Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
13e68715 by security tracker role at 2020-11-27T20:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2020-29367 (blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a
heap-based buffe ...)
+ TODO: check
+CVE-2020-29366
+ RESERVED
+CVE-2020-29365
+ RESERVED
+CVE-2020-29364
+ RESERVED
+CVE-2020-29363
+ RESERVED
+CVE-2020-29362
+ RESERVED
+CVE-2020-29361
+ RESERVED
+CVE-2020-29360
+ RESERVED
+CVE-2020-29359
+ RESERVED
+CVE-2020-29358
+ RESERVED
+CVE-2020-29357
+ RESERVED
+CVE-2020-29356
+ RESERVED
+CVE-2020-29355
+ RESERVED
+CVE-2020-29354
+ RESERVED
+CVE-2020-29353
+ RESERVED
+CVE-2020-29352
+ RESERVED
+CVE-2020-29351
+ RESERVED
+CVE-2020-29350
+ RESERVED
+CVE-2020-29349
+ RESERVED
+CVE-2020-29348
+ RESERVED
+CVE-2020-29347
+ RESERVED
+CVE-2020-29346
+ RESERVED
+CVE-2020-29345
+ RESERVED
+CVE-2020-29344
+ RESERVED
+CVE-2020-29343
+ RESERVED
+CVE-2020-29342
+ RESERVED
+CVE-2020-29341
+ RESERVED
+CVE-2020-29340
+ RESERVED
+CVE-2020-29339
+ RESERVED
+CVE-2020-29338
+ RESERVED
+CVE-2020-29337
+ RESERVED
+CVE-2020-29336
+ RESERVED
+CVE-2020-29335
+ RESERVED
+CVE-2020-29334
+ RESERVED
+CVE-2020-29333
+ RESERVED
+CVE-2020-29332
+ RESERVED
+CVE-2020-29331
+ RESERVED
+CVE-2020-29330
+ RESERVED
+CVE-2020-29329
+ RESERVED
+CVE-2020-29328
+ RESERVED
+CVE-2020-29327
+ RESERVED
+CVE-2020-29326
+ RESERVED
+CVE-2020-29325
+ RESERVED
+CVE-2020-29324
+ RESERVED
+CVE-2020-29323
+ RESERVED
+CVE-2020-29322
+ RESERVED
+CVE-2020-29321
+ RESERVED
CVE-2020-29320
RESERVED
CVE-2020-29319
@@ -362,8 +456,8 @@ CVE-2020-29140
RESERVED
CVE-2020-29139
RESERVED
-CVE-2020-29138
- RESERVED
+CVE-2020-29138 (Incorrect Access Control in the configuration backup path in
SAGEMCOM ...)
+ TODO: check
CVE-2020-29137 (cPanel before 90.0.17 allows self-XSS via the WHM Transfer
Tool interf ...)
NOT-FOR-US: cPanel
CVE-2020-29136 (In cPanel before 90.0.17, 2FA can be bypassed via a
brute-force approa ...)
@@ -849,10 +943,10 @@ CVE-2020-28924 (An issue was discovered in Rclone before
1.53.3. Due to the use
NOTE: Fixed by:
https://github.com/rclone/rclone/commit/c8b11d27e1fe261fdfba6b8910fda69356c9c777
(v1.53.3)
CVE-2020-28923
RESERVED
-CVE-2020-28922
- RESERVED
-CVE-2020-28921
- RESERVED
+CVE-2020-28922 (An issue was discovered in Devid Espenschied PC Analyser
through 4.10. ...)
+ TODO: check
+CVE-2020-28921 (An issue was discovered in Devid Espenschied PC Analyser
through 4.10. ...)
+ TODO: check
CVE-2020-28920
RESERVED
CVE-2020-28919
@@ -6355,8 +6449,7 @@ CVE-2020-27748 [local file inclusion vulnerability]
NOTE: Proposed change:
https://gitlab.freedesktop.org/Mic92/xdg-utils/-/commit/1f199813e0eb0246f63b54e9e154970e609575af
CVE-2020-27747 (An issue was discovered in Click Studios Passwordstate 8.9
(Build 8973 ...)
NOT-FOR-US: Click Studios Passwordstate
-CVE-2020-27746 [X11 forwarding - avoid unsafe use of magic cookie as arg to
xauth command]
- RESERVED
+CVE-2020-27746 (Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive
Informa ...)
- slurm-wlm <not-affected> (Fixed with first upload to Debian with
renamed source package)
- slurm-llnl <unfixed> (bug #974722)
[buster] - slurm-llnl <no-dsa> (Minor issue)
@@ -6365,8 +6458,7 @@ CVE-2020-27746 [X11 forwarding - avoid unsafe use of
magic cookie as arg to xaut
NOTE:
https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html
NOTE:
https://github.com/SchedMD/slurm/commit/07309deb45c33e735e191faf9dd31cca1054a15c
NOTE: slurm-wlm/20.02.6-1 changed the source package name and included
the fix
-CVE-2020-27745 [PMIx - fix potential buffer overflows from use of unpackmem()]
- RESERVED
+CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer
Overflo ...)
