[Git][security-tracker-team/security-tracker][master] automatic update

Sat, 07 Nov 2020 00:11:16 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
87db650f by security tracker role at 2020-11-07T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-28338
+       RESERVED
+CVE-2020-28337
+       RESERVED
+CVE-2020-28336
+       RESERVED
 CVE-2021-1050
        RESERVED
 CVE-2021-1049
@@ -1845,8 +1851,8 @@ CVE-2020-28170
        RESERVED
 CVE-2020-28169
        RESERVED
-CVE-2020-28168
-       RESERVED
+CVE-2020-28168 (Axios NPM package 0.21.0 contains a Server-Side Request 
Forgery (SSRF) ...)
+       TODO: check
 CVE-2020-28167
        RESERVED
 CVE-2020-28166
@@ -5188,11 +5194,11 @@ CVE-2020-26870 (Cure53 DOMPurify before 2.0.17 allows 
mutation XSS. This occurs
        - dompurify.js <removed>
        NOTE: 
https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/
        NOTE: 
https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d
-CVE-2020-26869 (An information exposure vulnerability exists in PcVue 12, 
allowing a n ...)
+CVE-2020-26869 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable 
to infor ...)
        NOT-FOR-US: PcVue
-CVE-2020-26868 (A Denial Of Service vulnerability exists in PcVue from version 
8.10 on ...)
+CVE-2020-26868 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable 
to a den ...)
        NOT-FOR-US: PcVue
-CVE-2020-26867 (A Remote Code Execution vulnerability exists in PcVue from 
version 8.1 ...)
+CVE-2020-26867 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable 
due to t ...)
        NOT-FOR-US: PcVue
 CVE-2020-26866
        RESERVED
@@ -27475,14 +27481,12 @@ CVE-2020-16124 (Integer Overflow or Wraparound 
vulnerability in the XML RPC libr
        NOTE: https://github.com/ros/ros_comm/pull/2065
 CVE-2020-16123
        RESERVED
-CVE-2020-16122
-       RESERVED
+CVE-2020-16122 (PackageKit's apt backend mistakenly treated all local debs as 
trusted. ...)
        {DLA-2399-1}
        - packagekit 1.2.1-1 (bug #972229)
        [buster] - packagekit <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098
-CVE-2020-16121
-       RESERVED
+CVE-2020-16121 (PackageKit provided detailed error messages to unprivileged 
callers th ...)
        {DLA-2399-1}
        - packagekit 1.2.1-1 (bug #972229)
        [buster] - packagekit <no-dsa> (Minor issue)
@@ -29744,8 +29748,8 @@ CVE-2020-15261 (On Windows the Veyon Service before 
version 4.4.2 contains an un
        NOTE: 
https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp
 CVE-2020-15260
        RESERVED
-CVE-2020-15259
-       RESERVED
+CVE-2020-15259 (ad-ldap-connector's admin panel before version 5.0.13 does not 
provide ...)
+       TODO: check
 CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without 
checking  ...)
        NOT-FOR-US: Wire app
 CVE-2020-15257



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87db650ff58b09a848a2dcc94a9c0e19328c97bd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87db650ff58b09a848a2dcc94a9c0e19328c97bd
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to