diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-11-05 20:10:18 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-11-05 20:10:18 +0000 |
commit | 0ef8e71a140e8d0044752e0edcdf12961ab97c7d (patch) | |
tree | 70757dafdb038156687e790941c20a0ae5eca64d /data/CVE | |
parent | 6c174dfd0ebf80ab75a8ec1350bde644d8aec916 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2015.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2020.list | 167 |
3 files changed, 118 insertions, 55 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index ca66e0b313..c774fefb66 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -18115,7 +18115,7 @@ CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) - xen 4.4.0-1 [squeeze] - xen <end-of-life> (Not supported in Squeeze LTS) - - xen-qemu-dm-4.0 <removed> + - xen-qemu-dm-4.0 <removed> [squeeze] - xen-qemu-dm-4.0 <end-of-life> (Not supported in Squeeze LTS) NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://xenbits.xen.org/xsa/advisory-135.html diff --git a/data/CVE/2018.list b/data/CVE/2018.list index a8e069bcb7..31967c1c57 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -51133,8 +51133,8 @@ CVE-2018-1727 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vu NOT-FOR-US: IBM CVE-2018-1726 RESERVED -CVE-2018-1725 - RESERVED +CVE-2018-1725 (IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vu ...) + TODO: check CVE-2018-1724 (IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user ...) NOT-FOR-US: IBM CVE-2018-1723 (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0 ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 596582fa7b..39ed91a70f 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,63 @@ +CVE-2020-28238 + RESERVED +CVE-2020-28237 + RESERVED +CVE-2020-28236 + RESERVED +CVE-2020-28235 + RESERVED +CVE-2020-28234 + RESERVED +CVE-2020-28233 + RESERVED +CVE-2020-28232 + RESERVED +CVE-2020-28231 + RESERVED +CVE-2020-28230 + RESERVED +CVE-2020-28229 + RESERVED +CVE-2020-28228 + RESERVED +CVE-2020-28227 + RESERVED +CVE-2020-28226 + RESERVED +CVE-2020-28225 + RESERVED +CVE-2020-28224 + RESERVED +CVE-2020-28223 + RESERVED +CVE-2020-28222 + RESERVED +CVE-2020-28221 + RESERVED +CVE-2020-28220 + RESERVED +CVE-2020-28219 + RESERVED +CVE-2020-28218 + RESERVED +CVE-2020-28217 + RESERVED +CVE-2020-28216 + RESERVED +CVE-2020-28215 + RESERVED +CVE-2020-28214 + RESERVED +CVE-2020-28213 + RESERVED +CVE-2020-28212 + RESERVED +CVE-2020-28211 + RESERVED +CVE-2020-28210 + RESERVED +CVE-2020-28209 + RESERVED CVE-2020-28208 RESERVED CVE-2020-28207 @@ -184,8 +244,8 @@ CVE-2020-28117 RESERVED CVE-2020-28116 RESERVED -CVE-2020-28115 - RESERVED +CVE-2020-28115 (SQL Injection vulnerability in "Documents component" found in AudimexE ...) + TODO: check CVE-2020-28114 RESERVED CVE-2020-28113 @@ -317,14 +377,15 @@ CVE-2020-28051 CVE-2020-28050 RESERVED CVE-2020-28049 (An issue was discovered in SDDM before 0.19.0. It incorrectly starts t ...) + {DSA-4783-1} - sddm <unfixed> (bug #973748) NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/2 NOTE: https://github.com/sddm/sddm/commit/be202f533ab98a684c6a007e8d5b4357846bc222 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1177201 CVE-2020-28048 RESERVED -CVE-2020-28047 - RESERVED +CVE-2020-28047 (AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scr ...) + TODO: check CVE-2020-27347 [tmux buffer overflow in CSI parsing] RESERVED - tmux 