[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 05 Nov 2020 12:11:14 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b45e5b78 by security tracker role at 2020-11-05T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2020-28238
+       RESERVED
+CVE-2020-28237
+       RESERVED
+CVE-2020-28236
+       RESERVED
+CVE-2020-28235
+       RESERVED
+CVE-2020-28234
+       RESERVED
+CVE-2020-28233
+       RESERVED
+CVE-2020-28232
+       RESERVED
+CVE-2020-28231
+       RESERVED
+CVE-2020-28230
+       RESERVED
+CVE-2020-28229
+       RESERVED
+CVE-2020-28228
+       RESERVED
+CVE-2020-28227
+       RESERVED
+CVE-2020-28226
+       RESERVED
+CVE-2020-28225
+       RESERVED
+CVE-2020-28224
+       RESERVED
+CVE-2020-28223
+       RESERVED
+CVE-2020-28222
+       RESERVED
+CVE-2020-28221
+       RESERVED
+CVE-2020-28220
+       RESERVED
+CVE-2020-28219
+       RESERVED
+CVE-2020-28218
+       RESERVED
+CVE-2020-28217
+       RESERVED
+CVE-2020-28216
+       RESERVED
+CVE-2020-28215
+       RESERVED
+CVE-2020-28214
+       RESERVED
+CVE-2020-28213
+       RESERVED
+CVE-2020-28212
+       RESERVED
+CVE-2020-28211
+       RESERVED
+CVE-2020-28210
+       RESERVED
+CVE-2020-28209
+       RESERVED
 CVE-2020-28208
        RESERVED
 CVE-2020-28207
@@ -184,8 +244,8 @@ CVE-2020-28117
        RESERVED
 CVE-2020-28116
        RESERVED
-CVE-2020-28115
-       RESERVED
+CVE-2020-28115 (SQL Injection vulnerability in "Documents component" found in 
AudimexE ...)
+       TODO: check
 CVE-2020-28114
        RESERVED
 CVE-2020-28113
@@ -317,14 +377,15 @@ CVE-2020-28051
 CVE-2020-28050
        RESERVED
 CVE-2020-28049 (An issue was discovered in SDDM before 0.19.0. It incorrectly 
starts t ...)
+       {DSA-4783-1}
        - sddm <unfixed> (bug #973748)
        NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/2
        NOTE: 
https://github.com/sddm/sddm/commit/be202f533ab98a684c6a007e8d5b4357846bc222
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1177201
 CVE-2020-28048
        RESERVED
-CVE-2020-28047
-       RESERVED
+CVE-2020-28047 (AudimexEE before 14.1.1 is vulnerable to Reflected XSS 
(Cross-Site-Scr ...)
+       TODO: check
 CVE-2020-27347 [tmux buffer overflow in CSI parsing]
        RESERVED
        - tmux 3.1c-1
@@ -553,8 +614,8 @@ CVE-2020-27957 (The RandomGameUnit extension for MediaWiki 
through 1.35 was not
        NOT-FOR-US: MediaWiki extension
 CVE-2020-27956 (An Arbitrary File Upload in the Upload Image component in 
SourceCodest ...)
        NOT-FOR-US: SourceCodester Car Rental Management System
-CVE-2020-27955
-       RESERVED
+CVE-2020-27955 (Git LFS 2.12.0 allows Remote Code Execution. ...)
+       TODO: check
 CVE-2020-27954
        RESERVED
 CVE-2020-27953
@@ -1301,8 +1362,8 @@ CVE-2020-27690 (The Relish (Verve Connect) VH510 device 
with firmware before 1.0
        NOT-FOR-US: Relish (Verve Connect) VH510 device
 CVE-2020-27689 (The Relish (Verve Connect) VH510 device with firmware before 
1.0.1.6L0 ...)
        NOT-FOR-US: Relish (Verve Connect) VH510 device
-CVE-2020-27688
-       RESERVED
+CVE-2020-27688 (RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to 
encrypt ...)
+       TODO: check
 CVE-2020-27687
        RESERVED
 CVE-2020-27686
@@ -2315,8 +2376,8 @@ CVE-2020-27404
        RESERVED
 CVE-2020-27403
        RESERVED
-CVE-2020-27402
-       RESERVED
+CVE-2020-27402 (The HK1 Box S905X3 TV Box contains a vulnerability that allows 
a local ...)
+       TODO: check
 CVE-2020-27401
        RESERVED
 CVE-2020-27400
@@ -3268,6 +3329,7 @@ CVE-2020-26941
 CVE-2020-26940
        RESERVED
 CVE-2020-26939 (In Legion of the Bouncy Castle BC before 1.55 and BC-FJA 
before 1.0.1. ...)
