Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9142747c by security tracker role at 2020-12-29T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-35775
+ RESERVED
+CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter
TwitterServer (a ...)
+ TODO: check
+CVE-2020-35773 (The site-offline plugin before 1.4.4 for WordPress lacks
certain wp_cr ...)
+ TODO: check
+CVE-2020-35772
+ RESERVED
+CVE-2020-35771
+ RESERVED
+CVE-2020-35770
+ RESERVED
CVE-2020-35769 (miniserv.pl in Webmin 1.962 on Windows mishandles special
characters i ...)
- webmin <removed>
CVE-2020-35768
@@ -68,8 +80,8 @@ CVE-2020-35737
RESERVED
CVE-2020-35736 (GateOne 1.1 allows arbitrary file download without
authentication via ...)
NOT-FOR-US: GateOne
-CVE-2020-35735
- RESERVED
+CVE-2020-35735 (Vidyo 02-09-/D allows clickjacking via the portal/ URI. ...)
+ TODO: check
CVE-2020-35734
RESERVED
CVE-2020-35733
@@ -6592,18 +6604,18 @@ CVE-2020-29477
RESERVED
CVE-2020-29476
RESERVED
-CVE-2020-29475
- RESERVED
+CVE-2020-29475 (nopCommerce Store 4.30 is affected by cross-site scripting
(XSS) in th ...)
+ TODO: check
CVE-2020-29474 (EGavilan Media EGM Address Book 1.0 contains a SQL injection
vulnerabi ...)
NOT-FOR-US: EGavilan Media EGM Address Book
CVE-2020-29473
RESERVED
CVE-2020-29472 (EGavilan Media Under Construction page with cPanel 1.0
contains a SQL ...)
NOT-FOR-US: cPanel
-CVE-2020-29471
- RESERVED
-CVE-2020-29470
- RESERVED
+CVE-2020-29471 (OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in
the Prof ...)
+ TODO: check
+CVE-2020-29470 (OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in
the Subj ...)
+ TODO: check
CVE-2020-29469
RESERVED
CVE-2020-29468
@@ -11834,24 +11846,24 @@ CVE-2020-28285
RESERVED
CVE-2020-28284
RESERVED
-CVE-2020-28283
- RESERVED
-CVE-2020-28282
- RESERVED
-CVE-2020-28281
- RESERVED
-CVE-2020-28280
- RESERVED
-CVE-2020-28279
- RESERVED
-CVE-2020-28278
- RESERVED
-CVE-2020-28277
- RESERVED
-CVE-2020-28276
- RESERVED
-CVE-2020-28275
- RESERVED
+CVE-2020-28283 (Prototype pollution vulnerability in ‘libnested’
versions ...)
+ TODO: check
+CVE-2020-28282 (Prototype pollution vulnerability in ‘getobject’
version 0 ...)
+ TODO: check
+CVE-2020-28281 (Prototype pollution vulnerability in
‘set-object-value’ ve ...)
+ TODO: check
+CVE-2020-28280 (Prototype pollution vulnerability in ‘predefine’
versions ...)
+ TODO: check
+CVE-2020-28279 (Prototype pollution vulnerability in ‘flattenizer’
version ...)
+ TODO: check
+CVE-2020-28278 (Prototype pollution vulnerability in ‘shvl’
versions 1.0.0 ...)
+ TODO: check
+CVE-2020-28277 (Prototype pollution vulnerability in 'dset' versions 1.0.0
through 2.0 ...)
+ TODO: check
+CVE-2020-28276 (Prototype pollution vulnerability in 'deep-set' versions 1.0.0
through ...)
+ TODO: check
+CVE-2020-28275 (Prototype pollution vulnerability in 'cache-base' versions
0.7.0 throu ...)
+ TODO: check
CVE-2020-28274 (Prototype pollution vulnerability in 'deepref' versions 1.1.1
through ...)
NOT-FOR-US: Node deepref
CVE-2020-28273 (Prototype pollution vulnerability in 'set-in' versions 1.0.0
through 2 ...)
@@ -18092,8 +18104,8 @@ CVE-2020-25849 (MailGates and MailAudit products
contain Command Injection flaw,
NOT-FOR-US: MailGates and MailAudit
CVE-2020-25848
RESERVED
-CVE-2020-25847
- RESERVED
+CVE-2020-25847 (This command injection vulnerability allows attackers to
execute arbit ...)
+ TODO: check
CVE-2020-25846
RESERVED
CVE-2020-25845
@@ -35334,8 +35346,8 @@ CVE-2020-17535
RESERVED
CVE-2020-17534
RESERVED
-CVE-2020-17533
- RESERVED
+CVE-2020-17533 (Apache Accumulo versions 1.5.0 through 1.10.0 and version
2.0.0 do not ...)
