[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Fri, 18 Dec 2020 12:10:49 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
05944fbd by security tracker role at 2020-12-18T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2020-35570
+       RESERVED
+CVE-2020-35569
+       RESERVED
+CVE-2020-35568
+       RESERVED
+CVE-2020-35567
+       RESERVED
+CVE-2020-35566
+       RESERVED
+CVE-2020-35565
+       RESERVED
+CVE-2020-35564
+       RESERVED
+CVE-2020-35563
+       RESERVED
+CVE-2020-35562
+       RESERVED
+CVE-2020-35561
+       RESERVED
+CVE-2020-35560
+       RESERVED
+CVE-2020-35559
+       RESERVED
+CVE-2020-35558
+       RESERVED
+CVE-2020-35557
+       RESERVED
+CVE-2020-35556
+       RESERVED
+CVE-2020-35555 (An issue was discovered on LG mobile devices with Android OS 
10 softwa ...)
+       TODO: check
+CVE-2020-35554 (An issue was discovered on LG mobile devices with Android OS 
8.0, 8.1, ...)
+       TODO: check
+CVE-2020-35553 (An issue was discovered on Samsung mobile devices with Q(10.0) 
and R(1 ...)
+       TODO: check
+CVE-2020-35552 (An issue was discovered in the GPS daemon on Samsung mobile 
devices wi ...)
+       TODO: check
+CVE-2020-35551 (An issue was discovered on Samsung mobile devices with O(8.x), 
P(9.0), ...)
+       TODO: check
+CVE-2020-35550 (An issue was discovered on Samsung mobile devices with O(8.x), 
P(9.0), ...)
+       TODO: check
+CVE-2020-35549 (An issue was discovered on Samsung mobile devices with O(8.x), 
P(9.0), ...)
+       TODO: check
+CVE-2020-35548 (An issue was discovered in Finder on Samsung mobile devices 
with Q(10. ...)
+       TODO: check
 CVE-2021-21005
        RESERVED
 CVE-2021-21004
@@ -2151,37 +2197,35 @@ CVE-2020-35482
        RESERVED
 CVE-2020-35481
        RESERVED
-CVE-2020-35480 [Divergent behavior for contributions and user pages of hidden 
users and missing users]
-       RESERVED
+CVE-2020-35480 (An issue was discovered in MediaWiki before 1.35.1. Missing 
users (acc ...)
+       {DSA-4816-1}
        - mediawiki 1:1.35.1-1
        NOTE: https://phabricator.wikimedia.org/T120883
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
-CVE-2020-35479 [BlockLogFormatter can output raw html]
-       RESERVED
+CVE-2020-35479 (MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. 
Language ...)
+       {DSA-4816-1}
        - mediawiki 1:1.35.1-1
        NOTE: https://phabricator.wikimedia.org/T268938
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
-CVE-2020-35478 [BlockLogFormatter can output raw html]
-       RESERVED
+CVE-2020-35478 (MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. 
MediaWik ...)
        - mediawiki 1:1.35.1-1
        [buster] - mediawiki <not-affected> (Introduced in 1.33)
        [stretch] - mediawiki <not-affected> (Introduced in 1.33)
        NOTE: https://phabricator.wikimedia.org/T268938
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
-CVE-2020-35477 [Unable to change visibility of log entries when 
MediaWiki:Mainpage uses Special:MyLanguage]
-       RESERVED
+CVE-2020-35477 (MediaWiki before 1.35.1 blocks legitimate attempts to hide log 
entries ...)
+       {DSA-4816-1}
        - mediawiki 1:1.35.1-1
        NOTE: https://phabricator.wikimedia.org/T205908
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
 CVE-2020-35476 (A remote code execution vulnerability occurs in OpenTSDB 
through 2.4.0 ...)
