Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
41a834f1 by security tracker role at 2020-11-17T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2020-28899
+ RESERVED
+CVE-2020-28898
+ RESERVED
+CVE-2020-28897
+ RESERVED
+CVE-2020-28896
+ RESERVED
+CVE-2020-28895
+ RESERVED
+CVE-2020-28894
+ RESERVED
+CVE-2020-28893
+ RESERVED
+CVE-2020-28892
+ RESERVED
+CVE-2020-28891
+ RESERVED
CVE-2020-28890
RESERVED
CVE-2020-28889
@@ -392,8 +410,8 @@ CVE-2020-28695
RESERVED
CVE-2020-28694
RESERVED
-CVE-2020-28693
- RESERVED
+CVE-2020-28693 (An unrestricted file upload issue in HorizontCMS 1.0.0-beta
allows an ...)
+ TODO: check
CVE-2020-28692 (In Gila CMS 1.16.0, an attacker can upload a shell to tmp
directy and ...)
NOT-FOR-US: Gila CMS
CVE-2020-28691
@@ -6235,14 +6253,14 @@ CVE-2020-27488
RESERVED
CVE-2020-27487
RESERVED
-CVE-2020-27486
- RESERVED
-CVE-2020-27485
- RESERVED
-CVE-2020-27484
- RESERVED
-CVE-2020-27483
- RESERVED
+CVE-2020-27486 (Garmin Forerunner 235 before 8.20 is affected by: Buffer
Overflow. The ...)
+ TODO: check
+CVE-2020-27485 (Garmin Forerunner 235 before 8.20 is affected by: Array index
error. T ...)
+ TODO: check
+CVE-2020-27484 (Garmin Forerunner 235 before 8.20 is affected by: Integer
Overflow. Th ...)
+ TODO: check
+CVE-2020-27483 (Garmin Forerunner 235 before 8.20 is affected by: Array index
error. T ...)
+ TODO: check
CVE-2020-27482
RESERVED
CVE-2020-27481 (An unauthenticated SQL Injection vulnerability in Good Layers
LMS Plug ...)
@@ -6828,8 +6846,8 @@ CVE-2020-27195 (HashiCorp Nomad and Nomad Enterprise
version 0.9.0 up to 0.12.5
NOTE:
https://github.com/hashicorp/nomad/commit/a8ea7c5f421297db434b45046fca7a9deef6df85
(0.12.6)
CVE-2020-27193 (A cross-site scripting (XSS) vulnerability in the Color Dialog
plugin ...)
NOT-FOR-US: CKEditor plugin
-CVE-2020-27192
- RESERVED
+CVE-2020-27192 (BinaryNights ForkLift 3.4 was compiled with the
com.apple.security.cs. ...)
+ TODO: check
CVE-2020-27191 (LionWiki before 3.2.12 allows an unauthenticated user to read
files as ...)
NOT-FOR-US: LionWiki
CVE-2020-27194 (An issue was discovered in the Linux kernel before 5.8.15.
scalar32_mi ...)
@@ -6970,10 +6988,10 @@ CVE-2020-27133
RESERVED
CVE-2020-27132
RESERVED
-CVE-2020-27131
- RESERVED
-CVE-2020-27130
- RESERVED
+CVE-2020-27131 (Multiple vulnerabilities in the Java deserialization function
that is ...)
+ TODO: check
+CVE-2020-27130 (A vulnerability in Cisco Security Manager could allow an
unauthenticat ...)
+ TODO: check
CVE-2020-27129 (A vulnerability in the remote management feature of Cisco
SD-WAN vMana ...)
NOT-FOR-US: Cisco
CVE-2020-27128 (A vulnerability in the application data endpoints of Cisco
SD-WAN vMan ...)
@@ -6982,8 +7000,8 @@ CVE-2020-27127
RESERVED
CVE-2020-27126
RESERVED
-CVE-2020-27125
- RESERVED
+CVE-2020-27125 (A vulnerability in Cisco Security Manager could allow an
unauthenticat ...)
+ TODO: check
CVE-2020-27124
RESERVED
CVE-2020-27123 (A vulnerability in the interprocess communication (IPC)
channel of Cis ...)
@@ -8502,8 +8520,8 @@ CVE-2020-26408
RESERVED
CVE-2020-26407
RESERVED
-CVE-2020-26406
- RESERVED
+CVE-2020-26406 (Certain SAST CiConfiguration information could be viewed by
unauthoriz ...)
+ TODO: check
CVE-2020-26405
RESERVED
- gitlab 13.3.9-1
@@ -8866,10 +8884,10 @@ CVE-2020-26227
RESERVED
CVE-2020-26226
RESERVED
-CVE-2020-26225
- RESERVED
-CVE-2020-26224
- RESERVED
+CVE-2020-26225 (In PrestaShop Product Comments before version 4.2.0, an
attacker could ...)
