[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 17 Dec 2020 00:10:35 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
62afa193 by security tracker role at 2020-12-17T08:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-35488
+       RESERVED
+CVE-2020-35487
+       RESERVED
+CVE-2020-35486
+       RESERVED
+CVE-2020-35485
+       RESERVED
+CVE-2020-35484
+       RESERVED
+CVE-2020-35483
+       RESERVED
 CVE-2020-35482
        RESERVED
 CVE-2020-35481
@@ -59,8 +71,8 @@ CVE-2020-35455
        RESERVED
 CVE-2020-35454
        RESERVED
-CVE-2020-35453
-       RESERVED
+CVE-2020-35453 (HashiCorp Vault Enterprise&#8217;s Sentinel EGP policy feature 
incorre ...)
+       TODO: check
 CVE-2020-35452
        RESERVED
 CVE-2020-35451
@@ -572,34 +584,34 @@ CVE-2020-35199 (Ignite Realtime Openfire 4.6.0 has 
create-bookmark.jsp groupchat
        NOT-FOR-US: Ignite Realtime Openfire
 CVE-2020-35198
        RESERVED
-CVE-2020-35197
-       RESERVED
-CVE-2020-35196
-       RESERVED
-CVE-2020-35195
-       RESERVED
-CVE-2020-35194
-       RESERVED
+CVE-2020-35197 (The official memcached docker images before 1.5.11-alpine 
(Alpine spec ...)
+       TODO: check
+CVE-2020-35196 (The official rabbitmq docker images before 
3.7.13-beta.1-management-al ...)
+       TODO: check
+CVE-2020-35195 (The official haproxy docker images before 1.8.18-alpine 
(Alpine specif ...)
+       TODO: check
+CVE-2020-35194 (The official influxdb docker images before 1.7.3-meta-alpine 
(Alpine s ...)
+       TODO: check
 CVE-2020-35193 (The official sonarqube docker images before alpine (Alpine 
specific) c ...)
        NOT-FOR-US: sonarqube docker images before alpine (Alpine specific)
-CVE-2020-35192
-       RESERVED
-CVE-2020-35191
-       RESERVED
-CVE-2020-35190
-       RESERVED
-CVE-2020-35189
-       RESERVED
-CVE-2020-35188
-       RESERVED
-CVE-2020-35187
-       RESERVED
-CVE-2020-35186
-       RESERVED
-CVE-2020-35185
-       RESERVED
-CVE-2020-35184
-       RESERVED
+CVE-2020-35192 (The official vault docker images before 0.11.6 contain a blank 
passwor ...)
+       TODO: check
+CVE-2020-35191 (The official drupal docker images before 8.5.10-fpm-alpine 
(Alpine spe ...)
+       TODO: check
+CVE-2020-35190 (The official plone Docker images before version of 
4.3.18-alpine (Alpi ...)
+       TODO: check
+CVE-2020-35189 (The official kong docker images before 1.0.2-alpine (Alpine 
specific)  ...)
+       TODO: check
+CVE-2020-35188 (The official chronograf docker images before 1.7.7-alpine 
(Alpine spec ...)
+       TODO: check
+CVE-2020-35187 (The official telegraf docker images before 1.9.4-alpine 
(Alpine specif ...)
+       TODO: check
+CVE-2020-35186 (The official adminer docker images before 4.7.0-fastcgi 
contain a blan ...)
+       TODO: check
+CVE-2020-35185 (The official ghost docker images before 2.16.1-alpine (Alpine 
specific ...)
+       TODO: check
+CVE-2020-35184 (The official composer docker images before 1.8.3 contain a 
blank passw ...)
+       TODO: check
 CVE-2020-35183
        RESERVED
 CVE-2020-35182
@@ -612,8 +624,8 @@ CVE-2020-35179
        RESERVED
 CVE-2020-35178
        RESERVED
-CVE-2020-35177
-       RESERVED
+CVE-2020-35177 (HashiCorp Vault and Vault Enterprise allowed the enumeration 
of users  ...)
+       TODO: check
 CVE-2020-35176 (In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a 
partial a ...)
        - awstats <unfixed> (bug #977190)
        NOTE: https://github.com/eldy/awstats/issues/195
@@ -725,8 +737,8 @@ CVE-2020-35125
        RESERVED
 CVE-2020-35124
        RESERVED
-CVE-2020-35123
-       RESERVED
+CVE-2020-35123 (In Zimbra Collaboration Suite Network Edition versions &lt; 
9.0.0 P10  ...)
+       TODO: check
 CVE-2020-35122 (An issue was discovered in the Keysight Database Connector 
plugin befo ...)
