[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Nov 9 20:10:38 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
03a63aae by security tracker role at 2020-11-09T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-28363
+ RESERVED
+CVE-2020-28362
+ RESERVED
CVE-2020-XXXX [slab-out-of-bounds Read in fbcon]
- linux <unfixed>
NOTE: https://git.kernel.org/linus/3c4e0dff2095c579b142d5a0693257f1c58b4804
@@ -5963,8 +5967,8 @@ CVE-2020-26543
RESERVED
CVE-2017-18924 (** DISPUTED ** oauth2-server (aka node-oauth2-server) through 3.1.1 im ...)
NOT-FOR-US: node-oauth2-server
-CVE-2020-26542
- RESERVED
+CVE-2020-26542 (An issue was discovered in the MongoDB Simple LDAP plugin through 2020 ...)
+ TODO: check
CVE-2020-26541 (The Linux kernel through 5.8.13 does not properly enforce the Secure B ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Secure Boot key import not supported)
@@ -7919,8 +7923,7 @@ CVE-2020-25656
RESERVED
- linux 5.9.6-1
NOTE: https://www.openwall.com/lists/oss-security/2020/10/16/1
-CVE-2020-25655
- RESERVED
+CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could allow se ...)
NOT-FOR-US: Red Hat open-cluster-management
CVE-2020-25654 [ACL restrictions bypass]
RESERVED
@@ -8847,31 +8850,31 @@ CVE-2020-25262 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) v
NOT-FOR-US: PyroCMS
CVE-2020-25261
RESERVED
-CVE-2020-25260 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+CVE-2020-25260 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
NOT-FOR-US: Hyland OnBase
-CVE-2020-25259 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+CVE-2020-25259 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
NOT-FOR-US: Hyland OnBase
-CVE-2020-25258 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+CVE-2020-25258 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
NOT-FOR-US: Hyland OnBase
-CVE-2020-25257 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+CVE-2020-25257 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
NOT-FOR-US: Hyland OnBase
-CVE-2020-25256 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+CVE-2020-25256 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
NOT-FOR-US: Hyland OnBase
-CVE-2020-25255 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+CVE-2020-25255 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
NOT-FOR-US: Hyland OnBase
-CVE-2020-25254 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+CVE-2020-25254 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
NOT-FOR-US: Hyland OnBase
-CVE-2020-25253 (An issue was discovered in Hyland OnBase through 18.0.0.32. It allows ...)
+CVE-2020-25253 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
NOT-FOR-US: Hyland OnBase
-CVE-2020-25252 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+CVE-2020-25252 (An issue was discovered in Hyland OnBase through 16.0.2.83 and below, ...)
NOT-FOR-US: Hyland OnBase
-CVE-2020-25251 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+CVE-2020-25251 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
NOT-FOR-US: Hyland OnBase
-CVE-2020-25250 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+CVE-2020-25250 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
NOT-FOR-US: Hyland OnBase
-CVE-2020-25249 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+CVE-2020-25249 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
NOT-FOR-US: Hyland OnBase
-CVE-2020-25248 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+CVE-2020-25248 (An issue was discovered in Hyland OnBase through 16.0.2.83 and below, ...)
NOT-FOR-US: Hyland OnBase
CVE-2020-25247 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
NOT-FOR-US: Hyland OnBase
@@ -10872,8 +10875,8 @@ CVE-2020-24355 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and p
NOT-FOR-US: Zyxel
CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...)
NOT-FOR-US: Zyxel
-CVE-2020-24353
- RESERVED
+CVE-2020-24353 (Pega Platform before 8.4.0 has a XSS issue via stream rule parameters ...)
+ TODO: check
CVE-2020-24352 (An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory ...)
- qemu <unfixed> (unimportant; bug #968820)
[buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
@@ -13333,16 +13336,16 @@ CVE-2020-23142
RESERVED
CVE-2020-23141
RESERVED
-CVE-2020-23140
- RESERVED
-CVE-2020-23139
- RESERVED
-CVE-2020-23138
- RESERVED
+CVE-2020-23140 (Microweber 1.1.18 is affected by insufficient session expiration. When ...)
+ TODO: check
+CVE-2020-23139 (Microweber 1.1.18 is affected by broken authentication and session man ...)
+ TODO: check
+CVE-2020-23138 (An unrestricted file upload vulnerability was discovered in the Microw ...)
+ TODO: check
CVE-2020-23137
RESERVED
-CVE-2020-23136
- RESERVED
+CVE-2020-23136 (Microweber v1.1.18 is affected by no session expiry after log-out. ...)
