Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
992bbc91 by security tracker role at 2020-10-07T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2020-26883
+ RESERVED
+CVE-2020-26882
+ RESERVED
+CVE-2020-26881
+ RESERVED
+CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local privilege escalation
from the s ...)
+ TODO: check
+CVE-2020-26879
+ RESERVED
+CVE-2020-26878
+ RESERVED
+CVE-2020-26877
+ RESERVED
+CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows
remote attac ...)
+ TODO: check
+CVE-2020-26875
+ RESERVED
+CVE-2020-26874
+ RESERVED
+CVE-2020-26873
+ RESERVED
+CVE-2020-26872
+ RESERVED
+CVE-2020-26871
+ RESERVED
+CVE-2020-26870 (Cure53 DOMPurify before 2.0.17 allows mutation XSS. This
occurs becaus ...)
+ TODO: check
+CVE-2020-26869
+ RESERVED
+CVE-2020-26868
+ RESERVED
+CVE-2020-26867
+ RESERVED
+CVE-2020-26866
+ RESERVED
+CVE-2020-26865
+ RESERVED
+CVE-2020-26864
+ RESERVED
+CVE-2020-26863
+ RESERVED
+CVE-2020-26862
+ RESERVED
+CVE-2020-26861
+ RESERVED
+CVE-2020-26860
+ RESERVED
+CVE-2020-26859
+ RESERVED
+CVE-2020-26858
+ RESERVED
+CVE-2020-26857
+ RESERVED
+CVE-2020-26856
+ RESERVED
+CVE-2020-26855
+ RESERVED
+CVE-2020-26854
+ RESERVED
+CVE-2020-26853
+ RESERVED
+CVE-2020-26852
+ RESERVED
+CVE-2020-26851
+ RESERVED
+CVE-2020-26850
+ RESERVED
+CVE-2020-26849
+ RESERVED
+CVE-2020-26848
+ RESERVED
+CVE-2020-26847
+ RESERVED
+CVE-2020-26846
+ RESERVED
+CVE-2020-26845
+ RESERVED
+CVE-2020-26844
+ RESERVED
+CVE-2020-26843
+ RESERVED
+CVE-2020-26842
+ RESERVED
+CVE-2020-26841
+ RESERVED
+CVE-2020-26840
+ RESERVED
+CVE-2020-26839
+ RESERVED
+CVE-2020-26838
+ RESERVED
+CVE-2020-26837
+ RESERVED
+CVE-2020-26836
+ RESERVED
+CVE-2020-26835
+ RESERVED
+CVE-2020-26834
+ RESERVED
+CVE-2020-26833
+ RESERVED
+CVE-2020-26832
+ RESERVED
+CVE-2020-26831
+ RESERVED
+CVE-2020-26830
+ RESERVED
+CVE-2020-26829
+ RESERVED
+CVE-2020-26828
+ RESERVED
+CVE-2020-26827
+ RESERVED
+CVE-2020-26826
+ RESERVED
+CVE-2020-26825
+ RESERVED
+CVE-2020-26824
+ RESERVED
+CVE-2020-26823
+ RESERVED
+CVE-2020-26822
+ RESERVED
+CVE-2020-26821
+ RESERVED
+CVE-2020-26820
+ RESERVED
+CVE-2020-26819
+ RESERVED
+CVE-2020-26818
+ RESERVED
+CVE-2020-26817
+ RESERVED
+CVE-2020-26816
+ RESERVED
+CVE-2020-26815
+ RESERVED
+CVE-2020-26814
+ RESERVED
+CVE-2020-26813
+ RESERVED
+CVE-2020-26812
+ RESERVED
+CVE-2020-26811
+ RESERVED
+CVE-2020-26810
+ RESERVED
+CVE-2020-26809
+ RESERVED
+CVE-2020-26808
+ RESERVED
+CVE-2020-26807
+ RESERVED
+CVE-2020-26806
+ RESERVED
CVE-2020-26805
RESERVED
CVE-2020-26804
@@ -416,8 +572,8 @@ CVE-2020-26598 (An issue was discovered on LG mobile
devices with Android OS 8.0
NOT-FOR-US: LG mobile devices
CVE-2020-26597 (An issue was discovered on LG mobile devices with Android OS
9.0 and 1 ...)
NOT-FOR-US: LG mobile devices
-CVE-2020-26596
- RESERVED
+CVE-2020-26596 (The Dynamic OOO widget for the Elementor Pro plugin through
3.0.5 for ...)
+ TODO: check
CVE-2020-26595
RESERVED
CVE-2020-26594
@@ -614,7 +770,7 @@ CVE-2020-26521
RESERVED
CVE-2020-26520
RESERVED
-CVE-2020-26519 (fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during
pixmap si ...)
+CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write
when pa ...)
- mupdf <unfixed> (bug #971595)
NOTE:
http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702937
@@ -1326,8 +1482,7 @@ CVE-2020-26166 (The file upload functionality in qdPM 9.1
doesn't check the file
NOT-FOR-US: qdPM
CVE-2020-26165
RESERVED
-CVE-2020-26164 [packet manipulation can be exploited in a Denial of Service
attack]
- RESERVED
+CVE-2020-26164 (In kdeconnect-kde (aka KDE Connect) before 20.08.2, an
attacker on the ...)