+       {DLA-2433-1}
        - bouncycastle 1.61-1
        NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2020-26939
        NOTE: 
https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1
 (r1rv61)
@@ -4206,12 +4268,12 @@ CVE-2020-26509
        RESERVED
 CVE-2020-26508
        RESERVED
-CVE-2020-26507
-       RESERVED
-CVE-2020-26506
-       RESERVED
-CVE-2020-26505
-       RESERVED
+CVE-2020-26507 (A CSV Injection (also known as Formula Injection) 
vulnerability in the ...)
+       TODO: check
+CVE-2020-26506 (An Authorization Bypass vulnerability in the Marmind web 
application w ...)
+       TODO: check
+CVE-2020-26505 (A Stored Cross-Site Scripting (XSS) vulnerability in the 
&#8220;Marmin ...)
+       TODO: check
 CVE-2020-26504
        RESERVED
 CVE-2020-26503
@@ -6707,10 +6769,10 @@ CVE-2020-25401
        RESERVED
 CVE-2020-25400
        RESERVED
-CVE-2020-25399
-       RESERVED
-CVE-2020-25398
-       RESERVED
+CVE-2020-25399 (Stored XSS in InterMind iMind Server through 3.13.65 allows 
any user t ...)
+       TODO: check
+CVE-2020-25398 (CSV Injection exists in InterMind iMind Server through 3.13.65 
via the ...)
+       TODO: check
 CVE-2020-25397
        RESERVED
 CVE-2020-25396
@@ -7943,8 +8005,8 @@ CVE-2020-24851
        RESERVED
 CVE-2020-24850
        RESERVED
-CVE-2020-24849
-       RESERVED
+CVE-2020-24849 (A remote code execution vulnerability is identified in 
FruityWifi thro ...)
+       TODO: check
 CVE-2020-24848 (FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL 
: ALL) N ...)
        NOT-FOR-US: FruityWifi
 CVE-2020-24847 (A Cross-Site Request Forgery (CSRF) vulnerability is 
identified in Fru ...)
@@ -25700,6 +25762,7 @@ CVE-2020-16126
        - accountsservice <not-affected> (Ubuntu-specific issue in 
0010-set-language.patch)
 CVE-2020-16125 [display: Exit with failure if loading existing users fails]
        RESERVED
+       {DLA-2434-1}
        - gdm3 3.38.2-1
        NOTE: 
https://github.com/GNOME/gdm/commit/dc8235128c3a1fcd5da8f30ab6839d413d353f28
        NOTE: https://gitlab.gnome.org/GNOME/gdm/-/issues/642
@@ -26151,14 +26214,14 @@ CVE-2020-15953 (LibEtPan through 1.9.4, as used in 
MailCore 2 through 0.6.3 and
        NOTE: https://github.com/dinhvh/libetpan/issues/386
        NOTE: https://github.com/dinhvh/libetpan/pull/387
        NOTE: https://github.com/dinhvh/libetpan/pull/388
-CVE-2020-15952
-       RESERVED
-CVE-2020-15951
-       RESERVED
-CVE-2020-15950
-       RESERVED
-CVE-2020-15949
-       RESERVED
+CVE-2020-15952 (Immuta v2.8.2 is affected by stored XSS that allows a 
low-privileged u ...)
+       TODO: check
+CVE-2020-15951 (Immuta v2.8.2 accepts user-supplied project names without 
properly san ...)
+       TODO: check
+CVE-2020-15950 (Immuta v2.8.2 is affected by improper session management: user 
session ...)
+       TODO: check
+CVE-2020-15949 (Immuta v2.8.2 is affected by one instance of insecure 
permissions that ...)
+       TODO: check
 CVE-2020-15948
        RESERVED
 CVE-2020-25573 (An issue was discovered in the linked-hash-map crate before 
0.5.3 for  ...)
@@ -30841,8 +30904,8 @@ CVE-2020-14242
        RESERVED
 CVE-2020-14241
        RESERVED
-CVE-2020-14240
-       RESERVED
+CVE-2020-14240 (HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 
FP6 and ...)
+       TODO: check
 CVE-2020-14239
        RESERVED
 CVE-2020-14238
@@ -30877,8 +30940,8 @@ CVE-2020-14224
        RESERVED
 CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to 
cross-site scri ...)
        NOT-FOR-US: HCL Digital Experience
-CVE-2020-14222
-       RESERVED
+CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross 
site scri ...)