        NOT-FOR-US: OpenTSDB
-CVE-2020-35475 [Messages userrights-expiry-current and userrights-expiry-none 
can contain raw html]
-       RESERVED
+CVE-2020-35475 (In MediaWiki before 1.35.1, the messages 
userrights-expiry-current and ...)
+       {DSA-4816-1}
        - mediawiki 1:1.35.1-1
        NOTE: https://phabricator.wikimedia.org/T268917
        NOTE: 
https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
-CVE-2020-35474 [Message recentchanges-legend-watchlistexpiry can contain raw 
html]
-       RESERVED
+CVE-2020-35474 (In MediaWiki before 1.35.1, the combination of 
Html::rawElement and Me ...)
        - mediawiki 1:1.35.1-1
        [buster] - mediawiki <not-affected> (Introduced in 1.35)
        [stretch] - mediawiki <not-affected> (Introduced in 1.35)
@@ -12178,8 +12222,8 @@ CVE-2020-27689 (The Relish (Verve Connect) VH510 device 
with firmware before 1.0
        NOT-FOR-US: Relish (Verve Connect) VH510 device
 CVE-2020-27688 (RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to 
encrypt ...)
        NOT-FOR-US: RVTools
-CVE-2020-27687
-       RESERVED
+CVE-2020-27687 (ThingsBoard before v3.2 is vulnerable to Host header injection 
in pass ...)
+       TODO: check
 CVE-2020-27686
        RESERVED
 CVE-2020-27685
@@ -12665,10 +12709,10 @@ CVE-2020-27642 (A cross-site scripting (XSS) 
vulnerability exists in the 'merge
        NOT-FOR-US: BigBlueButton
 CVE-2020-27641
        REJECTED
-CVE-2020-27640
-       RESERVED
-CVE-2020-27639
-       RESERVED
+CVE-2020-27640 (The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet 
phones with ...)
+       TODO: check
+CVE-2020-27639 (The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 
SIP phone ...)
+       TODO: check
 CVE-2020-27637
        RESERVED
 CVE-2020-27636
@@ -13328,8 +13372,8 @@ CVE-2020-27342
        RESERVED
 CVE-2020-27341
        RESERVED
-CVE-2020-27340
-       RESERVED
+CVE-2020-27340 (The online help portal of Mitel MiCollab before 9.2 could 
allow an att ...)
+       TODO: check
 CVE-2020-27339
        RESERVED
 CVE-2020-27338
@@ -13721,8 +13765,8 @@ CVE-2020-27156 (Veritas APTARE versions prior to 10.5 
did not perform adequate a
        NOT-FOR-US: Veritas
 CVE-2020-27155 (An issue was discovered in Octopus Deploy through 2020.4.4. If 
enabled ...)
        NOT-FOR-US: Octopus Deploy
-CVE-2020-27154
-       RESERVED
+CVE-2020-27154 (The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client 
for Win ...)
+       TODO: check
 CVE-2020-27152 (An issue was discovered in ioapic_lazy_update_eoi in 
arch/x86/kvm/ioap ...)
        - linux 5.9.6-1
        [buster] - linux <not-affected> (Vulnerable code not present)
@@ -15704,8 +15748,8 @@ CVE-2020-26282
        RESERVED
 CVE-2020-26281
        RESERVED
-CVE-2020-26280
-       RESERVED
+CVE-2020-26280 (OpenSlides is a free, Web-based presentation and assembly 
system for m ...)
+       TODO: check
 CVE-2020-26279
        RESERVED
 CVE-2020-26278
@@ -15769,8 +15813,8 @@ CVE-2020-26253 (Kirby is a CMS. In Kirby CMS 
(getkirby/cms) before version 3.3.6
        NOT-FOR-US: Kirby CMS
 CVE-2020-26252
        RESERVED
-CVE-2020-26251
-       RESERVED
+CVE-2020-26251 (Open Zaak is a modern, open-source data- and services-layer to 
enable  ...)
+       TODO: check
 CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In 
oauthent ...)
