Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
824e31eb by security tracker role at 2020-11-16T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,505 @@
+CVE-2020-28889
+ RESERVED
+CVE-2020-28888
+ RESERVED
+CVE-2020-28887
+ RESERVED
+CVE-2020-28886
+ RESERVED
+CVE-2020-28885
+ RESERVED
+CVE-2020-28884
+ RESERVED
+CVE-2020-28883
+ RESERVED
+CVE-2020-28882
+ RESERVED
+CVE-2020-28881
+ RESERVED
+CVE-2020-28880
+ RESERVED
+CVE-2020-28879
+ RESERVED
+CVE-2020-28878
+ RESERVED
+CVE-2020-28877
+ RESERVED
+CVE-2020-28876
+ RESERVED
+CVE-2020-28875
+ RESERVED
+CVE-2020-28874
+ RESERVED
+CVE-2020-28873
+ RESERVED
+CVE-2020-28872
+ RESERVED
+CVE-2020-28871
+ RESERVED
+CVE-2020-28870
+ RESERVED
+CVE-2020-28869
+ RESERVED
+CVE-2020-28868
+ RESERVED
+CVE-2020-28867
+ RESERVED
+CVE-2020-28866
+ RESERVED
+CVE-2020-28865
+ RESERVED
+CVE-2020-28864
+ RESERVED
+CVE-2020-28863
+ RESERVED
+CVE-2020-28862
+ RESERVED
+CVE-2020-28861
+ RESERVED
+CVE-2020-28860
+ RESERVED
+CVE-2020-28859
+ RESERVED
+CVE-2020-28858
+ RESERVED
+CVE-2020-28857
+ RESERVED
+CVE-2020-28856
+ RESERVED
+CVE-2020-28855
+ RESERVED
+CVE-2020-28854
+ RESERVED
+CVE-2020-28853
+ RESERVED
+CVE-2020-28852
+ RESERVED
+CVE-2020-28851
+ RESERVED
+CVE-2020-28850
+ RESERVED
+CVE-2020-28849
+ RESERVED
+CVE-2020-28848
+ RESERVED
+CVE-2020-28847
+ RESERVED
+CVE-2020-28846
+ RESERVED
+CVE-2020-28845
+ RESERVED
+CVE-2020-28844
+ RESERVED
+CVE-2020-28843
+ RESERVED
+CVE-2020-28842
+ RESERVED
+CVE-2020-28841
+ RESERVED
+CVE-2020-28840
+ RESERVED
+CVE-2020-28839
+ RESERVED
+CVE-2020-28838
+ RESERVED
+CVE-2020-28837
+ RESERVED
+CVE-2020-28836
+ RESERVED
+CVE-2020-28835
+ RESERVED
+CVE-2020-28834
+ RESERVED
+CVE-2020-28833
+ RESERVED
+CVE-2020-28832
+ RESERVED
+CVE-2020-28831
+ RESERVED
+CVE-2020-28830
+ RESERVED
+CVE-2020-28829
+ RESERVED
+CVE-2020-28828
+ RESERVED
+CVE-2020-28827
+ RESERVED
+CVE-2020-28826
+ RESERVED
+CVE-2020-28825
+ RESERVED
+CVE-2020-28824
+ RESERVED
+CVE-2020-28823
+ RESERVED
+CVE-2020-28822
+ RESERVED
+CVE-2020-28821
+ RESERVED
+CVE-2020-28820
+ RESERVED
+CVE-2020-28819
+ RESERVED
+CVE-2020-28818
+ RESERVED
+CVE-2020-28817
+ RESERVED
+CVE-2020-28816
+ RESERVED
+CVE-2020-28815
+ RESERVED
+CVE-2020-28814
+ RESERVED
+CVE-2020-28813
+ RESERVED
+CVE-2020-28812
+ RESERVED
+CVE-2020-28811
+ RESERVED
+CVE-2020-28810
+ RESERVED
+CVE-2020-28809
+ RESERVED
+CVE-2020-28808
+ RESERVED
+CVE-2020-28807
+ RESERVED
+CVE-2020-28806
