[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Nov 9 08:10:29 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b94bdbe7 by security tracker role at 2020-11-09T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2020-28361
+ RESERVED
+CVE-2020-28360
+ RESERVED
+CVE-2020-28359
+ RESERVED
+CVE-2020-28358
+ RESERVED
+CVE-2020-28357
+ RESERVED
+CVE-2020-28356
+ RESERVED
+CVE-2020-28355
+ RESERVED
+CVE-2020-28354
+ RESERVED
+CVE-2020-28353
+ RESERVED
+CVE-2020-28352
+ RESERVED
+CVE-2020-28351 (The conferencing component on Mitel ShoreTel 19.46.1802.0 devices coul ...)
+ TODO: check
+CVE-2020-28350
+ RESERVED
+CVE-2020-28349 (** DISPUTED ** An inaccurate frame deduplication process in ChirpStack ...)
+ TODO: check
+CVE-2020-28348
+ RESERVED
+CVE-2020-28347 (tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows rem ...)
+ TODO: check
+CVE-2020-28346
+ RESERVED
CVE-2020-28345 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
NOT-FOR-US: LG mobile devices
CVE-2020-28344 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
@@ -10691,24 +10723,24 @@ CVE-2020-24410 (Adobe Illustrator version 24.2 (and earlier) is affected by an o
NOT-FOR-US: Adobe
CVE-2020-24409 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...)
NOT-FOR-US: Adobe
-CVE-2020-24408 (New description: Magento versions 2.4.0 and 2.3.5p2 (and earlier) are ...)
+CVE-2020-24408 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a per ...)
NOT-FOR-US: Magento
-CVE-2020-24407
- RESERVED
-CVE-2020-24406
- RESERVED
-CVE-2020-24405
- RESERVED
-CVE-2020-24404
- RESERVED
-CVE-2020-24403
- RESERVED
-CVE-2020-24402
- RESERVED
-CVE-2020-24401
- RESERVED
-CVE-2020-24400
- RESERVED
+CVE-2020-24407 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an un ...)
+ TODO: check
+CVE-2020-24406 (When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier ...)
+ TODO: check
+CVE-2020-24405 (Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an inc ...)
+ TODO: check
+CVE-2020-24404 (Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an inc ...)
+ TODO: check
+CVE-2020-24403 (Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an inc ...)
+ TODO: check
+CVE-2020-24402 (Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an inc ...)
+ TODO: check
+CVE-2020-24401 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an in ...)
+ TODO: check
+CVE-2020-24400 (Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL ...)
+ TODO: check
CVE-2020-24399
RESERVED
CVE-2020-24398
@@ -84858,6 +84890,7 @@ CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02
CVE-2019-14495 (webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the a ...)
- 3proxy <itp> (bug #718219)
CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a divide-b ...)
+ {DLA-2440-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (bug #933812)
[buster] - poppler <ignored> (Minor issue)
@@ -99046,6 +99079,7 @@ CVE-2019-10020 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the
CVE-2019-10019 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2019-10018 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
+ {DLA-2440-1}
- poppler 0.57.0-2 (low; bug #926133)
[jessie] - poppler <ignored> (Minor issue)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 (PostScriptFunction::exec at Function.cc:1374-42___FPE PoC)
@@ -99168,7 +99202,7 @@ CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view in c
CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.php i ...)
- limesurvey <itp> (bug #472802)
CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...)
- {DLA-1963-1}
+ {DLA-2440-1 DLA-1963-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #941776)
[buster] - poppler <ignored> (Minor issue)
@@ -107384,7 +107418,7 @@ CVE-2019-7312 (Limited plaintext disclosure exists in PRIMX Zed Entreprise for W
CVE-2019-7311 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A ...)
NOT-FOR-US: Linksys
CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer si ...)
- {DLA-1706-1}
+ {DLA-2440-1 DLA-1706-1}
- poppler 0.71.0-4 (bug #921215)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/717
@@ -116449,7 +116483,7 @@ CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has X
CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Pl ...)
NOT-FOR-US: Reporting Addon for CUBA Platform
CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to caus ...)
- {DLA-1706-1}
+ {DLA-2440-1 DLA-1706-1}
- poppler 0.71.0-4 (low; bug #918158)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
@@ -116674,7 +116708,7 @@ CVE-2018-20651 (A NULL pointer dereference was discovered in elf_link_add_object
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f
NOTE: binutils not covered by security support
CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allows atta ...)
- {DLA-1939-1}
+ {DLA-2440-1 DLA-1939-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #917974)
[buster] - poppler <ignored> (Minor issue)
@@ -128788,7 +128822,7 @@ CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bou
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118 (poppler-0.72.0)
NOTE: Issue in pdfdetach cli tool leading to crash
CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort ...)
- {DLA-1706-1}
+ {DLA-2440-1 DLA-1706-1}
[experimental] - poppler 0.81.0-1
- poppler 0.85.0-2 (low; bug #913177)
[buster] - poppler <ignored> (Minor issue)
@@ -189013,6 +189047,7 @@ CVE-2017-14929 (In Poppler 0.59.0, memory corruption occurs in a call to Object:
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102969
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2c92c7b6a828c9db8a38f079ea7a3d51c12a481d
CVE-2017-14928 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...)
+ {DLA-2440-1}
- poppler 0.61.1-2 (low; bug #877231)
[jessie] - poppler <not-affected> (Problematic code introduced in 0.36)
[wheezy] - poppler <not-affected> (Problematic code introduced in 0.36)
@@ -189026,6 +189061,7 @@ CVE-2017-14927 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the Spla
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102604
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=6472d8493f7e82cc78b41da20a2bf19fcb4e0a7d
CVE-2017-14926 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...)
+ {DLA-2440-1}
- poppler 0.61.1-2 (low; bug #877239)
[jessie] - poppler <not-affected> (Problematic code introduced in 0.36)
[wheezy] - poppler <not-affected> (Problematic code introduced in 0.36)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b94bdbe7a102c8bf9a2a286abf3ab55eb8fcfe2d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b94bdbe7a102c8bf9a2a286abf3ab55eb8fcfe2d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201109/81950496/attachment.html>
More information about the debian-security-tracker-commits
mailing list