[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Fri Nov 27 20:10:26 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13e68715 by security tracker role at 2020-11-27T20:10:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2020-29367 (blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffe ...)
+	TODO: check
+CVE-2020-29366
+	RESERVED
+CVE-2020-29365
+	RESERVED
+CVE-2020-29364
+	RESERVED
+CVE-2020-29363
+	RESERVED
+CVE-2020-29362
+	RESERVED
+CVE-2020-29361
+	RESERVED
+CVE-2020-29360
+	RESERVED
+CVE-2020-29359
+	RESERVED
+CVE-2020-29358
+	RESERVED
+CVE-2020-29357
+	RESERVED
+CVE-2020-29356
+	RESERVED
+CVE-2020-29355
+	RESERVED
+CVE-2020-29354
+	RESERVED
+CVE-2020-29353
+	RESERVED
+CVE-2020-29352
+	RESERVED
+CVE-2020-29351
+	RESERVED
+CVE-2020-29350
+	RESERVED
+CVE-2020-29349
+	RESERVED
+CVE-2020-29348
+	RESERVED
+CVE-2020-29347
+	RESERVED
+CVE-2020-29346
+	RESERVED
+CVE-2020-29345
+	RESERVED
+CVE-2020-29344
+	RESERVED
+CVE-2020-29343
+	RESERVED
+CVE-2020-29342
+	RESERVED
+CVE-2020-29341
+	RESERVED
+CVE-2020-29340
+	RESERVED
+CVE-2020-29339
+	RESERVED
+CVE-2020-29338
+	RESERVED
+CVE-2020-29337
+	RESERVED
+CVE-2020-29336
+	RESERVED
+CVE-2020-29335
+	RESERVED
+CVE-2020-29334
+	RESERVED
+CVE-2020-29333
+	RESERVED
+CVE-2020-29332
+	RESERVED
+CVE-2020-29331
+	RESERVED
+CVE-2020-29330
+	RESERVED
+CVE-2020-29329
+	RESERVED
+CVE-2020-29328
+	RESERVED
+CVE-2020-29327
+	RESERVED
+CVE-2020-29326
+	RESERVED
+CVE-2020-29325
+	RESERVED
+CVE-2020-29324
+	RESERVED
+CVE-2020-29323
+	RESERVED
+CVE-2020-29322
+	RESERVED
+CVE-2020-29321
+	RESERVED
 CVE-2020-29320
 	RESERVED
 CVE-2020-29319
@@ -362,8 +456,8 @@ CVE-2020-29140
 	RESERVED
 CVE-2020-29139
 	RESERVED
-CVE-2020-29138
-	RESERVED
+CVE-2020-29138 (Incorrect Access Control in the configuration backup path in SAGEMCOM  ...)
+	TODO: check
 CVE-2020-29137 (cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interf ...)
 	NOT-FOR-US: cPanel
 CVE-2020-29136 (In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approa ...)
@@ -849,10 +943,10 @@ CVE-2020-28924 (An issue was discovered in Rclone before 1.53.3. Due to the use
 	NOTE: Fixed by: https://github.com/rclone/rclone/commit/c8b11d27e1fe261fdfba6b8910fda69356c9c777 (v1.53.3)
 CVE-2020-28923
 	RESERVED
-CVE-2020-28922
-	RESERVED
-CVE-2020-28921
-	RESERVED
+CVE-2020-28922 (An issue was discovered in Devid Espenschied PC Analyser through 4.10. ...)
+	TODO: check
+CVE-2020-28921 (An issue was discovered in Devid Espenschied PC Analyser through 4.10. ...)
+	TODO: check
 CVE-2020-28920
 	RESERVED
 CVE-2020-28919
@@ -6355,8 +6449,7 @@ CVE-2020-27748 [local file inclusion vulnerability]
 	NOTE: Proposed change: https://gitlab.freedesktop.org/Mic92/xdg-utils/-/commit/1f199813e0eb0246f63b54e9e154970e609575af
 CVE-2020-27747 (An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973 ...)
 	NOT-FOR-US: Click Studios Passwordstate
-CVE-2020-27746 [X11 forwarding - avoid unsafe use of magic cookie as arg to xauth command]
-	RESERVED
+CVE-2020-27746 (Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Informa ...)
 	- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
 	- slurm-llnl <unfixed> (bug #974722)
 	[buster] - slurm-llnl <no-dsa> (Minor issue)
@@ -6365,8 +6458,7 @@ CVE-2020-27746 [X11 forwarding - avoid unsafe use of magic cookie as arg to xaut
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html
 	NOTE: https://github.com/SchedMD/slurm/commit/07309deb45c33e735e191faf9dd31cca1054a15c
 	NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix
-CVE-2020-27745 [PMIx - fix potential buffer overflows from use of unpackmem()]
-	RESERVED
+CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflo ...)
