Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b1100e50 by security tracker role at 2020-11-02T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-28056
+ RESERVED
+CVE-2020-28055
+ RESERVED
+CVE-2020-28054
+ RESERVED
+CVE-2020-28053
+ RESERVED
+CVE-2020-28052
+ RESERVED
+CVE-2020-28051
+ RESERVED
+CVE-2020-28050
+ RESERVED
+CVE-2020-28049
+ RESERVED
+CVE-2020-28048
+ RESERVED
+CVE-2020-28047
+ RESERVED
CVE-2020-XXXX [tmux buffer overflow in CSI parsing]
- tmux 3.1c-1
[buster] - tmux <not-affected> (Vulnerable code introduced later)
@@ -107,6 +127,8 @@ CVE-2020-28008
CVE-2020-28007
RESERVED
CVE-2020-25692 [vulnerability with slapd normalization handling with modrdn]
+ RESERVED
+ {DSA-4782-1 DLA-2425-1}
- openldap 2.4.55+dfsg-1
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9370
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/4c774220a752bf8e3284984890dc0931fe73165d
@@ -7487,8 +7509,8 @@ CVE-2020-24883
RESERVED
CVE-2020-24882
RESERVED
-CVE-2020-24881
- RESERVED
+CVE-2020-24881 (SSRF exists in osTicket before 1.14.3, where an attacker can
add malic ...)
+ TODO: check
CVE-2020-24880
RESERVED
CVE-2020-24879
@@ -10104,8 +10126,8 @@ CVE-2020-23641
RESERVED
CVE-2020-23640
RESERVED
-CVE-2020-23639
- RESERVED
+CVE-2020-23639 (A command injection vulnerability exists in Moxa Inc VPort 461
Series ...)
+ TODO: check
CVE-2020-23638
RESERVED
CVE-2020-23637
@@ -29813,8 +29835,8 @@ CVE-2020-14427 (Certain NETGEAR devices are affected by
disclosure of administra
NOT-FOR-US: NETGEAR
CVE-2020-14426 (Certain NETGEAR devices are affected by disclosure of
administrative c ...)
NOT-FOR-US: NETGEAR
-CVE-2020-14425
- RESERVED
+CVE-2020-14425 (Foxit Reader before 10.0 allows Remote Command Execution via
the app.o ...)
+ TODO: check
CVE-2020-14424
RESERVED
CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret
in Core/ ...)
@@ -40318,8 +40340,8 @@ CVE-2020-10938 (GraphicsMagick before 1.3.35 has an
integer overflow and resulta
{DSA-4675-1 DLA-2173-1}
- graphicsmagick 1.4+really1.3.34-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce
-CVE-2020-10937
- RESERVED
+CVE-2020-10937 (An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An
attacker can ...)
+ TODO: check
CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
{DLA-2401-1}
- sympa 6.2.40~dfsg-5 (bug #961491)
@@ -44472,8 +44494,8 @@ CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows
remote attackers to cause a de
NOTE: https://github.com/sympa-community/sympa/issues/886
NOTE: https://sympa-community.github.io/security/2020-001.html
NOTE: Upstream patch:
https://github.com/sympa-community/sympa/releases/download/6.2.54/sympa-6.2.52-sa-2020-001.patch
-CVE-2020-9368
- RESERVED
+CVE-2020-9368 (The Module Olea Gift On Order module through 5.0.8 for
PrestaShop enab ...)
+ TODO: check
CVE-2020-9367
RESERVED
CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds
(OOB) re ...)
@@ -48518,10 +48540,10 @@ CVE-2020-7760 (This affects the package codemirror
before 5.58.2; the package or
TODO: check
CVE-2020-7759 (The package pimcore/pimcore from 6.7.2 and before 6.8.3 are
vulnerable ...)
TODO: check
-CVE-2020-7758
- RESERVED
-CVE-2020-7757
- RESERVED
+CVE-2020-7758 (This affects all versions of package browserless-chrome. User
input fl ...)
+ TODO: check
+CVE-2020-7757 (This affects all versions of package droppy. It is possible to
travers ...)
+ TODO: check
CVE-2020-7756
RESERVED
CVE-2020-7755 (All versions of package dat.gui are vulnerable to Regular
Expression D ...)
