[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 17 Nov 2020 12:10:51 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
614c8a91 by security tracker role at 2020-11-17T20:10:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-28911
+       RESERVED
+CVE-2020-28910
+       RESERVED
+CVE-2020-28909
+       RESERVED
+CVE-2020-28908
+       RESERVED
+CVE-2020-28907
+       RESERVED
+CVE-2020-28906
+       RESERVED
+CVE-2020-28905
+       RESERVED
+CVE-2020-28904
+       RESERVED
+CVE-2020-28903
+       RESERVED
+CVE-2020-28902
+       RESERVED
+CVE-2020-28901
+       RESERVED
+CVE-2020-28900
+       RESERVED
 CVE-2020-28899
        RESERVED
 CVE-2020-28898
@@ -420,10 +444,10 @@ CVE-2020-28690
        RESERVED
 CVE-2020-28689
        RESERVED
-CVE-2020-28688
-       RESERVED
-CVE-2020-28687
-       RESERVED
+CVE-2020-28688 (The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, 
JAVASCR ...)
+       TODO: check
+CVE-2020-28687 (The edit profile functionality in ARTWORKS GALLERY IN PHP, 
CSS, JAVASC ...)
+       TODO: check
 CVE-2020-28686
        RESERVED
 CVE-2020-28685
@@ -502,8 +526,8 @@ CVE-2020-28649 (The orbisius-child-theme-creator plugin 
before 1.5.2 for WordPre
        NOT-FOR-US: orbisius-child-theme-creator plugin for WordPress
 CVE-2020-28648 (Improper input validation in the Auto-Discovery component of 
Nagios XI ...)
        NOT-FOR-US: Nagios XI
-CVE-2020-28647
-       RESERVED
+CVE-2020-28647 (In Progress MOVEit Transfer before 2020.1, a malicious user 
could craf ...)
+       TODO: check
 CVE-2020-28646
        RESERVED
 CVE-2020-28645
@@ -2123,11 +2147,13 @@ CVE-2020-28416
        RESERVED
 CVE-2020-25710 [assertion failure in CSN normalization with invalid input]
        RESERVED
+       {DSA-4792-1}
        - openldap 2.4.56+dfsg-1
        NOTE: https://bugs.openldap.org/show_bug.cgi?id=9384
        NOTE: 
https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2
 (OPENLDAP_REL_ENG_2_4_56)
 CVE-2020-25709 [assertion failure in Certificate List syntax validation]
        RESERVED
+       {DSA-4792-1}
        - openldap 2.4.56+dfsg-1
        NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383
        NOTE: 
https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65
 (OPENLDAP_REL_ENG_2_4_56)
@@ -4231,22 +4257,22 @@ CVE-2020-28142
        RESERVED
 CVE-2020-28141
        RESERVED
-CVE-2020-28140
-       RESERVED
-CVE-2020-28139
-       RESERVED
-CVE-2020-28138
-       RESERVED
+CVE-2020-28140 (SourceCodester Online Clothing Store 1.0 is affected by an 
arbitrary f ...)
+       TODO: check
+CVE-2020-28139 (SourceCodester Online Clothing Store 1.0 is affected by a 
cross-site s ...)
+       TODO: check
+CVE-2020-28138 (SourceCodester Online Clothing Store 1.0 is affected by a SQL 
Injectio ...)
+       TODO: check
 CVE-2020-28137
        RESERVED
-CVE-2020-28136
-       RESERVED
+CVE-2020-28136 (An Arbitrary File Upload is discovered in SourceCodester 
Tourism Manag ...)
+       TODO: check
 CVE-2020-28135
        RESERVED
 CVE-2020-28134
        RESERVED
-CVE-2020-28133
-       RESERVED
+CVE-2020-28133 (An issue was discovered in SourceCodester Simple Grocery Store 
Sales A ...)
+       TODO: check
 CVE-2020-28132
        RESERVED
 CVE-2020-28131
@@ -4423,7 +4449,7 @@ CVE-2020-28048
        RESERVED
 CVE-2020-28047 (AudimexEE before 14.1.1 is vulnerable to Reflected XSS 
(Cross-Site-Scr ...)
