Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca41c737 by security tracker role at 2020-09-02T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,14 @@
-CVE-2020-25073 [apache: /server-status page publicly visible through Tor or
Pagekite]
+CVE-2020-25074
+ RESERVED
+CVE-2020-25072
+ RESERVED
+CVE-2020-25071
+ RESERVED
+CVE-2020-25070 (USVN (aka User-friendly SVN) before 1.0.10 allows CSRF,
related to the ...)
+ TODO: check
+CVE-2020-25069 (USVN (aka User-friendly SVN) before 1.0.10 allows attackers to
execute ...)
+ TODO: check
+CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain
sensitive i ...)
- plinth <unfixed>
[buster] - plinth <no-dsa> (Minor issue)
NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935
@@ -230,8 +240,8 @@ CVE-2020-24957
RESERVED
CVE-2020-24956
RESERVED
-CVE-2020-24955
- RESERVED
+CVE-2020-24955 (SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable
to local ...)
+ TODO: check
CVE-2020-24954
RESERVED
CVE-2020-24953
@@ -17937,20 +17947,20 @@ CVE-2020-16212
RESERVED
CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
An out- ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2020-16210
- RESERVED
+CVE-2020-16210 (The affected product is vulnerable to reflected cross-site
scripting, ...)
+ TODO: check
CVE-2020-16209
RESERVED
-CVE-2020-16208
- RESERVED
+CVE-2020-16208 (The affected product is vulnerable to cross-site request
forgery, whic ...)
+ TODO: check
CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
Multipl ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2020-16206
- RESERVED
+CVE-2020-16206 (The affected product is vulnerable to stored cross-site
scripting, whi ...)
+ TODO: check
CVE-2020-16205 (Using a specially crafted URL command, a remote authenticated
user can ...)
NOT-FOR-US: G-Cam and G-Code
-CVE-2020-16204
- RESERVED
+CVE-2020-16204 (The affected product is vulnerable due to an undocumented
interface fo ...)
+ TODO: check
CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions
1.01.23 and ...)
NOT-FOR-US: Delta Industrial Automation
CVE-2020-16202
@@ -23762,8 +23772,7 @@ CVE-2020-13948
RESERVED
CVE-2020-13947
RESERVED
-CVE-2020-13946
- RESERVED
+CVE-2020-13946 (In Apache Cassandra, all versions prior to 2.1.22, 2.2.18,
3.0.22, 3.1 ...)
- cassandra <itp> (bug #585905)
CVE-2020-13945
RESERVED
@@ -39362,8 +39371,8 @@ CVE-2020-8343
RESERVED
CVE-2020-8342
RESERVED
-CVE-2020-8341
- RESERVED
+CVE-2020-8341 (In Lenovo systems, SMM BIOS Write Protection is used to prevent
writes ...)
+ TODO: check
CVE-2020-8340
RESERVED
CVE-2020-8339
@@ -39374,8 +39383,8 @@ CVE-2020-8337 (An unquoted search path vulnerability
was reported in versions pr
NOT-FOR-US: Synaptics Smart Audio UWP app
CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on
some Th ...)
NOT-FOR-US: Lenovo
-CVE-2020-8335
- RESERVED
+CVE-2020-8335 (The BIOS tamper detection mechanism was not triggered in Lenovo
ThinkP ...)
+ TODO: check
CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo
ThinkP ...)
NOT-FOR-US: Lenovo
CVE-2020-8333
@@ -42900,10 +42909,10 @@ CVE-2020-6876
RESERVED
CVE-2020-6875
RESERVED
-CVE-2020-6874
- RESERVED
-CVE-2020-6873
- RESERVED
+CVE-2020-6874 (A ZTE product is impacted by the cryptographic issues
vulnerability. T ...)
+ TODO: check
+CVE-2020-6873 (A ZTE product has a DoS vulnerability. Because the equipment
couldn ...)
+ TODO: check
CVE-2020-6872 (The server management software module of ZTE has a storage XSS
vulnera ...)
