[Git][security-tracker-team/security-tracker][master] automatic update

Fri, 09 Oct 2020 01:11:14 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e6ffbac5 by security tracker role at 2020-10-09T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2020-26931 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
+       TODO: check
+CVE-2020-26930 (NETGEAR EX7700 devices before 1.0.0.210 are affected by 
incorrect conf ...)
+       TODO: check
+CVE-2020-26929 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2020-26928 (Certain NETGEAR devices are affected by authentication bypass. 
This af ...)
+       TODO: check
+CVE-2020-26927 (Certain NETGEAR devices are affected by authentication bypass. 
This af ...)
+       TODO: check
+CVE-2020-26926 (Certain NETGEAR devices are affected by authentication bypass. 
This af ...)
+       TODO: check
+CVE-2020-26925 (NETGEAR GS808E devices before 1.7.1.0 are affected by denial 
of servic ...)
+       TODO: check
+CVE-2020-26924 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
+       TODO: check
+CVE-2020-26923 (Certain NETGEAR devices are affected by stored XSS. This 
affects WC750 ...)
+       TODO: check
+CVE-2020-26922 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2020-26921 (Certain NETGEAR devices are affected by authentication bypass. 
This af ...)
+       TODO: check
+CVE-2020-26920 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
+       TODO: check
+CVE-2020-26919 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack 
of acces ...)
+       TODO: check
+CVE-2020-26918 (Certain NETGEAR devices are affected by stored XSS. This 
affects EX700 ...)
+       TODO: check
+CVE-2020-26917 (Certain NETGEAR devices are affected by stored XSS. This 
affects EX700 ...)
+       TODO: check
+CVE-2020-26916 (Certain NETGEAR devices are affected by incorrect 
configuration of sec ...)
+       TODO: check
+CVE-2020-26915 (Certain NETGEAR devices are affected by stored XSS. This 
affects D7800 ...)
+       TODO: check
+CVE-2020-26914 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2020-26913 (Certain NETGEAR devices are affected by a stack-based buffer 
overflow  ...)
+       TODO: check
+CVE-2020-26912 (Certain NETGEAR devices are affected by CSRF. This affects 
D6200 befor ...)
+       TODO: check
+CVE-2020-26911 (Certain NETGEAR devices are affected by lack of access control 
at the  ...)
+       TODO: check
+CVE-2020-26910 (Certain NETGEAR devices are affected by command injection by 
an authen ...)
+       TODO: check
+CVE-2020-26909 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
+       TODO: check
+CVE-2020-26908 (Certain NETGEAR devices are affected by authentication bypass. 
This af ...)
+       TODO: check
+CVE-2020-26907 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
+       TODO: check
+CVE-2020-26906 (Certain NETGEAR devices are affected by disclosure of 
administrative c ...)
+       TODO: check
+CVE-2020-26905 (Certain NETGEAR devices are affected by disclosure of 
administrative c ...)
+       TODO: check
+CVE-2020-26904 (Certain NETGEAR devices are affected by disclosure of 
administrative c ...)
+       TODO: check
+CVE-2020-26903 (Certain NETGEAR devices are affected by disclosure of 
administrative c ...)
+       TODO: check
+CVE-2020-26902 (Certain NETGEAR devices are affected by command injection by 
an unauth ...)
+       TODO: check
+CVE-2020-26901 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
+       TODO: check
+CVE-2020-26900 (Certain NETGEAR devices are affected by disclosure of 
administrative c ...)
+       TODO: check
+CVE-2020-26899 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
+       TODO: check
+CVE-2020-26898 (NETGEAR RAX40 devices before 1.0.3.80 are affected by 
incorrect config ...)
+       TODO: check
+CVE-2020-26897 (Certain NETGEAR devices are affected by disclosure of 
administrative c ...)
+       TODO: check
+CVE-2020-26896
+       RESERVED
+CVE-2020-26895
+       RESERVED
+CVE-2020-26894 (Faulkner Wildlife Issues in the New Millennium 18.0.160 on 
Windows all ...)
+       TODO: check
+CVE-2020-26893
+       RESERVED
 CVE-2020-26892
        RESERVED
 CVE-2020-26891
@@ -787,8 +865,8 @@ CVE-2020-26524 (CodeLathe FileCloud before 20.2.0.11915 
allows username enumerat
        NOT-FOR-US: CodeLathe FileCloud
 CVE-2020-26523 (Froala Editor before 3.2.2 allows XSS via pasted content. ...)
