[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Thu, 24 Dec 2020 12:10:32 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f71fa802 by security tracker role at 2020-12-24T20:10:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2020-35696
+       RESERVED
+CVE-2020-35695
+       RESERVED
+CVE-2020-35694
+       RESERVED
+CVE-2020-35693 (On some Samsung phones and tablets running Android through 
7.1.1, it i ...)
+       TODO: check
+CVE-2020-35692
+       RESERVED
+CVE-2020-35691
+       RESERVED
+CVE-2020-35690
+       RESERVED
+CVE-2020-35689
+       RESERVED
+CVE-2020-35688
+       RESERVED
+CVE-2020-35687
+       RESERVED
+CVE-2020-35686
+       RESERVED
+CVE-2020-35685
+       RESERVED
+CVE-2020-35684
+       RESERVED
+CVE-2020-35683
+       RESERVED
+CVE-2020-35682
+       RESERVED
+CVE-2020-35681
+       RESERVED
+CVE-2020-35680 (smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain 
configurati ...)
+       TODO: check
+CVE-2020-35679 (smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain 
regfree, whi ...)
+       TODO: check
 CVE-2020-35678
        RESERVED
 CVE-2020-35677 (BigProf Online Invoicing System before 4.0 fails to adequately 
sanitiz ...)
@@ -36,8 +72,8 @@ CVE-2020-35661
        RESERVED
 CVE-2020-35660
        RESERVED
-CVE-2020-35659
-       RESERVED
+CVE-2020-35659 (The DNS query log in Pi-hole before 5.2.2 is vulnerable to 
stored XSS. ...)
+       TODO: check
 CVE-2020-35658 (SpamTitan before 7.09 allows attackers to tamper with backups, 
because ...)
        NOT-FOR-US: SpamTitan
 CVE-2020-35657 (Jaws through 1.8.0 allows remote authenticated administrators 
to execu ...)
@@ -6969,8 +7005,8 @@ CVE-2020-29191
        RESERVED
 CVE-2020-29190
        RESERVED
-CVE-2020-29189
-       RESERVED
+CVE-2020-29189 (Incorrect Access Control vulnerability in TerraMaster TOS 
&lt;= 4.2.06 ...)
+       TODO: check
 CVE-2020-29188
        RESERVED
 CVE-2020-29187
@@ -11790,20 +11826,20 @@ CVE-2020-28192
        RESERVED
 CVE-2020-28191
        RESERVED
-CVE-2020-28190
-       RESERVED
+CVE-2020-28190 (TerraMaster TOS &lt;= 4.2.06 was found to check for updates 
(of both s ...)
+       TODO: check
 CVE-2020-28189
-       RESERVED
-CVE-2020-28188
-       RESERVED
-CVE-2020-28187
-       RESERVED
-CVE-2020-28186
-       RESERVED
-CVE-2020-28185
-       RESERVED
-CVE-2020-28184
-       RESERVED
+       REJECTED
+CVE-2020-28188 (Remote Command Execution (RCE) vulnerability in TerraMaster 
TOS &lt;=  ...)
+       TODO: check
+CVE-2020-28187 (Multiple directory traversal vulnerabilities in TerraMaster 
TOS &lt;=  ...)
+       TODO: check
+CVE-2020-28186 (Email Injection in TerraMaster TOS &lt;= 4.2.06 allows remote 
unauthen ...)
+       TODO: check
+CVE-2020-28185 (User Enumeration vulnerability in TerraMaster TOS &lt;= 4.2.06 
allows  ...)
+       TODO: check
+CVE-2020-28184 (Cross-site scripting (XSS) vulnerability in TerraMaster TOS 
&lt;= 4.2. ...)
+       TODO: check
 CVE-2020-28183 (SQL injection vulnerability in SourceCodester Water Billing 
System 1.0 ...)
        NOT-FOR-US: SourceCodester Water Billing System
 CVE-2020-28182
@@ -11832,8 +11868,8 @@ CVE-2020-28171
        RESERVED
 CVE-2020-28170
        RESERVED
-CVE-2020-28169
-       RESERVED
+CVE-2020-28169 (The td-agent-builder plugin before 2020-12-18 for Fluentd 
allows attac ...)
+       TODO: check
 CVE-2020-28168 (Axios NPM package 0.21.0 contains a Server-Side Request 
Forgery (SSRF) ...)
        - node-axios <unfixed> (bug #975305)
        [buster] - node-axios <no-dsa> (Minor issue)
@@ -13234,38 +13270,38 @@ CVE-2020-27731
        RESERVED
 CVE-2020-27730 (In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX 
Controller  ...)
        NOT-FOR-US: NGINX Controller
-CVE-2020-27729
-       RESERVED
-CVE-2020-27728
-       RESERVED
-CVE-2020-27727
-       RESERVED
-CVE-2020-27726
-       RESERVED
-CVE-2020-27725
-       RESERVED
-CVE-2020-27724
-       RESERVED
-CVE-2020-27723
-       RESERVED
-CVE-2020-27722
-       RESERVED
-CVE-2020-27721
-       RESERVED
-CVE-2020-27720
-       RESERVED
-CVE-2020-27719
-       RESERVED
-CVE-2020-27718
-       RESERVED
-CVE-2020-27717
-       RESERVED
-CVE-2020-27716
-       RESERVED
-CVE-2020-27715
-       RESERVED
-CVE-2020-27714
-       RESERVED
+CVE-2020-27729 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 
13.1.0-13 ...)
