 (It was found that the fix for
CVE-2014-0114 had been reverted in
CVE-2019-3833 (Openwsman, versions up to and including 2.6.9, are vulnerable
to infin ...)
- openwsman <itp> (bug #754501)
CVE-2019-3832 (It was discovered the fix for CVE-2018-19758 (libsndfile) was
not comp ...)
- {DLA-1712-1}
+ {DLA-2418-1 DLA-1712-1}
- libsndfile 1.0.28-6 (bug #922372)
NOTE:
https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436
NOTE: https://github.com/erikd/libsndfile/pull/460
@@ -121379,7 +121399,7 @@ CVE-2018-19759 (There is a heap-based buffer
over-read at stb_image_write.h (fun
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
NOTE: CVE description is misleading, not an issue in libstb
CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in
wav_write_header in ...)
- {DLA-1632-1}
+ {DLA-2418-1 DLA-1632-1}
- libsndfile 1.0.28-5 (bug #917416)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812
NOTE: https://github.com/erikd/libsndfile/issues/435
@@ -121607,13 +121627,13 @@ CVE-2018-19664 (libjpeg-turbo 2.0.1 has a
heap-based buffer over-read in the put
CVE-2018-19663
RESERVED
CVE-2018-19662 (An issue was discovered in libsndfile 1.0.28. There is a
buffer over-r ...)
- {DLA-1618-1}
+ {DLA-2418-1 DLA-1618-1}
- libsndfile 1.0.28-5 (low)
NOTE: https://github.com/erikd/libsndfile/issues/429
NOTE:
https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate)
CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a
buffer over-r ...)
- {DLA-1618-1}
+ {DLA-2418-1 DLA-1618-1}
- libsndfile 1.0.28-5 (low)
NOTE: https://github.com/erikd/libsndfile/issues/429
NOTE:
https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
@@ -187402,7 +187422,7 @@ CVE-2017-14650 (A Remote Code Execution vulnerability
has been found in the Hord
NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2
NOTE:
https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b
CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the
function do ...)
- {DLA-1618-1}
+ {DLA-2418-1 DLA-1618-1}
- libsndfile 1.0.28-5 (bug #876783)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/318
@@ -188550,13 +188570,13 @@ CVE-2017-14248 (A heap-based buffer over-read in
SampleImage() in MagickCore/res
CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka
eonweb) 5 ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c
of libs ...)
- {DLA-1618-1}
+ {DLA-2418-1 DLA-1618-1}
- libsndfile 1.0.28-5 (low; bug #876682)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/317
NOTE:
https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c
of libs ...)
- {DLA-1618-1}
+ {DLA-2418-1 DLA-1618-1}
- libsndfile 1.0.28-5 (low; bug #876682)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/317
@@ -211316,7 +211336,7 @@ CVE-2017-6894
CVE-2017-6893
RESERVED
CVE-2017-6892 (In libsndfile version 1.0.28, an error in the
"aiff_read_chanmap()" fu ...)
- {DLA-985-1}
+ {DLA-2418-1 DLA-985-1}
- libsndfile 1.0.28-1 (bug #864704)
[jessie] - libsndfile <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1f4aff4b41569de3e3db3fa7350b328fc9b3d51
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1f4aff4b41569de3e3db3fa7350b328fc9b3d51
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
