[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 29 Sep 2020 13:11:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cf22a766 by security tracker role at 2020-09-29T20:10:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers 
to trigge ...)
+       TODO: check
+CVE-2020-26147
+       RESERVED
+CVE-2020-26146
+       RESERVED
+CVE-2020-26145
+       RESERVED
+CVE-2020-26144
+       RESERVED
+CVE-2020-26143
+       RESERVED
+CVE-2020-26142
+       RESERVED
+CVE-2020-26141
+       RESERVED
+CVE-2020-26140
+       RESERVED
+CVE-2020-26139
+       RESERVED
+CVE-2020-26138
+       RESERVED
+CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker 
controls t ...)
+       TODO: check
 CVE-2020-26136
        RESERVED
 CVE-2020-26135
@@ -186,8 +210,8 @@ CVE-2020-26055
        RESERVED
 CVE-2020-26054
        RESERVED
-CVE-2020-26053
-       RESERVED
+CVE-2020-26053 (Cybereason Endpoint Solutions Cybereason Endpoint Protection 
Version 2 ...)
+       TODO: check
 CVE-2020-26052
        RESERVED
 CVE-2020-26051
@@ -206,12 +230,12 @@ CVE-2020-26045
        RESERVED
 CVE-2020-26044
        RESERVED
-CVE-2020-26043
-       RESERVED
-CVE-2020-26042
-       RESERVED
-CVE-2020-26041
-       RESERVED
+CVE-2020-26043 (An issue was discovered in Hoosk CMS v1.8.0. There is a XSS 
vulnerabil ...)
+       TODO: check
+CVE-2020-26042 (An issue was discovered in Hoosk CMS v1.8.0. There is a SQL 
injection  ...)
+       TODO: check
+CVE-2020-26041 (An issue was discovered in Hoosk CmS v1.8.0. There is an 
Remote Code E ...)
+       TODO: check
 CVE-2020-26040
        RESERVED
 CVE-2020-26039
@@ -825,10 +849,10 @@ CVE-2020-25763
        RESERVED
 CVE-2020-25762
        RESERVED
-CVE-2020-25761
-       RESERVED
-CVE-2020-25760
-       RESERVED
+CVE-2020-25761 (Projectworlds Visitor Management System in PHP 1.0 allows XSS. 
The fil ...)
+       TODO: check
+CVE-2020-25760 (Projectworlds Visitor Management System in PHP 1.0 allows SQL 
Injectio ...)
+       TODO: check
 CVE-2020-25759
        RESERVED
 CVE-2020-25758
@@ -11068,8 +11092,8 @@ CVE-2020-20802
        RESERVED
 CVE-2020-20801
        RESERVED
-CVE-2020-20800
-       RESERVED
+CVE-2020-20800 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL 
Injection ...)
+       TODO: check
 CVE-2020-20799
        RESERVED
 CVE-2020-20798
@@ -22000,10 +22024,10 @@ CVE-2020-XXXX [veyon-configurator tmp handling]
        - veyon 4.4.1+repack1-1 (bug #964568)
        [buster] - veyon <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2020/07/07/1
-CVE-2020-15595
-       RESERVED
-CVE-2020-15594
-       RESERVED
+CVE-2020-15595 (An issue was discovered in Zoho Application Control Plus 
before versio ...)
+       TODO: check
+CVE-2020-15594 (An SSRF issue was discovered in Zoho Application Control Plus 
before v ...)
+       TODO: check
 CVE-2020-15593 (SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles 
IPC. It u ...)
        NOT-FOR-US: SteelCentral Aternity Agent
 CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows 
allows Privil ...)
@@ -22889,8 +22913,8 @@ CVE-2020-15218
        RESERVED
 CVE-2020-15217
        RESERVED
-CVE-2020-15216
-       RESERVED
+CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go) 
before ve ...)
+       TODO: check
 CVE-2020-15215
        RESERVED
 CVE-2020-15214 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models 
using segme ...)
