From d7e008b611072d89465ee34495212e46a46c4425 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 26 Nov 2020 20:10:24 +0000 Subject: automatic update --- data/CVE/list | 45 +++++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 172a6b3679..d4d4eb74bd 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,7 @@ +CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read because it tr ...) + TODO: check +CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tri ...) + TODO: check CVE-2020-29128 (petl before 1.68, in some configurations, allows resolution of entitie ...) TODO: check CVE-2020-29127 @@ -126,7 +130,7 @@ CVE-2020-29067 CVE-2020-29066 RESERVED CVE-2020-29065 - RESERVED + REJECTED CVE-2020-29064 RESERVED CVE-2020-29063 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) @@ -173,10 +177,10 @@ CVE-2020-29045 RESERVED CVE-2020-29044 RESERVED -CVE-2020-29043 - RESERVED -CVE-2020-29042 - RESERVED +CVE-2020-29043 (An issue was discovered in BigBlueButton through 2.2.29. When at attac ...) + TODO: check +CVE-2020-29042 (An issue was discovered in BigBlueButton through 2.2.29. A brute-force ...) + TODO: check CVE-2020-29041 RESERVED CVE-2020-29040 (An issue was discovered in Xen through 4.14.x allowing x86 HVM guest O ...) @@ -5728,6 +5732,7 @@ CVE-2020-27784 RESERVED CVE-2020-27783 RESERVED + {DLA-2467-1} - lxml 4.6.1-1 NOTE: https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e (lxml-4.6.1) CVE-2020-27782 @@ -6544,10 +6549,10 @@ CVE-2020-27665 (In Strapi before 3.2.5, there is no admin::hasPermissions restri NOT-FOR-US: Strapi CVE-2020-27664 (admin/src/containers/InputModalStepperProvider/index.js in Strapi befo ...) NOT-FOR-US: Strapi -CVE-2020-27663 - RESERVED -CVE-2020-27662 - RESERVED +CVE-2020-27663 (In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct ...) + TODO: check +CVE-2020-27662 (In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object ...) + TODO: check CVE-2020-27661 [divide by zero in dwc2_handle_packet() in hw/usb/hcd-dwc2.c] RESERVED - qemu (bug #972864) @@ -7517,8 +7522,8 @@ CVE-2020-27209 RESERVED CVE-2020-27208 RESERVED -CVE-2020-27207 - RESERVED +CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sq ...) + TODO: check CVE-2020-27206 RESERVED CVE-2020-27205 @@ -8174,8 +8179,8 @@ CVE-2020-26938 RESERVED CVE-2020-26937 RESERVED -CVE-2020-26936 - RESERVED +CVE-2020-26936 (Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF at ...) + TODO: check CVE-2020-26935 (An issue was discovered in SearchController in phpMyAdmin before 4.9.6 ...) {DLA-2413-1} - phpmyadmin 4:4.9.7+dfsg1-1 (bug #972000) @@ -36942,8 +36947,8 @@ CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module - libcrypt-perl-perl (bug #907353) NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14 NOTE: https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2 -CVE-2020-13886 - RESERVED +CVE-2020-13886 (Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 6 ...) + TODO: check CVE-2020-13885 (Citrix Workspace App before 1912 on Windows has Insecure Permissions w ...) NOT-FOR-US: Citrix CVE-2020-13884 (Citrix Workspace App before 1912 on Windows has Insecure Permissions a ...) @@ -54082,10 +54087,10 @@ CVE-2020-7781 RESERVED CVE-2020-7780 RESERVED -CVE-2020-7779 - RESERVED -CVE-2020-7778 - RESERVED +CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular Expressi ...) + TODO: check +CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The attacker ...) + TODO: check CVE-2020-7777 (This affects all versions of package jsen. If an attacker can control ...) NOT-FOR-US: Node jsen CVE-2020-7776 @@ -127075,7 +127080,7 @@ CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a u NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379 NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126 CVE-2018-19787 (An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in th ...) - {DLA-1604-1} + {DLA-2467-1 DLA-1604-1} - lxml 4.2.5-1 NOTE: Fixed by: https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 (lxml-4.2.5) CVE-2018-19786 (HashiCorp Vault before 1.0.0 writes the master key to the server log i ...) -- cgit v1.2.3