Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b1cbd929 by security tracker role at 2020-11-24T08:10:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2020-29005
+ RESERVED
+CVE-2020-29004
+ RESERVED
+CVE-2020-29003 (The PollNY extension for MediaWiki through 1.35 allows XSS via
an answ ...)
+ TODO: check
+CVE-2020-29002 (includes/CologneBlueTemplate.php in the CologneBlue skin for
MediaWiki ...)
+ TODO: check
+CVE-2020-29001
+ RESERVED
+CVE-2020-29000
+ RESERVED
+CVE-2020-28999
+ RESERVED
+CVE-2020-28998
+ RESERVED
+CVE-2020-28997
+ RESERVED
+CVE-2020-28996
+ RESERVED
+CVE-2020-28995
+ RESERVED
+CVE-2020-28994
+ RESERVED
+CVE-2020-28993
+ RESERVED
+CVE-2020-28992
+ RESERVED
+CVE-2020-28991 (Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a
git proto ...)
+ TODO: check
+CVE-2020-28990
+ RESERVED
+CVE-2020-28989
+ RESERVED
+CVE-2020-28988
+ RESERVED
+CVE-2020-28987
+ RESERVED
+CVE-2020-28986
+ RESERVED
+CVE-2020-28985
+ RESERVED
+CVE-2020-28983
+ RESERVED
CVE-2020-28982
RESERVED
CVE-2020-28981
@@ -12,10 +56,10 @@ CVE-2020-28977
RESERVED
CVE-2020-28976
RESERVED
-CVE-2020-28984 [identified authors can execute arbitrary PHP code]
+CVE-2020-28984 (prive/formulaires/configurer_preferences.php in SPIP before
3.2.8 does ...)
- spip 3.2.8-1
NOTE:
https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8
-CVE-2020-28975 (svm_predict_values in svm.cpp in Libsvm v324, as used in
scikit-learn ...)
+CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324,
as used i ...)
TODO: check
CVE-2020-28973
RESERVED
@@ -135,8 +179,8 @@ CVE-2020-28928 [wcsnrtombs destination buffer overflow]
- musl <unfixed> (bug #975365)
[buster] - musl <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4
-CVE-2020-28927
- RESERVED
+CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User
Registration sectio ...)
+ TODO: check
CVE-2020-28926
RESERVED
CVE-2020-28925
@@ -2489,8 +2533,8 @@ CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the
Linux kernel before 5.
NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/2
CVE-2020-28361 (Kamailio before 5.4.0, as used in Sip Express Router (SER) in
Sippy So ...)
TODO: check, this might be specific to Kamailio as used in the
specified product
-CVE-2020-28360
- RESERVED
+CVE-2020-28360 (Insufficient RegEx in private-ip npm package v1.0.5 and below
insuffic ...)
+ TODO: check
CVE-2020-28359
RESERVED
CVE-2020-28358
@@ -2513,8 +2557,8 @@ CVE-2020-28350 (A Cross Site Scripting (XSS)
vulnerability exists in OPAC in Sok
NOT-FOR-US: SOWA SowaSQL
CVE-2020-28349 (** DISPUTED ** An inaccurate frame deduplication process in
ChirpStack ...)
NOT-FOR-US: ChirpStack Network Server
-CVE-2020-28348
- RESERVED
+CVE-2020-28348 (HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client
Docker ...)
+ TODO: check
CVE-2020-28347 (tdpServer on TP-Link Archer A7 AC1750 devices before 201029
allows rem ...)
NOT-FOR-US: TP-Link
CVE-2020-28346
@@ -7824,8 +7868,8 @@ CVE-2020-26892 (The JWT library in NATS nats-server
before 2.1.9 has Incorrect A
CVE-2020-26891 (AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable
to XSS d ...)
- matrix-synapse 1.21.1-1
NOTE: https://github.com/matrix-org/synapse/pull/8444
-CVE-2020-26890
- RESERVED
+CVE-2020-26890 (Matrix Synapse before 1.20.0 erroneously permits non-standard
NaN, Inf ...)
+ TODO: check
CVE-2020-26889
RESERVED
CVE-2020-26888
@@ -9212,16 +9256,16 @@ CVE-2020-26233
RESERVED
CVE-2020-26232
RESERVED
-CVE-2020-26231
- RESERVED
+CVE-2020-26231 (October is a free, open-source, self-hosted CMS platform based
on the ...)