+ TODO: check
CVE-2020-17532
RESERVED
CVE-2020-17531 (A Java Serialization vulnerability was found in Apache
Tapestry 4. Apa ...)
@@ -58162,8 +58174,8 @@ CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an
improper permissions managem
NOT-FOR-US: Huawei
CVE-2020-9224
RESERVED
-CVE-2020-9223
- RESERVED
+CVE-2020-9223 (There is a denial of service vulnerability in some Huawei
smartphones. ...)
+ TODO: check
CVE-2020-9222
RESERVED
CVE-2020-9221
@@ -58192,10 +58204,10 @@ CVE-2020-9210
RESERVED
CVE-2020-9209
RESERVED
-CVE-2020-9208
- RESERVED
-CVE-2020-9207
- RESERVED
+CVE-2020-9208 (There is an information leak vulnerability in iManager NetEco
6000 ver ...)
+ TODO: check
+CVE-2020-9207 (There is an improper authentication vulnerability in some
verisons of ...)
+ TODO: check
CVE-2020-9206
RESERVED
CVE-2020-9205
@@ -58358,10 +58370,10 @@ CVE-2020-9127 (Some Huawei products have a command
injection vulnerability. Due
NOT-FOR-US: Huawei
CVE-2020-9126
RESERVED
-CVE-2020-9125
- RESERVED
-CVE-2020-9124
- RESERVED
+CVE-2020-9125 (There is an out-of-bound read vulnerability in huawei
smartphone Mate ...)
+ TODO: check
+CVE-2020-9124 (There is a memory leak vulnerability in some versions of Huawei
CloudE ...)
+ TODO: check
CVE-2020-9123 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8)
and versi ...)
NOT-FOR-US: Huawei
CVE-2020-9122 (Some Huawei products have an insufficient input verification
vulnerabi ...)
@@ -58420,10 +58432,10 @@ CVE-2020-9096 (HUAWEI P30 Pro smartphones with
Versions earlier than 10.1.0.160(
NOT-FOR-US: Huawei
CVE-2020-9095 (HUAWEI P30 Pro smartphone with Versions earlier than
10.1.0.160(C00E16 ...)
NOT-FOR-US: Huawei
-CVE-2020-9094
- RESERVED
-CVE-2020-9093
- RESERVED
+CVE-2020-9094 (There is an out of bound read vulnerability in some verisons of
Huawei ...)
+ TODO: check
+CVE-2020-9093 (There is a use after free vulnerability in Taurus-AL00A
versions 10.0. ...)
+ TODO: check
CVE-2020-9092 (HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8)
have a Ja ...)
NOT-FOR-US: Huawei
CVE-2020-9091 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have
an out ...)
@@ -66794,20 +66806,20 @@ CVE-2020-5809
RESERVED
CVE-2020-5808 (In certain scenarios in Tenable.sc prior to 5.17.0, a scanner
could po ...)
NOT-FOR-US: Tenable
-CVE-2020-5807
- RESERVED
-CVE-2020-5806
- RESERVED
+CVE-2020-5807 (An unauthenticated remote attacker can send data to
RsvcHost.exe liste ...)
+ TODO: check
+CVE-2020-5806 (An attacker-controlled memory allocation size can be passed to
the C++ ...)
+ TODO: check
CVE-2020-5805
RESERVED
CVE-2020-5804
RESERVED
CVE-2020-5803 (Relative Path Traversal in Marvell QConvergeConsole GUI
5.5.0.74 allow ...)
NOT-FOR-US: Marvell QConvergeConsole GUI
-CVE-2020-5802
- RESERVED
-CVE-2020-5801
- RESERVED
+CVE-2020-5802 (An attacker-controlled memory allocation size can be passed to
the C++ ...)
+ TODO: check
+CVE-2020-5801 (An attacker can craft and send an OpenNamespace message to port
4241 w ...)
+ TODO: check
CVE-2020-5800 (The Eat Spray Love mobile app for both iOS and Android contains
logic ...)
NOT-FOR-US: Eat Spray Love mobile app
CVE-2020-5799 (The Eat Spray Love mobile app for both iOS and Android contains
a back ...)
@@ -77798,8 +77810,8 @@ CVE-2020-1850
RESERVED
CVE-2020-1849
RESERVED
-CVE-2020-1848
- RESERVED
+CVE-2020-1848 (There is a resource management error vulnerability in
Jackman-AL00D ve ...)
+ TODO: check
CVE-2020-1847 (There is a denial of service vulnerability in some Huawei
products. Th ...)
NOT-FOR-US: Huawei
CVE-2020-1846
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9142747ccc46643595f1b5246d27a0568a66565d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9142747ccc46643595f1b5246d27a0568a66565d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