        NOT-FOR-US: Froala Editor
-CVE-2020-26522
-       RESERVED
+CVE-2020-26522 (A cross-site request forgery (CSRF) vulnerability in 
mod/user/act_user ...)
+       TODO: check
 CVE-2020-26521
        RESERVED
 CVE-2020-26520
@@ -1520,8 +1598,8 @@ CVE-2020-26164 (In kdeconnect-kde (aka KDE Connect) 
before 20.08.2, an attacker
        NOTE: 
https://invent.kde.org/network/kdeconnect-kde/-/commit/48180b46552d40729a36b7431e97bbe2b5379306
 CVE-2020-26163 (BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host 
and Ori ...)
        NOT-FOR-US: BigBlueButton Greenlight
-CVE-2020-26162
-       RESERVED
+CVE-2020-26162 (Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 
before 073 ...)
+       TODO: check
 CVE-2020-26161
        RESERVED
 CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass 
intended acces ...)
@@ -22928,8 +23006,8 @@ CVE-2020-15840 (In Liferay Portal before 7.3.1, Liferay 
Portal 6.2 EE, and Lifer
        NOT-FOR-US: Liferay
 CVE-2020-15839 (Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix 
pack 18 an ...)
        NOT-FOR-US: Liferay
-CVE-2020-15838
-       RESERVED
+CVE-2020-15838 (The Agent Update System in ConnectWise Automate before 2020.8 
allows P ...)
+       TODO: check
 CVE-2020-15837
        RESERVED
 CVE-2020-15836
@@ -24499,12 +24577,12 @@ CVE-2020-15245
        RESERVED
 CVE-2020-15244
        RESERVED
-CVE-2020-15243
-       RESERVED
-CVE-2020-15242
-       RESERVED
-CVE-2020-15241
-       RESERVED
+CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi 
Authentication a ...)
+       TODO: check
+CVE-2020-15242 (Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an 
Open Re ...)
+       TODO: check
+CVE-2020-15241 (TYPO3 Fluid Engine (package `typo3fluid/fluid`) before 
versions 2.0.5, ...)
+       TODO: check
 CVE-2020-15240
        RESERVED
 CVE-2020-15239 (In xmpp-http-upload before version 0.4.0, when the GET method 
is attac ...)
@@ -28973,8 +29051,8 @@ CVE-2020-13628 (Cross-site scripting (XSS) 
vulnerability allows remote attackers
        - centreon-web <itp> (bug #913903)
 CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote 
attackers to in ...)
        - centreon-web <itp> (bug #913903)
-CVE-2020-13626
-       RESERVED
+CVE-2020-13626 (OnePlus App Locker through 2020-10-06 allows physically 
proximate atta ...)
+       TODO: check
 CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when 
the name o ...)
        {DLA-2306-1 DLA-2244-1}
        - libphp-phpmailer 6.1.6-1 (bug #962827)
@@ -60435,7 +60513,7 @@ CVE-2019-19590 (In radare2 through 4.0, there is an 
integer overflow for the var
        [jessie] - radare2 <no-dsa> (Minor issue)
        NOTE: https://github.com/radareorg/radare2/issues/15543
        NOTE: 
https://github.com/radareorg/radare2/commit/9bbc63ffa0e93aa054e262cdfb973326935a2d70
-CVE-2019-19589 (The Lever PDF Embedder plugin 4.4 for WordPress does not block 
the dis ...)
+CVE-2019-19589 (** DISPUTED ** The Lever PDF Embedder plugin 4.4 for WordPress 
does no ...)
        NOT-FOR-US: Lever PDF Embedder plugin for WordPress
 CVE-2019-19588 (The validators package 0.12.2 through 0.12.5 for Python enters 
an infi ...)
        NOT-FOR-US: validators Python package
@@ -62582,8 +62660,8 @@ CVE-2019-19117 
(/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2
        NOT-FOR-US: PHICOMM K2(PSG1218) devices
 CVE-2019-19116
        RESERVED
-CVE-2019-19115
-       RESERVED
+CVE-2019-19115 (An escalation of privilege vulnerability in Nahimic APO 
Software Compo ...)
+       TODO: check
 CVE-2019-19114
        RESERVED
 CVE-2019-19113 (main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall 
(aka Ne ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ffbac5eed455862f88f8b26759c9a9e85e71ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ffbac5eed455862f88f8b26759c9a9e85e71ff
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to