        NOT-FOR-US: AudimexEE
-CVE-2020-27347 (The function input_csi_dispatch_sgr_colon() in file input.c 
contained  ...)
+CVE-2020-27347 (In tmux before version 3.1c the function 
input_csi_dispatch_sgr_colon( ...)
        - tmux 3.1c-1
        [buster] - tmux <not-affected> (Vulnerable code introduced later)
        [stretch] - tmux <not-affected> (Vulnerable code introduced later)
@@ -6112,18 +6138,18 @@ CVE-2020-27560 (ImageMagick 7.0.10-34 allows Division 
by Zero in OptimizeLayerFr
        NOTE: ImageMagick6: 
https://github.com/ImageMagick/ImageMagick6/commit/6e3b13c7ef94d72b40fba91987897c4326717a46
 CVE-2020-27559
        RESERVED
-CVE-2020-27558
-       RESERVED
-CVE-2020-27557
-       RESERVED
-CVE-2020-27556
-       RESERVED
-CVE-2020-27555
-       RESERVED
-CVE-2020-27554
-       RESERVED
-CVE-2020-27553
-       RESERVED
+CVE-2020-27558 (Use of an undocumented user in BASETech GE-131 BT-1837836 
firmware 201 ...)
+       TODO: check
+CVE-2020-27557 (Unprotected Storage of Credentials vulnerability in BASETech 
GE-131 BT ...)
+       TODO: check
+CVE-2020-27556 (A predictable device ID in BASETech GE-131 BT-1837836 firmware 
2018092 ...)
+       TODO: check
+CVE-2020-27555 (Use of default credentials for the telnet server in BASETech 
GE-131 BT ...)
+       TODO: check
+CVE-2020-27554 (Cleartext Transmission of Sensitive Information vulnerability 
in BASET ...)
+       TODO: check
+CVE-2020-27553 (A directory traversal vulnerability in BASETech GE-131 
BT-1837836 firm ...)
+       TODO: check
 CVE-2020-27552
        RESERVED
 CVE-2020-27551
@@ -7952,8 +7978,8 @@ CVE-2020-26703
        RESERVED
 CVE-2020-26702
        RESERVED
-CVE-2020-26701
-       RESERVED
+CVE-2020-26701 (Cross-site scripting (XSS) vulnerability in Dashboards section 
in Kaa  ...)
+       TODO: check
 CVE-2020-26700
        RESERVED
 CVE-2020-26699
@@ -8603,8 +8629,7 @@ CVE-2020-26407
        RESERVED
 CVE-2020-26406 (Certain SAST CiConfiguration information could be viewed by 
unauthoriz ...)
        - gitlab <not-affected> (Specific to EE)
-CVE-2020-26405
-       RESERVED
+CVE-2020-26405 (Path traversal vulnerability in package upload functionality 
in GitLab ...)
        - gitlab 13.3.9-1
        NOTE: 
https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
 CVE-2020-26404
@@ -9933,8 +9958,8 @@ CVE-2020-25800
        RESERVED
 CVE-2020-25799
        RESERVED
-CVE-2020-25798
-       RESERVED
+CVE-2020-25798 (A stored cross-site scripting (XSS) vulnerability in 
LimeSurvey before ...)
+       TODO: check
 CVE-2020-25797
        RESERVED
 CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to 
upload  ...)
@@ -10056,8 +10081,8 @@ CVE-2020-25748 (A Cleartext Transmission issue was 
discovered on Rubetek RV-3406
        NOT-FOR-US: Rubetek
 CVE-2020-25747 (The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 
cameras (f ...)
        NOT-FOR-US: Rubetek
-CVE-2020-25746
-       RESERVED
+CVE-2020-25746 (QED ResourceXpress Qubi3 devices before 1.40.9 could allow a 
local att ...)
+       TODO: check
 CVE-2020-25745
        RESERVED
 CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged 
users to ...)
@@ -10952,8 +10977,8 @@ CVE-2020-25402
        RESERVED
 CVE-2020-25401
        RESERVED
-CVE-2020-25400
-       RESERVED
+CVE-2020-25400 (Cross domain policies in Taskcafe Project Management tool 
before versi ...)