+ RESERVED
+CVE-2020-28805
+ RESERVED
+CVE-2020-28804
+ RESERVED
+CVE-2020-28803
+ RESERVED
+CVE-2020-28802
+ RESERVED
+CVE-2020-28801
+ RESERVED
+CVE-2020-28800
+ RESERVED
+CVE-2020-28799
+ RESERVED
+CVE-2020-28798
+ RESERVED
+CVE-2020-28797
+ RESERVED
+CVE-2020-28796
+ RESERVED
+CVE-2020-28795
+ RESERVED
+CVE-2020-28794
+ RESERVED
+CVE-2020-28793
+ RESERVED
+CVE-2020-28792
+ RESERVED
+CVE-2020-28791
+ RESERVED
+CVE-2020-28790
+ RESERVED
+CVE-2020-28789
+ RESERVED
+CVE-2020-28788
+ RESERVED
+CVE-2020-28787
+ RESERVED
+CVE-2020-28786
+ RESERVED
+CVE-2020-28785
+ RESERVED
+CVE-2020-28784
+ RESERVED
+CVE-2020-28783
+ RESERVED
+CVE-2020-28782
+ RESERVED
+CVE-2020-28781
+ RESERVED
+CVE-2020-28780
+ RESERVED
+CVE-2020-28779
+ RESERVED
+CVE-2020-28778
+ RESERVED
+CVE-2020-28777
+ RESERVED
+CVE-2020-28776
+ RESERVED
+CVE-2020-28775
+ RESERVED
+CVE-2020-28774
+ RESERVED
+CVE-2020-28773
+ RESERVED
+CVE-2020-28772
+ RESERVED
+CVE-2020-28771
+ RESERVED
+CVE-2020-28770
+ RESERVED
+CVE-2020-28769
+ RESERVED
+CVE-2020-28768
+ RESERVED
+CVE-2020-28767
+ RESERVED
+CVE-2020-28766
+ RESERVED
+CVE-2020-28765
+ RESERVED
+CVE-2020-28764
+ RESERVED
+CVE-2020-28763
+ RESERVED
+CVE-2020-28762
+ RESERVED
+CVE-2020-28761
+ RESERVED
+CVE-2020-28760
+ RESERVED
+CVE-2020-28759
+ RESERVED
+CVE-2020-28758
+ RESERVED
+CVE-2020-28757
+ RESERVED
+CVE-2020-28756
+ RESERVED
+CVE-2020-28755
+ RESERVED
+CVE-2020-28754
+ RESERVED
+CVE-2020-28753
+ RESERVED
+CVE-2020-28752
+ RESERVED
+CVE-2020-28751
+ RESERVED
+CVE-2020-28750
+ RESERVED
+CVE-2020-28749
+ RESERVED
+CVE-2020-28748
+ RESERVED
+CVE-2020-28747
+ RESERVED
+CVE-2020-28746
+ RESERVED
+CVE-2020-28745
+ RESERVED
+CVE-2020-28744
+ RESERVED
+CVE-2020-28743
+ RESERVED
+CVE-2020-28742
+ RESERVED
+CVE-2020-28741
+ RESERVED
+CVE-2020-28740
+ RESERVED
+CVE-2020-28739
+ RESERVED
+CVE-2020-28738
+ RESERVED
+CVE-2020-28737
+ RESERVED
+CVE-2020-28736
+ RESERVED
+CVE-2020-28735
+ RESERVED
+CVE-2020-28734
+ RESERVED
+CVE-2020-28733
+ RESERVED
+CVE-2020-28732
+ RESERVED
+CVE-2020-28731
+ RESERVED
+CVE-2020-28730
+ RESERVED
+CVE-2020-28729
+ RESERVED
+CVE-2020-28728
+ RESERVED
+CVE-2020-28727
+ RESERVED
+CVE-2020-28726
+ RESERVED
+CVE-2020-28725
+ RESERVED
+CVE-2020-28724
+ RESERVED
+CVE-2020-28723
+ RESERVED
+CVE-2020-28722
+ RESERVED
+CVE-2020-28721
+ RESERVED
+CVE-2020-28720
+ RESERVED
+CVE-2020-28719
+ RESERVED
+CVE-2020-28718
+ RESERVED
+CVE-2020-28717
+ RESERVED
