diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-11-04 20:10:25 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-11-04 20:10:25 +0000 |
commit | fb0b72f457ee2c9b4bd3eb408e13d432c6d45322 (patch) | |
tree | 4ff919f1ef7c0974712766dffc4e5403bd46b433 /data/CVE | |
parent | e81585715071e3c4c5b7fcedac1c6c81bf5467cd (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2016.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 105 |
2 files changed, 43 insertions, 64 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 6be1484632..f3777a253f 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -13127,7 +13127,7 @@ CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom searc - phpmyadmin 4:4.6.4+dfsg1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/ CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The decryp ...) - {DLA-1821-1 DLA-626-1} + {DLA-626-1} - phpmyadmin 4:4.6.4+dfsg1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/ CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 7f626820b4..f980b08c4c 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -316,8 +316,7 @@ CVE-2020-28051 RESERVED CVE-2020-28050 RESERVED -CVE-2020-28049 [local privilege escalation due to race condition in creation of the Xauthority file] - RESERVED +CVE-2020-28049 (An issue was discovered in SDDM before 0.19.0. It incorrectly starts t ...) - sddm <unfixed> (bug #973748) NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/2 NOTE: https://github.com/sddm/sddm/commit/be202f533ab98a684c6a007e8d5b4357846bc222 @@ -501,7 +500,8 @@ CVE-2020-27983 RESERVED CVE-2020-27982 RESERVED -CVE-2020-27981 (An XSS vulnerability in the auto-complete function of the description ...) +CVE-2020-27981 + REJECTED NOT-FOR-US: Firefly III CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WL ...) NOT-FOR-US: Genexis Platinum-4410 P4410-V2-1.28 devices @@ -4254,8 +4254,8 @@ CVE-2020-26169 RESERVED CVE-2020-26168 RESERVED -CVE-2020-26167 - RESERVED +CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature allows an ano ...) + TODO: check CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...) NOT-FOR-US: qdPM CVE-2020-26165 @@ -12504,18 +12504,18 @@ CVE-2020-22280 RESERVED CVE-2020-22279 RESERVED -CVE-2020-22278 - RESERVED -CVE-2020-22277 - RESERVED -CVE-2020-22276 - RESERVED -CVE-2020-22275 - RESERVED -CVE-2020-22274 - RESERVED -CVE-2020-22273 - RESERVED +CVE-2020-22278 (phpMyAdmin through 5.0.2 allows CSV injection via Export Section ...) + TODO: check +CVE-2020-22277 (Import and export users and customers WordPress Plugin through 1.15.5. ...) + TODO: check +CVE-2020-22276 (WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry ...) + TODO: check +CVE-2020-22275 (Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an at ...) + TODO: check +CVE-2020-22274 (JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection ...) + TODO: check +CVE-2020-22273 (Neoflex Video Subscription System Version 2.0 is affected by CSRF whic ...) + TODO: check CVE-2020-22272 RESERVED CVE-2020-22271 @@ -45014,10 +45014,10 @@ CVE-2020-8039 RESERVED CVE-2020-8038 RESERVED -CVE-2020-8037 - RESERVED -CVE-2020-8036 - RESERVED +CVE-2020-8037 (The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a l ...) + TODO: check +CVE-2020-8036 (The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SO ...) + TODO: check CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...) {DLA-2230-1} - php-horde 5.2.23+debian0-1 (bug #963809) @@ -57926,68 +57926,47 @@ CVE-2020-2321 RESERVED CVE-2020-2320 RESERVED -CVE-2020-2319 - RESERVED +CVE-2020-2319 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a pa ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2318 - RESERVED +CVE-2020-2318 (Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2317 - RESERVED +CVE-2020-2317 (Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotati ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2316 - RESERVED +CVE-2020-2316 (Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not esc ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2315 - RESERVED +CVE-2020-2315 (Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2314 - RESERVED +CVE-2020-2314 (Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencryp ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2313 - RESERVED +CVE-2020-2313 (A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and e ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2312 - RESERVED +CVE-2020-2312 (Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2311 - RESERVED +CVE-2020-2311 (A missing permission check in Jenkins AWS Global Configuration Plugin ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2310 - RESERVED +CVE-2020-2310 (Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier al ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2309 - RESERVED +CVE-2020-2309 (A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1 ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2308 - RESERVED +CVE-2020-2308 (A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and ear ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2307 - RESERVED +CVE-2020-2307 (Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege user ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2306 - RESERVED +CVE-2020-2306 (A missing permission check in Jenkins Mercurial Plugin 2.11 and earlie ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2305 - RESERVED +CVE-2020-2305 (Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML p ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2304 - RESERVED +CVE-2020-2304 (Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XM ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2303 - RESERVED +CVE-2020-2303 (A cross-site request forgery (CSRF) vulnerability in Jenkins Active Di ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2302 - RESERVED +CVE-2020-2302 (A missing permission check in Jenkins Active Directory Plugin 2.19 and ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2301 - RESERVED +CVE-2020-2301 (Jenkins Active Directory Plugin 2.19 and earlier allows attackers to l ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2300 - RESERVED +CVE-2020-2300 (Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2299 - RESERVED +CVE-2020-2299 (Jenkins Active Directory Plugin 2.19 and earlier allows attackers to l ...) NOT-FOR-US: Jenkins plugin CVE-2020-2298 (Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML ...) NOT-FOR-US: Jenkins plugin |