Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0d51c64 by security tracker role at 2020-12-01T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2020-29442
+ RESERVED
+CVE-2020-29441 (An issue was discovered in the Upload Widget in OutSystems
Platform 10 ...)
+ TODO: check
+CVE-2020-29440 (Tesla Model X vehicles before 2020-11-23 do not perform
certificate va ...)
+ TODO: check
+CVE-2020-29439 (Tesla Model X vehicles before 2020-11-23 have key fobs that
rely on fi ...)
+ TODO: check
+CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that
accept fir ...)
+ TODO: check
+CVE-2020-29437
+ RESERVED
+CVE-2020-29436
+ RESERVED
+CVE-2020-29435
+ RESERVED
+CVE-2020-29434
+ RESERVED
+CVE-2020-29433
+ RESERVED
+CVE-2020-29432
+ RESERVED
+CVE-2020-29431
+ RESERVED
+CVE-2020-29430
+ RESERVED
+CVE-2020-29429
+ RESERVED
+CVE-2020-29428
+ RESERVED
+CVE-2020-29427
+ RESERVED
+CVE-2020-29426
+ RESERVED
+CVE-2020-29425
+ RESERVED
+CVE-2020-29424
+ RESERVED
+CVE-2020-29423
+ RESERVED
+CVE-2020-29422
+ RESERVED
+CVE-2020-29421
+ RESERVED
+CVE-2020-29420
+ RESERVED
+CVE-2020-29419
+ RESERVED
+CVE-2020-29418
+ RESERVED
+CVE-2020-29417
+ RESERVED
+CVE-2020-29416
+ RESERVED
+CVE-2020-29415
+ RESERVED
+CVE-2020-29414
+ RESERVED
+CVE-2020-29413
+ RESERVED
+CVE-2020-29412
+ RESERVED
+CVE-2020-29411
+ RESERVED
+CVE-2020-29410
+ RESERVED
+CVE-2020-29409
+ RESERVED
+CVE-2020-29408
+ RESERVED
+CVE-2020-29407
+ RESERVED
+CVE-2020-29406
+ RESERVED
+CVE-2020-29405
+ RESERVED
+CVE-2020-29404
+ RESERVED
+CVE-2020-29403
+ RESERVED
+CVE-2020-29402
+ RESERVED
+CVE-2020-29401
+ RESERVED
+CVE-2020-29400
+ RESERVED
+CVE-2020-29399
+ RESERVED
+CVE-2020-29398
+ RESERVED
+CVE-2020-29397
+ RESERVED
+CVE-2020-29396
+ RESERVED
CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows
addons/?q= XSS v ...)
NOT-FOR-US: EventON plugin for WordPress
CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in
dlt_common.c in d ...)
@@ -92,7 +186,7 @@ CVE-2020-29366
RESERVED
CVE-2020-29365
RESERVED
-CVE-2020-29364 (In NetArt News Lister 1.0.0, the news headlines are vulnerable
to stor ...)
+CVE-2020-29364 (In NetArt News Lister 1.0.0, the news headlines vulnerable to
stored x ...)
NOT-FOR-US: NetArt News Lister
CVE-2020-29363
RESERVED
@@ -1014,6 +1108,7 @@ CVE-2020-28930
CVE-2020-28929
RESERVED
CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs mishandles particular
combinati ...)
+ {DLA-2474-1}
- musl <unfixed> (bug #975365)
[buster] - musl <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4
@@ -7345,12 +7440,12 @@ CVE-2020-27589 (Synopsys hub-rest-api-python (aka
blackduck on PyPI) version 0.0
NOT-FOR-US: hub-rest-api-python
CVE-2020-27588
RESERVED
-CVE-2020-27587
- RESERVED
-CVE-2020-27586
- RESERVED
-CVE-2020-27585
- RESERVED
+CVE-2020-27587 (Quick Heal Total Security before 19.0 allows attackers with
local admi ...)
+ TODO: check
+CVE-2020-27586 (Quick Heal Total Security before version 19.0 transmits
quarantine and ...)
+ TODO: check
+CVE-2020-27585 (Quick Heal Total Security before 19.0 allows attackers with
local admi ...)
+ TODO: check
CVE-2020-27584
RESERVED
CVE-2020-27583
@@ -21947,6 +22042,7 @@ CVE-2020-20740 (PDFResurrect before 0.20 lack of header
validation checks causes
NOTE:
https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397
(v0.21)
NOTE: https://github.com/enferex/pdfresurrect/issues/14
CVE-2020-20739 (im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in
libvips befo ...)
