Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7fca8e87 by security tracker role at 2020-11-25T08:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2020-29073
+ RESERVED
+CVE-2020-29072 (A Cross-Site Script Inclusion vulnerability was found on
LiquidFiles b ...)
+ TODO: check
+CVE-2020-29071 (An XSS issue was found in the Shares feature of LiquidFiles
before 3.3 ...)
+ TODO: check
+CVE-2020-29070
+ RESERVED
+CVE-2020-29069 (_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey
Network ...)
+ TODO: check
+CVE-2020-29068
+ RESERVED
+CVE-2020-29067
+ RESERVED
+CVE-2020-29066
+ RESERVED
+CVE-2020-29065
+ RESERVED
+CVE-2020-29064
+ RESERVED
+CVE-2020-29063 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A,
92416A, ...)
+ TODO: check
+CVE-2020-29062 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A,
92416A, ...)
+ TODO: check
+CVE-2020-29061 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A,
92416A, ...)
+ TODO: check
+CVE-2020-29060 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A,
92416A, ...)
+ TODO: check
+CVE-2020-29059 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A,
92416A, ...)
+ TODO: check
+CVE-2020-29058 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A,
92416A, ...)
+ TODO: check
+CVE-2020-29057 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A,
92416A, ...)
+ TODO: check
+CVE-2020-29056 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A,
92416A, ...)
+ TODO: check
+CVE-2020-29055 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A,
92416A, ...)
+ TODO: check
+CVE-2020-29054 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A,
92416A, ...)
+ TODO: check
+CVE-2020-29053 (HRSALE 2.0.0 allows XSS via the
admin/project/projects_calendar set_da ...)
+ TODO: check
+CVE-2020-29052
+ RESERVED
+CVE-2020-29051
+ RESERVED
+CVE-2020-29050
+ RESERVED
+CVE-2015-9551 (An issue was discovered on TOTOLINK A850R-V1 through
1.0.1-B20150707.1 ...)
+ TODO: check
+CVE-2015-9550 (An issue was discovered on TOTOLINK A850R-V1 through
1.0.1-B20150707.1 ...)
+ TODO: check
CVE-2020-29049
RESERVED
CVE-2020-29048
@@ -149,6 +201,7 @@ CVE-2020-28977
CVE-2020-28976
RESERVED
CVE-2020-28984 (prive/formulaires/configurer_preferences.php in SPIP before
3.2.8 does ...)
+ {DSA-4798-1}
- spip 3.2.8-1
NOTE:
https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8
CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324,
as used i ...)
@@ -157,8 +210,7 @@ CVE-2020-28973
RESERVED
CVE-2020-28972
RESERVED
-CVE-2020-26235 [RUSTSEC-2020-0071: time: Potential segfault in the time crate]
- RESERVED
+CVE-2020-26235 (In Rust time crate from version 0.2.7 and before version
0.2.23, unix- ...)
- rust-time <not-affected> (Vulnerable methods introduced in v0.2.7)
NOTE:
https://github.com/time-rs/time/security/advisories/GHSA-wcg3-cvx6-7396
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0071.html
@@ -4188,8 +4240,8 @@ CVE-2020-28331 (Barco wePresent WiPG-1600W devices have
Improper Access Control.
NOT-FOR-US: Barco wePresent WiPG-1600W devices
CVE-2020-28330 (Barco wePresent WiPG-1600W devices have Unprotected Transport
of Crede ...)
NOT-FOR-US: Barco wePresent WiPG-1600W devices
-CVE-2020-28329
- RESERVED
+CVE-2020-28329 (Barco wePresent WiPG-1600W firmware includes a hardcoded API
account a ...)
+ TODO: check
CVE-2020-28328 (SuiteCRM before 7.11.17 is vulnerable to remote code execution
via the ...)
NOT-FOR-US: SuiteCRM
CVE-2020-28327 (A res_pjsip_session crash was discovered in Asterisk Open
Source 13.x ...)
@@ -9353,26 +9405,26 @@ CVE-2020-26244
RESERVED
CVE-2020-26243
RESERVED
-CVE-2020-26242
- RESERVED
-CVE-2020-26241
- RESERVED
-CVE-2020-26240
- RESERVED
+CVE-2020-26242 (Go Ethereum, or "Geth", is the official Golang implementation
of the E ...)
+ TODO: check
+CVE-2020-26241 (Go Ethereum, or "Geth", is the official Golang implementation
of the E ...)
+ TODO: check
+CVE-2020-26240 (Go Ethereum, or "Geth", is the official Golang implementation
of the E ...)
+ TODO: check
CVE-2020-26239 (Scratch Addons is a WebExtension that supports both Chrome and
Firefox ...)
NOT-FOR-US: Scratch Addons
-CVE-2020-26238
- RESERVED
-CVE-2020-26237
- RESERVED
+CVE-2020-26238 (Cron-utils is a Java library to parse, validate, migrate crons
as well ...)
+ TODO: check
+CVE-2020-26237 (Highlight.js is a syntax highlighter written in JavaScript.
Highlight. ...)
+ TODO: check
CVE-2020-26236 (In ScratchVerifier before commit a603769, an attacker can
hijack the v ...)
NOT-FOR-US: ScratchVerifier
CVE-2020-26234
RESERVED
CVE-2020-26233
RESERVED
-CVE-2020-26232
- RESERVED
+CVE-2020-26232 (Jupyter Server before version 1.0.6 has an Open redirect
vulnerability ...)
+ TODO: check
CVE-2020-26231 (October is a free, open-source, self-hosted CMS platform based
on the ...)
NOT-FOR-US: October CMS
CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app
for Spa ...)
@@ -11956,8 +12008,8 @@ CVE-2020-25161
RESERVED
CVE-2020-25160
RESERVED
-CVE-2020-25159
- RESERVED
+CVE-2020-25159 (499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to
a stack- ...)
+ TODO: check
CVE-2020-25158
RESERVED
CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL
injection ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fca8e87e9d7c1841fb0806cf5c9da053775f514
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fca8e87e9d7c1841fb0806cf5c9da053775f514
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