@@ -26157,8 +26181,8 @@ CVE-2020-14032
        RESERVED
 CVE-2020-14031 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. The ou ...)
        NOT-FOR-US: Ozeki NG SMS Gateway
-CVE-2020-14030
-       RESERVED
+CVE-2020-14030 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. It sto ...)
+       TODO: check
 CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. The RS ...)
        NOT-FOR-US: Ozeki NG SMS Gateway
 CVE-2020-14028 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. By lev ...)
@@ -27195,8 +27219,8 @@ CVE-2020-13659 (address_space_map in exec.c in QEMU 
4.2.0 can trigger a NULL poi
        NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html
        NOTE: 
https://git.qemu.org/?p=qemu.git;a=commit;h=77f55eac6c433e23e82a1b88b2d74f385c4c7d82
-CVE-2020-13658
-       RESERVED
+CVE-2020-13658 (In Lansweeper 8.0.130.17, the web console is vulnerable to a 
CSRF atta ...)
+       TODO: check
 CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free 
Antivirus ...)
        NOT-FOR-US: Avast
 CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array 
implementation  ...)
@@ -27956,32 +27980,32 @@ CVE-2020-13333
        RESERVED
 CVE-2020-13332
        RESERVED
-CVE-2020-13331
-       RESERVED
-CVE-2020-13330
-       RESERVED
-CVE-2020-13329
-       RESERVED
-CVE-2020-13328
-       RESERVED
+CVE-2020-13331 (An issue has been discovered in GitLab affecting versions 
prior to 12. ...)
+       TODO: check
+CVE-2020-13330 (An issue has been discovered in GitLab affecting versions 
prior to 12. ...)
+       TODO: check
+CVE-2020-13329 (An issue has been discovered in GitLab affecting versions from 
12.6.2  ...)
+       TODO: check
+CVE-2020-13328 (An issue has been discovered in GitLab affecting versions 
prior to 13. ...)
+       TODO: check
 CVE-2020-13327
        RESERVED
-CVE-2020-13326
-       RESERVED
-CVE-2020-13325
-       RESERVED
-CVE-2020-13324
-       RESERVED
-CVE-2020-13323
-       RESERVED
-CVE-2020-13322
-       RESERVED
-CVE-2020-13321
-       RESERVED
-CVE-2020-13320
-       RESERVED
-CVE-2020-13319
-       RESERVED
+CVE-2020-13326 (A vulnerability was discovered in GitLab versions prior to 
13.1. Under ...)
+       TODO: check
+CVE-2020-13325 (A vulnerability was discovered in GitLab versions prior 13.1. 
The comm ...)
+       TODO: check
+CVE-2020-13324 (A vulnerability was discovered in GitLab versions prior to 
13.1. Under ...)
+       TODO: check
+CVE-2020-13323 (A vulnerability was discovered in GitLab versions prior 13.1. 
Under ce ...)
+       TODO: check
+CVE-2020-13322 (A vulnerability was discovered in GitLab versions after 12.9. 
Due to i ...)
+       TODO: check
+CVE-2020-13321 (A vulnerability was discovered in GitLab versions prior to 
13.1. Usern ...)
+       TODO: check
+CVE-2020-13320 (An issue has been discovered in GitLab before version 12.10.13 
that al ...)
+       TODO: check
+CVE-2020-13319 (An issue has been discovered in GitLab affecting versions 
prior to 13. ...)
+       TODO: check
 CVE-2020-13318 (A vulnerability was discovered in GitLab versions before 
13.0.12, 13.1 ...)
        - gitlab 13.2.8-1
        NOTE: 
https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
@@ -28048,8 +28072,8 @@ CVE-2020-13298 (A vulnerability was discovered in 
GitLab versions before 13.1.10
 CVE-2020-13297 (A vulnerability was discovered in GitLab versions before 
13.1.10, 13.2 ...)
        - gitlab 13.2.8-1
        NOTE: 
https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
-CVE-2020-13296
-       RESERVED
+CVE-2020-13296 (An issue has been discovered in GitLab affecting versions 
&gt;=10.7 &l ...)