+ TODO: check
CVE-2020-23135
RESERVED
CVE-2020-23134
@@ -29739,8 +29742,8 @@ CVE-2020-15299 (A reflected Cross-Site Scripting (XSS) Vulnerability in the King
NOT-FOR-US: KingComposer plugin for WordPress
CVE-2020-15298
RESERVED
-CVE-2020-15297
- RESERVED
+CVE-2020-15297 (Insufficient validation in the Bitdefender Update Server and BEST Rela ...)
+ TODO: check
CVE-2020-15296
RESERVED
CVE-2020-15295
@@ -32279,8 +32282,8 @@ CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating t
NOTE: Minimal backport: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=f00fed20092b6a42283f29c6ee1f58244d74b545 (3.5.1)
NOTE: Debian packaging relocates chronyd.pid as well to /run since 3.1-3
NOTE: additionally mitigating the issue. Earlier versions used /var/run/chronyd.pid.
-CVE-2020-14366
- RESERVED
+CVE-2020-14366 (A vulnerability was found in keycloak, where path traversal using URL- ...)
+ TODO: check
CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154
@@ -32946,7 +32949,7 @@ CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.3 has an Observable Dis
NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf
NOTE: The OpenSSH project is not planning to change the behaviour of OpenSSH regarding
NOTE: the issue, details in "3.1 OpenSSH" in the publication.
-CVE-2020-14144 (** DISPUTED ** The git hook feature in Gitea 1.1.0 through 1.12.5 allo ...)
+CVE-2020-14144 (** DISPUTED ** The git hook feature in Gitea 1.1.0 through 1.12.5 migh ...)
- gitea <removed>
CVE-2020-14143
RESERVED
@@ -46917,10 +46920,10 @@ CVE-2020-9302
RESERVED
CVE-2020-9301
RESERVED
-CVE-2020-9300
- RESERVED
-CVE-2020-9299
- RESERVED
+CVE-2020-9300 (The Access Control issues include allowing a regular user to view a re ...)
+ TODO: check
+CVE-2020-9299 (There were XSS vulnerabilities discovered and reported in the Dispatch ...)
+ TODO: check
CVE-2020-9298 (The Spinnaker template resolution functionality is vulnerable to Serve ...)
NOT-FOR-US: Spinnaker
CVE-2020-9297 (Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java ...)
@@ -49371,8 +49374,8 @@ CVE-2020-8278
RESERVED
CVE-2020-8277
RESERVED
-CVE-2020-8276
- RESERVED
+CVE-2020-8276 (The implementation of Brave Desktop's privacy-preserving analytics sys ...)
+ TODO: check
CVE-2020-8275
RESERVED
CVE-2020-8274
@@ -49387,8 +49390,8 @@ CVE-2020-8270
RESERVED
CVE-2020-8269
RESERVED
-CVE-2020-8268
- RESERVED
+CVE-2020-8268 (Prototype pollution vulnerability in json8-merge-patch npm package < ...)
+ TODO: check
CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10 and ea ...)
NOT-FOR-US: UniFi Protect controller
CVE-2020-8266
@@ -49735,8 +49738,8 @@ CVE-2020-8151 (There is a possible information disclosure issue in Active Resour
- rails <not-affected> (Vulnerable code splitted out upstream before initial upload to Debian)
NOTE: ActiveResource was extracted to a separate gem in starting in the 4.0 rails
NOTE: release as it was not widely used.
-CVE-2020-8150
- RESERVED
+CVE-2020-8150 (A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker t ...)
+ TODO: check
CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...)
NOT-FOR-US: Node logkitty
CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enab ...)
@@ -49771,8 +49774,8 @@ CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Re
NOT-FOR-US: Node uppy
CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...)
NOT-FOR-US: Ghost CMS
-CVE-2020-8133
- RESERVED
+CVE-2020-8133 (A wrong generation of the passphrase for the encrypted block in Nextcl ...)
+ TODO: check
CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 ...)
NOT-FOR-US: Node pdf-image package
CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...)
@@ -135522,7 +135525,7 @@ CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Va
CVE-2018-1000673
REJECTED
CVE-2018-1000671 (sympa version 6.2.16 and later contains a CWE-601: URL Redirection to ...)
- {DLA-1512-1}
+ {DLA-2441-1 DLA-1512-1}
- sympa 6.2.36~dfsg-1 (bug #908165)
NOTE: https://github.com/sympa-community/sympa/issues/268
NOTE: https://github.com/sympa-community/sympa/commit/c6ce32a6c203070702eac45a4442a17d2bf7b0c1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03a63aae6a0d327635aaae19292b0b16e5f1eb62
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03a63aae6a0d327635aaae19292b0b16e5f1eb62
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201109/77f0c396/attachment.html>
More information about the debian-security-tracker-commits
mailing list