[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Wed Dec 16 08:10:36 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b0ea5ed by security tracker role at 2020-12-16T08:10:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,22 +4,22 @@ CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and truncated datagrams,
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2020-35470 (Envoy before 1.16.1 logs an incorrect downstream address because it co ...)
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-35469
-	RESERVED
-CVE-2020-35468
-	RESERVED
-CVE-2020-35467
-	RESERVED
-CVE-2020-35466
-	RESERVED
-CVE-2020-35465
-	RESERVED
-CVE-2020-35464
-	RESERVED
-CVE-2020-35463
-	RESERVED
-CVE-2020-35462
-	RESERVED
+CVE-2020-35469 (The Software AG Terracotta Server OSS Docker image 5.4.1 contains a bl ...)
+	TODO: check
+CVE-2020-35468 (The Appbase streams Docker image 2.1.2 contains a blank password for t ...)
+	TODO: check
+CVE-2020-35467 (The Docker Docs Docker image through 2020-12-14 contains a blank passw ...)
+	TODO: check
+CVE-2020-35466 (The Blackfire Docker image through 2020-12-14 contains a blank passwor ...)
+	TODO: check
+CVE-2020-35465 (The FullArmor HAPI File Share Mount Docker image through 2020-12-14 co ...)
+	TODO: check
+CVE-2020-35464 (Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank p ...)
+	TODO: check
+CVE-2020-35463 (Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank ...)
+	TODO: check
+CVE-2020-35462 (Version 3.16.0 of the CoScale agent Docker image contains a blank pass ...)
+	TODO: check
 CVE-2020-35461
 	RESERVED
 CVE-2020-35460 (common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows dir ...)
@@ -29,10 +29,10 @@ CVE-2020-35459
 CVE-2020-35458
 	RESERVED
 CVE-2020-35457 (** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that  ...)
-       - glib2.0 2.66.0-1 (unimportant)
-       NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
-       NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2197
-       NOTE: Upstream position is that it is not realistically a security issue.
+	- glib2.0 2.66.0-1 (unimportant)
+	NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
+	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2197
+	NOTE: Upstream position is that it is not realistically a security issue.
 CVE-2020-35456
 	RESERVED
 CVE-2020-35455
@@ -113,8 +113,8 @@ CVE-2020-35418
 	RESERVED
 CVE-2020-35417
 	RESERVED
-CVE-2020-35416
-	RESERVED
+CVE-2020-35416 (Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabber ...)
+	TODO: check
 CVE-2020-35415
 	RESERVED
 CVE-2020-35414
@@ -183,10 +183,10 @@ CVE-2020-35383
 	RESERVED
 CVE-2020-35382 (SQL Injection in Classbooking before 2.4.1 via the username field of a ...)
 	NOT-FOR-US: Classbooking
-CVE-2020-35381
-	RESERVED
-CVE-2020-35380
-	RESERVED
+CVE-2020-35381 (jsonparser 1.0.0 allows attackers to cause a denial of service (panic: ...)
+	TODO: check
+CVE-2020-35380 (GJSON before 1.6.4 allows attackers to cause a denial of service via c ...)
+	TODO: check
 CVE-2020-35379
 	RESERVED
 CVE-2020-35378 (SQL Injection in the login page in Online Bus Ticket Reservation 1.0 a ...)
@@ -563,8 +563,8 @@ CVE-2020-35195
 	RESERVED
 CVE-2020-35194
 	RESERVED
-CVE-2020-35193
-	RESERVED
+CVE-2020-35193 (The official sonarqube docker images before alpine (Alpine specific) c ...)
+	TODO: check
 CVE-2020-35192
 	RESERVED
 CVE-2020-35191
@@ -710,10 +710,10 @@ CVE-2020-35124
 	RESERVED
 CVE-2020-35123
 	RESERVED
-CVE-2020-35122
-	RESERVED
-CVE-2020-35121
-	RESERVED
+CVE-2020-35122 (An issue was discovered in the Keysight Database Connector plugin befo ...)
+	TODO: check
+CVE-2020-35121 (An issue was discovered in the Keysight Database Connector plugin befo ...)
+	TODO: check
 CVE-2020-35120
 	RESERVED
 CVE-2020-35119
@@ -1796,8 +1796,7 @@ CVE-2020-29665
 	RESERVED
 CVE-2020-29664
 	RESERVED
-CVE-2020-29663 [Revoked certificates due for renewal will automatically be renewed ignoring the CRL]
-	RESERVED
+CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked ...)
 	- icinga2 2.12.3-1
 	[buster] - icinga2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-pcmr-2p2f-r7j6
@@ -2442,7 +2441,7 @@ CVE-2020-XXXX [RUSTSEC-2020-0077: memmap: memmap is unmaintained]
 	NOTE: https://github.com/danburkert/memmap-rs/issues/90
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0077.html
 CVE-2020-29606
-	RESERVED
+	REJECTED
 CVE-2020-29605
 	RESERVED
 CVE-2020-29604
@@ -8688,8 +8687,8 @@ CVE-2020-28074
 	RESERVED
 CVE-2020-28073
 	RESERVED
-CVE-2020-28072
-	RESERVED
+CVE-2020-28072 (A Remote Code Execution vulnerability exists in DourceCodester Alumni  ...)