+ {DLA-2473-1}
- vips 8.9.0-1
[buster] - vips <no-dsa> (Minor issue)
NOTE:
https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a
(v8.9.0-alpha1)
@@ -29790,10 +29886,10 @@ CVE-2020-16852 (An elevation of privilege
vulnerability exists when the OneDrive
NOT-FOR-US: Microsoft
CVE-2020-16851 (An elevation of privilege vulnerability exists when the
OneDrive for W ...)
NOT-FOR-US: Microsoft
-CVE-2020-16850
- RESERVED
-CVE-2020-16849
- RESERVED
+CVE-2020-16850 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an
unauthent ...)
+ TODO: check
+CVE-2020-16849 (An issue was discovered on Canon MF237w 06.07 devices. An
"Improper Ha ...)
+ TODO: check
CVE-2020-16848
RESERVED
CVE-2020-16847 (Extreme Analytics in Extreme Management Center before
8.5.0.169 allows ...)
@@ -33699,8 +33795,7 @@ CVE-2020-15259 (ad-ldap-connector's admin panel before
version 5.0.13 does not p
NOT-FOR-US: ad-ldap-connector
CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without
checking ...)
NOT-FOR-US: Wire app
-CVE-2020-15257
- RESERVED
+CVE-2020-15257 (containerd is an industry-standard container runtime and is
available ...)
- containerd 1.4.3~ds1-1
- docker.io <unfixed>
NOTE:
https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
@@ -36721,8 +36816,8 @@ CVE-2020-14195 (FasterXML jackson-databind 2.x before
2.9.10.5 mishandles the in
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-14194 (Zulip Server before 2.1.5 allows reverse tabnapping via a
topic header ...)
- zulip-server <itp> (bug #800052)
-CVE-2020-14193
- RESERVED
+CVE-2020-14193 (Affected versions of Automation for Jira - Server allowed
remote attac ...)
+ TODO: check
CVE-2020-14192
RESERVED
CVE-2020-14191 (Affected versions of Atlassian Fisheye/Crucible allow remote
attackers ...)
@@ -43433,8 +43528,8 @@ CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x
before 4.3.100 allows an o
NOTE:
http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5deb5269ieF1tee6Mp3UJyZOk8DB-Q
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1716665
NOTE: https://gitlab.com/NTPsec/ntpsec/issues/651
-CVE-2020-11867
- RESERVED
+CVE-2020-11867 (Audacity through 2.3.3 saves temporary files to
/var/tmp/audacity-$USE ...)
+ TODO: check
CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a
use-aft ...)
- libemf 1.0.12-1
[buster] - libemf <no-dsa> (Minor issue)
@@ -51287,14 +51382,14 @@ CVE-2020-9119
RESERVED
CVE-2020-9118
RESERVED
-CVE-2020-9117
- RESERVED
-CVE-2020-9116
- RESERVED
-CVE-2020-9115
- RESERVED
-CVE-2020-9114
- RESERVED
+CVE-2020-9117 (HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and
SydneyM ...)
+ TODO: check
+CVE-2020-9116 (Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command
injection ...)
+ TODO: check
+CVE-2020-9115 (ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030,
6.5.1.1.B ...)
+ TODO: check
+CVE-2020-9114 (FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0
have a pri ...)
+ TODO: check
CVE-2020-9113 (HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8)
have a buf ...)
NOT-FOR-US: Huawei
CVE-2020-9112 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have
a priv ...)
@@ -63730,14 +63825,14 @@ CVE-2020-4131
RESERVED
CVE-2020-4130
RESERVED
-CVE-2020-4129
- RESERVED
+CVE-2020-4129 (HCL Domino is susceptible to a lockout policy bypass
vulnerability in ...)
+ TODO: check
CVE-2020-4128
RESERVED
-CVE-2020-4127
- RESERVED
-CVE-2020-4126
- RESERVED
+CVE-2020-4127 (HCL Domino is susceptible to a Login CSRF vulnerability. With a
valid ...)
+ TODO: check
+CVE-2020-4126 (HCL iNotes is susceptible to a sensitive cookie exposure
vulnerability ...)
+ TODO: check
CVE-2020-4125 (Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a
malicious ...)
NOT-FOR-US: HCL
CVE-2020-4124
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0d51c649d2a7857445b725023ca9919ea18733f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0d51c649d2a7857445b725023ca9919ea18733f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
