[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Mon, 30 Nov 2020 12:10:43 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2207786c by security tracker role at 2020-11-30T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows 
addons/?q= XSS v ...)
+       TODO: check
+CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in 
dlt_common.c in d ...)
+       TODO: check
+CVE-2020-29393
+       RESERVED
+CVE-2020-29392 (The Estil Hill Lock Password Manager Safe app 2.3 for iOS has 
a *#06#* ...)
+       TODO: check
+CVE-2020-29391
+       RESERVED
+CVE-2020-29390 (Zeroshell 3.9.3 contains a command injection vulnerability in 
the /cgi ...)
+       TODO: check
+CVE-2020-29389
+       RESERVED
+CVE-2020-29388
+       RESERVED
+CVE-2020-29387
+       RESERVED
+CVE-2020-29386
+       RESERVED
+CVE-2020-29385
+       RESERVED
+CVE-2020-29384 (An issue was discovered in PNGOUT 2020-01-15. When compressing 
a craft ...)
+       TODO: check
 CVE-2020-29383 (An issue was discovered on V-SOL V1600D4L V1.01.49 and 
V1600D-MINI V1. ...)
        NOT-FOR-US: V-SOL devices
 CVE-2020-29382 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, 
V1600G1 ...)
@@ -68,8 +92,8 @@ CVE-2020-29366
        RESERVED
 CVE-2020-29365
        RESERVED
-CVE-2020-29364
-       RESERVED
+CVE-2020-29364 (In NetArt News Lister 1.0.0, the news headlines are vulnerable 
to stor ...)
+       TODO: check
 CVE-2020-29363
        RESERVED
 CVE-2020-29362
@@ -856,12 +880,12 @@ CVE-2020-28980
        RESERVED
 CVE-2020-28979
        RESERVED
-CVE-2020-28978
-       RESERVED
-CVE-2020-28977
-       RESERVED
-CVE-2020-28976
-       RESERVED
+CVE-2020-28978 (The Canto plugin 1.3.0 for WordPress contains blind SSRF 
vulnerability ...)
+       TODO: check
+CVE-2020-28977 (The Canto plugin 1.3.0 for WordPress contains blind SSRF 
vulnerability ...)
+       TODO: check
+CVE-2020-28976 (The Canto plugin 1.3.0 for WordPress contains a blind SSRF 
vulnerabili ...)
+       TODO: check
 CVE-2020-28984 (prive/formulaires/configurer_preferences.php in SPIP before 
3.2.8 does ...)
        {DSA-4798-1}
        - spip 3.2.8-1
@@ -995,8 +1019,8 @@ CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs 
mishandles particular com
        NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4
 CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User 
Registration sectio ...)
        NOT-FOR-US: Magicpin
-CVE-2020-28926
-       RESERVED
+CVE-2020-28926 (ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote 
code exe ...)
+       TODO: check
 CVE-2020-28925
        RESERVED
 CVE-2020-28924 (An issue was discovered in Rclone before 1.53.3. Due to the 
use of a w ...)
@@ -1072,6 +1096,7 @@ CVE-2020-28898
 CVE-2020-28897
        RESERVED
 CVE-2020-28896 (Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure 
that $s ...)
+       {DLA-2472-1}
        - mutt 2.0.2-1
        [buster] - mutt <no-dsa> (Minor issue)
        - neomutt 20201120+dfsg.1-1
@@ -7125,10 +7150,10 @@ CVE-2020-27661 [divide by zero in dwc2_handle_packet() 
in hw/usb/hcd-dwc2.c]
        [stretch] - qemu <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html
        NOTE: Fixed by: 
https://git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03
 (v5.2.0-rc0)
-CVE-2020-27660
-       RESERVED
-CVE-2020-27659
-       RESERVED
+CVE-2020-27660 (SQL injection vulnerability in request.cgi in Synology 
SafeAccess befo ...)
+       TODO: check
+CVE-2020-27659 (Multiple cross-site scripting (XSS) vulnerabilities in 
Synology SafeAc ...)
+       TODO: check
 CVE-2020-27658 (Synology Router Manager (SRM) before 1.2.4-8081 does not 
include the H ...)
        NOT-FOR-US: Synology Router Manager (SRM)
 CVE-2020-27657 (Cleartext transmission of sensitive information vulnerability 
in DDNS  ...)
@@ -12035,8 +12060,8 @@ CVE-2020-25539
        RESERVED
 CVE-2020-25538 (An authenticated attacker can inject malicious code into 
"lang" parame ...)
        NOT-FOR-US: CMSuno
-CVE-2020-25537
-       RESERVED
+CVE-2020-25537 (File upload vulnerability exists in UCMS 1.5.0, and the 
attacker can t ...)
+       TODO: check
 CVE-2020-25536
        RESERVED
 CVE-2020-25535
@@ -27604,8 +27629,8 @@ CVE-2020-17903
        RESERVED
 CVE-2020-17902
        RESERVED
-CVE-2020-17901
-       RESERVED
+CVE-2020-17901 (Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows 
attackers t ...)
+       TODO: check
 CVE-2020-17900
        RESERVED
 CVE-2020-17899
@@ -42535,17 +42560,17 @@ CVE-2020-11970
        REJECTED
 CVE-2020-11969 (If Apache TomEE is configured to use the embedded ActiveMQ 
broker, and ...)
        NOT-FOR-US: Apache TomEE
-CVE-2020-11968 (In the web-panel in IQrouter through 3.3.1, remote attackers 
can read  ...)
+CVE-2020-11968 (** DISPUTED ** In the web-panel in IQrouter through 3.3.1, 
remote atta ...)
