diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-12-02 08:10:20 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-12-02 08:10:20 +0000 |
| commit | 29cdfd10fe690c86332d3d62b2cd20212685a1c9 (patch) | |
| tree | 55dee5b3a28b5951f03367e88c9af793309d41df /data | |
| parent | 12d45c18b7cfd24fc21443cabe61268351aa35c8 (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/2012.list | 4 | ||||
| -rw-r--r-- | data/CVE/2020.list | 52 |
2 files changed, 27 insertions, 29 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 34e3d4f799..51ded9d69b 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -14128,8 +14128,8 @@ CVE-2012-0957 (The override_release function in kernel/sys.c in the Linux kernel NOTE: https://lkml.org/lkml/2012/10/9/550 CVE-2012-0956 (ubiquity-slideshow-ubuntu before 58.2, during installation, allows rem ...) NOT-FOR-US: ubiquity-slideshow-ubuntu -CVE-2012-0955 - RESERVED +CVE-2012-0955 (software-properties was vulnerable to a person-in-the-middle attack du ...) + TODO: check CVE-2012-0954 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-ke ...) - apt 0.7.25 (unimportant) NOTE: net-update is not enabled by default in Debian diff --git a/data/CVE/2020.list b/data/CVE/2020.list index a3c16a94d4..5a0088bf3d 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,7 @@ +CVE-2020-29455 + RESERVED +CVE-2020-29454 (Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user ...) + TODO: check CVE-2020-29453 RESERVED CVE-2020-29452 @@ -3497,8 +3501,7 @@ CVE-2020-27818 RESERVED CVE-2020-27817 RESERVED -CVE-2020-27816 - RESERVED +CVE-2020-27816 (The elasticsearch-operator does not validate the namespace where kiban ...) NOT-FOR-US: OpenShift Elasticsearch operator CVE-2020-27815 RESERVED @@ -3508,8 +3511,7 @@ CVE-2020-27814 RESERVED - openjpeg2 <unfixed> NOTE: https://github.com/uclouvain/openjpeg/issues/1283 -CVE-2020-27813 - RESERVED +CVE-2020-27813 (An integer overflow vulnerability exists with the length of websocket ...) - golang-github-gorilla-websocket <not-affected> (Fixed with first upload to Debian with renamed source package) - golang-websocket <removed> NOTE: https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh @@ -7048,8 +7050,8 @@ CVE-2020-26252 RESERVED CVE-2020-26251 RESERVED -CVE-2020-26250 - RESERVED +CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthent ...) + TODO: check CVE-2020-26249 RESERVED CVE-2020-26248 @@ -8247,8 +8249,7 @@ CVE-2020-25724 - resteasy <unfixed> - resteasy3.0 <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks details ATM) -CVE-2020-25723 [assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c] - RESERVED +CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation code o ...) {DLA-2469-1} - qemu <unfixed> (bug #975276) [buster] - qemu <postponed> (Fix along in future DSA) @@ -8308,8 +8309,7 @@ CVE-2020-25705 (A flaw in the way reply ICMP packets are limited in the Linux ke - linux 5.9.6-1 NOTE: https://git.kernel.org/linus/b38e7819cae946e2edf869e604af1e65a5d241c5 NOTE: https://www.saddns.net/ -CVE-2020-25704 - RESERVED +CVE-2020-25704 (A flaw memory leak in the Linux kernel performance monitoring subsyste ...) - linux 5.9.6-1 NOTE: https://git.kernel.org/linus/7bdb157cdebbf95a1cd94ed2e01b338714075d00 CVE-2020-25703 (The participants table download in Moodle always included user emails, ...) @@ -8513,13 +8513,12 @@ CVE-2020-25657 [stretch] - m2crypto <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889823 NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/285 -CVE-2020-25656 - RESERVED +CVE-2020-25656 (A flaw was found in the Linux kernel. A use-after-free was found in th ...) - linux 5.9.6-1 NOTE: https://www.openwall.com/lists/oss-security/2020/10/16/1 CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could allow se ...) NOT-FOR-US: Red Hat open-cluster-management -CVE-2020-25654 (An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5- ...) +CVE-2020-25654 (An ACL bypass flaw was found in pacemaker. An attacker having a local ...) {DSA-4791-1} - pacemaker 2.0.5~rc2-1 (bug #973254) NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1 @@ -32460,8 +32459,7 @@ CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure o NOTE: https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933 CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. ...) NOT-FOR-US: JBossWeb -CVE-2020-14383 [An authenticated user can crash the DCE/RPC DNS with easily crafted records] - RESERVED +CVE-2020-14383 (A flaw was found in samba's DNS server. An authenticated user could us ...) {DLA-2463-1} [experimental] - samba 2:4.13.2+dfsg-1 - samba 2:4.13.2+dfsg-2 (bug #973398) @@ -32812,8 +32810,7 @@ CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans (EJ - wildfly <itp> (bug #752018) CVE-2020-14306 (An incorrect access control flaw was found in the operator, openshift- ...) NOT-FOR-US: OpenShift -CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module] - RESERVED +CVE-2020-14305 (An out-of-bounds memory write flaw was found in how the Linux kernel&# ...) {DLA-2420-1} - linux 4.12.6-1 NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/ @@ -32919,8 +32916,8 @@ CVE-2020-14262 RESERVED CVE-2020-14261 RESERVED -CVE-2020-14260 - RESERVED +CVE-2020-14260 (HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL du ...) + TODO: check CVE-2020-14259 RESERVED CVE-2020-14258 (HCL Notes is susceptible to a Denial of Service vulnerability caused b ...) @@ -46182,6 +46179,7 @@ CVE-2020-8929 (A mis-handling of invalid unicode characters in the Java implemen CVE-2020-8928 RESERVED CVE-2020-8927 (A buffer overflow exists in the Brotli library versions prior to 1.0.8 ...) + {DSA-4801-1 DLA-2476-1} - brotli 1.0.9-1 NOTE: https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6 CVE-2020-8926 @@ -50198,8 +50196,8 @@ CVE-2020-7201 RESERVED CVE-2020-7200 RESERVED -CVE-2020-7199 - RESERVED +CVE-2020-7199 (A security vulnerability has been identified in the HPE Edgeline Infra ...) + TODO: check CVE-2020-7198 (There is a remote escalation of privilege possible for a malicious use ...) NOT-FOR-US: HPE CVE-2020-7197 (SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreSe ...) @@ -53328,8 +53326,8 @@ CVE-2020-6020 (Check Point Security Management's Internal CA web management befo NOT-FOR-US: Check Point CVE-2020-6019 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...) NOT-FOR-US: Valve's Game Networking Sockets -CVE-2020-6018 - RESERVED +CVE-2020-6018 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...) + TODO: check CVE-2020-6017 RESERVED CVE-2020-6016 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...) @@ -54561,8 +54559,8 @@ CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.1 NOT-FOR-US: Vmware CVE-2020-5424 REJECTED -CVE-2020-5423 - RESERVED +CVE-2020-5423 (CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a ...) + TODO: check CVE-2020-5422 (BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA pas ...) NOT-FOR-US: BOSH System Metrics Server CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...) @@ -57375,8 +57373,8 @@ CVE-2020-4104 (HCL BigFix WebUI is vulnerable to stored cross-site scripting (XS NOT-FOR-US: HCL CVE-2020-4103 RESERVED -CVE-2020-4102 - RESERVED +CVE-2020-4102 (HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due ...) + TODO: check CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...) NOT-FOR-US: HCL Digital Experience CVE-2020-4100 ("HCL Verse for Android was found to employ dynamic code loading. This ...) |