+ TODO: check
+CVE-2020-26224 (In PrestaShop before version 1.7.6.9 an attacker is able to
list all t ...)
+ TODO: check
CVE-2020-26223 (Spree is a complete open source e-commerce solution built with
Ruby on ...)
NOT-FOR-US: Spree
CVE-2020-26222 (Dependabot is a set of packages for automated dependency
management fo ...)
@@ -8882,8 +8900,8 @@ CVE-2020-26219 (touchbase.ai before version 2.0 is
vulnerable to Open Redirect.
NOT-FOR-US: touchbase.ai
CVE-2020-26218 (touchbase.ai before version 2.0 is vulnerable to Cross-Site
Scripting. ...)
NOT-FOR-US: touchbase.ai
-CVE-2020-26217
- RESERVED
+CVE-2020-26217 (XStream before version 1.4.14 is vulnerable to Remote Code
Execution.T ...)
+ TODO: check
CVE-2020-26216
RESERVED
CVE-2020-26215
@@ -9737,12 +9755,12 @@ CVE-2020-25836
RESERVED
CVE-2020-25835
RESERVED
-CVE-2020-25834
- RESERVED
-CVE-2020-25833
- RESERVED
-CVE-2020-25832
- RESERVED
+CVE-2020-25834 (Cross-Site Scripting vulnerability on Micro Focus ArcSight
Logger prod ...)
+ TODO: check
+CVE-2020-25833 (Persistent cross-Site Scripting vulnerability on Micro Focus
IDOL prod ...)
+ TODO: check
+CVE-2020-25832 (Reflected Cross Site scripting vulnerability on Micro Focus
Filr produ ...)
+ TODO: check
CVE-2020-25831
RESERVED
CVE-2020-25830 (An issue was discovered in MantisBT before 2.24.3. Improper
escaping o ...)
@@ -10063,8 +10081,7 @@ CVE-2020-25706 (A cross-site scripting (XSS)
vulnerability exists in templates_i
[stretch] - cacti <no-dsa> (Minor issue)
NOTE: https://github.com/Cacti/cacti/issues/3723
NOTE:
https://github.com/Cacti/cacti/commit/39458efcd5286d50e6b7f905fedcdc1059354e6e
-CVE-2020-25705
- RESERVED
+CVE-2020-25705 (A flaw in the way reply ICMP packets are limited in the Linux
kernel f ...)
- linux 5.9.6-1
NOTE:
https://git.kernel.org/linus/b38e7819cae946e2edf869e604af1e65a5d241c5
NOTE: https://www.saddns.net/
@@ -31927,8 +31944,8 @@ CVE-2020-15351 (IDrive before 6.7.3.19 on Windows
installs by default to %PROGRA
NOT-FOR-US: IDrive
CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The
decoding ...)
NOT-FOR-US: RIOT RIOT-OS
-CVE-2020-15349
- RESERVED
+CVE-2020-15349 (BinaryNights ForkLift 3.x before 3.4 has a local privilege
escalation ...)
+ TODO: check
CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of
live/CPEManag ...)
NOT-FOR-US: Zyxel
CVE-2020-15347 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the
q6xV4aW8bQ4cfD-b pa ...)
@@ -34495,8 +34512,7 @@ CVE-2020-14390 (A flaw was found in the Linux kernel in
versions before 5.9-rc6.
[buster] - linux 4.19.146-1
NOTE:
https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489
NOTE: https://www.openwall.com/lists/oss-security/2020/09/15/2
-CVE-2020-14389
- RESERVED
+CVE-2020-14389 (It was found that Keycloak before version 12.0.0 would permit
a user w ...)
NOT-FOR-US: Keycloak
CVE-2020-14388
RESERVED
@@ -37363,8 +37379,7 @@ CVE-2020-13359
RESERVED
- gitlab 13.3.9-1
NOTE:
https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
-CVE-2020-13358
- RESERVED
+CVE-2020-13358 (A vulnerability in the internal Kubernetes agent api in GitLab
CE/EE v ...)
- gitlab 13.3.9-1
NOTE:
https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
CVE-2020-13357
@@ -37377,15 +37392,12 @@ CVE-2020-13355
RESERVED
- gitlab 13.3.9-1
NOTE:
https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
-CVE-2020-13354
- RESERVED
+CVE-2020-13354 (A potential DOS vulnerability was discovered in GitLab CE/EE
starting ...)
- gitlab 13.3.9-1
NOTE:
https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
-CVE-2020-13353
- RESERVED
+CVE-2020-13353 (When importing repos via URL, one time use git credentials
were persis ...)
- gitaly 13.3.9-1
-CVE-2020-13352
- RESERVED
+CVE-2020-13352 (Private group info is leaked leaked in GitLab CE/EE version
10.2 and a ...)