+ TODO: check
CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app
for Spa ...)
NOT-FOR-US: Radar COVID
-CVE-2020-26229
- RESERVED
-CVE-2020-26228
- RESERVED
-CVE-2020-26227
- RESERVED
+CVE-2020-26229 (TYPO3 is an open source PHP based web content management
system. In TY ...)
+ TODO: check
+CVE-2020-26228 (TYPO3 is an open source PHP based web content management
system. In TY ...)
+ TODO: check
+CVE-2020-26227 (TYPO3 is an open source PHP based web content management
system. In TY ...)
+ TODO: check
CVE-2020-26226 (In the npm package semantic-release before version 17.2.3,
secrets tha ...)
NOT-FOR-US: semantic-release nodejs module
CVE-2020-26225 (In PrestaShop Product Comments before version 4.2.0, an
attacker could ...)
@@ -10463,8 +10507,7 @@ CVE-2020-25697
RESERVED
NOTE: Long-standing design limitation in X11, unlikely to get fixed
until the world moves to Wayland
NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/3
-CVE-2020-25696 [psql's \gset allows overwriting specially treated variables]
- RESERVED
+CVE-2020-25696 (A flaw was found in the psql interactive terminal of
PostgreSQL in ver ...)
- postgresql-13 13.1-1
- postgresql-12 <unfixed>
- postgresql-11 <removed>
@@ -10503,8 +10546,7 @@ CVE-2020-25690
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893188
CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to
21.0.0.F ...)
- wildfly <itp> (bug #752018)
-CVE-2020-25688
- RESERVED
+CVE-2020-25688 (A flaw was found in rhacm versions before 2.0.5 and before
2.1.0. Two ...)
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM)
CVE-2020-25687
RESERVED
@@ -10574,8 +10616,7 @@ CVE-2020-25662 (A Red Hat only CVE-2020-12352
regression issue was found in the
- linux <not-affected> (Red Hat-specific regression)
CVE-2020-25661 (A Red Hat only CVE-2020-12351 regression issue was found in
the way th ...)
- linux <not-affected> (Red Hat-specific regression)
-CVE-2020-25660 [cephx authentication protocol does not verify ceph clients
correctly]
- RESERVED
+CVE-2020-25660 (A flaw was found in the Cephx authentication protocol in
versions befo ...)
- ceph <unfixed> (bug #975275)
[buster] - ceph <not-affected> (Vulnerable code introduced later)
[stretch] - ceph <not-affected> (Vulnerable code introduced later)
@@ -13863,8 +13904,8 @@ CVE-2020-24229
RESERVED
CVE-2020-24228
RESERVED
-CVE-2020-24227
- RESERVED
+CVE-2020-24227 (Playground Sessions v2.5.582 (and earlier) for Windows, stores
the use ...)
+ TODO: check
CVE-2020-24226
RESERVED
CVE-2020-24225
@@ -30820,10 +30861,10 @@ CVE-2020-15931 (Netwrix Account Lockout Examiner
before 5.1 allows remote attack
NOT-FOR-US: Netwrix Account Lockout Examiner
CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows
arbitrary cod ...)
NOT-FOR-US: Joplin desktop
-CVE-2020-15929
- RESERVED
-CVE-2020-15928
- RESERVED
+CVE-2020-15929 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string
paramet ...)
+ TODO: check
+CVE-2020-15928 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string
paramet ...)
+ TODO: check
CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior
allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can
send a spec ...)
@@ -32168,10 +32209,10 @@ CVE-2020-15439
RESERVED
CVE-2020-15438
RESERVED
-CVE-2020-15437
- RESERVED
-CVE-2020-15436
- RESERVED
+CVE-2020-15437 (The Linux kernel before version 5.8 is vulnerable to a NULL
pointer de ...)
+ TODO: check
+CVE-2020-15436 (Use-after-free vulnerability in fs/block_dev.c in the Linux
kernel bef ...)
+ TODO: check
CVE-2020-15435 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: CentOS-WebPanel.com
CVE-2020-15434 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
@@ -32620,14 +32661,14 @@ CVE-2020-15250 (In JUnit4 from version 4.7 and before
4.13.1, the test rule Temp
[buster] - junit4 <no-dsa> (Minor issue)
NOTE:
https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
NOTE:
https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae
-CVE-2020-15249
- RESERVED
-CVE-2020-15248
- RESERVED
-CVE-2020-15247
- RESERVED
-CVE-2020-15246
- RESERVED
+CVE-2020-15249 (October is a free, open-source, self-hosted CMS platform based
on the ...)
