[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 16 Dec 2020 12:10:35 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
76eab854 by security tracker role at 2020-12-16T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-35482
+       RESERVED
+CVE-2020-35481
+       RESERVED
+CVE-2020-35480
+       RESERVED
+CVE-2020-35479
+       RESERVED
+CVE-2020-35478
+       RESERVED
+CVE-2020-35477
+       RESERVED
+CVE-2020-35476 (A remote code execution vulnerability occurs in OpenTSDB 
through 2.4.0 ...)
+       TODO: check
+CVE-2020-35475
+       RESERVED
+CVE-2020-35474
+       RESERVED
+CVE-2020-35473
+       RESERVED
 CVE-2020-35472
        RESERVED
 CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and truncated 
datagrams, as dem ...)
@@ -684,8 +704,8 @@ CVE-2020-35135 (The ultimate-category-excluder plugin 
before 1.2 for WordPress a
        NOT-FOR-US: ultimate-category-excluder plugin for WordPress
 CVE-2020-35134
        RESERVED
-CVE-2020-35133
-       RESERVED
+CVE-2020-35133 (irfanView 4.56 contains an error processing parsing files of 
type .pcx ...)
+       TODO: check
 CVE-2020-35132 (An XSS issue has been discovered in phpLDAPadmin before 
1.2.6.2 that a ...)
        - phpldapadmin <unfixed>
        NOTE: 
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474
@@ -732,6 +752,7 @@ CVE-2020-35114
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35114
 CVE-2020-35113
        RESERVED
+       {DSA-4813-1}
        - firefox 84.0-1
        - firefox-esr 78.6.0esr-1
        - thunderbird 1:78.6.0-1
@@ -748,6 +769,7 @@ CVE-2020-35112
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112
 CVE-2020-35111
        RESERVED
+       {DSA-4813-1}
        - firefox 84.0-1
        - firefox-esr 78.6.0esr-1
        - thunderbird 1:78.6.0-1
@@ -2423,8 +2445,8 @@ CVE-2020-29609
        RESERVED
 CVE-2020-29608
        RESERVED
-CVE-2020-29607
-       RESERVED
+CVE-2020-29607 (A file upload restriction bypass vulnerability in Pluck CMS 
before 4.7 ...)
+       TODO: check
 CVE-2020-XXXX [RUSTSEC-2020-0080: miow: `miow` invalidly assumes the memory 
layout of std::net::SocketAddr]
        - rust-miow <unfixed> (bug #976871)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0080.html
@@ -3266,20 +3288,17 @@ CVE-2020-29365
        RESERVED
 CVE-2020-29364 (In NetArt News Lister 1.0.0, the news headlines vulnerable to 
stored x ...)
        NOT-FOR-US: NetArt News Lister
-CVE-2020-29363
-       RESERVED
+CVE-2020-29363 (An issue was discovered in p11-kit 0.23.6 through 0.23.21. A 
heap-base ...)
        - p11-kit 0.23.22-1
        NOTE: 
https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
        NOTE: 
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x
        NOTE: 
https://github.com/p11-glue/p11-kit/commit/2617f3ef888e103324a28811886b99ed0a56346d
 (0.23.22)
-CVE-2020-29362
-       RESERVED
+CVE-2020-29362 (An issue was discovered in p11-kit 0.21.1 through 0.23.21. A 
heap-base ...)
        - p11-kit 0.23.22-1
        NOTE: 
https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
        NOTE: 
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc
        NOTE: 
https://github.com/p11-glue/p11-kit/commit/bda2f543ff8e0195c90e849379ef1585d00677bc
 (0.23.22)
-CVE-2020-29361
-       RESERVED
+CVE-2020-29361 (An issue was discovered in p11-kit 0.21.1 through 0.23.21. 
Multiple in ...)
        - p11-kit 0.23.22-1
        NOTE: 
https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
        NOTE: 
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2
@@ -6343,8 +6362,8 @@ CVE-2020-28460
        RESERVED
 CVE-2020-28459
        RESERVED
-CVE-2020-28458
-       RESERVED
+CVE-2020-28458 (All versions of package datatables.net are vulnerable to 
Prototype Pol ...)
+       TODO: check
 CVE-2020-28457 (This affects the package s-cart/core before 4.4. The search 
functional ...)
        TODO: check
 CVE-2020-28456 (The package s-cart/core before 4.4 are vulnerable to 
Cross-site Script ...)