+       TODO: check
 CVE-2020-13295 (For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing 
dockerd ...)
        - gitlab-ci-multi-runner <unfixed>
        NOTE: 
https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
@@ -30333,6 +30357,7 @@ CVE-2020-12404 (For native-to-JS bridging the app 
requires a unique token to be
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404
 CVE-2020-12403
        RESERVED
+       {DLA-2388-1}
        - nss 2:3.55-1
        [buster] - nss <no-dsa> (Minor issue)
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38
@@ -30340,12 +30365,13 @@ CVE-2020-12403
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1868931
 CVE-2020-12402 (During RSA key generation, bignum implementations used a 
variation of  ...)
-       {DSA-4726-1 DLA-2266-1}
+       {DSA-4726-1 DLA-2388-1 DLA-2266-1}
        - nss 2:3.53.1-1 (bug #963152)
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
        NOTE: Fixed upstream in 3.53.1
 CVE-2020-12401 [ECDSA timing attack mitigation bypass]
        RESERVED
+       {DLA-2388-1}
        - firefox 80.0-1
        - nss 2:3.55-1
        [buster] - nss <no-dsa> (Minor issue)
@@ -30355,6 +30381,7 @@ CVE-2020-12401 [ECDSA timing attack mitigation bypass]
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401
 CVE-2020-12400 [P-384 and P-521 implementation uses a side-channel vulnerable 
modular inversion function]
        RESERVED
+       {DLA-2388-1}
        - firefox 80.0-1
        - nss 2:3.55-1
        [buster] - nss <no-dsa> (Minor issue)
@@ -30364,7 +30391,7 @@ CVE-2020-12400 [P-384 and P-521 implementation uses a 
side-channel vulnerable mo
        NOTE: Issue relates to CVE-2020-6829 and resolved in the same commits.
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12400
 CVE-2020-12399 (NSS has shown timing differences when performing DSA 
signatures, which ...)
-       {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
+       {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2388-1 DLA-2266-1 DLA-2247-1 
DLA-2243-1}
        - firefox 77.0-1
        - firefox-esr 68.9.0esr-1
        - nss 2:3.53-1 (bug #961752)
@@ -42180,8 +42207,8 @@ CVE-2020-8258
        RESERVED
 CVE-2020-8257
        RESERVED
-CVE-2020-8256
-       RESERVED
+CVE-2020-8256 (A vulnerability in the Pulse Connect Secure &lt; 9.1R8.2 admin 
web int ...)
+       TODO: check
 CVE-2020-8255
        RESERVED
 CVE-2020-8254
@@ -42219,8 +42246,8 @@ CVE-2020-8244 (A buffer over-read vulnerability exists 
in bl &lt;4.0.3, &lt;3.0.
        [stretch] - node-bl <no-dsa> (Minor issue)
        NOTE: https://hackerone.com/reports/966347
        NOTE: 
https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
-CVE-2020-8243
-       RESERVED
+CVE-2020-8243 (A vulnerability in the Pulse Connect Secure &lt; 9.1R8.2 admin 
web int ...)
+       TODO: check
 CVE-2020-8242
        RESERVED
 CVE-2020-8241
@@ -42229,8 +42256,8 @@ CVE-2020-8240
        RESERVED
 CVE-2020-8239
        RESERVED
-CVE-2020-8238
-       RESERVED
+CVE-2020-8238 (A vulnerability in the authenticated user web interface of 
Pulse Conne ...)
+       TODO: check
 CVE-2020-8237 (Prototype pollution in json-bigint npm package &lt; 1.0.0 may 
lead to  ...)
