Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b0ea5ed by security tracker role at 2020-12-16T08:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,22 +4,22 @@ CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and
truncated datagrams,
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-35470 (Envoy before 1.16.1 logs an incorrect downstream address
because it co ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-35469
- RESERVED
-CVE-2020-35468
- RESERVED
-CVE-2020-35467
- RESERVED
-CVE-2020-35466
- RESERVED
-CVE-2020-35465
- RESERVED
-CVE-2020-35464
- RESERVED
-CVE-2020-35463
- RESERVED
-CVE-2020-35462
- RESERVED
+CVE-2020-35469 (The Software AG Terracotta Server OSS Docker image 5.4.1
contains a bl ...)
+ TODO: check
+CVE-2020-35468 (The Appbase streams Docker image 2.1.2 contains a blank
password for t ...)
+ TODO: check
+CVE-2020-35467 (The Docker Docs Docker image through 2020-12-14 contains a
blank passw ...)
+ TODO: check
+CVE-2020-35466 (The Blackfire Docker image through 2020-12-14 contains a blank
passwor ...)
+ TODO: check
+CVE-2020-35465 (The FullArmor HAPI File Share Mount Docker image through
2020-12-14 co ...)
+ TODO: check
+CVE-2020-35464 (Version 1.3.0 of the Weave Cloud Agent Docker image contains a
blank p ...)
+ TODO: check
+CVE-2020-35463 (Version 1.0.0 of the Instana Dynamic APM Docker image contains
a blank ...)
+ TODO: check
+CVE-2020-35462 (Version 3.16.0 of the CoScale agent Docker image contains a
blank pass ...)
+ TODO: check
CVE-2020-35461
RESERVED
CVE-2020-35460 (common/InputStreamHelper.java in Packwood MPXJ before 8.3.5
allows dir ...)
@@ -29,10 +29,10 @@ CVE-2020-35459
CVE-2020-35458
RESERVED
CVE-2020-35457 (** DISPUTED ** GNOME GLib before 2.65.3 has an integer
overflow, that ...)
- - glib2.0 2.66.0-1 (unimportant)
- NOTE:
https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
- NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2197
- NOTE: Upstream position is that it is not realistically a security
issue.
+ - glib2.0 2.66.0-1 (unimportant)
+ NOTE:
https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2197
+ NOTE: Upstream position is that it is not realistically a security
issue.
CVE-2020-35456
RESERVED
CVE-2020-35455
@@ -113,8 +113,8 @@ CVE-2020-35418
RESERVED
CVE-2020-35417
RESERVED
-CVE-2020-35416
- RESERVED
+CVE-2020-35416 (Multiple cross-site scripting (XSS) vulnerabilities exist in
PHPJabber ...)
+ TODO: check
CVE-2020-35415
RESERVED
CVE-2020-35414
@@ -183,10 +183,10 @@ CVE-2020-35383
RESERVED
CVE-2020-35382 (SQL Injection in Classbooking before 2.4.1 via the username
field of a ...)
NOT-FOR-US: Classbooking
-CVE-2020-35381
- RESERVED
-CVE-2020-35380
- RESERVED
+CVE-2020-35381 (jsonparser 1.0.0 allows attackers to cause a denial of service
(panic: ...)
+ TODO: check
+CVE-2020-35380 (GJSON before 1.6.4 allows attackers to cause a denial of
service via c ...)
+ TODO: check
CVE-2020-35379
RESERVED
CVE-2020-35378 (SQL Injection in the login page in Online Bus Ticket
Reservation 1.0 a ...)
@@ -563,8 +563,8 @@ CVE-2020-35195
RESERVED
CVE-2020-35194
RESERVED
-CVE-2020-35193
- RESERVED
+CVE-2020-35193 (The official sonarqube docker images before alpine (Alpine
specific) c ...)
+ TODO: check
CVE-2020-35192
RESERVED
CVE-2020-35191
@@ -710,10 +710,10 @@ CVE-2020-35124
RESERVED
CVE-2020-35123
RESERVED
-CVE-2020-35122
- RESERVED
-CVE-2020-35121
- RESERVED
+CVE-2020-35122 (An issue was discovered in the Keysight Database Connector
plugin befo ...)
+ TODO: check
+CVE-2020-35121 (An issue was discovered in the Keysight Database Connector
plugin befo ...)
+ TODO: check
CVE-2020-35120
RESERVED
CVE-2020-35119
@@ -1796,8 +1796,7 @@ CVE-2020-29665
RESERVED
CVE-2020-29664
RESERVED
-CVE-2020-29663 [Revoked certificates due for renewal will automatically be
renewed ignoring the CRL]
- RESERVED
+CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where
revoked ...)
- icinga2 2.12.3-1
[buster] - icinga2 <no-dsa> (Minor issue)
NOTE:
https://github.com/Icinga/icinga2/security/advisories/GHSA-pcmr-2p2f-r7j6
@@ -2442,7 +2441,7 @@ CVE-2020-XXXX [RUSTSEC-2020-0077: memmap: memmap is
unmaintained]
NOTE: https://github.com/danburkert/memmap-rs/issues/90
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0077.html
CVE-2020-29606
- RESERVED
+ REJECTED
CVE-2020-29605
RESERVED
CVE-2020-29604
@@ -8688,8 +8687,8 @@ CVE-2020-28074
RESERVED
CVE-2020-28073
RESERVED
-CVE-2020-28072
- RESERVED
+CVE-2020-28072 (A Remote Code Execution vulnerability exists in DourceCodester
Alumni ...)
