From 66120648b06193e9669d6fd5b847c2380ce81bcb Mon Sep 17 00:00:00 2001
From: security tracker role <sectracker@soriano.debian.org>
Date: Tue, 20 Oct 2020 20:10:25 +0000
Subject: automatic update

---
 data/CVE/list | 149 +++++++++++++++++++++++++++++++++-------------------------
 1 file changed, 86 insertions(+), 63 deletions(-)

diff --git a/data/CVE/list b/data/CVE/list
index cda13ccbf8..3d1ae1b66a 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,25 @@
+CVE-2020-27355
+	RESERVED
+CVE-2020-27354
+	RESERVED
+CVE-2020-27353
+	RESERVED
+CVE-2020-27352
+	RESERVED
+CVE-2020-27351
+	RESERVED
+CVE-2020-27350
+	RESERVED
+CVE-2020-27349
+	RESERVED
+CVE-2020-27348
+	RESERVED
+CVE-2020-27347
+	RESERVED
+CVE-2020-27346
+	RESERVED
+CVE-2020-27345
+	RESERVED
 CVE-2020-27344
 	RESERVED
 CVE-2020-27343
@@ -22903,15 +22925,15 @@ CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allow
 	NOTE: that the refererred behaviour is intended functionality.
 CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
 	NOT-FOR-US: Philips
-CVE-2020-16246
-	RESERVED
+CVE-2020-16246 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...)
+	TODO: check
 CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...)
 	NOT-FOR-US: Advantech
 CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...)
 	NOT-FOR-US: GE Digital APM Classic
 CVE-2020-16243
 	RESERVED
-CVE-2020-16242 (The affected product is vulnerable to cross-site scripting (XSS), whic ...)
+CVE-2020-16242 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...)
 	NOT-FOR-US: General Electric
 CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...)
 	NOT-FOR-US: Philips SureSigns
@@ -25620,6 +25642,7 @@ CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies o
 	NOT-FOR-US: Alfresco Reset Password add-on
 CVE-2020-15180
 	RESERVED
+	{DSA-4776-1}
 	- mariadb-10.5 1:10.5.6-1
 	- mariadb-10.3 <unfixed>
 	- mariadb-10.1 <removed>
@@ -46329,12 +46352,12 @@ CVE-2020-7751
 	RESERVED
 CVE-2020-7750
 	RESERVED
-CVE-2020-7749
-	RESERVED
-CVE-2020-7748
-	RESERVED
-CVE-2020-7747
-	RESERVED
+CVE-2020-7749 (This affects all versions of package osm-static-maps. User input given ...)
+	TODO: check
+CVE-2020-7748 (This affects the package @tsed/core before 5.65.7. This vulnerability  ...)
+	TODO: check
+CVE-2020-7747 (This affects all versions of package lightning-server. It is possible  ...)
+	TODO: check
 CVE-2020-7746
 	RESERVED
 CVE-2020-7745 (This affects the package MintegralAdSDK before 6.6.0.0. The SDK distri ...)
@@ -47166,12 +47189,12 @@ CVE-2020-7373
 	RESERVED
 CVE-2020-7372
 	RESERVED
-CVE-2020-7371
-	RESERVED
-CVE-2020-7370
-	RESERVED
-CVE-2020-7369
-	RESERVED
+CVE-2020-7371 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+	TODO: check
+CVE-2020-7370 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+	TODO: check
+CVE-2020-7369 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+	TODO: check
 CVE-2020-7368
 	RESERVED
 CVE-2020-7367
@@ -47180,10 +47203,10 @@ CVE-2020-7366
 	RESERVED
 CVE-2020-7365
 	RESERVED
-CVE-2020-7364
-	RESERVED
-CVE-2020-7363
-	RESERVED
+CVE-2020-7364 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+	TODO: check
+CVE-2020-7363 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+	TODO: check
 CVE-2020-7362
 	RESERVED
 CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command injecti ...)
@@ -49969,24 +49992,24 @@ CVE-2020-6372 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to op
 	NOT-FOR-US: SAP
 CVE-2020-6371 (User enumeration vulnerability can be exploited to get a list of user  ...)
 	NOT-FOR-US: SAP
-CVE-2020-6370
-	RESERVED
-CVE-2020-6369
-	RESERVED
+CVE-2020-6370 (SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.3 ...)
+	TODO: check
+CVE-2020-6369 (SAP Solution Manager and SAP Focused Run (update provided in WILY_INTR ...)
+	TODO: check
 CVE-2020-6368 (SAP Business Planning and Consolidation, versions - 750, 751, 752, 753 ...)
 	NOT-FOR-US: SAP
-CVE-2020-6367
-	RESERVED
-CVE-2020-6366
-	RESERVED
+CVE-2020-6367 (There is a reflected cross site scripting vulnerability in SAP NetWeav ...)
+	TODO: check
+CVE-2020-6366 (SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, doe ...)
+	TODO: check
 CVE-2020-6365 (SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40,  ...)
 	NOT-FOR-US: SAP
 CVE-2020-6364 (SAP Solution Manager and SAP Focused Run (update provided in WILY_INTR ...)
 	NOT-FOR-US: SAP
 CVE-2020-6363 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several ...)