- slurm-wlm <not-affected> (Fixed with first upload to Debian with
renamed source package)
- slurm-llnl <unfixed> (bug #974721)
[buster] - slurm-llnl <no-dsa> (Minor issue)
@@ -11288,8 +11380,7 @@ CVE-2020-25712
CVE-2020-25711
RESERVED
NOT-FOR-US: Infinispan
-CVE-2020-25708 [libvncserver/rfbserver.c has a divide by zero which could
result in DoS]
- RESERVED
+CVE-2020-25708 (A divide by zero issue was found to occur in
libvncserver-0.9.12. A ma ...)
{DLA-2451-1}
- libvncserver 0.9.13+dfsg-1
NOTE: https://github.com/LibVNC/libvncserver/issues/409
@@ -13015,8 +13106,8 @@ CVE-2020-25017 (Envoy through 1.15.0 only considers the
first value when multipl
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely.
Genexis ...)
NOT-FOR-US: Genexis Platinum 4410 V2-1.28
-CVE-2020-25014
- RESERVED
+CVE-2020-25014 (A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel
UTM and ...)
+ TODO: check
CVE-2020-25013 (JetBrains ToolBox before version 1.18 is vulnerable to a
Denial of Ser ...)
NOT-FOR-US: JetBrains
CVE-2020-25012
@@ -46918,8 +47009,7 @@ CVE-2020-10773 (A stack information leak flaw was found
in s390/s390x in the Lin
[stretch] - linux 4.9.210-1
[jessie] - linux 3.16.81-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846380
-CVE-2020-10772
- RESERVED
+CVE-2020-10772 (An incomplete fix for CVE-2020-12662 was shipped for Unbound
in Red Ha ...)
- unbound <not-affected> (Red Hat specific regression in backport)
CVE-2020-10771
RESERVED
@@ -54480,8 +54570,8 @@ CVE-2020-7782
RESERVED
CVE-2020-7781
RESERVED
-CVE-2020-7780
- RESERVED
+CVE-2020-7780 (This affects the package
com.softwaremill.akka-http-session:core_2.13 ...)
+ TODO: check
CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular
Expressi ...)
NOT-FOR-US: Node djvalidator
CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The
attacker ...)
@@ -64983,26 +65073,26 @@ CVE-2019-19880 (exprListAppendList in window.c in
SQLite 3.30.1 allows attackers
NOTE: to not open CVE-2019-19926.
CVE-2019-19879 (HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in
certain ...)
NOT-FOR-US: HashiCorp Sentinel (different from Redis Sentinel)
-CVE-2019-19878
- RESERVED
-CVE-2019-19877
- RESERVED
-CVE-2019-19876
- RESERVED
-CVE-2019-19875
- RESERVED
-CVE-2019-19874
- RESERVED
-CVE-2019-19873
- RESERVED
-CVE-2019-19872
- RESERVED
+CVE-2019-19878 (An issue was discovered in B&R Industrial Automation APROL
before ...)
+ TODO: check
+CVE-2019-19877 (An issue was discovered in B&R Industrial Automation APROL
before ...)
+ TODO: check
+CVE-2019-19876 (An issue was discovered in B&R Industrial Automation APROL
before ...)
+ TODO: check
+CVE-2019-19875 (An issue was discovered in B&R Industrial Automation APROL
before ...)
+ TODO: check
+CVE-2019-19874 (An issue was discovered in B&R Industrial Automation APROL
before ...)
+ TODO: check
+CVE-2019-19873 (An issue was discovered in B&R Industrial Automation APROL
before ...)
+ TODO: check
+CVE-2019-19872 (An issue was discovered in B&R Industrial Automation APROL
before ...)
+ TODO: check
CVE-2019-19871
RESERVED
CVE-2019-19870
RESERVED
-CVE-2019-19869
- RESERVED
+CVE-2019-19869 (An issue was discovered in B&R Industrial Automation APROL
before ...)
+ TODO: check
CVE-2019-19868
RESERVED
CVE-2019-19867
@@ -190313,20 +190403,20 @@ CVE-2017-15688
RESERVED
CVE-2017-15687 (DOM Based Cross Site Scripting (XSS) exists in Logitech Media
Server 7 ...)
NOT-FOR-US: Logitech
-CVE-2017-15686
- RESERVED
-CVE-2017-15685
- RESERVED
-CVE-2017-15684
- RESERVED
-CVE-2017-15683
- RESERVED
-CVE-2017-15682
- RESERVED
-CVE-2017-15681
- RESERVED
-CVE-2017-15680
- RESERVED
+CVE-2017-15686 (Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site
Scripting ...)
+ TODO: check
+CVE-2017-15685 (Crafter CMS Crafter Studio 3.0.1 is affected by: XML External
Entity ( ...)
+ TODO: check
+CVE-2017-15684 (Crafter CMS Crafter Studio 3.0.1 has a directory traversal
vulnerabili ...)
+ TODO: check
+CVE-2017-15683 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated
attacker is abl ...)
+ TODO: check
+CVE-2017-15682 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated
attacker is abl ...)
+ TODO: check
+CVE-2017-15681 (In Crafter CMS Crafter Studio 3.0.1 a directory traversal
vulnerabilit ...)
+ TODO: check
+CVE-2017-15680 (In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability
exists which ...)
+ TODO: check
CVE-2017-15679
RESERVED
CVE-2017-15678
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13e68715870a1d7eac2fe21a2de065741c7772ab
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13e68715870a1d7eac2fe21a2de065741c7772ab
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