        NOT-FOR-US: Node json-bigint
 CVE-2020-8236
@@ -45699,6 +45726,7 @@ CVE-2020-6830 (For native-to-JS bridging, the app 
requires a unique token to be
        - firefox <not-affected> (Firefox on iOS)
 CVE-2020-6829 [Side channel attack on ECDSA signature generation]
        RESERVED
+       {DLA-2388-1}
        - firefox 80.0-1
        - nss 2:3.55-1
        [buster] - nss <no-dsa> (Minor issue)
@@ -51508,8 +51536,8 @@ CVE-2020-4609
        RESERVED
 CVE-2020-4608
        RESERVED
-CVE-2020-4607
-       RESERVED
+CVE-2020-4607 (IBM Security Secret Server (IBM Security Verify Privilege Vault 
Remote ...)
+       TODO: check
 CVE-2020-4606
        RESERVED
 CVE-2020-4605
@@ -69755,7 +69783,7 @@ CVE-2019-17008 (When using nested workers, a 
use-after-free could occur during w
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17008
 CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in 
CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS]
        RESERVED
-       {DSA-4579-1 DLA-2015-1}
+       {DSA-4579-1 DLA-2388-1 DLA-2015-1}
        - nss 2:3.45-1
        NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1798
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1533216
@@ -69764,7 +69792,7 @@ CVE-2019-17007 [nss: Handling of Netscape Certificate 
Sequences in CERT_DecodeCe
        NOTE: but then reverted until the 2:3.45-1 upload).
 CVE-2019-17006 [Check length of inputs for cryptographic primitives]
        RESERVED
-       {DSA-4726-1 DLA-2058-1}
+       {DSA-4726-1 DLA-2388-1 DLA-2058-1}
        - nss 2:3.47-1
        NOTE: Fixed upstream in NSS 3.46.
        NOTE: Upstream bug (currently non-public): 
https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
@@ -86746,7 +86774,7 @@ CVE-2019-11746 (A use-after-free vulnerability can 
occur while manipulating vide
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746
 CVE-2019-11745 (When encrypting with a block cipher, if a call to 
NSC_EncryptUpdate wa ...)
-       {DSA-4579-1 DLA-2008-1}
+       {DSA-4579-1 DLA-2388-1 DLA-2008-1}
        - nss 2:3.47.1-1
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public)
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda
@@ -86836,7 +86864,7 @@ CVE-2019-11730 (A vulnerability exists where if a user 
opens a locally saved HTM
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11730
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11730
 CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a 
segmentation fa ...)
-       {DLA-1857-1}
+       {DLA-2388-1 DLA-1857-1}
        - firefox 68.0-1 (unimportant)
        - firefox-esr 60.8.0esr-1 (unimportant)
        [buster] - firefox-esr 60.8.0esr-1~deb10u1
@@ -86888,7 +86916,7 @@ CVE-2019-11720 (Some unicode characters are incorrectly 
treated as whitespace du
        - firefox 68.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11720
 CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with 
leading 0 ...)
-       {DLA-1857-1}
+       {DLA-2388-1 DLA-1857-1}
        - firefox 68.0-1 (unimportant)
        - firefox-esr 60.8.0esr-1 (unimportant)
        [buster] - firefox-esr 60.8.0esr-1~deb10u1
@@ -122899,7 +122927,7 @@ CVE-2018-18509 (A flaw during verification of certain 
S/MIME signatures causes e
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18511
 CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in 
a denial of service]
        RESERVED
-       {DLA-1704-1}
+       {DLA-2388-1 DLA-1704-1}
        - nss 2:3.42.1-1 (bug #921614)
        NOTE: https://hg.mozilla.org/projects/nss/rev/08d1b0c1117f
        NOTE: https://hg.mozilla.org/projects/nss/rev/5e70b72131ac
@@ -139037,7 +139065,7 @@ CVE-2018-12405 (Mozilla developers and community 
members reported memory safety
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-12405
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-12405
 CVE-2018-12404 (A cached side channel attack during handshakes using RSA 
encryption co ...)
-       {DLA-1704-1}
+       {DLA-2388-1 DLA-1704-1}
        - nss 2:3.41-1
        NOTE: http://cat.eyalro.net/
        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1485864 (not public)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf22a7666fca8d59bd7fe88f9459544c62c355ad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf22a7666fca8d59bd7fe88f9459544c62c355ad
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to