+       TODO: check
 CVE-2020-14221
        RESERVED
 CVE-2020-14220
@@ -32468,8 +32531,8 @@ CVE-2020-13663 [Drupal SA 2020-004]
        - drupal7 <removed>
        NOTE: https://www.drupal.org/sa-core-2020-004
        NOTE: 
https://git.drupalcode.org/project/drupal/-/commit/3999b8f658bf2ef8e96a7ee8ccb279c5d3073006
-CVE-2020-13661
-       RESERVED
+CVE-2020-13661 (Telerik Fiddler through 5.0.20202.18177 allows attackers to 
execute ar ...)
+       TODO: check
 CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File 
Picker pr ...)
        NOT-FOR-US: CMS Made Simple
 CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL 
pointer d ...)
@@ -36317,12 +36380,12 @@ CVE-2020-12149
        RESERVED
 CVE-2020-12148
        RESERVED
-CVE-2020-12147
-       RESERVED
-CVE-2020-12146
-       RESERVED
-CVE-2020-12145
-       RESERVED
+CVE-2020-12147 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 
8.10.11+, ...)
+       TODO: check
+CVE-2020-12146 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 
8.10.11+, ...)
+       TODO: check
+CVE-2020-12145 (Silver Peak Unity Orchestrator versions prior to 8.9.11+, 
8.10.11+, or ...)
+       TODO: check
 CVE-2020-12144 (The certificate used to identify the Silver Peak Cloud Portal 
to EdgeC ...)
        NOT-FOR-US: Silver Peak Cloud Portal
 CVE-2020-12143 (The certificate used to identify Orchestrator to EdgeConnect 
devices i ...)
@@ -47534,8 +47597,8 @@ CVE-2020-8269
        RESERVED
 CVE-2020-8268
        RESERVED
-CVE-2020-8267
-       RESERVED
+CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10 
and ea ...)
+       TODO: check
 CVE-2020-8266
        RESERVED
 CVE-2020-8265
@@ -48912,12 +48975,12 @@ CVE-2020-7765
        RESERVED
 CVE-2020-7764
        RESERVED
-CVE-2020-7763
-       RESERVED
-CVE-2020-7762
-       RESERVED
-CVE-2020-7761
-       RESERVED
+CVE-2020-7763 (This affects the package phantom-html-to-pdf before 0.6.1. ...)
+       TODO: check
+CVE-2020-7762 (This affects the package jsreport-chrome-pdf before 1.10.0. ...)
+       TODO: check
+CVE-2020-7761 (This affects the package @absolunet/kafe before 3.2.10. It 
allows caus ...)
+       TODO: check
 CVE-2020-7760 (This affects the package codemirror before 5.58.2; the package 
org.apa ...)
        - codemirror-js <unfixed>
        [stretch] - codemirror-js <not-affected> (Vulnerable code added later)
@@ -57951,8 +58014,8 @@ CVE-2020-4099
        RESERVED
 CVE-2020-4098
        RESERVED
-CVE-2020-4097
-       RESERVED
+CVE-2020-4097 (In HCL Notes version 9 previous to release 9.0.1 FixPack 10 
Interim Fi ...)
+       TODO: check
 CVE-2020-4096
        RESERVED
 CVE-2020-4095 ("BigFix Platform is storing clear text credentials within the 
system's ...)
@@ -174702,8 +174765,8 @@ CVE-2018-1727 (IBM InfoSphere Information Server 9.1, 
11.3, 11.5, and 11.7 is vu
        NOT-FOR-US: IBM
 CVE-2018-1726
        RESERVED
-CVE-2018-1725
-       RESERVED
+CVE-2018-1725 (IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration 
could be vu ...)
+       TODO: check
 CVE-2018-1724 (IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a 
local user ...)
        NOT-FOR-US: IBM
 CVE-2018-1723 (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 
and 5.0 ...)
@@ -277414,7 +277477,7 @@ CVE-2015-3209 (Heap-based buffer overflow in the 
PCNET controller in QEMU allows
        [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
        - xen 4.4.0-1
        [squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
-        - xen-qemu-dm-4.0 <removed>
+       - xen-qemu-dm-4.0 <removed>
        [squeeze] - xen-qemu-dm-4.0 <end-of-life> (Not supported in Squeeze LTS)
        NOTE: Xen switched to qemu-system in 4.4.0-1
        NOTE: http://xenbits.xen.org/xsa/advisory-135.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b45e5b7852e40e05801ffeabda15e796fb0bf54e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b45e5b7852e40e05801ffeabda15e796fb0bf54e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to