- gitlab 13.3.9-1
NOTE:
https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
CVE-2020-13351
@@ -41892,8 +41904,8 @@ CVE-2020-11862
RESERVED
CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on
Micro Foc ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11860
- RESERVED
+CVE-2020-11860 (Cross-Site Scripting vulnerability on Micro Focus ArcSight
Logger prod ...)
+ TODO: check
CVE-2020-11859
RESERVED
CVE-2020-11858 (Code execution with escalated privileges vulnerability in
Micro Focus ...)
@@ -41910,8 +41922,8 @@ CVE-2020-11853 (Arbitrary code execution vulnerability
affecting multiple Micro
NOT-FOR-US: Micro Focus
CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure
Messaging ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11851
- RESERVED
+CVE-2020-11851 (Arbitrary code execution vulnerability on Micro Focus ArcSight
Logger ...)
+ TODO: check
CVE-2020-11850
RESERVED
CVE-2020-11849 (Elevation of privilege and/or unauthorized access
vulnerability in Mic ...)
@@ -45534,8 +45546,7 @@ CVE-2020-10778 (In Red Hat CloudForms 4.7 and 5, the
read only widgets can be ed
NOT-FOR-US: Red Hat CloudForm
CVE-2020-10777 (A cross-site scripting flaw was found in Report Menu feature
of Red Ha ...)
NOT-FOR-US: Red Hat CloudForm
-CVE-2020-10776
- RESERVED
+CVE-2020-10776 (A flaw was found in Keycloak before version 12.0.0, where it
is possib ...)
NOT-FOR-US: Keycloak
CVE-2020-10775 (An Open redirect vulnerability was found in ovirt-engine
versions 4.4 ...)
NOT-FOR-US: ovirt-engine
@@ -49294,7 +49305,7 @@ CVE-2020-9285
CVE-2020-9284
RESERVED
CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975
for Go a ...)
- {DLA-2402-1}
+ {DLA-2453-1 DLA-2402-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462)
[buster] - golang-go.crypto <no-dsa> (Minor issue)
[jessie] - golang-go.crypto <no-dsa> (Minor issue)
@@ -53340,7 +53351,7 @@ CVE-2020-7672 (mosc through 1.0.0 is vulnerable to
Arbitrary Code Execution. Use
NOT-FOR-US: Node mosc
CVE-2020-7671 (goliath through 1.0.6 allows request smuggling attacks where
goliath i ...)
NOT-FOR-US: Ruby gem goliath
-CVE-2020-7670 (agoo through 2.12.3 allows request smuggling attacks where agoo
is use ...)
+CVE-2020-7670 (agoo prior to 2.14.0 allows request smuggling attacks where
agoo is us ...)
NOT-FOR-US: Ruby gem agoo
CVE-2020-7669 (This affects all versions of package
github.com/u-root/u-root/pkg/taru ...)
NOT-FOR-US: github.com/u-root/u-root/pkg/tarutil Go package
@@ -58871,7 +58882,7 @@ CVE-2020-5426 (Scheduler for TAS prior to version 1.4.0
was permitting plaintext
CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3
,1.12.x v ...)
NOT-FOR-US: Vmware
CVE-2020-5424
- RESERVED
+ REJECTED
CVE-2020-5423
RESERVED
CVE-2020-5422 (BOSH System Metrics Server releases prior to 0.1.0 exposed the
UAA pas ...)
@@ -102517,15 +102528,15 @@ CVE-2019-1010025 (** DISPUTED ** GNU Libc current
is affected by: Mitigation byp
- glibc <unfixed> (unimportant)
NOTE: Not treated as a security issue by upstream
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22853
-CVE-2019-1010024 (GNU Libc current is affected by: Mitigation bypass. The
impact is: Att ...)
+CVE-2019-1010024 (** DISPUTED ** GNU Libc current is affected by: Mitigation
bypass. The ...)
- glibc <unfixed> (unimportant)
NOTE: Not treated as a security issue by upstream
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22852
-CVE-2019-1010023 (GNU Libc current is affected by: Re-mapping current loaded
library wit ...)
+CVE-2019-1010023 (** DISPUTED ** GNU Libc current is affected by: Re-mapping
current loa ...)
- glibc <unfixed> (unimportant)
NOTE: Not treated as a security issue by upstream
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22851
-CVE-2019-1010022 (GNU Libc current is affected by: Mitigation bypass. The
impact is: Att ...)
+CVE-2019-1010022 (** DISPUTED ** GNU Libc current is affected by: Mitigation
bypass. The ...)
- glibc <unfixed> (unimportant)
NOTE: Not treated as a security issue by upstream
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22850
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41a834f17998bae85b4ae7eaa36cdcf6ef061a83
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41a834f17998bae85b4ae7eaa36cdcf6ef061a83
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