@@ -91583,7 +91605,7 @@ CVE-2019-11781
RESERVED
CVE-2019-11780 (Improper access control in the computed fields system of the
framework ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/42196
+ NOTE: https://github.com/odoo/odoo/issues/42196
CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious
MQTT cli ...)
{DSA-4570-1 DLA-1972-1}
- mosquitto 1.6.6-1 (bug #940654)
@@ -120080,20 +120102,20 @@ CVE-2018-19958
RESERVED
CVE-2018-19957
RESERVED
-CVE-2018-19956
- RESERVED
-CVE-2018-19955
- RESERVED
-CVE-2018-19954
- RESERVED
+CVE-2018-19956 (The cross-site scripting vulnerability has been reported to
affect ear ...)
+ TODO: check
+CVE-2018-19955 (The cross-site scripting vulnerability has been reported to
affect ear ...)
+ TODO: check
+CVE-2018-19954 (The cross-site scripting vulnerability has been reported to
affect ear ...)
+ TODO: check
CVE-2018-19953 (If exploited, this cross-site scripting vulnerability could
allow remo ...)
NOT-FOR-US: QNAP
-CVE-2018-19952
- RESERVED
-CVE-2018-19951
- RESERVED
-CVE-2018-19950
- RESERVED
+CVE-2018-19952 (If exploited, this SQL injection vulnerability could allow
remote atta ...)
+ TODO: check
+CVE-2018-19951 (If exploited, this cross-site scripting vulnerability could
allow remo ...)
+ TODO: check
+CVE-2018-19950 (If exploited, this command injection vulnerability could allow
remote ...)
+ TODO: check
CVE-2018-19949 (If exploited, this command injection vulnerability could allow
remote ...)
NOT-FOR-US: QNAP
CVE-2018-19948 (The vulnerability have been reported to affect earlier
versions of Hel ...)
@@ -126646,8 +126668,8 @@ CVE-2018-19027 (Three type confusion vulnerabilities
exist in CX-One Versions 4.
NOT-FOR-US: CX-One
CVE-2018-19026
RESERVED
-CVE-2018-19025
- RESERVED
+CVE-2018-19025 (In JUUKO K-808, an attacker could specially craft a packet
that encode ...)
+ TODO: check
CVE-2018-19024
RESERVED
CVE-2018-19023 (Hetronic Nova-M prior to verson r161 uses fixed codes that are
reprodu ...)
@@ -129680,8 +129702,8 @@ CVE-2018-17934 (NUUO CMS All versions 3.3 and prior
the application allows exter
NOT-FOR-US: NUUO CMS
CVE-2018-17933 (VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior
versions may al ...)
NOT-FOR-US: VGo Robot
-CVE-2018-17932
- RESERVED
+CVE-2018-17932 (JUUKO K-800 (Firmware versions prior to numbers ending ...9A,
...9B, . ...)
+ TODO: check
CVE-2018-17931 (If an attacker has physical access to the VGo Robot (Versions
3.0.3.52 ...)
NOT-FOR-US: VGo Robot
CVE-2018-17930 (A stack-based buffer overflow vulnerability has been
identified in Tel ...)
@@ -135606,7 +135628,7 @@ CVE-2018-15641
RESERVED
CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise
10.0 th ...)
- odoo <not-affected> (Only in enterprise version)
- NOTE: https://github.com/odoo/odoo/issues/32514
+ NOTE: https://github.com/odoo/odoo/issues/32514
CVE-2018-15639
RESERVED
CVE-2018-15638
@@ -135617,7 +135639,7 @@ CVE-2018-15636
RESERVED
CVE-2018-15635 (Cross-site scripting vulnerability in the Discuss App of Odoo
Communit ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32515
+ NOTE: https://github.com/odoo/odoo/issues/32515
CVE-2018-15634
RESERVED
CVE-2018-15633
@@ -135626,7 +135648,7 @@ CVE-2018-15632
RESERVED
CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community
12.0 and ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32514
+ NOTE: https://github.com/odoo/odoo/issues/32514
CVE-2018-15630
RESERVED
CVE-2018-15629
@@ -137363,13 +137385,13 @@ CVE-2018-14888 (inc/plugins/thankyoulike.php in the
Eldenroot Thank You/Like plu
NOT-FOR-US: Eldenroot Thank You/Like plugin for MyBB
CVE-2018-14887 (Improper Host header sanitization in the dbfilter routing
component in ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32511
+ NOTE: https://github.com/odoo/odoo/issues/32511
CVE-2018-14886 (The module-description renderer in Odoo Community 11.0 and
earlier and ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32513
+ NOTE: https://github.com/odoo/odoo/issues/32513
CVE-2018-14885 (Incorrect access control in the database manager component in
Odoo Com ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32512
+ NOTE: https://github.com/odoo/odoo/issues/32512
CVE-2018-14884 (An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x
before 7.1.1 ...)
