[Git][security-tracker-team/security-tracker][master] automatic update

Sat Nov 7 08:10:21 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
87db650f by security tracker role at 2020-11-07T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2020-28338
+	RESERVED
+CVE-2020-28337
+	RESERVED
+CVE-2020-28336
+	RESERVED
 CVE-2021-1050
 	RESERVED
 CVE-2021-1049
@@ -1845,8 +1851,8 @@ CVE-2020-28170
 	RESERVED
 CVE-2020-28169
 	RESERVED
-CVE-2020-28168
-	RESERVED
+CVE-2020-28168 (Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) ...)
+	TODO: check
 CVE-2020-28167
 	RESERVED
 CVE-2020-28166
@@ -5188,11 +5194,11 @@ CVE-2020-26870 (Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs
 	- dompurify.js <removed>
 	NOTE: https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/
 	NOTE: https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d
-CVE-2020-26869 (An information exposure vulnerability exists in PcVue 12, allowing a n ...)
+CVE-2020-26869 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable to infor ...)
 	NOT-FOR-US: PcVue
-CVE-2020-26868 (A Denial Of Service vulnerability exists in PcVue from version 8.10 on ...)
+CVE-2020-26868 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a den ...)
 	NOT-FOR-US: PcVue
-CVE-2020-26867 (A Remote Code Execution vulnerability exists in PcVue from version 8.1 ...)
+CVE-2020-26867 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to t ...)
 	NOT-FOR-US: PcVue
 CVE-2020-26866
 	RESERVED
@@ -27475,14 +27481,12 @@ CVE-2020-16124 (Integer Overflow or Wraparound vulnerability in the XML RPC libr
 	NOTE: https://github.com/ros/ros_comm/pull/2065
 CVE-2020-16123
 	RESERVED
-CVE-2020-16122
-	RESERVED
+CVE-2020-16122 (PackageKit's apt backend mistakenly treated all local debs as trusted. ...)
 	{DLA-2399-1}
 	- packagekit 1.2.1-1 (bug #972229)
 	[buster] - packagekit <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098
-CVE-2020-16121
-	RESERVED
+CVE-2020-16121 (PackageKit provided detailed error messages to unprivileged callers th ...)
 	{DLA-2399-1}
 	- packagekit 1.2.1-1 (bug #972229)
 	[buster] - packagekit <no-dsa> (Minor issue)
@@ -29744,8 +29748,8 @@ CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an un
 	NOTE: https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp
 CVE-2020-15260
 	RESERVED
-CVE-2020-15259
-	RESERVED
+CVE-2020-15259 (ad-ldap-connector's admin panel before version 5.0.13 does not provide ...)
+	TODO: check
 CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without checking  ...)
 	NOT-FOR-US: Wire app
 CVE-2020-15257



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87db650ff58b09a848a2dcc94a9c0e19328c97bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87db650ff58b09a848a2dcc94a9c0e19328c97bd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201107/13504d78/attachment.html>