- kdeconnect <unfixed> (bug #971736)
NOTE: https://kde.org/info/security/advisory-20201002-1.txt
NOTE:
https://invent.kde.org/network/kdeconnect-kde/-/commit/f183b5447bad47655c21af87214579f03bf3a163
@@ -1744,12 +1899,12 @@ CVE-2020-25989
RESERVED
CVE-2020-25988
RESERVED
-CVE-2020-25987 (MonoCMS Blog version as of 29-09-2020 stores hard-coded admin
hashes i ...)
+CVE-2020-25987 (MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml
file in ...)
NOT-FOR-US: MonoCMS Blog
-CVE-2020-25986 (Cross Site Request Forgery (CSRF) vulnerability in MonoCMS
Blog versio ...)
+CVE-2020-25986 (A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS
Blog 1.0 ...)
NOT-FOR-US: MonoCMS Blog
-CVE-2020-25985
- RESERVED
+CVE-2020-25985 (MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any
authenti ...)
+ TODO: check
CVE-2020-25984
RESERVED
CVE-2020-25983
@@ -3176,8 +3331,8 @@ CVE-2020-25345
RESERVED
CVE-2020-25344
RESERVED
-CVE-2020-25343
- RESERVED
+CVE-2020-25343 (Cross-site scripting (XSS) vulnerabilities in Symphony CMS
3.0.0 allow ...)
+ TODO: check
CVE-2020-25342
RESERVED
CVE-2020-25341
@@ -4556,9 +4711,9 @@ CVE-2020-24724
RESERVED
CVE-2020-24723
RESERVED
-CVE-2020-24722
- RESERVED
-CVE-2020-24721 (An issue was discovered in the GAEN (aka Google Apple
Encounter Notifi ...)
+CVE-2020-24722 (** DISPUTED ** An issue was discovered in the GAEN (aka
Google/Apple E ...)
+ TODO: check
+CVE-2020-24721 (An issue was discovered in the GAEN (aka Google/Apple Exposure
Notific ...)
NOT-FOR-US: GAEN (Google Apple Encounter Notification) protocol
CVE-2020-24720
RESERVED
@@ -5609,8 +5764,8 @@ CVE-2020-24248
RESERVED
CVE-2020-24247
RESERVED
-CVE-2020-24246
- RESERVED
+CVE-2020-24246 (Peplink Balance before 8.1.0rc1 allows an unauthenticated
attacker to ...)
+ TODO: check
CVE-2020-24245
RESERVED
CVE-2020-24244
@@ -19014,8 +19169,8 @@ CVE-2020-17553
RESERVED
CVE-2020-17552
RESERVED
-CVE-2020-17551
- RESERVED
+CVE-2020-17551 (ImpressCMS 1.4.0 is affected by XSS in
modules/system/admin.php which ...)
+ TODO: check
CVE-2020-17550
RESERVED
CVE-2020-17549
@@ -22036,10 +22191,12 @@ CVE-2020-16123
RESERVED
CVE-2020-16122
RESERVED
+ {DLA-2399-1}
- packagekit <unfixed>
NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098
CVE-2020-16121
RESERVED
+ {DLA-2399-1}
- packagekit <unfixed>
NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887
CVE-2020-16120
@@ -24454,12 +24611,12 @@ CVE-2020-15179 (The ScratchSig extension for
MediaWiki before version 1.0.1 allo
NOT-FOR-US: ScratchSig MediaWiki extension
CVE-2020-15178 (In PrestaShop contactform module (prestashop/contactform)
before versi ...)
NOT-FOR-US: PrestaShop
-CVE-2020-15177
- RESERVED
-CVE-2020-15176
- RESERVED
-CVE-2020-15175
- RESERVED
+CVE-2020-15177 (In GLPI before version 9.5.2, the `install/install.php`
endpoint insec ...)
+ TODO: check
+CVE-2020-15176 (In GLPI before version 9.5.2, when supplying a back tick in
input that ...)
+ TODO: check
+CVE-2020-15175 (In GLPI before version 9.5.2, the
`​pluginimage.send.php​` ...)
+ TODO: check
CVE-2020-15174 (In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or
8.5.1 the ...)
TODO: check
CVE-2020-15173 (In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP),
there is a b ...)
@@ -26710,8 +26867,7 @@ CVE-2020-14356 (A flaw null pointer dereference in the
Linux kernel cgroupv2 sub
- linux 5.7.10-1 (bug #966846)
[buster] - linux 4.19.146-1
NOTE: Fixed by:
https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed
-CVE-2020-14355
- RESERVED
+CVE-2020-14355 (Multiple buffer overflow vulnerabilities were found in the
QUIC image ...)
- spice <unfixed> (bug #971750)
- spice-gtk <unfixed> (bug #971751)
NOTE:
https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0abae36033ccde658fd52d3235887b60862d
@@ -27927,6 +28083,7 @@ CVE-2020-13922
CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache
SkyWalking storag ...)
