[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 13 Nov 2020 12:11:04 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3b0827fa by security tracker role at 2020-11-13T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5670,7 +5670,7 @@ CVE-2020-26951
        RESERVED
 CVE-2020-26950
        RESERVED
-       {DSA-4790-1 DSA-4788-1 DLA-2448-1}
+       {DSA-4790-1 DSA-4788-1 DLA-2449-1 DLA-2448-1}
        - firefox 82.0.3-1
        - firefox-esr 78.4.1esr-1
        - thunderbird 1:78.4.2-1
@@ -5941,8 +5941,8 @@ CVE-2020-26827
        RESERVED
 CVE-2020-26826
        RESERVED
-CVE-2020-26825
-       RESERVED
+CVE-2020-26825 (SAP Fiori Launchpad (News tile Application), versions - 
750,751,752,75 ...)
+       TODO: check
 CVE-2020-26824 (SAP Solution Manager (JAVA stack), version - 7.20, allows an 
unauthent ...)
        NOT-FOR-US: SAP
 CVE-2020-26823 (SAP Solution Manager (JAVA stack), version - 7.20, allows an 
unauthent ...)
@@ -7192,8 +7192,8 @@ CVE-2020-26232
        RESERVED
 CVE-2020-26231
        RESERVED
-CVE-2020-26230
-       RESERVED
+CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app 
for Spa ...)
+       TODO: check
 CVE-2020-26229
        RESERVED
 CVE-2020-26228
@@ -7206,10 +7206,10 @@ CVE-2020-26225
        RESERVED
 CVE-2020-26224
        RESERVED
-CVE-2020-26223
-       RESERVED
-CVE-2020-26222
-       RESERVED
+CVE-2020-26223 (Spree is a complete open source e-commerce solution built with 
Ruby on ...)
+       TODO: check
+CVE-2020-26222 (Dependabot is a set of packages for automated dependency 
management fo ...)
+       TODO: check
 CVE-2020-26221 (touchbase.ai before version 2.0 is vulnerable to Cross-Site 
Scripting  ...)
        NOT-FOR-US: touchbase.ai
 CVE-2020-26220 (toucbase.ai before version 2.0 leaks information by not 
stripping exif ...)
@@ -7393,6 +7393,7 @@ CVE-2020-26150 (info.php in Logaritmo Aware CallManager 
2012 allows remote attac
 CVE-2020-26149 (NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and 
nats.deno ...)
        NOT-FOR-US: nats.js
 CVE-2020-26154 (url.cpp in libproxy through 0.4.15 is prone to a buffer 
overflow when  ...)
+       {DLA-2450-1}
        - libproxy <unfixed> (bug #968366)
        NOTE: https://github.com/libproxy/libproxy/pull/126
        NOTE: 
https://github.com/libproxy/libproxy/commit/4411b523545b22022b4be7d0cac25aa170ae1d3e
@@ -8550,7 +8551,7 @@ CVE-2020-25655 (An issue was discovered in 
ManagedClusterView API, that could al
        NOT-FOR-US: Red Hat open-cluster-management
 CVE-2020-25654 [ACL restrictions bypass]
        RESERVED
-       {DLA-2447-1}
+       {DSA-4791-1 DLA-2447-1}
        - pacemaker 2.0.5~rc2-1 (bug #973254)
        NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191
@@ -8854,8 +8855,8 @@ CVE-2020-25559 (gnuplot 5.5 is affected by double free 
when executing print_set_
        NOTE: come from a trusted source, see README.Debian.security (added in 
5.2.6).
 CVE-2020-25558
        RESERVED
-CVE-2020-25557
-       RESERVED
+CVE-2020-25557 (In CMSuno 1.6.2, an attacker can inject malicious PHP code as 
a "usern ...)
+       TODO: check
 CVE-2020-25556
        RESERVED
 CVE-2020-25555
@@ -8892,8 +8893,8 @@ CVE-2020-25540 (ThinkAdmin v6 is affected by a directory 
traversal vulnerability
        NOT-FOR-US: ThinkAdmin
 CVE-2020-25539
        RESERVED
-CVE-2020-25538
-       RESERVED
+CVE-2020-25538 (An authenticated attacker can inject malicious code into 
"lang" parame ...)
+       TODO: check
 CVE-2020-25537
        RESERVED
 CVE-2020-25536
@@ -9724,8 +9725,8 @@ CVE-2020-25167
        RESERVED
 CVE-2020-25166
        RESERVED
-CVE-2020-25165
-       RESERVED
+CVE-2020-25165 (BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and 
BD Alar ...)
+       TODO: check
 CVE-2020-25164
        RESERVED
 CVE-2020-25163
@@ -9744,16 +9745,16 @@ CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 
2.4.10) suffers from SQL inj
        NOT-FOR-US: R-SeeNet
 CVE-2020-25156
        RESERVED
-CVE-2020-25155
-       RESERVED
+CVE-2020-25155 (The affected product transmits unencrypted sensitive 
information, whic ...)
+       TODO: check
 CVE-2020-25154
        RESERVED
 CVE-2020-25153
        RESERVED
 CVE-2020-25152
        RESERVED
-CVE-2020-25151
-       RESERVED
+CVE-2020-25151 (The affected product does not properly validate input, which 
may allow ...)