        NOT-FOR-US: JupyterHub login mechanism
 CVE-2020-26249 (Red Discord Bot Dashboard is an easy-to-use interactive web 
dashboard  ...)
@@ -15929,22 +15973,22 @@ CVE-2020-26180
        RESERVED
 CVE-2020-26179
        RESERVED
-CVE-2020-26178
-       RESERVED
-CVE-2020-26177
-       RESERVED
-CVE-2020-26176
-       RESERVED
-CVE-2020-26175
-       RESERVED
-CVE-2020-26174
-       RESERVED
-CVE-2020-26173
-       RESERVED
-CVE-2020-26172
-       RESERVED
-CVE-2020-26171
-       RESERVED
+CVE-2020-26178 (In tangro Business Workflow before 1.18.1, knowing an 
attachment ID, i ...)
+       TODO: check
+CVE-2020-26177 (In tangro Business Workflow before 1.18.1, a user's profile 
contains s ...)
+       TODO: check
+CVE-2020-26176 (An issue was discovered in tangro Business Workflow before 
1.18.1. No  ...)
+       TODO: check
+CVE-2020-26175 (In tangro Business Workflow before 1.18.1, an attacker can 
manipulate  ...)
+       TODO: check
+CVE-2020-26174 (tangro Business Workflow before 1.18.1 requests a list of 
allowed file ...)
+       TODO: check
+CVE-2020-26173 (An incorrect access control implementation in Tangro Business 
Workflow ...)
+       TODO: check
+CVE-2020-26172 (Every login in tangro Business Workflow before 1.18.1 
generates the sa ...)
+       TODO: check
+CVE-2020-26171 (In tangro Business Workflow before 1.18.1, the documentId of 
attachmen ...)
+       TODO: check
 CVE-2020-26170
        RESERVED
 CVE-2020-26169
@@ -16565,8 +16609,8 @@ CVE-2020-25903
        RESERVED
 CVE-2020-25902
        RESERVED
-CVE-2020-25901
-       RESERVED
+CVE-2020-25901 (Host Header Injection in Spiceworks 7.5.7.0 allowing the 
attacker to r ...)
+       TODO: check
 CVE-2020-25900
        RESERVED
 CVE-2020-25899
@@ -17429,20 +17473,20 @@ CVE-2020-25613 (An issue was discovered in Ruby 
through 2.5.8, 2.6.x through 2.6
        - jruby <unfixed> (bug #972230)
        NOTE: 
https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
        NOTE: Fix in webrick: 
https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7
-CVE-2020-25612
-       RESERVED
-CVE-2020-25611
-       RESERVED
-CVE-2020-25610
-       RESERVED
-CVE-2020-25609
-       RESERVED
-CVE-2020-25608
-       RESERVED
+CVE-2020-25612 (The NuPoint Messenger of Mitel MiCollab before 9.2 could allow 
an atta ...)
+       TODO: check
+CVE-2020-25611 (The AWV portal of Mitel MiCollab before 9.2 could allow an 
attacker to ...)
+       TODO: check
+CVE-2020-25610 (The AWV component of Mitel MiCollab before 9.2 could allow an 
attacker ...)
+       TODO: check
+CVE-2020-25609 (The NuPoint Messenger Portal of Mitel MiCollab before 9.2 
could allow  ...)
+       TODO: check
+CVE-2020-25608 (The SAS portal of Mitel MiCollab before 9.2 could allow an 
attacker to ...)
+       TODO: check
 CVE-2020-25607
        RESERVED
-CVE-2020-25606
-       RESERVED
+CVE-2020-25606 (The AWV component of Mitel MiCollab before 9.2 could allow an 
attacker ...)
+       TODO: check
 CVE-2020-25605
        RESERVED
 CVE-2020-25604 (An issue was discovered in Xen through 4.14.x. There is a race 
conditi ...)
