Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d5e0a4a by security tracker role at 2020-11-19T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,24 @@
-CVE-2020-28941
+CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may
encounter ...)
+ TODO: check
+CVE-2020-28950
+ RESERVED
+CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only
to addre ...)
+ TODO: check
+CVE-2020-28948 (Archive_Tar through 1.4.10 allows an unserialization attack
because ph ...)
+ TODO: check
+CVE-2020-28947 (In MISP 2.4.134, XSS exists in the template element index view
because ...)
+ TODO: check
+CVE-2020-28946
+ RESERVED
+CVE-2020-28945
+ RESERVED
+CVE-2020-28944
+ RESERVED
+CVE-2020-28943
+ RESERVED
+CVE-2020-28942 (An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling
with EST ...)
+ TODO: check
+CVE-2020-28941 (An issue was discovered in
drivers/accessibility/speakup/spk_ttyio.c i ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/11/19/3
CVE-2020-28940
@@ -4501,8 +4521,8 @@ CVE-2020-28056
RESERVED
CVE-2020-28055 (A vulnerability in the TCL Android Smart TV series
V8-R851T02-LF1 V295 ...)
NOT-FOR-US: TCL Android Smart TV series
-CVE-2020-28054
- RESERVED
+CVE-2020-28054 (JamoDat TSMManager Collector version up to 6.5.0.21 is
vulnerable to a ...)
+ TODO: check
CVE-2020-28053
RESERVED
CVE-2020-28052
@@ -7425,7 +7445,7 @@ CVE-2020-26969
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26969
CVE-2020-26968
RESERVED
- {DSA-4793-1}
+ {DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7446,7 +7466,7 @@ CVE-2020-26966
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26966
CVE-2020-26965
RESERVED
- {DSA-4793-1}
+ {DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7467,7 +7487,7 @@ CVE-2020-26962
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26962
CVE-2020-26961
RESERVED
- {DSA-4793-1}
+ {DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7476,7 +7496,7 @@ CVE-2020-26961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26961
CVE-2020-26960
RESERVED
- {DSA-4793-1}
+ {DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7485,7 +7505,7 @@ CVE-2020-26960
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26960
CVE-2020-26959
RESERVED
- {DSA-4793-1}
+ {DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7494,7 +7514,7 @@ CVE-2020-26959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26959
CVE-2020-26958
RESERVED
- {DSA-4793-1}
+ {DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7507,7 +7527,7 @@ CVE-2020-26957
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26957
CVE-2020-26956
RESERVED
- {DSA-4793-1}
+ {DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7524,7 +7544,7 @@ CVE-2020-26954
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26954
CVE-2020-26953
RESERVED
- {DSA-4793-1}
+ {DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -7537,7 +7557,7 @@ CVE-2020-26952
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952
CVE-2020-26951
RESERVED
- {DSA-4793-1}
+ {DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -10294,18 +10314,18 @@ CVE-2020-25704
RESERVED
- linux 5.9.6-1
NOTE:
https://git.kernel.org/linus/7bdb157cdebbf95a1cd94ed2e01b338714075d00
-CVE-2020-25703
- RESERVED
-CVE-2020-25702
- RESERVED
-CVE-2020-25701
- RESERVED
-CVE-2020-25700
- RESERVED
-CVE-2020-25699
- RESERVED
-CVE-2020-25698
- RESERVED
+CVE-2020-25703 (The participants table download in Moodle always included user
emails, ...)
+ TODO: check
+CVE-2020-25702 (In Moodle, it was possible to include JavaScript when
re-naming conten ...)
+ TODO: check
+CVE-2020-25701 (If the upload course tool in Moodle was used to delete an
enrollment m ...)
+ TODO: check
+CVE-2020-25700 (In moodle, some database module web services allowed students
to add e ...)
+ TODO: check
+CVE-2020-25699 (In moodle, insufficient capability checks could lead to users
with the ...)
+ TODO: check
+CVE-2020-25698 (Users' enrollment capabilities were not being sufficiently
checked in ...)
+ TODO: check
CVE-2020-25697
RESERVED
NOTE: Long-standing design limitation in X11, unlikely to get fixed
until the world moves to Wayland
@@ -17361,8 +17381,8 @@ CVE-2020-22396
RESERVED
CVE-2020-22395
RESERVED
-CVE-2020-22394
- RESERVED
+CVE-2020-22394 (In YzmCMS v5.5 the member contribution function in the editor
contains ...)
