Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e6ffbac5 by security tracker role at 2020-10-09T08:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,81 @@ +CVE-2020-26931 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + TODO: check +CVE-2020-26930 (NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect conf ...) + TODO: check +CVE-2020-26929 (Certain NETGEAR devices are affected by command injection by an authen ...) + TODO: check +CVE-2020-26928 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + TODO: check +CVE-2020-26927 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + TODO: check +CVE-2020-26926 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + TODO: check +CVE-2020-26925 (NETGEAR GS808E devices before 1.7.1.0 are affected by denial of servic ...) + TODO: check +CVE-2020-26924 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + TODO: check +CVE-2020-26923 (Certain NETGEAR devices are affected by stored XSS. This affects WC750 ...) + TODO: check +CVE-2020-26922 (Certain NETGEAR devices are affected by command injection by an authen ...) + TODO: check +CVE-2020-26921 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + TODO: check +CVE-2020-26920 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-26919 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of acces ...) + TODO: check +CVE-2020-26918 (Certain NETGEAR devices are affected by stored XSS. This affects EX700 ...) + TODO: check +CVE-2020-26917 (Certain NETGEAR devices are affected by stored XSS. This affects EX700 ...) + TODO: check +CVE-2020-26916 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + TODO: check +CVE-2020-26915 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + TODO: check +CVE-2020-26914 (Certain NETGEAR devices are affected by command injection by an authen ...) + TODO: check +CVE-2020-26913 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + TODO: check +CVE-2020-26912 (Certain NETGEAR devices are affected by CSRF. This affects D6200 befor ...) + TODO: check +CVE-2020-26911 (Certain NETGEAR devices are affected by lack of access control at the ...) + TODO: check +CVE-2020-26910 (Certain NETGEAR devices are affected by command injection by an authen ...) + TODO: check +CVE-2020-26909 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-26908 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + TODO: check +CVE-2020-26907 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-26906 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + TODO: check +CVE-2020-26905 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + TODO: check +CVE-2020-26904 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + TODO: check +CVE-2020-26903 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + TODO: check +CVE-2020-26902 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-26901 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + TODO: check +CVE-2020-26900 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + TODO: check +CVE-2020-26899 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + TODO: check +CVE-2020-26898 (NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect config ...) + TODO: check +CVE-2020-26897 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + TODO: check +CVE-2020-26896 + RESERVED +CVE-2020-26895 + RESERVED +CVE-2020-26894 (Faulkner Wildlife Issues in the New Millennium 18.0.160 on Windows all ...) + TODO: check +CVE-2020-26893 + RESERVED CVE-2020-26892 RESERVED CVE-2020-26891 @@ -787,8 +865,8 @@ CVE-2020-26524 (CodeLathe FileCloud before 20.2.0.11915 allows username enumerat NOT-FOR-US: CodeLathe FileCloud CVE-2020-26523 (Froala Editor before 3.2.2 allows XSS via pasted content. ...) NOT-FOR-US: Froala Editor -CVE-2020-26522 - RESERVED +CVE-2020-26522 (A cross-site request forgery (CSRF) vulnerability in mod/user/act_user ...) + TODO: check CVE-2020-26521 RESERVED CVE-2020-26520 @@ -1520,8 +1598,8 @@ CVE-2020-26164 (In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/48180b46552d40729a36b7431e97bbe2b5379306 CVE-2020-26163 (BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Ori ...) NOT-FOR-US: BigBlueButton Greenlight -CVE-2020-26162 - RESERVED +CVE-2020-26162 (Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073 ...) + TODO: check CVE-2020-26161 RESERVED CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended acces ...) @@ -22928,8 +23006,8 @@ CVE-2020-15840 (In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Lifer NOT-FOR-US: Liferay CVE-2020-15839 (Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 an ...) NOT-FOR-US: Liferay -CVE-2020-15838 - RESERVED +CVE-2020-15838 (The Agent Update System in ConnectWise Automate before 2020.8 allows P ...) + TODO: check CVE-2020-15837 RESERVED CVE-2020-15836 @@ -24499,12 +24577,12 @@ CVE-2020-15245 RESERVED CVE-2020-15244 RESERVED -CVE-2020-15243 - RESERVED -CVE-2020-15242 - RESERVED -CVE-2020-15241 - RESERVED +CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi Authentication a ...) + TODO: check +CVE-2020-15242 (Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Re ...) + TODO: check +CVE-2020-15241 (TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, ...) + TODO: check CVE-2020-15240 RESERVED CVE-2020-15239 (In xmpp-http-upload before version 0.4.0, when the GET method is attac ...) @@ -28973,8 +29051,8 @@ CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers - centreon-web <itp> (bug #913903) CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) - centreon-web <itp> (bug #913903) -CVE-2020-13626 - RESERVED +CVE-2020-13626 (OnePlus App Locker through 2020-10-06 allows physically proximate atta ...) + TODO: check CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...) {DLA-2306-1 DLA-2244-1} - libphp-phpmailer 6.1.6-1 (bug #962827) @@ -60435,7 +60513,7 @@ CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the var [jessie] - radare2 <no-dsa> (Minor issue) NOTE: https://github.com/radareorg/radare2/issues/15543 NOTE: https://github.com/radareorg/radare2/commit/9bbc63ffa0e93aa054e262cdfb973326935a2d70 -CVE-2019-19589 (The Lever PDF Embedder plugin 4.4 for WordPress does not block the dis ...) +CVE-2019-19589 (** DISPUTED ** The Lever PDF Embedder plugin 4.4 for WordPress does no ...) NOT-FOR-US: Lever PDF Embedder plugin for WordPress CVE-2019-19588 (The validators package 0.12.2 through 0.12.5 for Python enters an infi ...) NOT-FOR-US: validators Python package @@ -62582,8 +62660,8 @@ CVE-2019-19117 (/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2 NOT-FOR-US: PHICOMM K2(PSG1218) devices CVE-2019-19116 RESERVED -CVE-2019-19115 - RESERVED +CVE-2019-19115 (An escalation of privilege vulnerability in Nahimic APO Software Compo ...) + TODO: check CVE-2019-19114 RESERVED CVE-2019-19113 (main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka Ne ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ffbac5eed455862f88f8b26759c9a9e85e71ff -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6ffbac5eed455862f88f8b26759c9a9e85e71ff You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits