From 8e16c74db4ac043d5008c1e66ca311b32715d14d Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 27 Oct 2020 08:10:20 +0000 Subject: automatic update --- data/CVE/list | 66 +++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 44 insertions(+), 22 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index d87c327945..9912759c56 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,25 @@ +CVE-2020-27744 + RESERVED +CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAN ...) + TODO: check +CVE-2020-27742 + RESERVED +CVE-2020-27741 + RESERVED +CVE-2020-27740 + RESERVED +CVE-2020-27739 + RESERVED +CVE-2020-27738 + RESERVED +CVE-2020-27737 + RESERVED +CVE-2020-27736 + RESERVED +CVE-2020-27735 + RESERVED +CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to take own ...) + TODO: check CVE-2020-27734 RESERVED CVE-2020-27733 @@ -1552,16 +1574,16 @@ CVE-2020-27185 RESERVED CVE-2020-27184 RESERVED -CVE-2020-27183 - RESERVED -CVE-2020-27182 - RESERVED -CVE-2020-27181 - RESERVED -CVE-2020-27180 - RESERVED -CVE-2020-27179 - RESERVED +CVE-2020-27183 (A RemoteFunctions endpoint with missing access control in konzept-ix p ...) + TODO: check +CVE-2020-27182 (Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publ ...) + TODO: check +CVE-2020-27181 (A hardcoded AES key in CipherUtils.java in the Java applet of konzept- ...) + TODO: check +CVE-2020-27180 (konzept-ix publiXone before 2020.015 allows attackers to download file ...) + TODO: check +CVE-2020-27179 (konzept-ix publiXone before 2020.015 allows attackers to take over arb ...) + TODO: check CVE-2020-27178 (Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4 ...) NOT-FOR-US: Apereo CAS CVE-2020-27177 @@ -2177,10 +2199,10 @@ CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local privilege escalation from NOTE: https://github.com/sympa-community/sympa/issues/1009 NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420 NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235 -CVE-2020-26879 - RESERVED -CVE-2020-26878 - RESERVED +CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded ...) + TODO: check +CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command injection. An ...) + TODO: check CVE-2020-26877 RESERVED CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows remote attac ...) @@ -24819,7 +24841,7 @@ CVE-2020-15970 [stretch] - chromium (see DSA 4562) CVE-2020-15969 RESERVED - {DSA-4780-1 DSA-4778-1 DLA-2411-1} + {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1} - chromium [stretch] - chromium (see DSA 4562) - firefox 82.0-1 @@ -25601,7 +25623,7 @@ CVE-2020-15684 (Mozilla developers reported memory safety bugs present in Firefo - firefox 82.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684 CVE-2020-15683 (Mozilla developers and community members reported memory safety bugs p ...) - {DSA-4780-1 DSA-4778-1 DLA-2411-1} + {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1} - firefox 82.0-1 - firefox-esr 78.4.0esr-1 - thunderbird 1:78.4.0-1 @@ -26506,8 +26528,8 @@ CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by deser NOTE: https://www.openwall.com/lists/oss-security/2020/05/14/11 CVE-2020-15353 RESERVED -CVE-2020-15352 - RESERVED +CVE-2020-15352 (An XML external entity (XXE) vulnerability in Pulse Connect Secure (PC ...) + TODO: check CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...) NOT-FOR-US: IDrive CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...) @@ -44560,8 +44582,8 @@ CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V NOT-FOR-US: Guangzhou CVE-2020-8957 RESERVED -CVE-2020-8956 - RESERVED +CVE-2020-8956 (Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 ...) + TODO: check CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...) {DLA-2157-1} - weechat 2.7.1-1 (bug #951289) @@ -63270,8 +63292,8 @@ CVE-2020-1917 RESERVED CVE-2020-1916 RESERVED -CVE-2020-1915 - RESERVED +CVE-2020-1915 (An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes ...) + TODO: check CVE-2020-1914 (A logic vulnerability when handling the SaveGeneratorLong instruction ...) NOT-FOR-US: Facebook Hermes CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in Facebook ...) -- cgit v1.2.3