3.1c-1 @@ -553,8 +614,8 @@ CVE-2020-27957 (The RandomGameUnit extension for MediaWiki through 1.35 was not NOT-FOR-US: MediaWiki extension CVE-2020-27956 (An Arbitrary File Upload in the Upload Image component in SourceCodest ...) NOT-FOR-US: SourceCodester Car Rental Management System -CVE-2020-27955 - RESERVED +CVE-2020-27955 (Git LFS 2.12.0 allows Remote Code Execution. ...) + TODO: check CVE-2020-27954 RESERVED CVE-2020-27953 @@ -1092,8 +1153,8 @@ CVE-2020-27690 (The Relish (Verve Connect) VH510 device with firmware before 1.0 NOT-FOR-US: Relish (Verve Connect) VH510 device CVE-2020-27689 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...) NOT-FOR-US: Relish (Verve Connect) VH510 device -CVE-2020-27688 - RESERVED +CVE-2020-27688 (RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt ...) + TODO: check CVE-2020-27687 RESERVED CVE-2020-27686 @@ -1706,8 +1767,8 @@ CVE-2020-27404 RESERVED CVE-2020-27403 RESERVED -CVE-2020-27402 - RESERVED +CVE-2020-27402 (The HK1 Box S905X3 TV Box contains a vulnerability that allows a local ...) + TODO: check CVE-2020-27401 RESERVED CVE-2020-27400 @@ -2659,6 +2720,7 @@ CVE-2020-26941 CVE-2020-26940 RESERVED CVE-2020-26939 (In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.1. ...) + {DLA-2433-1} - bouncycastle 1.61-1 NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2020-26939 NOTE: https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1 (r1rv61) @@ -3573,12 +3635,12 @@ CVE-2020-26509 RESERVED CVE-2020-26508 RESERVED -CVE-2020-26507 - RESERVED -CVE-2020-26506 - RESERVED -CVE-2020-26505 - RESERVED +CVE-2020-26507 (A CSV Injection (also known as Formula Injection) vulnerability in the ...) + TODO: check +CVE-2020-26506 (An Authorization Bypass vulnerability in the Marmind web application w ...) + TODO: check +CVE-2020-26505 (A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmin ...) + TODO: check CVE-2020-26504 RESERVED CVE-2020-26503 @@ -6049,10 +6111,10 @@ CVE-2020-25401 RESERVED CVE-2020-25400 RESERVED -CVE-2020-25399 - RESERVED -CVE-2020-25398 - RESERVED +CVE-2020-25399 (Stored XSS in InterMind iMind Server through 3.13.65 allows any user t ...) + TODO: check +CVE-2020-25398 (CSV Injection exists in InterMind iMind Server through 3.13.65 via the ...) + TODO: check CVE-2020-25397 RESERVED CVE-2020-25396 @@ -7250,8 +7312,8 @@ CVE-2020-24851 RESERVED CVE-2020-24850 RESERVED -CVE-2020-24849 - RESERVED +CVE-2020-24849 (A remote code execution vulnerability is identified in FruityWifi thro ...) + TODO: check CVE-2020-24848 (FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) N ...) NOT-FOR-US: FruityWifi CVE-2020-24847 (A Cross-Site Request Forgery (CSRF) vulnerability is identified in Fru ...) @@ -25001,6 +25063,7 @@ CVE-2020-16126 - accountsservice <not-affected> (Ubuntu-specific issue in 0010-set-language.patch) CVE-2020-16125 [display: Exit with failure if loading existing users fails] RESERVED + {DLA-2434-1} - gdm3 3.38.2-1 NOTE: https://github.com/GNOME/gdm/commit/dc8235128c3a1fcd5da8f30ab6839d413d353f28 NOTE: https://gitlab.gnome.org/GNOME/gdm/-/issues/642 @@ -25452,14 +25515,14 @@ CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and NOTE: https://github.com/dinhvh/libetpan/issues/386 NOTE: https://github.com/dinhvh/libetpan/pull/387 NOTE: https://github.com/dinhvh/libetpan/pull/388 -CVE-2020-15952 - RESERVED -CVE-2020-15951 - RESERVED -CVE-2020-15950 - RESERVED -CVE-2020-15949 - RESERVED +CVE-2020-15952 (Immuta v2.8.2 is affected by stored XSS that allows a low-privileged u ...) + TODO: check +CVE-2020-15951 (Immuta v2.8.2 accepts user-supplied project names without properly san ...) + TODO: check +CVE-2020-15950 (Immuta v2.8.2 is affected by improper session management: user session ...) + TODO: check +CVE-2020-15949 (Immuta v2.8.2 is affected by one instance of insecure permissions that ...) + TODO: check CVE-2020-15948 RESERVED CVE-2020-25573 (An issue was discovered in the linked-hash-map crate before 0.5.3 for ...) @@ -29753,8 +29816,8 @@ CVE-2020-14242 RESERVED CVE-2020-14241 RESERVED -CVE-2020-14240 - RESERVED +CVE-2020-14240 (HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and ...) + TODO: check CVE-2020-14239 RESERVED CVE-2020-14238 @@ -29789,8 +29852,8 @@ CVE-2020-14224 RESERVED CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scri ...) NOT-FOR-US: HCL Digital Experience -CVE-2020-14222 - RESERVED +CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scri ...) + TODO: check CVE-2020-14221 RESERVED CVE-2020-14220 @@ -31256,8 +31319,8 @@ CVE-2020-13663 [Drupal SA 2020-004] - drupal7 <removed> NOTE: https://www.drupal.org/sa-core-2020-004 NOTE: https://git.drupalcode.org/project/drupal/-/commit/3999b8f658bf2ef8e96a7ee8ccb279c5d3073006 -CVE-2020-13661 - RESERVED +CVE-2020-13661 (Telerik Fiddler through 5.0.20202.18177 allows attackers to execute ar ...) + TODO: check CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...) NOT-FOR-US: CMS Made Simple CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...) @@ -34968,12 +35031,12 @@ CVE-2020-12149 RESERVED CVE-2020-12148 RESERVED -CVE-2020-12147 - RESERVED -CVE-2020-12146 - RESERVED -CVE-2020-12145 - RESERVED +CVE-2020-12147 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...) + TODO: check +CVE-2020-12146 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...) + TODO: check +CVE-2020-12145 (Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or ...) + TODO: check CVE-2020-12144 (The certificate used to identify the Silver Peak Cloud Portal to EdgeC ...) NOT-FOR-US: Silver Peak Cloud Portal CVE-2020-12143 (The certificate used to identify Orchestrator to EdgeConnect devices i ...) @@ -44458,8 +44521,8 @@ CVE-2020-8269 RESERVED CVE-2020-8268 RESERVED -CVE-2020-8267 - RESERVED +CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10 and ea ...) + TODO: check CVE-2020-8266 RESERVED CVE-2020-8265 @@ -45671,12 +45734,12 @@ CVE-2020-7765 RESERVED CVE-2020-7764 RESERVED -CVE-2020-7763 - RESERVED -CVE-2020-7762 - RESERVED -CVE-2020-7761 - RESERVED +CVE-2020-7763 (This affects the package phantom-html-to-pdf before 0.6.1. ...) + TODO: check +CVE-2020-7762 (This affects the package jsreport-chrome-pdf before 1.10.0. ...) + TODO: check +CVE-2020-7761 (This affects the package @absolunet/kafe before 3.2.10. It allows caus ...) + TODO: check CVE-2020-7760 (This affects the package codemirror before 5.58.2; the package org.apa ...) - codemirror-js <unfixed> [stretch] - codemirror-js <not-affected> (Vulnerable code added later) @@ -54091,8 +54154,8 @@ CVE-2020-4099 RESERVED CVE-2020-4098 RESERVED -CVE-2020-4097 - RESERVED +CVE-2020-4097 (In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fi ...) + TODO: check CVE-2020-4096 RESERVED CVE-2020-4095 ("BigFix Platform is storing clear text credentials within the system's ...) |