automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-10-26 20:10:48 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-10-26 20:10:48 +0000
commit: 0796916a3377c5b8d6f5ae120a6e22292eddf0d3 (patch)
tree: 0c23b12f1f531ff270040faf712dbade2ce2d885 /data
parent: e7af3e87079f365038615108071a9eb3e12eb92e (diff)
1 files changed, 129 insertions, 43 deletions
diff --git a/data/CVE/list b/data/CVE/list
index cd25c45544..2b728486fb 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,89 @@
+CVE-2020-27734
+	RESERVED
+CVE-2020-27733
+	RESERVED
+CVE-2020-27732
+	RESERVED
+CVE-2020-27731
+	RESERVED
+CVE-2020-27730
+	RESERVED
+CVE-2020-27729
+	RESERVED
+CVE-2020-27728
+	RESERVED
+CVE-2020-27727
+	RESERVED
+CVE-2020-27726
+	RESERVED
+CVE-2020-27725
+	RESERVED
+CVE-2020-27724
+	RESERVED
+CVE-2020-27723
+	RESERVED
+CVE-2020-27722
+	RESERVED
+CVE-2020-27721
+	RESERVED
+CVE-2020-27720
+	RESERVED
+CVE-2020-27719
+	RESERVED
+CVE-2020-27718
+	RESERVED
+CVE-2020-27717
+	RESERVED
+CVE-2020-27716
+	RESERVED
+CVE-2020-27715
+	RESERVED
+CVE-2020-27714
+	RESERVED
+CVE-2020-27713
+	RESERVED
+CVE-2020-27712
+	RESERVED
+CVE-2020-27711
+	RESERVED
+CVE-2020-27710
+	RESERVED
+CVE-2020-27709
+	RESERVED
+CVE-2020-27708
+	RESERVED
+CVE-2020-27707
+	RESERVED
+CVE-2020-27706
+	RESERVED
+CVE-2020-27705
+	RESERVED
+CVE-2020-27704
+	RESERVED
+CVE-2020-27703
+	RESERVED
+CVE-2020-27702
+	RESERVED
+CVE-2020-27701
+	RESERVED
+CVE-2020-27700
+	RESERVED
+CVE-2020-27699
+	RESERVED
+CVE-2020-27698
+	RESERVED
+CVE-2020-27697
+	RESERVED
+CVE-2020-27696
+	RESERVED
+CVE-2020-27695
+	RESERVED
+CVE-2020-27694
+	RESERVED
+CVE-2020-27693
+	RESERVED
+CVE-2017-18925 (opentmpfiles through 0.3.1 allows local users to take ownership of arb ...)
+	TODO: check
 CVE-2020-27692
 	RESERVED
 CVE-2020-27691
@@ -1451,8 +1537,7 @@ CVE-2020-27189
 	RESERVED
 CVE-2020-27188
 	RESERVED
-CVE-2020-27187 [kpmcore_externalcommand helper can be exploited in local privilege escalation]
-	RESERVED
+CVE-2020-27187 (An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. T ...)
 	- kpmcore 4.2.0-1
 	[buster] - kpmcore <not-affected> (kpmcore_externalcommand not yet present)
 	[stretch] - kpmcore <not-affected> (kpmcore_externalcommand not yet present)
@@ -2763,8 +2848,8 @@ CVE-2020-26568
 	RESERVED
 CVE-2020-26567 (An issue was discovered on D-Link DSR-250N before 3.17B devices. The C ...)
 	NOT-FOR-US: D-Link
-CVE-2020-26566
-	RESERVED
+CVE-2020-26566 (A Denial of Service condition in Motion-Project Motion 3.2 through 4.3 ...)
+	TODO: check
 CVE-2020-26565
 	RESERVED
 CVE-2020-26564
@@ -3594,8 +3679,8 @@ CVE-2020-26163 (BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host a
 	NOT-FOR-US: BigBlueButton Greenlight
 CVE-2020-26162 (Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073 ...)
 	NOT-FOR-US: Xerox
-CVE-2020-26161
-	RESERVED
+CVE-2020-26161 (In Octopus Deploy through 2020.4.2, an attacker could redirect users t ...)
+	TODO: check
 CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended acces ...)
 	- golang-github-dgrijalva-jwt-go <unfixed> (bug #971556)
 	NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
@@ -5193,8 +5278,8 @@ CVE-2020-25472
 	RESERVED
 CVE-2020-25471
 	RESERVED
-CVE-2020-25470
-	RESERVED
+CVE-2020-25470 (AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2020-25469
 	RESERVED
 CVE-2020-25468
@@ -6166,8 +6251,8 @@ CVE-2020-25036
 	RESERVED
 CVE-2020-25035
 	RESERVED
-CVE-2020-25034
-	RESERVED
+CVE-2020-25034 (eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authentic ...)
+	TODO: check
 CVE-2020-25033 (The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for ...)
 	NOT-FOR-US: Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin for WordPress
 CVE-2020-25032 (An issue was discovered in Flask-CORS (aka CORS Middleware for Flask)  ...)
@@ -7032,10 +7117,10 @@ CVE-2020-24634
 	RESERVED
 CVE-2020-24633
 	RESERVED
-CVE-2020-24632
-	RESERVED
-CVE-2020-24631
-	RESERVED
+CVE-2020-24632 (A remote execution of arbitrary commandss vulnerability was discovered ...)
+	TODO: check
+CVE-2020-24631 (A remote execution of arbitrary commands vulnerability was discovered  ...)
+	TODO: check
 CVE-2020-24630 (A remote operatoronlinelist_content privilege escalation vulnerability ...)
