automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-11-04 20:10:25 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-11-04 20:10:25 +0000
commit: fb0b72f457ee2c9b4bd3eb408e13d432c6d45322 (patch)
tree: 4ff919f1ef7c0974712766dffc4e5403bd46b433 /data/CVE
parent: e81585715071e3c4c5b7fcedac1c6c81bf5467cd (diff)
2 files changed, 43 insertions, 64 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 6be1484632..f3777a253f 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -13127,7 +13127,7 @@ CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom searc
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
 CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The decryp ...)
-	{DLA-1821-1 DLA-626-1}
+	{DLA-626-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
 CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 7f626820b4..f980b08c4c 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -316,8 +316,7 @@ CVE-2020-28051
 	RESERVED
 CVE-2020-28050
 	RESERVED
-CVE-2020-28049 [local privilege escalation due to race  condition in creation of the Xauthority file]
-	RESERVED
+CVE-2020-28049 (An issue was discovered in SDDM before 0.19.0. It incorrectly starts t ...)
 	- sddm <unfixed> (bug #973748)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/2
 	NOTE: https://github.com/sddm/sddm/commit/be202f533ab98a684c6a007e8d5b4357846bc222
@@ -501,7 +500,8 @@ CVE-2020-27983
 	RESERVED
 CVE-2020-27982
 	RESERVED
-CVE-2020-27981 (An XSS vulnerability in the auto-complete function of the description  ...)
+CVE-2020-27981
+	REJECTED
 	NOT-FOR-US: Firefly III
 CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WL ...)
 	NOT-FOR-US: Genexis Platinum-4410 P4410-V2-1.28 devices
@@ -4254,8 +4254,8 @@ CVE-2020-26169
 	RESERVED
 CVE-2020-26168
 	RESERVED
-CVE-2020-26167
-	RESERVED
+CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature allows an ano ...)
+	TODO: check
 CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...)
 	NOT-FOR-US: qdPM
 CVE-2020-26165
@@ -12504,18 +12504,18 @@ CVE-2020-22280
 	RESERVED
 CVE-2020-22279
 	RESERVED
-CVE-2020-22278
-	RESERVED
-CVE-2020-22277
-	RESERVED
-CVE-2020-22276
-	RESERVED
-CVE-2020-22275
-	RESERVED
-CVE-2020-22274
-	RESERVED
-CVE-2020-22273
-	RESERVED
+CVE-2020-22278 (phpMyAdmin through 5.0.2 allows CSV injection via Export Section ...)
+	TODO: check
+CVE-2020-22277 (Import and export users and customers WordPress Plugin through 1.15.5. ...)
+	TODO: check
+CVE-2020-22276 (WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry ...)
+	TODO: check
+CVE-2020-22275 (Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an at ...)
+	TODO: check
+CVE-2020-22274 (JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection ...)
+	TODO: check
+CVE-2020-22273 (Neoflex Video Subscription System Version 2.0 is affected by CSRF whic ...)
+	TODO: check
 CVE-2020-22272
 	RESERVED
 CVE-2020-22271
@@ -45014,10 +45014,10 @@ CVE-2020-8039
 	RESERVED
 CVE-2020-8038
 	RESERVED
-CVE-2020-8037
-	RESERVED
-CVE-2020-8036
-	RESERVED
+CVE-2020-8037 (The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a l ...)
+	TODO: check
+CVE-2020-8036 (The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SO ...)
+	TODO: check
 CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...)
 	{DLA-2230-1}
 	- php-horde 5.2.23+debian0-1 (bug #963809)
@@ -57926,68 +57926,47 @@ CVE-2020-2321
 	RESERVED
 CVE-2020-2320
 	RESERVED
-CVE-2020-2319
-	RESERVED
+CVE-2020-2319 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a pa ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2318
-	RESERVED
+CVE-2020-2318 (Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2317
-	RESERVED
+CVE-2020-2317 (Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotati ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2316
-	RESERVED
+CVE-2020-2316 (Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not esc ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2315
-	RESERVED
+CVE-2020-2315 (Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2314
-	RESERVED
+CVE-2020-2314 (Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencryp ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2313
-	RESERVED
+CVE-2020-2313 (A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and e ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2312
-	RESERVED
+CVE-2020-2312 (Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2311
-	RESERVED
+CVE-2020-2311 (A missing permission check in Jenkins AWS Global Configuration Plugin  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2310
-	RESERVED
+CVE-2020-2310 (Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier al ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2309
-	RESERVED
+CVE-2020-2309 (A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1 ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2308
-	RESERVED
+CVE-2020-2308 (A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and ear ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2307
-	RESERVED
+CVE-2020-2307 (Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege user ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2306
-	RESERVED
+CVE-2020-2306 (A missing permission check in Jenkins Mercurial Plugin 2.11 and earlie ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2305
-	RESERVED
+CVE-2020-2305 (Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML p ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2304
-	RESERVED
+CVE-2020-2304 (Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XM ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2303
-	RESERVED
+CVE-2020-2303 (A cross-site request forgery (CSRF) vulnerability in Jenkins Active Di ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2302
-	RESERVED
+CVE-2020-2302 (A missing permission check in Jenkins Active Directory Plugin 2.19 and ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2301
-	RESERVED
+CVE-2020-2301 (Jenkins Active Directory Plugin 2.19 and earlier allows attackers to l ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2300
-	RESERVED
+CVE-2020-2300 (Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2299
-	RESERVED
+CVE-2020-2299 (Jenkins Active Directory Plugin 2.19 and earlier allows attackers to l ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2020-2298 (Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML ...)
 	NOT-FOR-US: Jenkins plugin
author	security tracker role <sectracker@soriano.debian.org>	2020-11-04 20:10:25 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-11-04 20:10:25 +0000
commit	fb0b72f457ee2c9b4bd3eb408e13d432c6d45322 (patch)
tree	4ff919f1ef7c0974712766dffc4e5403bd46b433 /data/CVE
parent	e81585715071e3c4c5b7fcedac1c6c81bf5467cd (diff)