+       TODO: check
 CVE-2020-25399 (Stored XSS in InterMind iMind Server through 3.13.65 allows 
any user t ...)
        NOT-FOR-US: InterMind iMind Server
 CVE-2020-25398 (CSV Injection exists in InterMind iMind Server through 3.13.65 
via the ...)
@@ -18699,8 +18724,8 @@ CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file 
app/admin/controller/Ajax.php
        NOT-FOR-US: fastadmin-tp6
 CVE-2020-21666
        RESERVED
-CVE-2020-21665
-       RESERVED
+CVE-2020-21665 (In fastadmin V1.0.0.20191212_beta, when a user with 
administrator righ ...)
+       TODO: check
 CVE-2020-21664
        RESERVED
 CVE-2020-21663
@@ -35884,8 +35909,7 @@ CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 
and DIR-600M 3.04 devices
        NOT-FOR-US: D-Link
 CVE-2020-13959
        RESERVED
-CVE-2020-13958
-       RESERVED
+CVE-2020-13958 (A vulnerability in Apache OpenOffice scripting events allows 
an attack ...)
        NOT-FOR-US: Apache OpenOffice
 CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 
to 8.6.2 ...)
        - lucene-solr <not-affected> (Vulnerable functionality not yet present)
@@ -37493,19 +37517,15 @@ CVE-2020-13353 (When importing repos via URL, one 
time use git credentials were
 CVE-2020-13352 (Private group info is leaked leaked in GitLab CE/EE version 
10.2 and a ...)
        - gitlab 13.3.9-1
        NOTE: 
https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
-CVE-2020-13351
-       RESERVED
+CVE-2020-13351 (Insufficient permission checks in scheduled pipeline API in 
GitLab CE/ ...)
        - gitlab 13.3.9-1
        NOTE: 
https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
-CVE-2020-13350
-       RESERVED
+CVE-2020-13350 (CSRF in runner administration page in all versions of GitLab 
CE/EE all ...)
        - gitlab 13.3.9-1
        NOTE: 
https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
-CVE-2020-13349
-       RESERVED
+CVE-2020-13349 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
        - gitlab <not-affected> (Specific to EE)
-CVE-2020-13348
-       RESERVED
+CVE-2020-13348 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
        - gitlab <not-affected> (Specific to EE)
 CVE-2020-13347 (A command injection vulnerability was discovered in Gitlab 
runner vers ...)
        - gitlab-ci-multi-runner <not-affected> (Only affects gitlab-runner 
when configured on Windows)
@@ -53069,8 +53089,8 @@ CVE-2020-7843
        RESERVED
 CVE-2020-7842
        RESERVED
-CVE-2020-7841
-       RESERVED
+CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT 
XPLATFORM w ...)
+       TODO: check
 CVE-2020-7840
        RESERVED
 CVE-2020-7839
@@ -53203,8 +53223,8 @@ CVE-2020-7776
        RESERVED
 CVE-2020-7775
        RESERVED
-CVE-2020-7774
-       RESERVED
+CVE-2020-7774 (This affects the package y18n before 5.0.5. PoC by po6ix: const 
y18n = ...)
+       TODO: check
 CVE-2020-7773 (This affects the package markdown-it-highlightjs before 3.3.1. 
It is p ...)
        TODO: check
 CVE-2020-7772 (This affects the package doc-path before 2.1.2. ...)
@@ -53239,7 +53259,7 @@ CVE-2020-7760 (This affects the package codemirror 
before 5.58.2; the package or
        NOTE: 
https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
 CVE-2020-7759 (The package pimcore/pimcore from 6.7.2 and before 6.8.3 are 
vulnerable ...)
        NOT-FOR-US: pimcore
-CVE-2020-7758 (This affects all versions of package browserless-chrome. User 
input fl ...)
+CVE-2020-7758 (This affects versions of package browserless-chrome before 
1.40.2-chro ...)
        NOT-FOR-US: Node browserless-chrome
 CVE-2020-7757 (This affects all versions of package droppy. It is possible to 
travers ...)
        NOT-FOR-US: droppy



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/614c8a91b4047f09e8ee8e49f14a74a257daf454

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/614c8a91b4047f09e8ee8e49f14a74a257daf454
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to