[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 8 21:10:39 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2210ca1e by security tracker role at 2020-10-08T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2020-26892
+ RESERVED
+CVE-2020-26891
+ RESERVED
+CVE-2020-26890
+ RESERVED
+CVE-2020-26889
+ RESERVED
+CVE-2020-26888
+ RESERVED
+CVE-2020-26887
+ RESERVED
CVE-2020-26886
RESERVED
CVE-2020-26885
@@ -170,8 +182,8 @@ CVE-2020-26804
RESERVED
CVE-2020-26803
RESERVED
-CVE-2020-26802
- RESERVED
+CVE-2020-26802 (forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in ...)
+ TODO: check
CVE-2020-26801
RESERVED
CVE-2020-26800
@@ -681,8 +693,8 @@ CVE-2020-26569
RESERVED
CVE-2020-26568
RESERVED
-CVE-2020-26567
- RESERVED
+CVE-2020-26567 (An issue was discovered on D-Link DSR-250N before 3.17B devices. The C ...)
+ TODO: check
CVE-2020-26566
RESERVED
CVE-2020-26565
@@ -3498,14 +3510,14 @@ CVE-2013-7490 (An issue was discovered in the DBI module before 1.632 for Perl.
- libdbi-perl 1.633-1
NOTE: https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=86744
-CVE-2020-25273
- RESERVED
-CVE-2020-25272
- RESERVED
-CVE-2020-25271
- RESERVED
-CVE-2020-25270
- RESERVED
+CVE-2020-25273 (In SourceCodester Online Bus Booking System 1.0, there is Authenticati ...)
+ TODO: check
+CVE-2020-25272 (In SourceCodester Online Bus Booking System 1.0, there is XSS through ...)
+ TODO: check
+CVE-2020-25271 (PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/ ...)
+ TODO: check
+CVE-2020-25270 (PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, ...)
+ TODO: check
CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...)
{DSA-4764-1 DLA-2375-1}
- inspircd <unfixed> (bug #960650)
@@ -3526,10 +3538,10 @@ CVE-2020-25265
RESERVED
CVE-2020-25264
RESERVED
-CVE-2020-25263
- RESERVED
-CVE-2020-25262
- RESERVED
+CVE-2020-25263 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the ...)
+ TODO: check
+CVE-2020-25262 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the ...)
+ TODO: check
CVE-2020-25261
RESERVED
CVE-2020-25260 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
@@ -5664,8 +5676,8 @@ CVE-2020-24303
RESERVED
CVE-2020-24302
RESERVED
-CVE-2020-24301
- RESERVED
+CVE-2020-24301 (Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a spec ...)
+ TODO: check
CVE-2020-24300
RESERVED
CVE-2020-24299
@@ -23517,8 +23529,7 @@ CVE-2020-15648 (Using object or embed tags, it was possible to frame other websi
CVE-2020-15647 (A Content Provider in Firefox for Android allowed local files accessib ...)
- firefox <not-affected> (Only affects Firefox for Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-27/#CVE-2020-15647
-CVE-2020-15646
- RESERVED
+CVE-2020-15646 (If an attacker intercepts Thunderbird's initial attempt to perform aut ...)
{DSA-4718-1}
- thunderbird 1:68.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646
@@ -29600,18 +29611,18 @@ CVE-2020-13346 (Membership changes are not reflected in ToDo subscriptions in Gi
- gitlab <unfixed>
CVE-2020-13345 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
-CVE-2020-13344
- RESERVED
+CVE-2020-13344 (An issue has been discovered in GitLab affecting all versions prior to ...)
+ TODO: check
CVE-2020-13343 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2020-13342 (An issue has been discovered in GitLab affecting versions prior to 13. ...)
- gitlab <unfixed>
CVE-2020-13341
RESERVED
-CVE-2020-13340
- RESERVED
-CVE-2020-13339
- RESERVED
+CVE-2020-13340 (An issue has been discovered in GitLab affecting all versions prior to ...)
+ TODO: check
+CVE-2020-13339 (An issue has been discovered in GitLab affecting all versions before 1 ...)
+ TODO: check
CVE-2020-13338 (An issue has been discovered in GitLab affecting versions prior to 12. ...)
- gitlab 13.2.3-2
NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/213273
@@ -32018,8 +32029,7 @@ CVE-2020-12402 (During RSA key generation, bignum implementations used a variati
- nss 2:3.53.1-1 (bug #963152)
NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
NOTE: Fixed upstream in 3.53.1
-CVE-2020-12401 [ECDSA timing attack mitigation bypass]
- RESERVED
+CVE-2020-12401 (During ECDSA signature generation, padding applied in the nonce design ...)
{DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
@@ -32028,8 +32038,7 @@ CVE-2020-12401 [ECDSA timing attack mitigation bypass]
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private)
NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401
-CVE-2020-12400 [P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function]
- RESERVED
+CVE-2020-12400 (When converting coordinates from projective to affine, the modular inv ...)
{DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
@@ -37570,8 +37579,8 @@ CVE-2019-20531 (An issue was discovered on Samsung mobile devices with P(9.0) (E
NOT-FOR-US: Samsung mobile devices
CVE-2019-20530 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...)
NOT-FOR-US: Samsung mobile devices
-CVE-2020-10816
- RESERVED
+CVE-2020-10816 (Zoho ManageEngine Applications Manager 14780 and before allows a remot ...)
+ TODO: check
CVE-2020-10815
RESERVED
CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...)
@@ -41955,8 +41964,8 @@ CVE-2020-9050
RESERVED
CVE-2020-9049
RESERVED
-CVE-2020-9048
- RESERVED
+CVE-2020-9048 (A vulnerability in victor Web Client versions up to and including v5.4 ...)
+ TODO: check
CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized ...)
NOT-FOR-US: exacqVision Web Service
CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...)
@@ -51058,8 +51067,8 @@ CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML
{DSA-4630-1 DLA-2119-1}
- python-pysaml2 4.5.0-7 (bug #949322)
NOTE: https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 (v5.0.0)
-CVE-2020-5389
- RESERVED
+CVE-2020-5389 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...)
+ TODO: check
CVE-2020-5388
RESERVED
CVE-2020-5387 (Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Ex ...)
@@ -52844,8 +52853,8 @@ CVE-2020-4801
RESERVED
CVE-2020-4800
RESERVED
-CVE-2020-4799
- RESERVED
+CVE-2020-4799 (IBM Informix spatial 14.10 could allow a local user to execute command ...)
+ TODO: check
CVE-2020-4798
RESERVED
CVE-2020-4797
@@ -53882,8 +53891,8 @@ CVE-2020-4282 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3,
NOT-FOR-US: IBM
CVE-2020-4281 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is ...)
NOT-FOR-US: IBM
-CVE-2020-4280
- RESERVED
+CVE-2020-4280 (IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute a ...)
+ TODO: check
CVE-2020-4279
RESERVED
CVE-2020-4278 (IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Sp ...)
@@ -59741,44 +59750,31 @@ CVE-2020-2300
NOT-FOR-US: Qualcomm components for Android
CVE-2020-2299
RESERVED
-CVE-2020-2298
- RESERVED
+CVE-2020-2298 (Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2297
- RESERVED
+CVE-2020-2297 (Jenkins SMS Notification Plugin 1.2 and earlier stores an access token ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2296
- RESERVED
+CVE-2020-2296 (A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Ob ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2295
- RESERVED
+CVE-2020-2295 (A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cas ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2294
- RESERVED
+CVE-2020-2294 (Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perfor ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2293
- RESERVED
+CVE-2020-2293 (Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2292
- RESERVED
+CVE-2020-2292 (Jenkins Release Plugin 2.10.2 and earlier does not escape the release ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2291
- RESERVED
+CVE-2020-2291 (Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server pa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2290
- RESERVED
+CVE-2020-2290 (Jenkins Active Choices Plugin 2.4 and earlier does not escape some ret ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2289
- RESERVED
+CVE-2020-2289 (Jenkins Active Choices Plugin 2.4 and earlier does not escape the name ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2288
- RESERVED
+CVE-2020-2288 (In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular exp ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2287
- RESERVED
+CVE-2020-2287 (Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2286
- RESERVED
+CVE-2020-2286 (Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2285 (A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 an ...)
NOT-FOR-US: Jenkins plugin
@@ -60895,8 +60891,8 @@ CVE-2020-1916
RESERVED
CVE-2020-1915
RESERVED
-CVE-2020-1914
- RESERVED
+CVE-2020-1914 (A logic vulnerability when handling the SaveGeneratorLong instruction ...)
+ TODO: check
CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in Facebook ...)
NOT-FOR-US: Facebook Hermes
CVE-2020-1912 (An out-of-bounds read/write vulnerability when executing lazily compil ...)
@@ -108696,8 +108692,8 @@ CVE-2019-4547
RESERVED
CVE-2019-4546 (After installing the IBM Maximo Health- Safety and Environment Manager ...)
NOT-FOR-US: IBM
-CVE-2019-4545
- RESERVED
+CVE-2019-4545 (IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Au ...)
+ TODO: check
CVE-2019-4544
RESERVED
CVE-2019-4543
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2210ca1e3eb728693709311b10bfb57bae964dc6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2210ca1e3eb728693709311b10bfb57bae964dc6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201008/bf4cfa48/attachment.html>
More information about the debian-security-tracker-commits
mailing list