+       TODO: check
 CVE-2020-25150
        RESERVED
 CVE-2020-25149 (An issue was discovered in Observium Professional, Enterprise 
&amp; Co ...)
@@ -16915,8 +16916,8 @@ CVE-2020-21669
        RESERVED
 CVE-2020-21668
        RESERVED
-CVE-2020-21667
-       RESERVED
+CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file 
app/admin/controller/Ajax.php the ' ...)
+       TODO: check
 CVE-2020-21666
        RESERVED
 CVE-2020-21665
@@ -47956,12 +47957,12 @@ CVE-2020-9131
        RESERVED
 CVE-2020-9130
        RESERVED
-CVE-2020-9129
-       RESERVED
+CVE-2020-9129 (HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) 
have a vu ...)
+       TODO: check
 CVE-2020-9128 (FusionCompute versions 8.0.0 have an insecure encryption 
algorithm vul ...)
        NOT-FOR-US: Uawei FusionCompute
-CVE-2020-9127
-       RESERVED
+CVE-2020-9127 (Some Huawei products have a command injection vulnerability. 
Due to in ...)
+       TODO: check
 CVE-2020-9126
        RESERVED
 CVE-2020-9125
@@ -49312,10 +49313,10 @@ CVE-2020-8585
        RESERVED
 CVE-2020-8584
        RESERVED
-CVE-2020-8583
-       RESERVED
-CVE-2020-8582
-       RESERVED
+CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior 
to 1.8P ...)
+       TODO: check
+CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior 
to 1.8P ...)
+       TODO: check
 CVE-2020-8581
        RESERVED
 CVE-2020-8580 (SANtricity OS Controller Software versions 11.30 and higher are 
suscep ...)
@@ -50894,8 +50895,8 @@ CVE-2015-9541 (Qt through 5.14 allows an exponential 
XML entity expansion attack
        NOTE: https://bugreports.qt.io/browse/QTBUG-47417
        NOTE: 
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=fd4be84d23a0db4186cb42e736a9de3af722c7f7
        NOTE: 
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f432c08882ffebe5074ea28de871559a98a4d094
 (5.12 backport)
-CVE-2020-7962
-       RESERVED
+CVE-2020-7962 (An issue was discovered in One Identity Password Manager 5.8. 
An attac ...)
+       TODO: check
 CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 
7.2.1 CE  ...)
        NOT-FOR-US: Liferay Portal
 CVE-2020-7960
@@ -55548,10 +55549,10 @@ CVE-2020-6158
        RESERVED
 CVE-2020-6157
        RESERVED
-CVE-2020-6156
-       RESERVED
-CVE-2020-6155
-       RESERVED
+CVE-2020-6156 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 
when the s ...)
+       TODO: check
+CVE-2020-6155 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 
while  ...)
+       TODO: check
 CVE-2020-6154
        RESERVED
 CVE-2020-6153
@@ -55560,14 +55561,14 @@ CVE-2020-6152 (A code execution vulnerability exists 
in the DICOM parse_dicom_me
        NOT-FOR-US: Accusoft
 CVE-2020-6151 (A memory corruption vulnerability exists in the TIFF 
handle_COMPRESSIO ...)
        NOT-FOR-US: Accusoft
-CVE-2020-6150
-       RESERVED
-CVE-2020-6149
-       RESERVED
-CVE-2020-6148
-       RESERVED
-CVE-2020-6147
-       RESERVED
+CVE-2020-6150 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 
when the s ...)
+       TODO: check
+CVE-2020-6149 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 
when the s ...)
+       TODO: check
+CVE-2020-6148 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 
when the s ...)
+       TODO: check
+CVE-2020-6147 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 
when the s ...)
+       TODO: check
 CVE-2020-6146 (An exploitable code execution vulnerability exists in the 
rendering fu ...)
        NOT-FOR-US: Nitro Pro
 CVE-2020-6145 (An SQL injection vulnerability exists in the 
frappe.desk.reportview.ge ...)
@@ -55887,8 +55888,8 @@ CVE-2020-6021
        RESERVED
 CVE-2020-6020 (Check Point Security Management's Internal CA web management 
before Ju ...)
        NOT-FOR-US: Check Point
-CVE-2020-6019
-       RESERVED
+CVE-2020-6019 (Valve's Game Networking Sockets prior to version v1.2.0 
improperly han ...)
+       TODO: check
 CVE-2020-6018
        RESERVED
 CVE-2020-6017
@@ -58887,8 +58888,8 @@ CVE-2020-4888
        RESERVED
 CVE-2020-4887
        RESERVED
-CVE-2020-4886
-       RESERVED
+CVE-2020-4886 (IBM InfoSphere Information Server 11.7 stores sensitive 
information in ...)
+       TODO: check
 CVE-2020-4885
        RESERVED
 CVE-2020-4884
@@ -67332,8 +67333,8 @@ CVE-2020-1849
        RESERVED
 CVE-2020-1848
        RESERVED
-CVE-2020-1847
-       RESERVED
+CVE-2020-1847 (There is a denial of service vulnerability in some Huawei 
products. Th ...)
+       TODO: check
 CVE-2020-1846
        RESERVED
 CVE-2020-1845 (Huawei PCManager product with versions earlier than 10.0.5.53 
have a l ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b0827fa17a95df8b16ff2b0bb4dec8f00992ef8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b0827fa17a95df8b16ff2b0bb4dec8f00992ef8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to