@@ -17690,10 +17734,10 @@ CVE-2020-25497
        RESERVED
 CVE-2020-25496
        RESERVED
-CVE-2020-25495
-       RESERVED
-CVE-2020-25494
-       RESERVED
+CVE-2020-25495 (A reflected Cross-site scripting (XSS) vulnerability in Xinuo 
(formerl ...)
+       TODO: check
+CVE-2020-25494 (Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to 
execute ...)
+       TODO: check
 CVE-2020-25493
        RESERVED
 CVE-2020-25492
@@ -19452,8 +19496,8 @@ CVE-2020-24695
        RESERVED
 CVE-2020-24694
        RESERVED
-CVE-2020-24693
-       RESERVED
+CVE-2020-24693 (The Ignite portal in Mitel MiContact Center Business before 
9.3.0.0 co ...)
+       TODO: check
 CVE-2020-24692 (The Ignite portal in Mitel MiContact Center Business before 
9.3.0.0 co ...)
        NOT-FOR-US: Mitel
 CVE-2020-24691
@@ -28376,12 +28420,12 @@ CVE-2020-20302
        RESERVED
 CVE-2020-20301
        RESERVED
-CVE-2020-20300
-       RESERVED
-CVE-2020-20299
-       RESERVED
-CVE-2020-20298
-       RESERVED
+CVE-2020-20300 (SQL injection vulnerability in the wp_where function in WeiPHP 
5.0. ...)
+       TODO: check
+CVE-2020-20299 (WeiPHP 5.0 does not properly restrict access to pages, related 
to usin ...)
+       TODO: check
+CVE-2020-20298 (Eval injection vulnerability in the parserCommom method in the 
ParserT ...)
+       TODO: check
 CVE-2020-20297
        RESERVED
 CVE-2020-20296
@@ -28406,8 +28450,8 @@ CVE-2020-20287
        RESERVED
 CVE-2020-20286
        RESERVED
-CVE-2020-20285
-       RESERVED
+CVE-2020-20285 (There is a XSS in the user login page in zzcms 2019. Users can 
inject  ...)
+       TODO: check
 CVE-2020-20284
        RESERVED
 CVE-2020-20283
@@ -28422,10 +28466,10 @@ CVE-2020-20279
        RESERVED
 CVE-2020-20278
        RESERVED
-CVE-2020-20277
-       RESERVED
-CVE-2020-20276
-       RESERVED
+CVE-2020-20277 (There are multiple unauthenticated directory traversal 
vulnerabilities ...)
+       TODO: check
+CVE-2020-20276 (An unauthenticated stack-based buffer overflow vulnerability 
in common ...)
+       TODO: check
 CVE-2020-20275
        RESERVED
 CVE-2020-20274
@@ -68149,8 +68193,8 @@ CVE-2020-4766
        RESERVED
 CVE-2020-4765
        RESERVED
-CVE-2020-4764
-       RESERVED
+CVE-2020-4764 (IBM Planning Analytics 2.0 is vulnerable to cross-site request 
forgery ...)
+       TODO: check
 CVE-2020-4763 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 
through  ...)
        NOT-FOR-US: IBM
 CVE-2020-4762
@@ -86893,12 +86937,12 @@ CVE-2019-16959
        RESERVED
 CVE-2019-16958 (Cross-site Scripting (XSS) vulnerability in SolarWinds Web 
Help Desk 1 ...)
        NOT-FOR-US:  SolarWinds Web Help Desk
-CVE-2019-16957
-       RESERVED
+CVE-2019-16957 (SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name 
field of ...)
+       TODO: check
 CVE-2019-16956
        RESERVED
-CVE-2019-16955
-       RESERVED
+CVE-2019-16955 (SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG 
documen ...)
+       TODO: check
 CVE-2019-16954
        RESERVED
 CVE-2019-16953



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05944fbdbae5cd67ec040c6b7d19eed98c4f256b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05944fbdbae5cd67ec040c6b7d19eed98c4f256b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to