+CVE-2020-28716
+ RESERVED
+CVE-2020-28715
+ RESERVED
+CVE-2020-28714
+ RESERVED
+CVE-2020-28713
+ RESERVED
+CVE-2020-28712
+ RESERVED
+CVE-2020-28711
+ RESERVED
+CVE-2020-28710
+ RESERVED
+CVE-2020-28709
+ RESERVED
+CVE-2020-28708
+ RESERVED
+CVE-2020-28707
+ RESERVED
+CVE-2020-28706
+ RESERVED
+CVE-2020-28705
+ RESERVED
+CVE-2020-28704
+ RESERVED
+CVE-2020-28703
+ RESERVED
+CVE-2020-28702
+ RESERVED
+CVE-2020-28701
+ RESERVED
+CVE-2020-28700
+ RESERVED
+CVE-2020-28699
+ RESERVED
+CVE-2020-28698
+ RESERVED
+CVE-2020-28697
+ RESERVED
+CVE-2020-28696
+ RESERVED
+CVE-2020-28695
+ RESERVED
+CVE-2020-28694
+ RESERVED
+CVE-2020-28693
+ RESERVED
+CVE-2020-28692
+ RESERVED
+CVE-2020-28691
+ RESERVED
+CVE-2020-28690
+ RESERVED
+CVE-2020-28689
+ RESERVED
+CVE-2020-28688
+ RESERVED
+CVE-2020-28687
+ RESERVED
+CVE-2020-28686
+ RESERVED
+CVE-2020-28685
+ RESERVED
+CVE-2020-28684
+ RESERVED
+CVE-2020-28683
+ RESERVED
+CVE-2020-28682
+ RESERVED
+CVE-2020-28681
+ RESERVED
+CVE-2020-28680
+ RESERVED
+CVE-2020-28679
+ RESERVED
+CVE-2020-28678
+ RESERVED
+CVE-2020-28677
+ RESERVED
+CVE-2020-28676
+ RESERVED
+CVE-2020-28675
+ RESERVED
+CVE-2020-28674
+ RESERVED
+CVE-2020-28673
+ RESERVED
+CVE-2020-28672
+ RESERVED
+CVE-2020-28671
+ RESERVED
+CVE-2020-28670
+ RESERVED
+CVE-2020-28669
+ RESERVED
+CVE-2020-28668
+ RESERVED
+CVE-2020-28667
+ RESERVED
+CVE-2020-28666
+ RESERVED
+CVE-2020-28665
+ RESERVED
+CVE-2020-28664
+ RESERVED
+CVE-2020-28663
+ RESERVED
+CVE-2020-28662
+ RESERVED
+CVE-2020-28661
+ RESERVED
+CVE-2020-28660
+ RESERVED
+CVE-2020-28659
+ RESERVED
+CVE-2020-28658
+ RESERVED
+CVE-2020-28657
+ RESERVED
+CVE-2020-28656 (The update functionality of the Discover Media infotainment
system in ...)
+ TODO: check
+CVE-2020-28655
+ RESERVED
+CVE-2020-28654
+ RESERVED
+CVE-2020-28653
+ RESERVED
+CVE-2020-28652
+ RESERVED
+CVE-2020-28651
+ RESERVED
+CVE-2020-28650 (The WPBakery plugin before 6.4.1 for WordPress allows XSS
because it c ...)
+ TODO: check
+CVE-2020-28649 (The orbisius-child-theme-creator plugin before 1.5.2 for
WordPress all ...)
+ TODO: check
+CVE-2020-28648 (Improper input validation in the Auto-Discovery component of
Nagios XI ...)
+ TODO: check
+CVE-2020-28647
+ RESERVED
+CVE-2020-28646
+ RESERVED
+CVE-2020-28645
+ RESERVED
+CVE-2020-28644
+ RESERVED
+CVE-2020-28643
+ RESERVED
+CVE-2020-28642 (In InfiniteWP Admin Panel before 3.1.12.3,
resetPasswordSendMail gener ...)
