From 13e68715870a1d7eac2fe21a2de065741c7772ab Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 27 Nov 2020 20:10:19 +0000 Subject: automatic update --- data/CVE/list | 186 +++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 138 insertions(+), 48 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 6c1880bcbe..d17f247beb 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,97 @@ +CVE-2020-29367 (blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffe ...) + TODO: check +CVE-2020-29366 + RESERVED +CVE-2020-29365 + RESERVED +CVE-2020-29364 + RESERVED +CVE-2020-29363 + RESERVED +CVE-2020-29362 + RESERVED +CVE-2020-29361 + RESERVED +CVE-2020-29360 + RESERVED +CVE-2020-29359 + RESERVED +CVE-2020-29358 + RESERVED +CVE-2020-29357 + RESERVED +CVE-2020-29356 + RESERVED +CVE-2020-29355 + RESERVED +CVE-2020-29354 + RESERVED +CVE-2020-29353 + RESERVED +CVE-2020-29352 + RESERVED +CVE-2020-29351 + RESERVED +CVE-2020-29350 + RESERVED +CVE-2020-29349 + RESERVED +CVE-2020-29348 + RESERVED +CVE-2020-29347 + RESERVED +CVE-2020-29346 + RESERVED +CVE-2020-29345 + RESERVED +CVE-2020-29344 + RESERVED +CVE-2020-29343 + RESERVED +CVE-2020-29342 + RESERVED +CVE-2020-29341 + RESERVED +CVE-2020-29340 + RESERVED +CVE-2020-29339 + RESERVED +CVE-2020-29338 + RESERVED +CVE-2020-29337 + RESERVED +CVE-2020-29336 + RESERVED +CVE-2020-29335 + RESERVED +CVE-2020-29334 + RESERVED +CVE-2020-29333 + RESERVED +CVE-2020-29332 + RESERVED +CVE-2020-29331 + RESERVED +CVE-2020-29330 + RESERVED +CVE-2020-29329 + RESERVED +CVE-2020-29328 + RESERVED +CVE-2020-29327 + RESERVED +CVE-2020-29326 + RESERVED +CVE-2020-29325 + RESERVED +CVE-2020-29324 + RESERVED +CVE-2020-29323 + RESERVED +CVE-2020-29322 + RESERVED +CVE-2020-29321 + RESERVED CVE-2020-29320 RESERVED CVE-2020-29319 @@ -362,8 +456,8 @@ CVE-2020-29140 RESERVED CVE-2020-29139 RESERVED -CVE-2020-29138 - RESERVED +CVE-2020-29138 (Incorrect Access Control in the configuration backup path in SAGEMCOM ...) + TODO: check CVE-2020-29137 (cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interf ...) NOT-FOR-US: cPanel CVE-2020-29136 (In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approa ...) @@ -849,10 +943,10 @@ CVE-2020-28924 (An issue was discovered in Rclone before 1.53.3. Due to the use NOTE: Fixed by: https://github.com/rclone/rclone/commit/c8b11d27e1fe261fdfba6b8910fda69356c9c777 (v1.53.3) CVE-2020-28923 RESERVED -CVE-2020-28922 - RESERVED -CVE-2020-28921 - RESERVED +CVE-2020-28922 (An issue was discovered in Devid Espenschied PC Analyser through 4.10. ...) + TODO: check +CVE-2020-28921 (An issue was discovered in Devid Espenschied PC Analyser through 4.10. ...) + TODO: check CVE-2020-28920 RESERVED CVE-2020-28919 @@ -6355,8 +6449,7 @@ CVE-2020-27748 [local file inclusion vulnerability] NOTE: Proposed change: https://gitlab.freedesktop.org/Mic92/xdg-utils/-/commit/1f199813e0eb0246f63b54e9e154970e609575af CVE-2020-27747 (An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973 ...) NOT-FOR-US: Click Studios Passwordstate -CVE-2020-27746 [X11 forwarding - avoid unsafe use of magic cookie as arg to xauth command] - RESERVED +CVE-2020-27746 (Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Informa ...) - slurm-wlm (Fixed with first upload to Debian with renamed source package) - slurm-llnl (bug #974722) [buster] - slurm-llnl (Minor issue) @@ -6365,8 +6458,7 @@ CVE-2020-27746 [X11 forwarding - avoid unsafe use of magic cookie as arg to xaut NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html NOTE: https://github.com/SchedMD/slurm/commit/07309deb45c33e735e191faf9dd31cca1054a15c NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix -CVE-2020-27745 [PMIx - fix potential buffer overflows from use of unpackmem()] - RESERVED +CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflo ...) - slurm-wlm (Fixed with first upload to Debian with renamed source package) - slurm-llnl (bug #974721) [buster] - slurm-llnl (Minor issue) @@ -11288,8 +11380,7 @@ CVE-2020-25712 