[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 4 20:10:32 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
38da8e4e by security tracker role at 2020-11-04T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -316,8 +316,7 @@ CVE-2020-28051
RESERVED
CVE-2020-28050
RESERVED
-CVE-2020-28049 [local privilege escalation due to race condition in creation of the Xauthority file]
- RESERVED
+CVE-2020-28049 (An issue was discovered in SDDM before 0.19.0. It incorrectly starts t ...)
- sddm <unfixed> (bug #973748)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/2
NOTE: https://github.com/sddm/sddm/commit/be202f533ab98a684c6a007e8d5b4357846bc222
@@ -501,7 +500,8 @@ CVE-2020-27983
RESERVED
CVE-2020-27982
RESERVED
-CVE-2020-27981 (An XSS vulnerability in the auto-complete function of the description ...)
+CVE-2020-27981
+ REJECTED
NOT-FOR-US: Firefly III
CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WL ...)
NOT-FOR-US: Genexis Platinum-4410 P4410-V2-1.28 devices
@@ -4886,8 +4886,8 @@ CVE-2020-26169
RESERVED
CVE-2020-26168
RESERVED
-CVE-2020-26167
- RESERVED
+CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature allows an ano ...)
+ TODO: check
CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...)
NOT-FOR-US: qdPM
CVE-2020-26165
@@ -13198,18 +13198,18 @@ CVE-2020-22280
RESERVED
CVE-2020-22279
RESERVED
-CVE-2020-22278
- RESERVED
-CVE-2020-22277
- RESERVED
-CVE-2020-22276
- RESERVED
-CVE-2020-22275
- RESERVED
-CVE-2020-22274
- RESERVED
-CVE-2020-22273
- RESERVED
+CVE-2020-22278 (phpMyAdmin through 5.0.2 allows CSV injection via Export Section ...)
+ TODO: check
+CVE-2020-22277 (Import and export users and customers WordPress Plugin through 1.15.5. ...)
+ TODO: check
+CVE-2020-22276 (WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry ...)
+ TODO: check
+CVE-2020-22275 (Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an at ...)
+ TODO: check
+CVE-2020-22274 (JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection ...)
+ TODO: check
+CVE-2020-22273 (Neoflex Video Subscription System Version 2.0 is affected by CSRF whic ...)
+ TODO: check
CVE-2020-22272
RESERVED
CVE-2020-22271
@@ -48109,10 +48109,10 @@ CVE-2020-8039
RESERVED
CVE-2020-8038
RESERVED
-CVE-2020-8037
- RESERVED
-CVE-2020-8036
- RESERVED
+CVE-2020-8037 (The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a l ...)
+ TODO: check
+CVE-2020-8036 (The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SO ...)
+ TODO: check
CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...)
{DLA-2230-1}
- php-horde 5.2.23+debian0-1 (bug #963809)
@@ -63343,68 +63343,47 @@ CVE-2020-2321
RESERVED
CVE-2020-2320
RESERVED
-CVE-2020-2319
- RESERVED
+CVE-2020-2319 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a pa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2318
- RESERVED
+CVE-2020-2318 (Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2317
- RESERVED
+CVE-2020-2317 (Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotati ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2316
- RESERVED
+CVE-2020-2316 (Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not esc ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2315
- RESERVED
+CVE-2020-2315 (Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2314
- RESERVED
+CVE-2020-2314 (Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencryp ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2313
- RESERVED
+CVE-2020-2313 (A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2312
- RESERVED
+CVE-2020-2312 (Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2311
- RESERVED
+CVE-2020-2311 (A missing permission check in Jenkins AWS Global Configuration Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2310
- RESERVED
+CVE-2020-2310 (Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier al ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2309
- RESERVED
+CVE-2020-2309 (A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2308
- RESERVED
+CVE-2020-2308 (A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2307
- RESERVED
+CVE-2020-2307 (Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege user ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2306
- RESERVED
+CVE-2020-2306 (A missing permission check in Jenkins Mercurial Plugin 2.11 and earlie ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2305
- RESERVED
+CVE-2020-2305 (Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML p ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2304
- RESERVED
+CVE-2020-2304 (Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XM ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2303
- RESERVED
+CVE-2020-2303 (A cross-site request forgery (CSRF) vulnerability in Jenkins Active Di ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2302
- RESERVED
+CVE-2020-2302 (A missing permission check in Jenkins Active Directory Plugin 2.19 and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2301
- RESERVED
+CVE-2020-2301 (Jenkins Active Directory Plugin 2.19 and earlier allows attackers to l ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2300
- RESERVED
+CVE-2020-2300 (Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2299
- RESERVED
+CVE-2020-2299 (Jenkins Active Directory Plugin 2.19 and earlier allows attackers to l ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2298 (Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML ...)
NOT-FOR-US: Jenkins plugin
@@ -240191,7 +240170,7 @@ CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom searc
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The decryp ...)
- {DLA-1821-1 DLA-626-1}
+ {DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38da8e4eec50e5735cb402d2f1948308fb63499f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38da8e4eec50e5735cb402d2f1948308fb63499f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201104/524e5713/attachment.html>
More information about the debian-security-tracker-commits
mailing list