NOT-FOR-US: ZTE
CVE-2020-6871 (The server management software module of ZTE has an
authentication iss ...)
@@ -44998,10 +45007,10 @@ CVE-2020-6154
RESERVED
CVE-2020-6153
RESERVED
-CVE-2020-6152
- RESERVED
-CVE-2020-6151
- RESERVED
+CVE-2020-6152 (A code execution vulnerability exists in the DICOM
parse_dicom_meta_in ...)
+ TODO: check
+CVE-2020-6151 (A memory corruption vulnerability exists in the TIFF
handle_COMPRESSIO ...)
+ TODO: check
CVE-2020-6150
RESERVED
CVE-2020-6149
@@ -45014,22 +45023,22 @@ CVE-2020-6146
RESERVED
CVE-2020-6145 (An SQL injection vulnerability exists in the
frappe.desk.reportview.ge ...)
NOT-FOR-US: ERPNext
-CVE-2020-6144
- RESERVED
-CVE-2020-6143
- RESERVED
-CVE-2020-6142
- RESERVED
+CVE-2020-6144 (A remote code execution vulnerability exists in the install
functional ...)
+ TODO: check
+CVE-2020-6143 (A remote code execution vulnerability exists in the install
functional ...)
+ TODO: check
+CVE-2020-6142 (A remote code execution vulnerability exists in the Modules.php
functi ...)
+ TODO: check
CVE-2020-6141 (An exploitable SQL injection vulnerability exists in the login
functio ...)
TODO: check
-CVE-2020-6140
- RESERVED
-CVE-2020-6139
- RESERVED
-CVE-2020-6138
- RESERVED
-CVE-2020-6137
- RESERVED
+CVE-2020-6140 (SQL injection vulnerability exists in the password reset
functionality ...)
+ TODO: check
+CVE-2020-6139 (SQL injection vulnerability exists in the password reset
functionality ...)
+ TODO: check
+CVE-2020-6138 (SQL injection vulnerability exists in the password reset
functionality ...)
+ TODO: check
+CVE-2020-6137 (SQL injection vulnerability exists in the password reset
functionality ...)
+ TODO: check
CVE-2020-6136 (An exploitable SQL injection vulnerability exists in the
DownloadWindo ...)
TODO: check
CVE-2020-6135 (An exploitable SQL injection vulnerability exists in the
Validator.php ...)
@@ -45836,10 +45845,10 @@ CVE-2020-5779
RESERVED
CVE-2020-5778
RESERVED
-CVE-2020-5777
- RESERVED
-CVE-2020-5776
- RESERVED
+CVE-2020-5777 (MAGMI versions prior to 0.7.24 are vulnerable to a remote
authenticati ...)
+ TODO: check
+CVE-2020-5776 (Currently, all versions of MAGMI are vulnerable to CSRF due to
the lac ...)
+ TODO: check
CVE-2020-5775 (Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a
remote, ...)
NOT-FOR-US: Canvas LMS
CVE-2020-5774 (Nessus versions 8.11.0 and earlier were found to maintain
sessions lon ...)
@@ -46146,8 +46155,8 @@ CVE-2020-5624 (SQL injection vulnerability in the
XooNIps 3.48 and earlier allow
NOT-FOR-US: XooNIps
CVE-2020-5623 (NITORI App for Android versions 6.0.4 and earlier and NITORI
App for i ...)
NOT-FOR-US: NITORI App for Android and iOS
-CVE-2020-5622
- RESERVED
+CVE-2020-5622 (Shadankun Server Security Type (excluding normal blocking
method types ...)
+ TODO: check
CVE-2020-5621 (Cross-site request forgery (CSRF) vulnerability in NETGEAR
switching h ...)
NOT-FOR-US: Netgear
CVE-2020-5620 (Cross-site scripting vulnerability in Exment prior to v3.6.0
allows re ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca41c737d2709b83d02d928b5fe87d563cab5c32
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca41c737d2709b83d02d928b5fe87d563cab5c32
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