@@ -11870,6 +11889,7 @@ CVE-2020-26979
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26979
 CVE-2020-26978
        RESERVED
+       {DSA-4813-1}
        - firefox 84.0-1
        - firefox-esr 78.6.0esr-1
        - thunderbird 1:78.6.0-1
@@ -11890,6 +11910,7 @@ CVE-2020-26975
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26975
 CVE-2020-26974
        RESERVED
+       {DSA-4813-1}
        - firefox 84.0-1
        - firefox-esr 78.6.0esr-1
        - thunderbird 1:78.6.0-1
@@ -11898,6 +11919,7 @@ CVE-2020-26974
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974
 CVE-2020-26973
        RESERVED
+       {DSA-4813-1}
        - firefox 84.0-1
        - firefox-esr 78.6.0esr-1
        - thunderbird 1:78.6.0-1
@@ -11910,6 +11932,7 @@ CVE-2020-26972
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26972
 CVE-2020-26971
        RESERVED
+       {DSA-4813-1}
        - firefox 84.0-1
        - firefox-esr 78.6.0esr-1
        - thunderbird 1:78.6.0-1
@@ -13656,8 +13679,8 @@ CVE-2020-26200
        RESERVED
 CVE-2020-26199
        RESERVED
-CVE-2020-26198
-       RESERVED
+CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 
contain a  ...)
+       TODO: check
 CVE-2020-26197
        RESERVED
 CVE-2020-26196
@@ -15163,18 +15186,18 @@ CVE-2020-25623 (Erlang/OTP 22.3.x before 22.3.4.6 and 
23.x before 23.1 allows Di
        [buster] - erlang <not-affected> (Vulnerable code introduced later)
        [stretch] - erlang <not-affected> (Vulnerable code introduced later)
        NOTE: https://github.com/erlang/otp/releases/tag/OTP-23.1
-CVE-2020-25622
-       RESERVED
-CVE-2020-25621
-       RESERVED
-CVE-2020-25620
-       RESERVED
-CVE-2020-25619
-       RESERVED
-CVE-2020-25618
-       RESERVED
-CVE-2020-25617
-       RESERVED
+CVE-2020-25622 (An issue was discovered in SolarWinds N-Central 12.3.0.670. 
The Advanc ...)
+       TODO: check
+CVE-2020-25621 (An issue was discovered in SolarWinds N-Central 12.3.0.670. 
The local  ...)
+       TODO: check
+CVE-2020-25620 (An issue was discovered in SolarWinds N-Central 12.3.0.670. 
Hard-coded ...)
+       TODO: check
+CVE-2020-25619 (An issue was discovered in SolarWinds N-Central 12.3.0.670. 
The SSH co ...)
+       TODO: check
+CVE-2020-25618 (An issue was discovered in SolarWinds N-Central 12.3.0.670. 
The sudo c ...)
+       TODO: check
+CVE-2020-25617 (An issue was discovered in SolarWinds N-Central 12.3.0.670. 
The Advanc ...)
+       TODO: check
 CVE-2020-25616
        RESERVED
 CVE-2020-25615
@@ -31707,6 +31730,7 @@ CVE-2020-17529 (Out-of-bounds Write vulnerability in 
TCP Stack of Apache NuttX (
 CVE-2020-17528 (Out-of-bounds Write vulnerability in TCP stack of Apache NuttX 
(incuba ...)
        NOT-FOR-US: Apache NuttX
 CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache 
Tomcat 10. ...)
+       {DLA-2495-1}
        - tomcat9 9.0.40-1
        - tomcat8 <removed>
        NOTE: 
https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65
 (9.0.40)
@@ -34931,6 +34955,7 @@ CVE-2020-16043
        RESERVED
 CVE-2020-16042
        RESERVED
+       {DSA-4813-1}
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
        - firefox 84.0-1
@@ -39957,8 +39982,8 @@ CVE-2020-14256
        RESERVED
 CVE-2020-14255
        RESERVED
-CVE-2020-14254
-       RESERVED
+CVE-2020-14254 (TLS-RSA cipher suites are not disabled in HCL BigFix Inventory 
up to v ...)
+       TODO: check
 CVE-2020-14253
        RESERVED
 CVE-2020-14252
@@ -39969,8 +39994,8 @@ CVE-2020-14250
        RESERVED
 CVE-2020-14249
        RESERVED
-CVE-2020-14248
-       RESERVED
+CVE-2020-14248 (BigFix Inventory up to v10.0.2 does not set the secure flag 
for the se ...)
