[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 10 08:10:26 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
94316002 by security tracker role at 2020-11-10T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2020-28373 (upnpd on certain NETGEAR devices allows remote (LAN) attackers to exec ...)
+ TODO: check
+CVE-2020-28372
+ RESERVED
+CVE-2020-28371 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...)
+ TODO: check
+CVE-2020-28370
+ RESERVED
+CVE-2020-28369
+ RESERVED
+CVE-2020-28368
+ RESERVED
+CVE-2020-28367
+ RESERVED
+CVE-2020-28366
+ RESERVED
+CVE-2020-28365
+ RESERVED
+CVE-2020-28364 (A stored cross-site scripting (XSS) vulnerability affects the Web UI i ...)
+ TODO: check
CVE-2020-28363
RESERVED
CVE-2020-28362
@@ -2331,8 +2351,8 @@ CVE-2020-27984
RESERVED
CVE-2020-27983
RESERVED
-CVE-2020-27982
- RESERVED
+CVE-2020-27982 (IceWarp 11.4.5.0 allows XSS via the language parameter. ...)
+ TODO: check
CVE-2020-27981
REJECTED
CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WL ...)
@@ -2341,8 +2361,8 @@ CVE-2020-27979
RESERVED
CVE-2020-27978 (Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service ...)
NOT-FOR-US: Shibboleth Identify Provider (Debian only packages the SP)
-CVE-2020-27977
- RESERVED
+CVE-2020-27977 (CapaSystems CapaInstaller before 6.0.101 does not properly assign, mod ...)
+ TODO: check
CVE-2020-27976 (osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remot ...)
NOT-FOR-US: osCommerce Phoenix CE
CVE-2020-27975 (osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php ...)
@@ -3119,10 +3139,10 @@ CVE-2020-27696
RESERVED
CVE-2020-27695
RESERVED
-CVE-2020-27694
- RESERVED
-CVE-2020-27693
- RESERVED
+CVE-2020-27694 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
+ TODO: check
+CVE-2020-27693 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
+ TODO: check
CVE-2017-18925 (opentmpfiles through 0.3.1 allows local users to take ownership of arb ...)
- opentmpfiles <unfixed> (bug #973242)
NOTE: https://github.com/OpenRC/opentmpfiles/issues/4
@@ -4940,14 +4960,14 @@ CVE-2020-27021
RESERVED
CVE-2020-27020
RESERVED
-CVE-2020-27019
- RESERVED
-CVE-2020-27018
- RESERVED
-CVE-2020-27017
- RESERVED
-CVE-2020-27016
- RESERVED
+CVE-2020-27019 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
+ TODO: check
+CVE-2020-27018 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
+ TODO: check
+CVE-2020-27017 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
+ TODO: check
+CVE-2020-27016 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
+ TODO: check
CVE-2020-27015 (Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Messag ...)
NOT-FOR-US: Trend Micro
CVE-2020-27014 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a race conditio ...)
@@ -6723,8 +6743,8 @@ CVE-2020-26170
RESERVED
CVE-2020-26169
RESERVED
-CVE-2020-26168
- RESERVED
+CVE-2020-26168 (The LDAP authentication method in LdapLoginModule in Hazelcast IMDG En ...)
+ TODO: check
CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature allows an ano ...)
NOT-FOR-US: FUEL CMS
CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...)
@@ -9298,6 +9318,7 @@ CVE-2020-25075
RESERVED
CVE-2020-25074 [remote code execution via cache action]
RESERVED
+ {DSA-4787-1}
- moin <removed>
NOTE: https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq
NOTE: https://github.com/moinwiki/moin-1.9/commit/d1e5fc7d3708d877353ca64dd4aa7cfd1cde4cb4 (1.9.11)
@@ -27545,8 +27566,7 @@ CVE-2020-16127
CVE-2020-16126
RESERVED
- accountsservice <not-affected> (Ubuntu-specific issue in 0010-set-language.patch)
-CVE-2020-16125 [display: Exit with failure if loading existing users fails]
- RESERVED
+CVE-2020-16125 (gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup ...)
{DLA-2434-1}
- gdm3 3.38.2-1
NOTE: https://github.com/GNOME/gdm/commit/dc8235128c3a1fcd5da8f30ab6839d413d353f28
@@ -28458,25 +28478,25 @@ CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in the scp
NOTE: of breaking existing workflows.
CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...)
NOT-FOR-US: Maven Extension plugin for Gradle Enterprise
-CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. CSRF m ...)
+CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CS ...)
NOT-FOR-US: Gradle Enterprise
-CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrest ...)
+CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /u ...)
NOT-FOR-US: Gradle Enterprise
-CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Becaus ...)
+CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An att ...)
NOT-FOR-US: Gradle Enterprise
CVE-2020-15773 (An issue was discovered in Gradle Enterprise before 2020.2.4. Because ...)
NOT-FOR-US: Gradle Enterprise
-CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There ...)
+CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When c ...)
NOT-FOR-US: Gradle Enterprise
CVE-2020-15771 (An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterpr ...)
NOT-FOR-US: Gradle Enterprise
-CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. There is a lack o ...)
+CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. An attacker can p ...)
NOT-FOR-US: Gradle Enterprise
CVE-2020-15769 (An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS ...)
NOT-FOR-US: Gradle Enterprise
CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gra ...)
NOT-FOR-US: Gradle Enterprise
-CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of ...)
+CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. The cook ...)
NOT-FOR-US: Gradle Enterprise
CVE-2020-15766
RESERVED
@@ -29791,6 +29811,7 @@ CVE-2020-15276 (baserCMS before version 4.4.1 is vulnerable to Cross-Site Script
NOT-FOR-US: baserCMS
CVE-2020-15275 [malicious SVG attachment causing stored XSS vulnerability]
RESERVED
+ {DSA-4787-1}
- moin <removed>
NOTE: https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43
NOTE: https://github.com/moinwiki/moin-1.9/commit/64e16037a60646a4d834f0203c75481b9c3fa74c (1.9.11)
@@ -32823,10 +32844,10 @@ CVE-2020-14191
RESERVED
CVE-2020-14190
RESERVED
-CVE-2020-14189
- RESERVED
-CVE-2020-14188
- RESERVED
+CVE-2020-14189 (The execute function in in the Atlassian gajira-comment GitHub Action ...)
+ TODO: check
+CVE-2020-14188 (The preprocessArgs function in the Atlassian gajira-create GitHub Acti ...)
+ TODO: check
CVE-2020-14187
RESERVED
CVE-2020-14186
@@ -51753,7 +51774,7 @@ CVE-2020-7320 (Protection Mechanism Failure vulnerability in McAfee Endpoint Sec
NOT-FOR-US: McAfee
CVE-2020-7319 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...)
NOT-FOR-US: McAfee
-CVE-2020-7318 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO ...)
+CVE-2020-7318 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...)
NOT-FOR-US: McAfee
CVE-2020-7317 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO ...)
NOT-FOR-US: McAfee
@@ -58491,8 +58512,8 @@ CVE-2020-4761
RESERVED
CVE-2020-4760
RESERVED
-CVE-2020-4759
- RESERVED
+CVE-2020-4759 (IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable ...)
+ TODO: check
CVE-2020-4758
RESERVED
CVE-2020-4757
@@ -58707,10 +58728,10 @@ CVE-2020-4653 (IBM Planning Analytics 2.0 could allow a remote attacker to condu
NOT-FOR-US: IBM
CVE-2020-4652
RESERVED
-CVE-2020-4651
- RESERVED
-CVE-2020-4650
- RESERVED
+CVE-2020-4651 (IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6 ...)
+ TODO: check
+CVE-2020-4650 (IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6 ...)
+ TODO: check
CVE-2020-4649 (IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Worksp ...)
NOT-FOR-US: IBM
CVE-2020-4648 (A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars ...)
@@ -93725,7 +93746,7 @@ CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsi
NOTE: https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
NOTE: Upstream feels that this is not a security issue. See https://github.com/golang/go/issues/41200.
CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...)
- {DLA-2402-1 DLA-1840-1}
+ {DLA-2442-1 DLA-2402-1 DLA-1840-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1
NOTE: https://github.com/golang/go/issues/30965
NOTE: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9431600236dc5a93845e5b7e9686bc2a9bf3d542
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9431600236dc5a93845e5b7e9686bc2a9bf3d542
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201110/9eb43cb4/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list