+ TODO: check
CVE-2020-28071
RESERVED
CVE-2020-28070
@@ -13489,8 +13488,8 @@ CVE-2020-26275
RESERVED
CVE-2020-26274
RESERVED
-CVE-2020-26273
- RESERVED
+CVE-2020-26273 (osquery is a SQL powered operating system instrumentation,
monitoring, ...)
+ TODO: check
CVE-2020-26272
RESERVED
CVE-2020-26271 (In affected versions of TensorFlow under certain cases,
loading a save ...)
@@ -13517,10 +13516,10 @@ CVE-2020-26261 (jupyterhub-systemdspawner enables
JupyterHub to spawn single-use
TODO: check
CVE-2020-26260 (BookStack is a platform for storing and organising information
and doc ...)
NOT-FOR-US: BookStack
-CVE-2020-26259
- RESERVED
-CVE-2020-26258
- RESERVED
+CVE-2020-26259 (XStream is a Java library to serialize objects to XML and back
again. ...)
+ TODO: check
+CVE-2020-26258 (XStream is a Java library to serialize objects to XML and back
again. ...)
+ TODO: check
CVE-2020-26257 (Matrix is an ecosystem for open federated Instant Messaging
and VoIP. ...)
- matrix-synapse 1.24.0-1
NOTE:
https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm
@@ -14673,12 +14672,12 @@ CVE-2020-25761 (Projectworlds Visitor Management
System in PHP 1.0 allows XSS. T
NOT-FOR-US: Projectworlds Visitor Management System in PHP
CVE-2020-25760 (Projectworlds Visitor Management System in PHP 1.0 allows SQL
Injectio ...)
NOT-FOR-US: Projectworlds Visitor Management System in PHP
-CVE-2020-25759
- RESERVED
-CVE-2020-25758
- RESERVED
-CVE-2020-25757
- RESERVED
+CVE-2020-25759 (An issue was discovered on D-Link DSR-250 3.17 devices.
Certain functi ...)
+ TODO: check
+CVE-2020-25758 (An issue was discovered on D-Link DSR-250 3.17 devices.
Insufficient v ...)
+ TODO: check
+CVE-2020-25757 (A lack of input validation and access controls in Lua CGIs on
D-Link D ...)
+ TODO: check
CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the
mg_get_ht ...)
NOT-FOR-US: Cesanta Mongoose
NOTE: smplayer embeds a copy, which is unused in any released version
and disabled since 18.5.0~ds1-1
@@ -16144,8 +16143,8 @@ CVE-2020-25197
RESERVED
CVE-2020-25196
RESERVED
-CVE-2020-25195
- RESERVED
+CVE-2020-25195 (The length of the input fields of Host Engineering H0-ECOM100,
H2-ECOM ...)
+ TODO: check
CVE-2020-25194
RESERVED
CVE-2020-25193
@@ -18813,8 +18812,8 @@ CVE-2020-23959
RESERVED
CVE-2020-23958
RESERVED
-CVE-2020-23957
- RESERVED
+CVE-2020-23957 (Pega Platform through 8.4.x is affected by Cross Site
Scripting (XSS) ...)
+ TODO: check
CVE-2020-23956
RESERVED
CVE-2020-23955
@@ -50573,8 +50572,7 @@ CVE-2020-10772 (An incomplete fix for CVE-2020-12662
was shipped for Unbound in
CVE-2020-10771
RESERVED
NOT-FOR-US: Infinispan
-CVE-2020-10770
- RESERVED
+CVE-2020-10770 (A flaw was found in Keycloak before 13.0.0, where it is
possible to fo ...)
NOT-FOR-US: Keycloak
CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before
5.0 in ...)
- linux 4.19.20-1
@@ -81061,7 +81059,7 @@ CVE-2020-0204 (In InstallPackage of package.cpp, there
is a possible bypass of a
NOT-FOR-US: Android
CVE-2020-0203 (In freeIsolatedUidLocked of ProcessList.java, there is a
possible UID ...)
NOT-FOR-US: Android
-CVE-2020-0202 (In onStart of MainActivity.java, there is a possible bypass of
develop ...)
+CVE-2020-0202 (In onHandleIntent of TraceService.java, there is a possible
bypass of ...)
NOT-FOR-US: Android
CVE-2020-0201 (In showSecurityFields of WifiConfigController.java there is a
possible ...)
NOT-FOR-US: Android
@@ -143893,8 +143891,8 @@ CVE-2018-16245
RESERVED
CVE-2018-16244
RESERVED
-CVE-2018-16243
- RESERVED
+CVE-2018-16243 (SolarWinds Database Performance Analyzer (DPA) 11.1.468 and
12.0.3074 ...)
+ TODO: check
CVE-2018-16242 (oBike relies on Hangzhou Luoping Smart Locker to lock
bicycles, which ...)
NOT-FOR-US: oBike
CVE-2018-16241
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b0ea5ed55fe3e65273898faa6bce5dcbaf282a4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b0ea5ed55fe3e65273898faa6bce5dcbaf282a4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