NOT-FOR-US: Apache SkyWalking
CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create
the JMX ...)
+ {DLA-2400-1}
- activemq 5.16.0-1
NOTE:
http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt
NOTE: When fixing this issue make sure to use a complete fix and not
open up
@@ -29426,18 +29583,18 @@ CVE-2020-13349
RESERVED
CVE-2020-13348
RESERVED
-CVE-2020-13347
- RESERVED
-CVE-2020-13346
- RESERVED
+CVE-2020-13347 (A command injection vulnerability was discovered in Gitlab
runner vers ...)
+ TODO: check
+CVE-2020-13346 (Membership changes are not reflected in ToDo subscriptions in
GitLab v ...)
+ TODO: check
CVE-2020-13345 (An issue has been discovered in GitLab affecting all versions
starting ...)
TODO: check
CVE-2020-13344
RESERVED
CVE-2020-13343 (An issue has been discovered in GitLab affecting all versions
starting ...)
TODO: check
-CVE-2020-13342
- RESERVED
+CVE-2020-13342 (An issue has been discovered in GitLab affecting versions
prior to 13. ...)
+ TODO: check
CVE-2020-13341
RESERVED
CVE-2020-13340
@@ -29452,16 +29609,13 @@ CVE-2020-13337 (An issue has been discovered in
GitLab affecting versions from 1
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/199049
CVE-2020-13336 (An issue has been discovered in GitLab affecting versions from
11.8 be ...)
- gitlab <unfixed>
-CVE-2020-13335
- RESERVED
+CVE-2020-13335 (Improper group membership validation when deleting a user
account in G ...)
- gitlab <unfixed>
-CVE-2020-13334
- RESERVED
+CVE-2020-13334 (In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2,
improper autho ...)
- gitlab <unfixed>
CVE-2020-13333 (A potential DOS vulnerability was discovered in GitLab
versions 13.1, ...)
- gitlab <unfixed>
-CVE-2020-13332
- RESERVED
+CVE-2020-13332 (Improper access expiration date validation in GitLab version
>=8.11 ...)
- gitlab <unfixed>
CVE-2020-13331 (An issue has been discovered in GitLab affecting versions
prior to 12. ...)
- gitlab 13.2.3-2
@@ -34017,8 +34171,8 @@ CVE-2020-11801
RESERVED
CVE-2019-20768 (ServiceNow IT Service Management Kingston through Patch 14-1,
London t ...)
NOT-FOR-US: ServiceNow IT Service Management Kingston
-CVE-2020-11800
- RESERVED
+CVE-2020-11800 (Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows
remote att ...)
+ TODO: check
CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate
privile ...)
NOT-FOR-US: Z-Cron
CVE-2020-11798 (A Directory Traversal vulnerability in the web conference
component of ...)
@@ -36347,9 +36501,11 @@ CVE-2020-11078 (In httplib2 before version 0.18.0, an
attacker controlling unesc
NOTE:
https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
NOTE:
https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e
CVE-2020-11077 (In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could
smuggle a re ...)
+ {DLA-2398-1}
- puma <unfixed>
NOTE:
https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could
smuggle a ...)
+ {DLA-2398-1}
- puma <unfixed>
NOTE:
https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
NOTE:
https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
@@ -45090,8 +45246,8 @@ CVE-2020-7744
RESERVED
CVE-2020-7743
RESERVED
-CVE-2020-7742
- RESERVED
+CVE-2020-7742 (This affects the package simpl-schema before 1.10.2. ...)
+ TODO: check
CVE-2020-7741 (This affects the package hellojs before 1.18.6. The code get
the param ...)
TODO: check
CVE-2020-7740 (This affects all versions of package node-pdf-generator. Due to
lack o ...)
@@ -46023,8 +46179,8 @@ CVE-2020-7318
RESERVED
CVE-2020-7317
RESERVED
-CVE-2020-7316
- RESERVED
+CVE-2020-7316 (Unquoted service path vulnerability in McAfee File and
Removable Media ...)
+ TODO: check
CVE-2020-7315 (DLL Injection Vulnerability in McAfee Agent (MA) for Windows
prior to ...)
NOT-FOR-US: McAfee
CVE-2020-7314 (Privilege Escalation Vulnerability in the installer in McAfee
Data Exc ...)
@@ -73798,8 +73954,8 @@ CVE-2019-16162 (Onigmo through 6.2.0 has an
out-of-bounds read in parse_char_cla
NOT-FOR-US: Onigmo (fork of Oniguruma)
CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer dereference in
onig_error_code ...)
NOT-FOR-US: Onigmo (fork of Oniguruma)
-CVE-2019-16160
- RESERVED
+CVE-2019-16160 (An integer underflow in the SMB server of MikroTik RouterOS
before 6.4 ...)
+ TODO: check
CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x
through 2.0.5 ...)
- bird 1.6.8-1 (bug #939990)
[buster] - bird 1.6.6-1+deb10u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/992bbc918752421271be3749116376207791cf31
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/992bbc918752421271be3749116376207791cf31
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
