[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 2 08:10:26 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6eab4821 by security tracker role at 2020-12-02T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-29455
+ RESERVED
+CVE-2020-29454 (Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user ...)
+ TODO: check
CVE-2020-29453
RESERVED
CVE-2020-29452
@@ -6367,8 +6371,7 @@ CVE-2020-27818
RESERVED
CVE-2020-27817
RESERVED
-CVE-2020-27816
- RESERVED
+CVE-2020-27816 (The elasticsearch-operator does not validate the namespace where kiban ...)
NOT-FOR-US: OpenShift Elasticsearch operator
CVE-2020-27815
RESERVED
@@ -6378,8 +6381,7 @@ CVE-2020-27814
RESERVED
- openjpeg2 <unfixed>
NOTE: https://github.com/uclouvain/openjpeg/issues/1283
-CVE-2020-27813
- RESERVED
+CVE-2020-27813 (An integer overflow vulnerability exists with the length of websocket ...)
- golang-github-gorilla-websocket <not-affected> (Fixed with first upload to Debian with renamed source package)
- golang-websocket <removed>
NOTE: https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh
@@ -10363,8 +10365,8 @@ CVE-2020-26252
RESERVED
CVE-2020-26251
RESERVED
-CVE-2020-26250
- RESERVED
+CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthent ...)
+ TODO: check
CVE-2020-26249
RESERVED
CVE-2020-26248
@@ -11582,8 +11584,7 @@ CVE-2020-25724
- resteasy <unfixed>
- resteasy3.0 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks details ATM)
-CVE-2020-25723 [assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c]
- RESERVED
+CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation code o ...)
{DLA-2469-1}
- qemu <unfixed> (bug #975276)
[buster] - qemu <postponed> (Fix along in future DSA)
@@ -11643,8 +11644,7 @@ CVE-2020-25705 (A flaw in the way reply ICMP packets are limited in the Linux ke
- linux 5.9.6-1
NOTE: https://git.kernel.org/linus/b38e7819cae946e2edf869e604af1e65a5d241c5
NOTE: https://www.saddns.net/
-CVE-2020-25704
- RESERVED
+CVE-2020-25704 (A flaw memory leak in the Linux kernel performance monitoring subsyste ...)
- linux 5.9.6-1
NOTE: https://git.kernel.org/linus/7bdb157cdebbf95a1cd94ed2e01b338714075d00
CVE-2020-25703 (The participants table download in Moodle always included user emails, ...)
@@ -11848,13 +11848,12 @@ CVE-2020-25657
[stretch] - m2crypto <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889823
NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/285
-CVE-2020-25656
- RESERVED
+CVE-2020-25656 (A flaw was found in the Linux kernel. A use-after-free was found in th ...)
- linux 5.9.6-1
NOTE: https://www.openwall.com/lists/oss-security/2020/10/16/1
CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could allow se ...)
NOT-FOR-US: Red Hat open-cluster-management
-CVE-2020-25654 (An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5- ...)
+CVE-2020-25654 (An ACL bypass flaw was found in pacemaker. An attacker having a local ...)
{DSA-4791-1}
- pacemaker 2.0.5~rc2-1 (bug #973254)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1
@@ -36229,8 +36228,7 @@ CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure o
NOTE: https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933
CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. ...)
NOT-FOR-US: JBossWeb
-CVE-2020-14383 [An authenticated user can crash the DCE/RPC DNS with easily crafted records]
- RESERVED
+CVE-2020-14383 (A flaw was found in samba's DNS server. An authenticated user could us ...)
{DLA-2463-1}
[experimental] - samba 2:4.13.2+dfsg-1
- samba 2:4.13.2+dfsg-2 (bug #973398)
@@ -36581,8 +36579,7 @@ CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans (EJ
- wildfly <itp> (bug #752018)
CVE-2020-14306 (An incorrect access control flaw was found in the operator, openshift- ...)
NOT-FOR-US: OpenShift
-CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module]
- RESERVED
+CVE-2020-14305 (An out-of-bounds memory write flaw was found in how the Linux kernel&# ...)
{DLA-2420-1}
- linux 4.12.6-1
NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/
@@ -36688,8 +36685,8 @@ CVE-2020-14262
RESERVED
CVE-2020-14261
RESERVED
-CVE-2020-14260
- RESERVED
+CVE-2020-14260 (HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL du ...)
+ TODO: check
CVE-2020-14259
RESERVED
CVE-2020-14258 (HCL Notes is susceptible to a Denial of Service vulnerability caused b ...)
@@ -51872,6 +51869,7 @@ CVE-2020-8929 (A mis-handling of invalid unicode characters in the Java implemen
CVE-2020-8928
RESERVED
CVE-2020-8927 (A buffer overflow exists in the Brotli library versions prior to 1.0.8 ...)
+ {DSA-4801-1 DLA-2476-1}
- brotli 1.0.9-1
NOTE: https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6
CVE-2020-8926
@@ -56158,8 +56156,8 @@ CVE-2020-7201
RESERVED
CVE-2020-7200
RESERVED
-CVE-2020-7199
- RESERVED
+CVE-2020-7199 (A security vulnerability has been identified in the HPE Edgeline Infra ...)
+ TODO: check
CVE-2020-7198 (There is a remote escalation of privilege possible for a malicious use ...)
NOT-FOR-US: HPE
CVE-2020-7197 (SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreSe ...)
@@ -59349,8 +59347,8 @@ CVE-2020-6020 (Check Point Security Management's Internal CA web management befo
NOT-FOR-US: Check Point
CVE-2020-6019 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
NOT-FOR-US: Valve's Game Networking Sockets
-CVE-2020-6018
- RESERVED
+CVE-2020-6018 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
+ TODO: check
CVE-2020-6017
RESERVED
CVE-2020-6016 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
@@ -60635,8 +60633,8 @@ CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.1
NOT-FOR-US: Vmware
CVE-2020-5424
REJECTED
-CVE-2020-5423
- RESERVED
+CVE-2020-5423 (CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a ...)
+ TODO: check
CVE-2020-5422 (BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA pas ...)
NOT-FOR-US: BOSH System Metrics Server
CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...)
@@ -63916,8 +63914,8 @@ CVE-2020-4104 (HCL BigFix WebUI is vulnerable to stored cross-site scripting (XS
NOT-FOR-US: HCL
CVE-2020-4103
RESERVED
-CVE-2020-4102
- RESERVED
+CVE-2020-4102 (HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due ...)
+ TODO: check
CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...)
NOT-FOR-US: HCL Digital Experience
CVE-2020-4100 ("HCL Verse for Android was found to employ dynamic code loading. This ...)
@@ -352481,8 +352479,8 @@ CVE-2012-0957 (The override_release function in kernel/sys.c in the Linux kernel
NOTE: https://lkml.org/lkml/2012/10/9/550
CVE-2012-0956 (ubiquity-slideshow-ubuntu before 58.2, during installation, allows rem ...)
NOT-FOR-US: ubiquity-slideshow-ubuntu
-CVE-2012-0955
- RESERVED
+CVE-2012-0955 (software-properties was vulnerable to a person-in-the-middle attack du ...)
+ TODO: check
CVE-2012-0954 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-ke ...)
- apt 0.7.25 (unimportant)
NOTE: net-update is not enabled by default in Debian
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eab48219dffd485307f9d1a05ddad79f83beeb6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eab48219dffd485307f9d1a05ddad79f83beeb6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201202/af90e5cb/attachment.html>
More information about the debian-security-tracker-commits
mailing list