+ TODO: check
+CVE-2020-15248 (October is a free, open-source, self-hosted CMS platform based
on the ...)
+ TODO: check
+CVE-2020-15247 (October is a free, open-source, self-hosted CMS platform based
on the ...)
+ TODO: check
+CVE-2020-15246 (October is a free, open-source, self-hosted CMS platform based
on the ...)
+ TODO: check
CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may
registe ...)
NOT-FOR-US: Sylius
CVE-2020-15244 (In Magento (rubygems openmage/magento-lts package) before
versions 19. ...)
@@ -58818,8 +58859,8 @@ CVE-2020-5676
RESERVED
CVE-2020-5675
RESERVED
-CVE-2020-5674
- RESERVED
+CVE-2020-5674 (Untrusted search path vulnerability in the installers of
multiple SEIK ...)
+ TODO: check
CVE-2020-5673
RESERVED
CVE-2020-5672
@@ -58884,8 +58925,8 @@ CVE-2020-5643 (Improper input validation vulnerability
in Cybozu Garoon 5.0.0 to
NOT-FOR-US: Cybozu Garoon
CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat -
Live su ...)
NOT-FOR-US: Live Chat
-CVE-2020-5641
- RESERVED
+CVE-2020-5641 (Cross-site request forgery (CSRF) vulnerability in GS108Ev3
firmware v ...)
+ TODO: check
CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and
earlier ...)
NOT-FOR-US: OneThird CMS
CVE-2020-5639
@@ -62881,8 +62922,8 @@ CVE-2020-4008
RESERVED
CVE-2020-4007
RESERVED
-CVE-2020-4006
- RESERVED
+CVE-2020-4006 (VMware Workspace One Access, Access Connector, Identity
Manager, and I ...)
+ TODO: check
CVE-2020-4005 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before
ESXi670-2020111 ...)
NOT-FOR-US: VMware
CVE-2020-4004 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before
ESXi670-2020111 ...)
@@ -137953,16 +137994,16 @@ CVE-2018-16725 (An issue is discovered in baijiacms
V4. XSS exists via the asset
NOT-FOR-US: baijiacms
CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection
exists via ...)
NOT-FOR-US: baijiacms
-CVE-2018-16723
- RESERVED
-CVE-2018-16722
- RESERVED
-CVE-2018-16721
- RESERVED
-CVE-2018-16720
- RESERVED
-CVE-2018-16719
- RESERVED
+CVE-2018-16723 (In Jingyun Antivirus v2.4.2.39, the driver file
(ZySandbox.sys) allows ...)
+ TODO: check
+CVE-2018-16722 (In Jingyun Antivirus v2.4.2.39, the driver file
(ZySandbox.sys) allows ...)
+ TODO: check
+CVE-2018-16721 (In Jingyun Antivirus v2.4.2.39, the driver file
(ZySandbox.sys) allows ...)
+ TODO: check
+CVE-2018-16720 (In Jingyun Antivirus v2.4.2.39, the driver file
(ZySandbox.sys) allows ...)
+ TODO: check
+CVE-2018-16719 (In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys)
allows ...)
+ TODO: check
CVE-2018-16718 (An XSS vulnerability exists in wwwblast.c in the 2.0.7 through
2.2.26 ...)
NOT-FOR-US: NCBI ToolBox
CVE-2018-16717 (A heap-based buffer overflow exists in nph-viewgif.cgi in the
2.0.7 th ...)
@@ -275580,8 +275621,8 @@ CVE-2015-5438
REJECTED
CVE-2015-5437
REJECTED
-CVE-2015-5436
- REJECTED
+CVE-2015-5436 (A potential security vulnerability has been identified with HP
Integra ...)
+ TODO: check
CVE-2015-5435 (Unspecified vulnerability in HP Integrated Lights-Out (iLO)
firmware 3 ...)
NOT-FOR-US: HP
CVE-2015-5434 (HPE Networking Products, originally branded as Comware 5,
Comware 7, H ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1cbd929ba1d6941d002a46d080cb6c819c5b9f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1cbd929ba1d6941d002a46d080cb6c819c5b9f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