- php7.2 7.2.1-1
- php7.1 7.1.13-1
@@ -137441,31 +137463,31 @@ CVE-2018-14869 (PHP Template Store Script 3.0.6
allows XSS via the Address line
NOT-FOR-US: PHP Template Store Script
CVE-2018-14868 (Incorrect access control in the Password Encryption module in
Odoo Com ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32507
+ NOTE: https://github.com/odoo/odoo/issues/32507
CVE-2018-14867 (Incorrect access control in the portal messaging system in
Odoo Commun ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32503
+ NOTE: https://github.com/odoo/odoo/issues/32503
CVE-2018-14866 (Incorrect access control in the TransientModel framework in
Odoo Commu ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32509
+ NOTE: https://github.com/odoo/odoo/issues/32509
CVE-2018-14865 (Report engine in Odoo Community 9.0 through 11.0 and earlier
and Odoo ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32501
+ NOTE: https://github.com/odoo/odoo/issues/32501
CVE-2018-14864 (Incorrect access control in asset bundles in Odoo Community
9.0 throug ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32502
+ NOTE: https://github.com/odoo/odoo/issues/32502
CVE-2018-14863 (Incorrect access control in the RPC framework in Odoo
Community 8.0 th ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32508
+ NOTE: https://github.com/odoo/odoo/issues/32508
CVE-2018-14862 (Incorrect access control in the mail templating system in Odoo
Communi ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32504
+ NOTE: https://github.com/odoo/odoo/issues/32504
CVE-2018-14861 (Improper data access control in Odoo Community 10.0 and 11.0
and Odoo ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32506
+ NOTE: https://github.com/odoo/odoo/issues/32506
CVE-2018-14860 (Improper sanitization of dynamic user expressions in Odoo
Community 11 ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/32505
+ NOTE: https://github.com/odoo/odoo/issues/32505
CVE-2018-14859 (Incorrect access control in the password reset component in
Odoo Commu ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/odoo/odoo/issues/32510
@@ -137821,7 +137843,7 @@ CVE-2018-14735 (An Information Exposure issue was
discovered in Hitachi Command
NOT-FOR-US: Hitachi
CVE-2018-14733 (The Odoo Community Association (OCA) dbfilter_from_header
module makes ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/OCA/server-tools/issues/1335
+ NOTE: https://github.com/OCA/server-tools/issues/1335
CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through
4.17.11 all ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.14-1
@@ -199153,13 +199175,13 @@ CVE-2017-10807 (JabberD 2.x (aka jabberd2) before
2.6.1 allows anyone to authent
NOTE: https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1
CVE-2017-10805 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo
Enterprise ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/17921
+ NOTE: https://github.com/odoo/odoo/issues/17921
CVE-2017-10804 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo
Enterprise ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/17914
+ NOTE: https://github.com/odoo/odoo/issues/17914
CVE-2017-10803 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo
Enterprise ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/17898
+ NOTE: https://github.com/odoo/odoo/issues/17898
CVE-2017-10802
RESERVED
CVE-2017-10801 (phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the
PATH_INFO ...)
@@ -203077,7 +203099,7 @@ CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow
remote attackers to execute ar
NOTE: https://marc.info/?l=linux-wireless&m=150391055518346&w=2
CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo
8.0, 9.0, ...)
- odoo <not-affected> (Fixed before initial upload to Debian)
- NOTE: https://github.com/odoo/odoo/issues/17394
+ NOTE: https://github.com/odoo/odoo/issues/17394
CVE-2017-9415 (Cross-site request forgery (CSRF) vulnerability in subsonic
6.1.1 allo ...)
NOT-FOR-US: Subsonic
CVE-2017-9414 (Cross-site request forgery (CSRF) vulnerability in the
Subscribe to Po ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1100e50b42f24a4fa64c40746d995a1b3cf8a8d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1100e50b42f24a4fa64c40746d995a1b3cf8a8d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