+ TODO: check
CVE-2020-22393
RESERVED
CVE-2020-22392
@@ -30388,7 +30408,7 @@ CVE-2020-16013
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-16012
RESERVED
- {DSA-4793-1}
+ {DSA-4793-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
- thunderbird 1:78.5.0-1
@@ -36896,6 +36916,7 @@ CVE-2020-13672
RESERVED
CVE-2020-13671 [SA-CORE-2020-012]
RESERVED
+ {DLA-2458-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2020-012
NOTE:
https://github.com/drupal/drupal/commit/0263ea89cfff630262b8c0bc6d9c629c42aa7a84
@@ -36909,6 +36930,7 @@ CVE-2020-13667
RESERVED
CVE-2020-13666 [SA-CORE-2020-007]
RESERVED
+ {DLA-2458-1}
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2020-007
NOTE:
https://github.com/drupal/drupal/commit/cd3721550d988240ef6e682bd1cae2939c6e9e5a
@@ -37645,8 +37667,8 @@ CVE-2018-21234 (Jodd before 5.0.4 performs
Deserialization of Untrusted JSON Dat
NOTE: https://github.com/oblac/jodd/issues/628
CVE-2017-18868 (Digi XBee 2 devices do not have an effective protection
mechanism agai ...)
NOT-FOR-US: Digi XBee 2 devices
-CVE-2020-13360 (An attacker can schedule a very large number of releases in
the future ...)
- TODO: check
+CVE-2020-13360
+ REJECTED
CVE-2020-13359 (The Terraform API in GitLab CE/EE 12.10+ exposed the object
storage si ...)
- gitlab 13.3.9-1
NOTE:
https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
@@ -39770,8 +39792,8 @@ CVE-2020-12512
RESERVED
CVE-2020-12511
RESERVED
-CVE-2020-12510
- RESERVED
+CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software
in all v ...)
+ TODO: check
CVE-2020-12509
RESERVED
CVE-2020-12508
@@ -39798,10 +39820,10 @@ CVE-2020-12498 (mwe file parsing in Phoenix Contact
PC Worx and PC Worx Express
NOT-FOR-US: Phoenix
CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC
Worx Expres ...)
NOT-FOR-US: Phoenix
-CVE-2020-12496
- RESERVED
-CVE-2020-12495
- RESERVED
+CVE-2020-12496 (Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35,
ORSG35) and ...)
+ TODO: check
+CVE-2020-12495 (Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35,
ORSG35) with ...)
+ TODO: check
CVE-2020-12494 (Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x
is prov ...)
NOT-FOR-US: Beckhoff
CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series
with vers ...)
@@ -42227,12 +42249,12 @@ CVE-2020-11833
RESERVED
CVE-2020-11832
RESERVED
-CVE-2020-11831
- RESERVED
-CVE-2020-11830
- RESERVED
-CVE-2020-11829
- RESERVED
+CVE-2020-11831 (OvoiceManager has system permission to write vulnerability
reports for ...)
+ TODO: check
+CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system
command ...)
+ TODO: check
+CVE-2020-11829 (Dynamic loading of services in the backup and restore SDK
leads to ele ...)
+ TODO: check
CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP
framewor ...)
NOT-FOR-US: ColorOS
CVE-2020-11827 (In GOG Galaxy 1.2.67, there is a service that is vulnerable to
weak fi ...)
@@ -50086,8 +50108,8 @@ CVE-2020-9051
RESERVED
CVE-2020-9050
RESERVED
-CVE-2020-9049
- RESERVED
+CVE-2020-9049 (A vulnerability in specified versions of American Dynamics
victor Web ...)
+ TODO: check
CVE-2020-9048 (A vulnerability in victor Web Client versions up to and
including v5.4 ...)
NOT-FOR-US: Johnson Controls
CVE-2020-9047 (A vulnerability exists that could allow the execution of
unauthorized ...)
@@ -55460,8 +55482,8 @@ CVE-2020-6881
RESERVED
CVE-2020-6880
RESERVED
-CVE-2020-6879
- RESERVED
+CVE-2020-6879 (Some ZTE devices have input verification vulnerabilities. The
devices ...)
+ TODO: check
CVE-2020-6878
RESERVED
CVE-2020-6877 (A ZTE product is impacted by an information leak vulnerability.
An att ...)
@@ -61205,8 +61227,8 @@ CVE-2020-4720
RESERVED
CVE-2020-4719
RESERVED
-CVE-2020-4718
- RESERVED
+CVE-2020-4718 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is
vulnerabl ...)
+ TODO: check
CVE-2020-4717
RESERVED
CVE-2020-4716
@@ -61239,8 +61261,8 @@ CVE-2020-4703 (IBM Spectrum Protect Plus 10.1.0 through
10.1.6 Administrative Co
NOT-FOR-US: IBM
CVE-2020-4702 (IBM InfoSphere Information Server 11.7 is vulnerable to stored
cross-s ...)
NOT-FOR-US: IBM
-CVE-2020-4701
- RESERVED
+CVE-2020-4701 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 10.5 ...)
+ TODO: check
CVE-2020-4700 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.0.3.2 a ...)
NOT-FOR-US: IBM
CVE-2020-4699 (IBM Security Access Manager 9.0.7 and IBM Security Verify
Access 10.0. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d5e0a4adae397c8c30081a089fa2571ad75b945
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d5e0a4adae397c8c30081a089fa2571ad75b945
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