        NOT-FOR-US: IQrouter
-CVE-2020-11967 (In IQrouter through 3.3.1, remote attackers can control the 
device (re ...)
+CVE-2020-11967 (** DISPUTED ** In IQrouter through 3.3.1, remote attackers can 
control ...)
        NOT-FOR-US: IQrouter
-CVE-2020-11966 (In IQrouter through 3.3.1, the Lua function reset_password in 
the web- ...)
+CVE-2020-11966 (** DISPUTED ** In IQrouter through 3.3.1, the Lua function 
reset_passw ...)
        NOT-FOR-US: IQrouter
-CVE-2020-11965 (In IQrouter through 3.3.1, there is a root user without a 
password, wh ...)
+CVE-2020-11965 (** DISPUTED ** In IQrouter through 3.3.1, there is a root user 
without ...)
        NOT-FOR-US: IQrouter
-CVE-2020-11964 (In IQrouter through 3.3.1, the Lua function diag_set_password 
in the w ...)
+CVE-2020-11964 (** DISPUTED ** In IQrouter through 3.3.1, the Lua function 
diag_set_pa ...)
        NOT-FOR-US: IQrouter
-CVE-2020-11963 (IQrouter through 3.3.1, when unconfigured, has multiple remote 
code ex ...)
+CVE-2020-11963 (** DISPUTED ** IQrouter through 3.3.1, when unconfigured, has 
multiple ...)
        NOT-FOR-US: IQrouter
 CVE-2020-11962
        RESERVED
@@ -53139,8 +53164,8 @@ CVE-2020-8353 (Prior to August 10, 2020, some Lenovo 
Desktop and Workstation sys
        NOT-FOR-US: Lenovo
 CVE-2020-8352 (In some Lenovo Desktop models, the Configuration Change 
Detection BIOS ...)
        NOT-FOR-US: Lenovo
-CVE-2020-8351
-       RESERVED
+CVE-2020-8351 (A privilege escalation vulnerability was reported in Lenovo 
PCManager  ...)
+       TODO: check
 CVE-2020-8350 (An authentication bypass vulnerability was reported in Lenovo 
ThinkPad ...)
        NOT-FOR-US: Lenovo
 CVE-2020-8349 (An internal security review has identified an unauthenticated 
remote c ...)
@@ -58493,8 +58518,8 @@ CVE-2020-6319 (SAP NetWeaver Application Server Java, 
versions - 7.10, 7.11, 7.2
        NOT-FOR-US: SAP
 CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP 
NetWeaver (ABA ...)
        NOT-FOR-US: SAP
-CVE-2020-6317
-       RESERVED
+CVE-2020-6317 (In certain situations, an attacker with regular user 
credentials and l ...)
+       TODO: check
 CVE-2020-6316 (SAP ERP and SAP S/4 HANA allows an authenticated user to see 
cost reco ...)
        NOT-FOR-US: SAP
 CVE-2020-6315 (SAP 3D Visual Enterprise Viewer, version 9, allows an attacker 
to send ...)
@@ -62150,8 +62175,8 @@ CVE-2020-4902
        RESERVED
 CVE-2020-4901
        RESERVED
-CVE-2020-4900
-       RESERVED
+CVE-2020-4900 (IBM Business Automation Workflow 19.0.0.3 stores potentially 
sensitive ...)
+       TODO: check
 CVE-2020-4899
        RESERVED
 CVE-2020-4898
@@ -62559,8 +62584,8 @@ CVE-2020-4698 (IBM Business Process Manager 8.5, 8.6 
and IBM Business Automation
        NOT-FOR-US: IBM
 CVE-2020-4697
        RESERVED
-CVE-2020-4696
-       RESERVED
+CVE-2020-4696 (IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate 
session a ...)
+       TODO: check
 CVE-2020-4695
        RESERVED
 CVE-2020-4694
@@ -62697,14 +62722,14 @@ CVE-2020-4629 (IBM WebSphere Application Server 7.0, 
8.0, 8.5, and 9.0 could all
        NOT-FOR-US: IBM
 CVE-2020-4628
        RESERVED
-CVE-2020-4627
-       RESERVED
-CVE-2020-4626
-       RESERVED
-CVE-2020-4625
-       RESERVED
-CVE-2020-4624
-       RESERVED
+CVE-2020-4627 (IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable 
to CVS ...)
+       TODO: check
+CVE-2020-4626 (IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal 
sensitive infor ...)
+       TODO: check
+CVE-2020-4625 (IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote 
attacker ...)
+       TODO: check
+CVE-2020-4624 (IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than 
expected cr ...)
+       TODO: check
 CVE-2020-4623
        RESERVED
 CVE-2020-4622 (IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded 
credentials, su ...)
@@ -127666,7 +127691,7 @@ CVE-2018-19788 (A flaw was found in PolicyKit (aka 
polkit) 0.115 that allows a u
        NOTE: 
https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379
        NOTE: 
https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126
 CVE-2018-19787 (An issue was discovered in lxml before 4.2.5. 
lxml/html/clean.py in th ...)
-       {DLA-2467-1 DLA-1604-1}
+       {DLA-2467-1}
        - lxml 4.2.5-1
        NOTE: Fixed by: 
https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 
(lxml-4.2.5)
 CVE-2018-19786 (HashiCorp Vault before 1.0.0 writes the master key to the 
server log i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2207786ce4461f6d49c5c3e2b10d46a4a9a898d5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2207786ce4461f6d49c5c3e2b10d46a4a9a898d5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to