+ TODO: check
+CVE-2020-28641
+ RESERVED
+CVE-2020-28640
+ RESERVED
+CVE-2020-28639
+ RESERVED
CVE-2021-1625
RESERVED
CVE-2021-1624
@@ -3432,8 +3934,8 @@ CVE-2020-28270 (Overview:Prototype pollution
vulnerability in ‘object-hier
NOT-FOR-US: Node object-hierarchy-access
CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1
through 1. ...)
NOT-FOR-US: Node field
-CVE-2020-28268
- RESERVED
+CVE-2020-28268 (Prototype pollution vulnerability in 'controlled-merge'
versions 1.0.0 ...)
+ TODO: check
CVE-2020-28267 (Prototype pollution vulnerability in '@strikeentco/set'
version 1.0.0 ...)
NOT-FOR-US: Node strikeentco/set
CVE-2017-18926 (raptor_xml_writer_start_element_common in raptor_xml_writer.c
in Rapto ...)
@@ -9541,6 +10043,7 @@ CVE-2020-25711
NOT-FOR-US: Infinispan
CVE-2020-25708 [libvncserver/rfbserver.c has a divide by zero which could
result in DoS]
RESERVED
+ {DLA-2451-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/issues/409
NOTE:
https://github.com/LibVNC/libvncserver/commit/673c07a75ed844d74676f3ccdcfdc706a7052dba
@@ -9589,8 +10092,7 @@ CVE-2020-25696 [psql's \gset allows overwriting
specially treated variables]
- postgresql-9.6 <removed>
[stretch] - postgresql-9.6 <no-dsa> (Minor issue)
NOTE:
https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
-CVE-2020-25695 [Multiple features escape "security restricted operation"
sandbox]
- RESERVED
+CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before
12.5, befo ...)
- postgresql-13 13.1-1
- postgresql-12 <unfixed>
- postgresql-11 <removed>
@@ -9598,8 +10100,7 @@ CVE-2020-25695 [Multiple features escape "security
restricted operation" sandbox
- postgresql-9.6 <removed>
[stretch] - postgresql-9.6 <no-dsa> (Minor issue)
NOTE:
https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
-CVE-2020-25694 [Reconnection can downgrade connection security settings]
- RESERVED
+CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before
12.5, befo ...)
- postgresql-13 13.1-1
- postgresql-12 <unfixed>
- postgresql-11 <removed>
@@ -51217,16 +51718,16 @@ CVE-2020-8275
RESERVED
CVE-2020-8274
RESERVED
-CVE-2020-8273
- RESERVED
-CVE-2020-8272
- RESERVED
-CVE-2020-8271
- RESERVED
-CVE-2020-8270
- RESERVED
-CVE-2020-8269
- RESERVED
+CVE-2020-8273 (Privilege escalation of an authenticated user to root in Citrix
SD-WAN ...)
+ TODO: check
+CVE-2020-8272 (Authentication Bypass resulting in exposure of SD-WAN
functionality in ...)
+ TODO: check
+CVE-2020-8271 (Unauthenticated remote code execution with root privileges in
Citrix S ...)
+ TODO: check
+CVE-2020-8270 (An unprivileged Windows user on the VDA or an SMB user can
perform arb ...)
+ TODO: check
+CVE-2020-8269 (An unprivileged Windows user on the VDA can perform arbitrary
command ...)
+ TODO: check
CVE-2020-8268 (Prototype pollution vulnerability in json8-merge-patch npm
package < ...)
NOT-FOR-US: Node json8-merge-patch
CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10
and ea ...)
@@ -51249,8 +51750,8 @@ CVE-2020-8261 (A vulnerability in the Pulse Connect
Secure / Pulse Policy Secure
NOT-FOR-US: Pulse Secure Pulse Connect Secure / Pulse Policy Secure
CVE-2020-8260 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin
web inter ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
-CVE-2020-8259
- RESERVED
+CVE-2020-8259 (Insufficient protection of the server-side encryption keys in
Nextclou ...)