 	NOT-FOR-US: HPE Intelligent Management Center (iMC)
 CVE-2020-24629 (A remote urlaccesscontroller authentication bypass vulnerability was d ...)
@@ -18867,8 +18952,8 @@ CVE-2020-18768
 	RESERVED
 CVE-2020-18767
 	RESERVED
-CVE-2020-18766
-	RESERVED
+CVE-2020-18766 (A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotel ...)
+	TODO: check
 CVE-2020-18765
 	RESERVED
 CVE-2020-18764
@@ -24917,8 +25002,8 @@ CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data rela
 	NOT-FOR-US: Grin
 CVE-2020-15898
 	RESERVED
-CVE-2020-15897
-	RESERVED
+CVE-2020-15897 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...)
+	TODO: check
 CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link DAP-1522 devic ...)
 	NOT-FOR-US: D-Link
 CVE-2020-15895 (An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10 ...)
@@ -26583,14 +26668,14 @@ CVE-2020-15276
 	RESERVED
 CVE-2020-15275
 	RESERVED
-CVE-2020-15274
-	RESERVED
+CVE-2020-15274 (In Wiki.js before version 2.5.162, an XSS payload can be injected in a ...)
+	TODO: check
 CVE-2020-15273
 	RESERVED
-CVE-2020-15272
-	RESERVED
-CVE-2020-15271
-	RESERVED
+CVE-2020-15272 (In the git-tag-annotation-action (open source GitHub Action) before ve ...)
+	TODO: check
+CVE-2020-15271 (In lookatme (python/pypi package) versions prior to 2.3.0, the package ...)
+	TODO: check
 CVE-2020-15270 (Parse Server (npm package parse-server) broadcasts events to all clien ...)
 	NOT-FOR-US: Node parse-server
 CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens ...)
@@ -31856,7 +31941,8 @@ CVE-2020-13334 (In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper
 	- gitlab 13.2.10-1
 CVE-2020-13333 (A potential DOS vulnerability was discovered in GitLab versions 13.1,  ...)
 	- gitlab 13.2.10-1
-CVE-2020-13332 (Improper access expiration date validation in GitLab version &gt;=8.11 ...)
+CVE-2020-13332
+	REJECTED
 	- gitlab 13.2.10-1
 CVE-2020-13331 (An issue has been discovered in GitLab affecting versions prior to 12. ...)
 	- gitlab 13.2.3-2
@@ -32459,8 +32545,8 @@ CVE-2020-13102
 	RESERVED
 CVE-2020-13101 (In OASIS Digital Signature Services (DSS) 1.0, an attacker can control ...)
 	NOT-FOR-US: OASIS Digital Signature Services (DSS)
-CVE-2020-13100
-	RESERVED
+CVE-2020-13100 (Arista&#8217;s CloudVision eXchange (CVX) server before 4.21.12M, 4.22 ...)
+	TODO: check
 CVE-2020-13099
 	RESERVED
 CVE-2020-13098
@@ -47530,8 +47616,8 @@ CVE-2020-7754
 	RESERVED
 CVE-2020-7753
 	RESERVED
-CVE-2020-7752
-	RESERVED
+CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This packag ...)
+	TODO: check
 CVE-2020-7751 (This affects all versions of package pathval. ...)
 	- node-pathval 1.1.0-4 (bug #972895)
 	[buster] - node-pathval <no-dsa> (Minor issue)
@@ -48783,10 +48869,10 @@ CVE-2020-7199
 	RESERVED
 CVE-2020-7198
 	RESERVED
-CVE-2020-7197
-	RESERVED
-CVE-2020-7196
-	RESERVED
+CVE-2020-7197 (SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreSe ...)
+	TODO: check
+CVE-2020-7196 (The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Co ...)
+	TODO: check
 CVE-2020-7195 (A iccselectrules expression language injection remote code execution v ...)
 	NOT-FOR-US: HPE Intelligent Management Center (iMC)
 CVE-2020-7194 (A perfaddormoddevicemonitor expression language injection remote code  ...)
@@ -48923,14 +49009,14 @@ CVE-2020-7129
 	RESERVED
 CVE-2020-7128
 	RESERVED
-CVE-2020-7127
-	RESERVED
-CVE-2020-7126
-	RESERVED
-CVE-2020-7125
-	RESERVED
-CVE-2020-7124
-	RESERVED
+CVE-2020-7127 (A remote unauthenticated arbitrary code execution vulnerability was di ...)
+	TODO: check
+CVE-2020-7126 (A remote server-side request forgery (ssrf) vulnerability was discover ...)
+	TODO: check
+CVE-2020-7125 (A remote escalation of privilege vulnerability was discovered in Aruba ...)
+	TODO: check
+CVE-2020-7124 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
+	TODO: check
 CVE-2020-7123
 	RESERVED
 CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches Series  ...)
@@ -49564,8 +49650,8 @@ CVE-2020-6878
 	RESERVED
 CVE-2020-6877
 	RESERVED
-CVE-2020-6876
-	RESERVED
+CVE-2020-6876 (A ZTE product is impacted by an XSS vulnerability. The vulnerability i ...)
+	TODO: check
 CVE-2020-6875 (A ZTE product is impacted by the improper access control vulnerability ...)
 	NOT-FOR-US: ZTE
 CVE-2020-6874 (A ZTE product is impacted by the cryptographic issues vulnerability. T ...)
author	security tracker role <sectracker@soriano.debian.org>	2020-10-26 20:10:48 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-10-26 20:10:48 +0000
commit	0796916a3377c5b8d6f5ae120a6e22292eddf0d3 (patch)
tree	0c23b12f1f531ff270040faf712dbade2ce2d885 /data
parent	e7af3e87079f365038615108071a9eb3e12eb92e (diff)