[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 04 Nov 2020 12:11:12 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
38da8e4e by security tracker role at 2020-11-04T20:10:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -316,8 +316,7 @@ CVE-2020-28051
        RESERVED
 CVE-2020-28050
        RESERVED
-CVE-2020-28049 [local privilege escalation due to race  condition in creation 
of the Xauthority file]
-       RESERVED
+CVE-2020-28049 (An issue was discovered in SDDM before 0.19.0. It incorrectly 
starts t ...)
        - sddm <unfixed> (bug #973748)
        NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/2
        NOTE: 
https://github.com/sddm/sddm/commit/be202f533ab98a684c6a007e8d5b4357846bc222
@@ -501,7 +500,8 @@ CVE-2020-27983
        RESERVED
 CVE-2020-27982
        RESERVED
-CVE-2020-27981 (An XSS vulnerability in the auto-complete function of the 
description  ...)
+CVE-2020-27981
+       REJECTED
        NOT-FOR-US: Firefly III
 CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS 
in the WL ...)
        NOT-FOR-US: Genexis Platinum-4410 P4410-V2-1.28 devices
@@ -4886,8 +4886,8 @@ CVE-2020-26169
        RESERVED
 CVE-2020-26168
        RESERVED
-CVE-2020-26167
-       RESERVED
+CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature 
allows an ano ...)
+       TODO: check
 CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the 
file descr ...)
        NOT-FOR-US: qdPM
 CVE-2020-26165
@@ -13198,18 +13198,18 @@ CVE-2020-22280
        RESERVED
 CVE-2020-22279
        RESERVED
-CVE-2020-22278
-       RESERVED
-CVE-2020-22277
-       RESERVED
-CVE-2020-22276
-       RESERVED
-CVE-2020-22275
-       RESERVED
-CVE-2020-22274
-       RESERVED
-CVE-2020-22273
-       RESERVED
+CVE-2020-22278 (phpMyAdmin through 5.0.2 allows CSV injection via Export 
Section ...)
+       TODO: check
+CVE-2020-22277 (Import and export users and customers WordPress Plugin through 
1.15.5. ...)
+       TODO: check
+CVE-2020-22276 (WeForms Wordpress Plugin 1.4.7 allows CSV injection via a 
form's entry ...)
+       TODO: check
+CVE-2020-22275 (Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 
allows an at ...)
+       TODO: check
+CVE-2020-22274 (JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV 
injection ...)
+       TODO: check
+CVE-2020-22273 (Neoflex Video Subscription System Version 2.0 is affected by 
CSRF whic ...)
+       TODO: check
 CVE-2020-22272
        RESERVED
 CVE-2020-22271
@@ -48109,10 +48109,10 @@ CVE-2020-8039
        RESERVED
 CVE-2020-8038
        RESERVED
-CVE-2020-8037
-       RESERVED
-CVE-2020-8036
-       RESERVED
+CVE-2020-8037 (The ppp decapsulator in tcpdump 4.9.3 can be convinced to 
allocate a l ...)
+       TODO: check
+CVE-2020-8036 (The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by 
the SO ...)
+       TODO: check
 CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition 
before ...)
        {DLA-2230-1}
        - php-horde 5.2.23+debian0-1 (bug #963809)
@@ -63343,68 +63343,47 @@ CVE-2020-2321
        RESERVED
 CVE-2020-2320
        RESERVED
-CVE-2020-2319
-       RESERVED
+CVE-2020-2319 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier 
stores a pa ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2318
-       RESERVED
+CVE-2020-2318 (Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and 
earlier  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2317
-       RESERVED
+CVE-2020-2317 (Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the 
annotati ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2316
-       RESERVED
+CVE-2020-2316 (Jenkins Static Analysis Utilities Plugin 1.96 and earlier does 
not esc ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2315
-       RESERVED
+CVE-2020-2315 (Jenkins Visualworks Store Plugin 1.1.3 and earlier does not 
configure  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2314
-       RESERVED
+CVE-2020-2314 (Jenkins AppSpider Plugin 1.0.12 and earlier stores a password 
unencryp ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2313
-       RESERVED
+CVE-2020-2313 (A missing permission check in Jenkins Azure Key Vault Plugin 
2.0 and e ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2312
-       RESERVED
+CVE-2020-2312 (Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does 
not mask  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2311
-       RESERVED
+CVE-2020-2311 (A missing permission check in Jenkins AWS Global Configuration 
Plugin  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2310
-       RESERVED
+CVE-2020-2310 (Missing permission checks in Jenkins Ansible Plugin 1.0 and 
earlier al ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2309
-       RESERVED
+CVE-2020-2309 (A missing/An incorrect permission check in Jenkins Kubernetes 
Plugin 1 ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2308
-       RESERVED
+CVE-2020-2308 (A missing permission check in Jenkins Kubernetes Plugin 1.27.3 
and ear ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2307
-       RESERVED
+CVE-2020-2307 (Jenkins Kubernetes Plugin 1.27.3 and earlier allows 
low-privilege user ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2306
-       RESERVED
+CVE-2020-2306 (A missing permission check in Jenkins Mercurial Plugin 2.11 and 
earlie ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2305
-       RESERVED
+CVE-2020-2305 (Jenkins Mercurial Plugin 2.11 and earlier does not configure 
its XML p ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2304
-       RESERVED
+CVE-2020-2304 (Jenkins Subversion Plugin 2.13.1 and earlier does not configure 
its XM ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2303
-       RESERVED
+CVE-2020-2303 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Active Di ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2302
-       RESERVED
+CVE-2020-2302 (A missing permission check in Jenkins Active Directory Plugin 
2.19 and ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2301
-       RESERVED
+CVE-2020-2301 (Jenkins Active Directory Plugin 2.19 and earlier allows 
attackers to l ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2300
-       RESERVED
+CVE-2020-2300 (Jenkins Active Directory Plugin 2.19 and earlier does not 
prohibit the ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2020-2299
-       RESERVED
+CVE-2020-2299 (Jenkins Active Directory Plugin 2.19 and earlier allows 
attackers to l ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2020-2298 (Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure 
its XML ...)
        NOT-FOR-US: Jenkins plugin
@@ -240191,7 +240170,7 @@ CVE-2016-6607 (XSS issues were discovered in 
phpMyAdmin. This affects Zoom searc
        - phpmyadmin 4:4.6.4+dfsg1-1
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
 CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The 
decryp ...)
-       {DLA-1821-1 DLA-626-1}
+       {DLA-626-1}
        - phpmyadmin 4:4.6.4+dfsg1-1
        NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
 CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote 
attackers to ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38da8e4eec50e5735cb402d2f1948308fb63499f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38da8e4eec50e5735cb402d2f1948308fb63499f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to