 	- slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
 	- slurm-llnl <unfixed> (bug #974721)
 	[buster] - slurm-llnl <no-dsa> (Minor issue)
@@ -11288,8 +11380,7 @@ CVE-2020-25712
 CVE-2020-25711
 	RESERVED
 	NOT-FOR-US: Infinispan
-CVE-2020-25708 [libvncserver/rfbserver.c has a divide by zero which could result in DoS]
-	RESERVED
+CVE-2020-25708 (A divide by zero issue was found to occur in libvncserver-0.9.12. A ma ...)
 	{DLA-2451-1}
 	- libvncserver 0.9.13+dfsg-1
 	NOTE: https://github.com/LibVNC/libvncserver/issues/409
@@ -13015,8 +13106,8 @@ CVE-2020-25017 (Envoy through 1.15.0 only considers the first value when multipl
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. Genexis ...)
 	NOT-FOR-US: Genexis Platinum 4410 V2-1.28
-CVE-2020-25014
-	RESERVED
+CVE-2020-25014 (A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and  ...)
+	TODO: check
 CVE-2020-25013 (JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Ser ...)
 	NOT-FOR-US: JetBrains
 CVE-2020-25012
@@ -46918,8 +47009,7 @@ CVE-2020-10773 (A stack information leak flaw was found in s390/s390x in the Lin
 	[stretch] - linux 4.9.210-1
 	[jessie] - linux 3.16.81-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846380
-CVE-2020-10772
-	RESERVED
+CVE-2020-10772 (An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Ha ...)
 	- unbound <not-affected> (Red Hat specific regression in backport)
 CVE-2020-10771
 	RESERVED
@@ -54480,8 +54570,8 @@ CVE-2020-7782
 	RESERVED
 CVE-2020-7781
 	RESERVED
-CVE-2020-7780
-	RESERVED
+CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_2.13  ...)
+	TODO: check
 CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular Expressi ...)
 	NOT-FOR-US: Node djvalidator
 CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The attacker ...)
@@ -64983,26 +65073,26 @@ CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers
 	NOTE: to not open CVE-2019-19926.
 CVE-2019-19879 (HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain ...)
 	NOT-FOR-US: HashiCorp Sentinel (different from Redis Sentinel)
-CVE-2019-19878
-	RESERVED
-CVE-2019-19877
-	RESERVED
-CVE-2019-19876
-	RESERVED
-CVE-2019-19875
-	RESERVED
-CVE-2019-19874
-	RESERVED
-CVE-2019-19873
-	RESERVED
-CVE-2019-19872
-	RESERVED
+CVE-2019-19878 (An issue was discovered in B&R Industrial Automation APROL before  ...)
+	TODO: check
+CVE-2019-19877 (An issue was discovered in B&R Industrial Automation APROL before  ...)
+	TODO: check
+CVE-2019-19876 (An issue was discovered in B&R Industrial Automation APROL before  ...)
+	TODO: check
+CVE-2019-19875 (An issue was discovered in B&R Industrial Automation APROL before  ...)
+	TODO: check
+CVE-2019-19874 (An issue was discovered in B&R Industrial Automation APROL before  ...)
+	TODO: check
+CVE-2019-19873 (An issue was discovered in B&R Industrial Automation APROL before  ...)
+	TODO: check
+CVE-2019-19872 (An issue was discovered in B&R Industrial Automation APROL before  ...)
+	TODO: check
 CVE-2019-19871
 	RESERVED
 CVE-2019-19870
 	RESERVED
-CVE-2019-19869
-	RESERVED
+CVE-2019-19869 (An issue was discovered in B&R Industrial Automation APROL before  ...)
+	TODO: check
 CVE-2019-19868
 	RESERVED
 CVE-2019-19867
@@ -190313,20 +190403,20 @@ CVE-2017-15688
 	RESERVED
 CVE-2017-15687 (DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7 ...)
 	NOT-FOR-US: Logitech
-CVE-2017-15686
-	RESERVED
-CVE-2017-15685
-	RESERVED
-CVE-2017-15684
-	RESERVED
-CVE-2017-15683
-	RESERVED
-CVE-2017-15682
-	RESERVED
-CVE-2017-15681
-	RESERVED
-CVE-2017-15680
-	RESERVED
+CVE-2017-15686 (Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting  ...)
+	TODO: check
+CVE-2017-15685 (Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity ( ...)
+	TODO: check
+CVE-2017-15684 (Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerabili ...)
+	TODO: check
+CVE-2017-15683 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...)
+	TODO: check
+CVE-2017-15682 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...)
+	TODO: check
+CVE-2017-15681 (In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerabilit ...)
+	TODO: check
+CVE-2017-15680 (In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which ...)
+	TODO: check
 CVE-2017-15679
 	RESERVED
 CVE-2017-15678



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13e68715870a1d7eac2fe21a2de065741c7772ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13e68715870a1d7eac2fe21a2de065741c7772ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201127/a832fc7b/attachment.html>

More information about the debian-security-tracker-commits mailing list