Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
be756f3f by security tracker role at 2020-12-24T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-35678
+ RESERVED
+CVE-2020-35677 (BigProf Online Invoicing System before 4.0 fails to adequately
sanitiz ...)
+ TODO: check
+CVE-2020-35676 (BigProf Online Invoicing System before 3.1 fails to correctly
sanitize ...)
+ TODO: check
+CVE-2020-35675 (BigProf Online Invoicing System before 3.0 offers a
functionality that ...)
+ TODO: check
+CVE-2020-35674 (BigProf Online Invoicing System before 2.9 suffers from an
unauthentic ...)
+ TODO: check
+CVE-2020-35673
+ RESERVED
+CVE-2020-35672
+ RESERVED
+CVE-2020-35671
+ RESERVED
+CVE-2020-35670
+ RESERVED
+CVE-2020-35669 (An issue was discovered in the http package through 0.12.2 for
Dart. I ...)
+ TODO: check
+CVE-2020-35668 (RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference
that lead ...)
+ TODO: check
+CVE-2020-35667
+ RESERVED
+CVE-2020-35666 (Steedos Platform through 1.21.24 allows NoSQL injection
because the /a ...)
+ TODO: check
CVE-2020-35665 (An unauthenticated command-execution vulnerability exists in
TerraMast ...)
TODO: check
CVE-2020-35664
@@ -4077,7 +4103,7 @@ CVE-2020-29670
CVE-2020-29669 (In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010,
the Gue ...)
NOT-FOR-US: Macally WIFISD2-2A82 Media and Travel Router
CVE-2020-29668 (Sympa before 6.2.59b.2 allows remote attackers to obtain full
SOAP API ...)
- {DLA-2499-1}
+ {DSA-4818-1 DLA-2499-1}
- sympa 6.2.58~dfsg-2 (bug #976020)
NOTE: https://github.com/sympa-community/sympa/issues/1041
NOTE: https://github.com/sympa-community/sympa/pull/1044
@@ -53316,7 +53342,7 @@ CVE-2020-10938 (GraphicsMagick before 1.3.35 has an
integer overflow and resulta
CVE-2020-10937 (An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An
attacker can ...)
- ipfs <itp> (bug #779893)
CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
- {DLA-2401-1}
+ {DSA-4818-1 DLA-2401-1}
- sympa 6.2.40~dfsg-5 (bug #961491)
NOTE: https://sympa-community.github.io/security/2020-002.html
NOTE: Patch:
https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch
@@ -53324,7 +53350,7 @@ CVE-2020-10936 (Sympa before 6.2.56 allows privilege
escalation. ...)
NOTE:
https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/
NOTE: https://github.com/sympa-community/sympa/issues/943
CVE-2020-26932 (debian/sympa.postinst for the Debian Sympa package before
6.2.40~dfsg- ...)
- {DLA-2401-1}
+ {DSA-4818-1 DLA-2401-1}
- sympa 6.2.40~dfsg-7 (bug #971904)
NOTE: Debian specific issue where sympa_newaliases-wrapper had loose
permissions
NOTE: (already suid root and word-executable) allowing to gain root
privileges
@@ -57485,6 +57511,7 @@ CVE-2020-9371 (Stored XSS exists in the Appointment
Booking Calendar plugin befo
CVE-2020-9370 (HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking.
...)
NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices
CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a
denial ...)
+ {DSA-4818-1}
- sympa 6.2.40~dfsg-4 (low; bug #952428)
[stretch] - sympa <not-affected> (Vulnerability introduced later in
6.2.38)
[jessie] - sympa <not-affected> (Vulnerability introduced later in
6.2.38)
@@ -66757,14 +66784,14 @@ CVE-2020-5686
RESERVED
CVE-2020-5685
RESERVED
-CVE-2020-5684
- RESERVED
+CVE-2020-5684 (iSM client versions from V5.1 prior to V12.1 running on NEC
Storage Ma ...)
+ TODO: check
CVE-2020-5683 (Directory traversal vulnerability in GROWI versions prior to
v4.2.3 (v ...)
NOT-FOR-US: GROWI
CVE-2020-5682 (Improper input validation in GROWI versions prior to v4.2.3
(v4.2 Seri ...)
NOT-FOR-US: GROWI
-CVE-2020-5681
- RESERVED
+CVE-2020-5681 (Untrusted search path vulnerability in self-extracting files
created b ...)
+ TODO: check
CVE-2020-5680 (Improper input validation vulnerability in EC-CUBE versions
from 3.0.5 ...)
NOT-FOR-US: EC-CUBE
CVE-2020-5679 (Improper restriction of rendered UI layers or frames in EC-CUBE
versio ...)
@@ -75430,20 +75457,20 @@ CVE-2020-2507
RESERVED
CVE-2020-2506
RESERVED
-CVE-2020-2505
- RESERVED
-CVE-2020-2504
- RESERVED
-CVE-2020-2503
- RESERVED
+CVE-2020-2505 (If exploited, this vulnerability could allow attackers to gain
sensiti ...)
+ TODO: check
+CVE-2020-2504 (If exploited, this absolute path traversal vulnerability could
allow a ...)
+ TODO: check
+CVE-2020-2503 (If exploited, this stored cross-site scripting vulnerability
could all ...)
+ TODO: check
CVE-2020-2502
RESERVED
CVE-2020-2501
RESERVED
CVE-2020-2500 (This improper access control vulnerability in Helpdesk allows
attacker ...)
NOT-FOR-US: QNAP
-CVE-2020-2499
- RESERVED
+CVE-2020-2499 (A hard-coded password vulnerability has been reported to affect
earlie ...)
+ TODO: check
CVE-2020-2498 (If exploited, this cross-site scripting vulnerability could
allow remo ...)
NOT-FOR-US: QNAP
CVE-2020-2497 (If exploited, this cross-site scripting vulnerability could
allow remo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be756f3ff4a4c443a1915a2a35e9ea4d480dcfc2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be756f3ff4a4c443a1915a2a35e9ea4d480dcfc2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