        NOT-FOR-US: Keysight Database Connector plugin for Confluence
 CVE-2020-35121 (An issue was discovered in the Keysight Database Connector 
plugin befo ...)
@@ -749,7 +761,7 @@ CVE-2020-35114
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35114
 CVE-2020-35113
        RESERVED
-       {DSA-4813-1}
+       {DSA-4813-1 DLA-2496-1}
        - firefox 84.0-1
        - firefox-esr 78.6.0esr-1
        - thunderbird 1:78.6.0-1
@@ -766,7 +778,7 @@ CVE-2020-35112
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112
 CVE-2020-35111
        RESERVED
-       {DSA-4813-1}
+       {DSA-4813-1 DLA-2496-1}
        - firefox 84.0-1
        - firefox-esr 78.6.0esr-1
        - thunderbird 1:78.6.0-1
@@ -1845,8 +1857,8 @@ CVE-2020-29654 (Western Digital Dashboard before 3.2.2.9 
allows DLL Hijacking th
        NOT-FOR-US: Western Digital Dashboard
 CVE-2020-29653
        RESERVED
-CVE-2020-29652
-       RESERVED
+CVE-2020-29652 (A nil pointer dereference in the golang.org/x/crypto/ssh 
component thr ...)
+       TODO: check
 CVE-2021-1985
        RESERVED
 CVE-2021-1984
@@ -3098,8 +3110,8 @@ CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 
have key fobs that acce
        NOT-FOR-US: Tesla Model X vehicles
 CVE-2020-29437
        RESERVED
-CVE-2020-29436
-       RESERVED
+CVE-2020-29436 (Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a 
user with ...)
+       TODO: check
 CVE-2020-29435
        RESERVED
 CVE-2020-29434
@@ -4214,12 +4226,12 @@ CVE-2020-28933
        RESERVED
 CVE-2020-28932
        RESERVED
-CVE-2020-28931
-       RESERVED
-CVE-2020-28930
-       RESERVED
-CVE-2020-28929
-       RESERVED
+CVE-2020-28931 (Lack of an anti-CSRF token in the entire administrative 
interface in E ...)
+       TODO: check
+CVE-2020-28930 (A Cross-Site Scripting (XSS) issue in the 'update user' and 
'delete us ...)
+       TODO: check
+CVE-2020-28929 (Unrestricted access to the log downloader functionality in 
EPSON EPS T ...)
+       TODO: check
 CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs mishandles particular 
combinati ...)
        {DLA-2474-1}
        - musl <unfixed> (bug #975365)
@@ -11417,8 +11429,8 @@ CVE-2020-27201
        RESERVED
 CVE-2020-27200
        RESERVED
-CVE-2020-27199
-       RESERVED
+CVE-2020-27199 (The Magic Home Pro application 1.5.1 for Android allows 
Authentication ...)
+       TODO: check
 CVE-2020-27198
        RESERVED
 CVE-2020-27197 (** DISPUTED ** TAXII libtaxii through 1.1.117, as used in 
EclecticIQ O ...)
@@ -11888,7 +11900,7 @@ CVE-2020-26979
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26979
 CVE-2020-26978
        RESERVED
-       {DSA-4813-1}
+       {DSA-4813-1 DLA-2496-1}
        - firefox 84.0-1
        - firefox-esr 78.6.0esr-1
        - thunderbird 1:78.6.0-1
@@ -11909,7 +11921,7 @@ CVE-2020-26975
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26975
 CVE-2020-26974
        RESERVED
-       {DSA-4813-1}
+       {DSA-4813-1 DLA-2496-1}
        - firefox 84.0-1
        - firefox-esr 78.6.0esr-1
        - thunderbird 1:78.6.0-1
@@ -11918,7 +11930,7 @@ CVE-2020-26974
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974
 CVE-2020-26973
        RESERVED
-       {DSA-4813-1}
+       {DSA-4813-1 DLA-2496-1}
        - firefox 84.0-1
        - firefox-esr 78.6.0esr-1
        - thunderbird 1:78.6.0-1
@@ -11931,7 +11943,7 @@ CVE-2020-26972
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26972
 CVE-2020-26971
        RESERVED
-       {DSA-4813-1}
+       {DSA-4813-1 DLA-2496-1}
        - firefox 84.0-1
        - firefox-esr 78.6.0esr-1
        - thunderbird 1:78.6.0-1
@@ -13509,8 +13521,8 @@ CVE-2020-26276
        RESERVED
 CVE-2020-26275
        RESERVED
-CVE-2020-26274
-       RESERVED
+CVE-2020-26274 (In systeminformation (npm package) before version 4.31.1 there 
is a co ...)