+       TODO: check
+CVE-2020-27728 (On BIG-IP ASM &amp; Advanced WAF versions 16.0.0-16.0.0.1, 
15.1.0-15.1 ...)
+       TODO: check
+CVE-2020-27727 (On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 
14.1.0-14.1.3, and ...)
+       TODO: check
+CVE-2020-27726 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 
13.1.0-13 ...)
+       TODO: check
+CVE-2020-27725 (In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 
12.1.0-12. ...)
+       TODO: check
+CVE-2020-27724 (In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 
15.0.0-15.0.1 ...)
+       TODO: check
+CVE-2020-27723 (In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM 
virtual se ...)
+       TODO: check
+CVE-2020-27722 (In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 
13.1.0-13.1 ...)
+       TODO: check
+CVE-2020-27721 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 
13.1.0-13.1 ...)
+       TODO: check
+CVE-2020-27720 (On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 
14.1.0-1 ...)
+       TODO: check
+CVE-2020-27719 (On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, 
a cross ...)
+       TODO: check
+CVE-2020-27718 (When a BIG-IP ASM or Advanced WAF system running version 
16.0.0-16.0.0 ...)
+       TODO: check
+CVE-2020-27717 (On BIG-IP DNS 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 
13.1.0- ...)
+       TODO: check
+CVE-2020-27716 (On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 
12.1.0-12 ...)
+       TODO: check
+CVE-2020-27715 (On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS 
request to th ...)
+       TODO: check
+CVE-2020-27714 (On the BIG-IP AFM version 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 
13.1.0-1 ...)
+       TODO: check
 CVE-2020-27713 (In certain configurations on version 13.1.3.4, when a BIG-IP 
AFM HTTP  ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2020-27712
@@ -20687,8 +20723,8 @@ CVE-2020-24659 (An issue was discovered in GnuTLS 
before 3.6.15. A server can tr
        NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04
        NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1071
        NOTE: 
https://gitlab.com/gnutls/gnutls/-/commit/29ee67c205855e848a0a26e6d0e4f65b6b943e0a
-CVE-2020-24658
-       RESERVED
+CVE-2020-24658 (Arm Compiler 5 through 5.06u6 has an error in a stack 
protection featu ...)
+       TODO: check
 CVE-2020-24657
        RESERVED
 CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...)
@@ -57951,12 +57987,12 @@ CVE-2020-9204
        RESERVED
 CVE-2020-9203
        RESERVED
-CVE-2020-9202
-       RESERVED
-CVE-2020-9201
-       RESERVED
-CVE-2020-9200
-       RESERVED
+CVE-2020-9202 (There is an information disclosure vulnerability in TE Mobile 
software ...)
+       TODO: check
+CVE-2020-9201 (There is an out-of-bounds read vulnerability in some versions 
of NIP68 ...)
+       TODO: check
+CVE-2020-9200 (There has a CSV injection vulnerability in iManager NetEco 6000 
versio ...)
+       TODO: check
 CVE-2020-9199 (B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 
have a  ...)
        NOT-FOR-US: Huawei
 CVE-2020-9198
@@ -58081,8 +58117,8 @@ CVE-2020-9139
        RESERVED
 CVE-2020-9138
        RESERVED
-CVE-2020-9137
-       RESERVED
+CVE-2020-9137 (There is a privilege escalation vulnerability in some versions 
of Clou ...)
+       TODO: check
 CVE-2020-9136
        RESERVED
 CVE-2020-9135
@@ -58115,10 +58151,10 @@ CVE-2020-9122 (Some Huawei products have an 
insufficient input verification vuln
        NOT-FOR-US: Huawei
 CVE-2020-9121
        RESERVED
-CVE-2020-9120
-       RESERVED
-CVE-2020-9119
-       RESERVED
+CVE-2020-9120 (CloudEngine 1800V versions V100R019C10SPC500 has a resource 
management ...)
+       TODO: check
+CVE-2020-9119 (There is a privilege escalation vulnerability on some Huawei 
smart pho ...)
+       TODO: check
 CVE-2020-9118
        RESERVED
 CVE-2020-9117 (HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and 
SydneyM ...)
@@ -61575,7 +61611,7 @@ CVE-2020-7776 (This affects the package 
phpoffice/phpspreadsheet from 0.0.0. The
        TODO: check
 CVE-2020-7775
        RESERVED
-CVE-2020-7774 (This affects the package y18n before 5.0.5. PoC by po6ix: const 
y18n = ...)
+CVE-2020-7774 (This affects the package y18n before 4.0.1 and 5.0.5. PoC by 
po6ix: co ...)
        - node-y18n 4.0.0-3 (bug #976390)
        [buster] - node-y18n <no-dsa> (Minor issue)
        [stretch] - node-y18n <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f71fa8023e05b2ec4f98a800db81f266f788965b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f71fa8023e05b2ec4f98a800db81f266f788965b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to