CVE-2020-25711 RESERVED NOT-FOR-US: Infinispan -CVE-2020-25708 [libvncserver/rfbserver.c has a divide by zero which could result in DoS] - RESERVED +CVE-2020-25708 (A divide by zero issue was found to occur in libvncserver-0.9.12. A ma ...) {DLA-2451-1} - libvncserver 0.9.13+dfsg-1 NOTE: https://github.com/LibVNC/libvncserver/issues/409 @@ -13015,8 +13106,8 @@ CVE-2020-25017 (Envoy through 1.15.0 only considers the first value when multipl NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. Genexis ...) NOT-FOR-US: Genexis Platinum 4410 V2-1.28 -CVE-2020-25014 - RESERVED +CVE-2020-25014 (A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and ...) + TODO: check CVE-2020-25013 (JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Ser ...) NOT-FOR-US: JetBrains CVE-2020-25012 @@ -46918,8 +47009,7 @@ CVE-2020-10773 (A stack information leak flaw was found in s390/s390x in the Lin [stretch] - linux 4.9.210-1 [jessie] - linux 3.16.81-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846380 -CVE-2020-10772 - RESERVED +CVE-2020-10772 (An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Ha ...) - unbound (Red Hat specific regression in backport) CVE-2020-10771 RESERVED @@ -54480,8 +54570,8 @@ CVE-2020-7782 RESERVED CVE-2020-7781 RESERVED -CVE-2020-7780 - RESERVED +CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_2.13 ...) + TODO: check CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular Expressi ...) NOT-FOR-US: Node djvalidator CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The attacker ...) @@ -64983,26 +65073,26 @@ CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers NOTE: to not open CVE-2019-19926. CVE-2019-19879 (HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain ...) NOT-FOR-US: HashiCorp Sentinel (different from Redis Sentinel) -CVE-2019-19878 - RESERVED -CVE-2019-19877 - RESERVED -CVE-2019-19876 - RESERVED -CVE-2019-19875 - RESERVED -CVE-2019-19874 - RESERVED -CVE-2019-19873 - RESERVED -CVE-2019-19872 - RESERVED +CVE-2019-19878 (An issue was discovered in B&R Industrial Automation APROL before ...) + TODO: check +CVE-2019-19877 (An issue was discovered in B&R Industrial Automation APROL before ...) + TODO: check +CVE-2019-19876 (An issue was discovered in B&R Industrial Automation APROL before ...) + TODO: check +CVE-2019-19875 (An issue was discovered in B&R Industrial Automation APROL before ...) + TODO: check +CVE-2019-19874 (An issue was discovered in B&R Industrial Automation APROL before ...) + TODO: check +CVE-2019-19873 (An issue was discovered in B&R Industrial Automation APROL before ...) + TODO: check +CVE-2019-19872 (An issue was discovered in B&R Industrial Automation APROL before ...) + TODO: check CVE-2019-19871 RESERVED CVE-2019-19870 RESERVED -CVE-2019-19869 - RESERVED +CVE-2019-19869 (An issue was discovered in B&R Industrial Automation APROL before ...) + TODO: check CVE-2019-19868 RESERVED CVE-2019-19867 @@ -190313,20 +190403,20 @@ CVE-2017-15688 RESERVED CVE-2017-15687 (DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7 ...) NOT-FOR-US: Logitech -CVE-2017-15686 - RESERVED -CVE-2017-15685 - RESERVED -CVE-2017-15684 - RESERVED -CVE-2017-15683 - RESERVED -CVE-2017-15682 - RESERVED -CVE-2017-15681 - RESERVED -CVE-2017-15680 - RESERVED +CVE-2017-15686 (Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting ...) + TODO: check +CVE-2017-15685 (Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity ( ...) + TODO: check +CVE-2017-15684 (Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerabili ...) + TODO: check +CVE-2017-15683 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...) + TODO: check +CVE-2017-15682 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...) + TODO: check +CVE-2017-15681 (In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerabilit ...) + TODO: check +CVE-2017-15680 (In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which ...) + TODO: check CVE-2017-15679 RESERVED CVE-2017-15678 -- cgit v1.2.3