+       TODO: check
 CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, 
monitoring, ...)
        TODO: check
 CVE-2020-26272
@@ -16366,12 +16378,12 @@ CVE-2020-25098
        RESERVED
 CVE-2020-25097
        RESERVED
-CVE-2020-25096
-       RESERVED
-CVE-2020-25095
-       RESERVED
-CVE-2020-25094
-       RESERVED
+CVE-2020-25096 (LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access 
Control. Us ...)
+       TODO: check
+CVE-2020-25095 (LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web 
interface i ...)
+       TODO: check
+CVE-2020-25094 (LogRhythm Platform Manager 7.4.9 allows Command Injection. To 
exploit  ...)
+       TODO: check
 CVE-2020-25093 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS 
in blog.p ...)
        NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
 CVE-2020-25092 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS 
in _parts ...)
@@ -16561,10 +16573,10 @@ CVE-2020-25013 (JetBrains ToolBox before version 1.18 
is vulnerable to a Denial
        NOT-FOR-US: JetBrains
 CVE-2020-25012
        RESERVED
-CVE-2020-25011
-       RESERVED
-CVE-2020-25010
-       RESERVED
+CVE-2020-25011 (A sensitive information disclosure vulnerability in Kyland 
KPS2204 6 P ...)
+       TODO: check
+CVE-2020-25010 (An arbitrary code execution vulnerability in Kyland KPS2204 6 
Port Man ...)
+       TODO: check
 CVE-2020-25009
        RESERVED
 CVE-2020-25008
@@ -34955,7 +34967,7 @@ CVE-2020-16043
        RESERVED
 CVE-2020-16042
        RESERVED
-       {DSA-4813-1}
+       {DSA-4813-1 DLA-2496-1}
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
        - firefox 84.0-1
@@ -65644,16 +65656,16 @@ CVE-2020-4910
        RESERVED
 CVE-2020-4909
        RESERVED
-CVE-2020-4908
-       RESERVED
-CVE-2020-4907
-       RESERVED
-CVE-2020-4906
-       RESERVED
-CVE-2020-4905
-       RESERVED
-CVE-2020-4904
-       RESERVED
+CVE-2020-4908 (IBM Financial Transaction Manager for SWIFT Services for 
Multiplatform ...)
+       TODO: check
+CVE-2020-4907 (IBM Financial Transaction Manager for SWIFT Services for 
Multiplatform ...)
+       TODO: check
+CVE-2020-4906 (IBM Financial Transaction Manager for SWIFT Services for 
Multiplatform ...)
+       TODO: check
+CVE-2020-4905 (IBM Financial Transaction Manager for SWIFT Services for 
Multiplatform ...)
+       TODO: check
+CVE-2020-4904 (IBM Financial Transaction Manager for SWIFT Services for 
Multiplatform ...)
+       TODO: check
 CVE-2020-4903
        RESERVED
 CVE-2020-4902
@@ -66147,10 +66159,10 @@ CVE-2020-4660 (IBM Security Access Manager 9.0.7 and 
IBM Security Verify Access
        NOT-FOR-US: IBM
 CVE-2020-4659
        RESERVED
-CVE-2020-4658
-       RESERVED
-CVE-2020-4657
-       RESERVED
+CVE-2020-4658 (IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable 
to cro ...)
+       TODO: check
+CVE-2020-4657 (IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard 
Edition i ...)
+       TODO: check
 CVE-2020-4656
        RESERVED
 CVE-2020-4655 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 
6.0.3.2 a ...)
@@ -185645,6 +185657,7 @@ CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when 
generating an HTTP Digest a
        - apache2 2.4.33-1
        NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/7
 CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a 
use-after-fre ...)
+       {DSA-4814-1}
        - xerces-c 3.2.3+debian-2 (bug #947431)
        [buster] - xerces-c <postponed> (Minor issue, revisit when fixed 
upstream)
        [stretch] - xerces-c <postponed> (Minor issue, revisit when fixed 
upstream)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62afa193acdd2cc96db2cf8c558cd1bdde890608

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62afa193acdd2cc96db2cf8c558cd1bdde890608
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to