+       TODO: check
 CVE-2020-14247
        RESERVED
 CVE-2020-14246
@@ -58029,8 +58054,8 @@ CVE-2020-7839
        RESERVED
 CVE-2020-7838
        RESERVED
-CVE-2020-7837
-       RESERVED
+CVE-2020-7837 (An issue was discovered in ML Report Program. There is a 
stack-based b ...)
+       TODO: check
 CVE-2020-7836
        RESERVED
 CVE-2020-7835
@@ -58145,8 +58170,8 @@ CVE-2020-7783
        RESERVED
 CVE-2020-7782
        RESERVED
-CVE-2020-7781
-       RESERVED
+CVE-2020-7781 (This affects the package connection-tester before 0.2.1. The 
injection ...)
+       TODO: check
 CVE-2020-7780 (This affects the package 
com.softwaremill.akka-http-session:core_2.13  ...)
        TODO: check
 CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular 
Expressi ...)
@@ -63370,10 +63395,10 @@ CVE-2020-5685
        RESERVED
 CVE-2020-5684
        RESERVED
-CVE-2020-5683
-       RESERVED
-CVE-2020-5682
-       RESERVED
+CVE-2020-5683 (Directory traversal vulnerability in GROWI versions prior to 
v4.2.3 (v ...)
+       TODO: check
+CVE-2020-5682 (Improper input validation in GROWI versions prior to v4.2.3 
(v4.2 Seri ...)
+       TODO: check
 CVE-2020-5681
        RESERVED
 CVE-2020-5680 (Improper input validation vulnerability in EC-CUBE versions 
from 3.0.5 ...)
@@ -64106,10 +64131,10 @@ CVE-2020-5362 (Dell Client Consumer and Commercial 
platforms include an improper
        NOT-FOR-US: Dell
 CVE-2020-5361
        RESERVED
-CVE-2020-5360
-       RESERVED
-CVE-2020-5359
-       RESERVED
+CVE-2020-5360 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are 
vulnerable  ...)
+       TODO: check
+CVE-2020-5359 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are 
vulnerable  ...)
+       TODO: check
 CVE-2020-5358 (Dell Encryption versions prior to 10.7 and Dell Endpoint 
Security Suit ...)
        NOT-FOR-US: Dell Encryption
 CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer 
and Comme ...)
@@ -67450,8 +67475,8 @@ CVE-2020-4010
        RESERVED
 CVE-2020-4009
        RESERVED
-CVE-2020-4008
-       RESERVED
+CVE-2020-4008 (The installer of the macOS Sensor for VMware Carbon Black Cloud 
prior  ...)
+       TODO: check
 CVE-2020-4007
        RESERVED
 CVE-2020-4006 (VMware Workspace One Access, Access Connector, Identity 
Manager, and I ...)
@@ -92411,22 +92436,22 @@ CVE-2019-14485
        RESERVED
 CVE-2019-14484
        RESERVED
-CVE-2019-14483
-       RESERVED
-CVE-2019-14482
-       RESERVED
-CVE-2019-14481
-       RESERVED
-CVE-2019-14480
-       RESERVED
-CVE-2019-14479
-       RESERVED
-CVE-2019-14478
-       RESERVED
-CVE-2019-14477
-       RESERVED
-CVE-2019-14476
-       RESERVED
+CVE-2019-14483 (AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. 
Every user  ...)
+       TODO: check
+CVE-2019-14482 (AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key 
vulnerabil ...)
+       TODO: check
+CVE-2019-14481 (AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery 
(CSRF) vu ...)
+       TODO: check
+CVE-2019-14480 (AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling 
vulnerabi ...)
+       TODO: check
+CVE-2019-14479 (AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In 
the NetCr ...)
+       TODO: check
+CVE-2019-14478 (AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting 
(XSS) vu ...)
+       TODO: check
+CVE-2019-14477 (AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage 
since the  ...)
+       TODO: check
+CVE-2019-14476 (AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery 
(SSRF) v ...)
+       TODO: check
 CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and 
prior use s ...)
        NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
 CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input 
Validation in ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76eab854b5106ac4c2d06b47468a418a2456bc21

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76eab854b5106ac4c2d06b47468a418a2456bc21
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to