 	NOT-FOR-US: SAP
-CVE-2020-6362
-	RESERVED
+CVE-2020-6362 (SAP Banking Services version 500, use an incorrect authorization objec ...)
+	TODO: check
 CVE-2020-6361 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
 	NOT-FOR-US: SAP
 CVE-2020-6360 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
@@ -50079,8 +50102,8 @@ CVE-2020-6317
 	RESERVED
 CVE-2020-6316
 	RESERVED
-CVE-2020-6315
-	RESERVED
+CVE-2020-6315 (SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send ...)
+	TODO: check
 CVE-2020-6314 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
 	NOT-FOR-US: SAP
 CVE-2020-6313 (SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31,  ...)
@@ -50093,8 +50116,8 @@ CVE-2020-6310 (Improper access control in SOA Configuration Trace component in S
 	NOT-FOR-US: SAP
 CVE-2020-6309 (SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7. ...)
 	NOT-FOR-US: SAP
-CVE-2020-6308
-	RESERVED
+CVE-2020-6308 (SAP BusinessObjects Business Intelligence Platform (Web Services) vers ...)
+	TODO: check
 CVE-2020-6307 (Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7. ...)
 	NOT-FOR-US: SAP
 CVE-2020-6306 (Missing authorization check in a transaction within SAP Leasing (updat ...)
@@ -51549,8 +51572,8 @@ CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Li
 	NOT-FOR-US: Live Chat
 CVE-2020-5641
 	RESERVED
-CVE-2020-5640
-	RESERVED
+CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and earlier  ...)
+	TODO: check
 CVE-2020-5639
 	RESERVED
 CVE-2020-5638
@@ -54011,10 +54034,10 @@ CVE-2020-4758
 	RESERVED
 CVE-2020-4757
 	RESERVED
-CVE-2020-4756
-	RESERVED
-CVE-2020-4755
-	RESERVED
+CVE-2020-4756 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5. ...)
+	TODO: check
+CVE-2020-4755 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site s ...)
+	TODO: check
 CVE-2020-4754
 	RESERVED
 CVE-2020-4753
@@ -54025,10 +54048,10 @@ CVE-2020-4751
 	RESERVED
 CVE-2020-4750
 	RESERVED
-CVE-2020-4749
-	RESERVED
-CVE-2020-4748
-	RESERVED
+CVE-2020-4749 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attri ...)
+	TODO: check
+CVE-2020-4748 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site s ...)
+	TODO: check
 CVE-2020-4747
 	RESERVED
 CVE-2020-4746
@@ -54395,8 +54418,8 @@ CVE-2020-4566
 	RESERVED
 CVE-2020-4565 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacke ...)
 	NOT-FOR-US: IBM
-CVE-2020-4564
-	RESERVED
+CVE-2020-4564 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 a ...)
+	TODO: check
 CVE-2020-4563
 	RESERVED
 CVE-2020-4562
@@ -54541,8 +54564,8 @@ CVE-2020-4493 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attack
 	NOT-FOR-US: IBM
 CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2 ...)
 	NOT-FOR-US: IBM
-CVE-2020-4491
-	RESERVED
+CVE-2020-4491 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5. ...)
+	TODO: check
 CVE-2020-4490 (IBM Business Automation Workflow 18 and 19, and IBM Business Process M ...)
 	NOT-FOR-US: IBM
 CVE-2020-4489
@@ -55562,14 +55585,14 @@ CVE-2020-3997
 	RESERVED
 CVE-2020-3996
 	RESERVED
-CVE-2020-3995
-	RESERVED
-CVE-2020-3994
-	RESERVED
-CVE-2020-3993
-	RESERVED
-CVE-2020-3992
-	RESERVED
+CVE-2020-3995 (In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-20 ...)
+	TODO: check
+CVE-2020-3994 (VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a ...)
+	TODO: check
+CVE-2020-3993 (VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a sec ...)
+	TODO: check
+CVE-2020-3992 (OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6. ...)
+	TODO: check
 CVE-2020-3991 (VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial ...)
 	NOT-FOR-US: VMware
 CVE-2020-3990 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
@@ -55588,10 +55611,10 @@ CVE-2020-3984
 	RESERVED
 CVE-2020-3983
 	RESERVED
-CVE-2020-3982
-	RESERVED
-CVE-2020-3981
-	RESERVED
+CVE-2020-3982 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...)
+	TODO: check
+CVE-2020-3981 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...)
+	TODO: check
 CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...)
 	NOT-FOR-US: VMware
 CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) installers lo ...)
@@ -98218,8 +98241,8 @@ CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and othe
 	NOT-FOR-US: ThinkPHP
 CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...)
 	NOT-FOR-US: Laravel Framework
-CVE-2019-9080
-	RESERVED
+CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...)
+	TODO: check
 CVE-2019-9079
 	RESERVED
 CVE-2019-9078 (zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter b ...)
@@ -109483,8 +109506,8 @@ CVE-2019-4682
 	RESERVED
 CVE-2019-4681 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
 	NOT-FOR-US: IBM
-CVE-2019-4680
-	RESERVED
+CVE-2019-4680 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 i ...)
+	TODO: check
 CVE-2019-4679 (IBM Content Navigator 3.0CD could allow an authenticated user to gain  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4678
-- 
cgit v1.2.3