+	TODO: check
 CVE-2020-28071
 	RESERVED
 CVE-2020-28070
@@ -13489,8 +13488,8 @@ CVE-2020-26275
 	RESERVED
 CVE-2020-26274
 	RESERVED
-CVE-2020-26273
-	RESERVED
+CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, monitoring, ...)
+	TODO: check
 CVE-2020-26272
 	RESERVED
 CVE-2020-26271 (In affected versions of TensorFlow under certain cases, loading a save ...)
@@ -13517,10 +13516,10 @@ CVE-2020-26261 (jupyterhub-systemdspawner enables JupyterHub to spawn single-use
 	TODO: check
 CVE-2020-26260 (BookStack is a platform for storing and organising information and doc ...)
 	NOT-FOR-US: BookStack
-CVE-2020-26259
-	RESERVED
-CVE-2020-26258
-	RESERVED
+CVE-2020-26259 (XStream is a Java library to serialize objects to XML and back again.  ...)
+	TODO: check
+CVE-2020-26258 (XStream is a Java library to serialize objects to XML and back again.  ...)
+	TODO: check
 CVE-2020-26257 (Matrix is an ecosystem for open federated Instant Messaging and VoIP.  ...)
 	- matrix-synapse 1.24.0-1
 	NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm
@@ -14673,12 +14672,12 @@ CVE-2020-25761 (Projectworlds Visitor Management System in PHP 1.0 allows XSS. T
 	NOT-FOR-US: Projectworlds Visitor Management System in PHP
 CVE-2020-25760 (Projectworlds Visitor Management System in PHP 1.0 allows SQL Injectio ...)
 	NOT-FOR-US: Projectworlds Visitor Management System in PHP
-CVE-2020-25759
-	RESERVED
-CVE-2020-25758
-	RESERVED
-CVE-2020-25757
-	RESERVED
+CVE-2020-25759 (An issue was discovered on D-Link DSR-250 3.17 devices. Certain functi ...)
+	TODO: check
+CVE-2020-25758 (An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient v ...)
+	TODO: check
+CVE-2020-25757 (A lack of input validation and access controls in Lua CGIs on D-Link D ...)
+	TODO: check
 CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_ht ...)
 	NOT-FOR-US: Cesanta Mongoose
 	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
@@ -16144,8 +16143,8 @@ CVE-2020-25197
 	RESERVED
 CVE-2020-25196
 	RESERVED
-CVE-2020-25195
-	RESERVED
+CVE-2020-25195 (The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM ...)
+	TODO: check
 CVE-2020-25194
 	RESERVED
 CVE-2020-25193
@@ -18813,8 +18812,8 @@ CVE-2020-23959
 	RESERVED
 CVE-2020-23958
 	RESERVED
-CVE-2020-23957
-	RESERVED
+CVE-2020-23957 (Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS)  ...)
+	TODO: check
 CVE-2020-23956
 	RESERVED
 CVE-2020-23955
@@ -50573,8 +50572,7 @@ CVE-2020-10772 (An incomplete fix for CVE-2020-12662 was shipped for Unbound in
 CVE-2020-10771
 	RESERVED
 	NOT-FOR-US: Infinispan
-CVE-2020-10770
-	RESERVED
+CVE-2020-10770 (A flaw was found in Keycloak before 13.0.0, where it is possible to fo ...)
 	NOT-FOR-US: Keycloak
 CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 5.0 in  ...)
 	- linux 4.19.20-1
@@ -81061,7 +81059,7 @@ CVE-2020-0204 (In InstallPackage of package.cpp, there is a possible bypass of a
 	NOT-FOR-US: Android
 CVE-2020-0203 (In freeIsolatedUidLocked of ProcessList.java, there is a possible UID  ...)
 	NOT-FOR-US: Android
-CVE-2020-0202 (In onStart of MainActivity.java, there is a possible bypass of develop ...)
+CVE-2020-0202 (In onHandleIntent of TraceService.java, there is a possible bypass of  ...)
 	NOT-FOR-US: Android
 CVE-2020-0201 (In showSecurityFields of WifiConfigController.java there is a possible ...)
 	NOT-FOR-US: Android
@@ -143893,8 +143891,8 @@ CVE-2018-16245
 	RESERVED
 CVE-2018-16244
 	RESERVED
-CVE-2018-16243
-	RESERVED
+CVE-2018-16243 (SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074  ...)
+	TODO: check
 CVE-2018-16242 (oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which  ...)
 	NOT-FOR-US: oBike
 CVE-2018-16241



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b0ea5ed55fe3e65273898faa6bce5dcbaf282a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b0ea5ed55fe3e65273898faa6bce5dcbaf282a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201216/f276374c/attachment.html>

More information about the debian-security-tracker-commits mailing list