+ TODO: check
CVE-2020-8258
RESERVED
CVE-2020-8257
@@ -51569,8 +52070,8 @@ CVE-2020-8154 (An Insecure direct object reference
vulnerability in Nextcloud Se
- nextcloud-server <itp> (bug #941708)
CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to
delete hi ...)
NOT-FOR-US: Nextcloud Groupfolders app
-CVE-2020-8152
- RESERVED
+CVE-2020-8152 (Insufficient protection of the server-side encryption keys in
Nextclou ...)
+ TODO: check
CVE-2020-8151 (There is a possible information disclosure issue in Active
Resource &l ...)
- rails <not-affected> (Vulnerable code splitted out upstream before
initial upload to Debian)
NOTE: ActiveResource was extracted to a separate gem in starting in the
4.0 rails
@@ -57816,22 +58317,22 @@ CVE-2020-5668
RESERVED
CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App
for iOS ...)
NOT-FOR-US: Studyplus
-CVE-2020-5666
- RESERVED
+CVE-2020-5666 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R
Series ...)
+ TODO: check
CVE-2020-5665
RESERVED
-CVE-2020-5664
- RESERVED
-CVE-2020-5663
- RESERVED
-CVE-2020-5662
- RESERVED
+CVE-2020-5664 (Deserialization of untrusted data vulnerability in XooNIps 3.49
and ea ...)
+ TODO: check
+CVE-2020-5663 (Stored cross-site scripting vulnerability in XooNIps 3.49 and
earlier ...)
+ TODO: check
+CVE-2020-5662 (Reflected cross-site scripting vulnerability in XooNIps 3.49
and earli ...)
+ TODO: check
CVE-2020-5661
RESERVED
CVE-2020-5660
RESERVED
-CVE-2020-5659
- RESERVED
+CVE-2020-5659 (SQL injection vulnerability in the XooNIps 3.49 and earlier
allows rem ...)
+ TODO: check
CVE-2020-5658 (Resource Management Errors vulnerability in TCP/IP function
included i ...)
NOT-FOR-US: Mitsubishi
CVE-2020-5657 (Improper neutralization of argument delimiters in a command
('Argument ...)
@@ -66467,12 +66968,12 @@ CVE-2020-2494
RESERVED
CVE-2020-2493
RESERVED
-CVE-2020-2492
- RESERVED
+CVE-2020-2492 (If exploited, the command injection vulnerability could allow
remote a ...)
+ TODO: check
CVE-2020-2491
RESERVED
-CVE-2020-2490
- RESERVED
+CVE-2020-2490 (If exploited, the command injection vulnerability could allow
remote a ...)
+ TODO: check
CVE-2019-19701
RESERVED
CVE-2019-19700
@@ -67881,22 +68382,22 @@ CVE-2019-19565
RESERVED
CVE-2019-19564
RESERVED
-CVE-2019-19563
- RESERVED
-CVE-2019-19562
- RESERVED
-CVE-2019-19561
- RESERVED
-CVE-2019-19560
- RESERVED
+CVE-2019-19563 (A misconfiguration in the debug interface in Mercedes-Benz
HERMES 2.1 ...)
+ TODO: check
+CVE-2019-19562 (An authentication bypass in the debug interface in
Mercedes-Benz HERME ...)
+ TODO: check
+CVE-2019-19561 (A misconfiguration in the debug interface in Mercedes-Benz
HERMES 1.5 ...)
+ TODO: check
+CVE-2019-19560 (An authentication bypass in the debug interface in
Mercedes-Benz HERME ...)
+ TODO: check
CVE-2019-19559
RESERVED
CVE-2019-19558
RESERVED
-CVE-2019-19557
- RESERVED
-CVE-2019-19556
- RESERVED
+CVE-2019-19557 (A misconfiguration in the debug interface in Mercedes-Benz
HERMES 1 al ...)
+ TODO: check
+CVE-2019-19556 (An authentication bypass in the debug interface in
Mercedes-Benz HERME ...)
+ TODO: check
CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a
stack-based buf ...)
{DLA-2073-1}
- fig2dev 1:3.2.7b-2 (unimportant; bug #946176)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/824e31eb77adaf15d633ddac093681393c0541c9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/824e31eb77adaf15d633ddac093681393c0541c9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
