[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 22 09:10:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d86c62d6 by security tracker role at 2020-10-22T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2020-27637
+ RESERVED
+CVE-2020-27636
+ RESERVED
+CVE-2020-27635
+ RESERVED
+CVE-2020-27634
+ RESERVED
+CVE-2020-27633
+ RESERVED
+CVE-2020-27632
+ RESERVED
+CVE-2020-27631
+ RESERVED
+CVE-2020-27630
+ RESERVED
+CVE-2020-27629
+ RESERVED
+CVE-2020-27628
+ RESERVED
+CVE-2020-27627
+ RESERVED
+CVE-2020-27626
+ RESERVED
+CVE-2020-27625
+ RESERVED
+CVE-2020-27624
+ RESERVED
+CVE-2020-27623
+ RESERVED
+CVE-2020-27622
+ RESERVED
+CVE-2020-27621 (The FileImporter extension in MediaWiki through 1.35.0 was not properl ...)
+ TODO: check
+CVE-2020-27620 (The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because Me ...)
+ TODO: check
+CVE-2020-27619 (In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK ...)
+ TODO: check
+CVE-2020-27618
+ RESERVED
+CVE-2020-27617
+ RESERVED
+CVE-2020-27616
+ RESERVED
+CVE-2020-27615 (The Loginizer plugin before 1.6.4 for WordPress allows SQL injection ( ...)
+ TODO: check
+CVE-2020-27614
+ RESERVED
CVE-2020-XXXX [DoS'able memory leak on invalid packets]
- fastd 21-1 (bug #972521)
[buster] - fastd <no-dsa> (Will be fixed via point release)
@@ -558,8 +606,8 @@ CVE-2020-27346
RESERVED
CVE-2020-27345
RESERVED
-CVE-2020-27344
- RESERVED
+CVE-2020-27344 (The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. ...)
+ TODO: check
CVE-2020-27343
RESERVED
CVE-2020-27342
@@ -6898,22 +6946,22 @@ CVE-2020-24427
RESERVED
CVE-2020-24426
RESERVED
-CVE-2020-24425
- RESERVED
-CVE-2020-24424
- RESERVED
-CVE-2020-24423
- RESERVED
-CVE-2020-24422
- RESERVED
-CVE-2020-24421
- RESERVED
-CVE-2020-24420
- RESERVED
-CVE-2020-24419
- RESERVED
-CVE-2020-24418
- RESERVED
+CVE-2020-24425 (Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled ...)
+ TODO: check
+CVE-2020-24424 (Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncont ...)
+ TODO: check
+CVE-2020-24423 (Adobe Media Encoder version 14.4 (and earlier) for Windows is affected ...)
+ TODO: check
+CVE-2020-24422 (Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and ...)
+ TODO: check
+CVE-2020-24421 (Adobe InDesign version 15.1.2 (and earlier) is affected by a memory co ...)
+ TODO: check
+CVE-2020-24420 (Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected b ...)
+ TODO: check
+CVE-2020-24419 (Adobe After Effects version 17.1.1 (and earlier) for Windows is affect ...)
+ TODO: check
+CVE-2020-24418 (Adobe After Effects version 17.1.1 (and earlier) is affected by an out ...)
+ TODO: check
CVE-2020-24417
RESERVED
CVE-2020-24416 (Marketo Sales Insight plugin version 1.4355 (and earlier) is affected ...)
@@ -20939,8 +20987,8 @@ CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Exe
NOT-FOR-US: SEOWON INTECH
CVE-2020-17455
RESERVED
-CVE-2020-17454
- RESERVED
+CVE-2020-17454 (WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher ...)
+ TODO: check
CVE-2020-17453
RESERVED
CVE-2020-17452 (flatCore before 1.5.7 allows upload and execution of a .php file by an ...)
@@ -21154,8 +21202,8 @@ CVE-2020-17357
RESERVED
CVE-2020-17356
RESERVED
-CVE-2020-17355
- RESERVED
+CVE-2020-17355 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...)
+ TODO: check
CVE-2020-17354
RESERVED
CVE-2020-17353 (scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x ...)
@@ -24136,6 +24184,7 @@ CVE-2020-15970
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15969
RESERVED
+ {DSA-4778-1 DLA-2411-1}
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
- firefox 82.0-1
@@ -24919,6 +24968,7 @@ CVE-2020-15684
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684
CVE-2020-15683
RESERVED
+ {DSA-4778-1 DLA-2411-1}
- firefox 82.0-1
- firefox-esr 78.4.0esr-1
- thunderbird <unfixed>
@@ -26015,10 +26065,10 @@ CVE-2020-15268
RESERVED
CVE-2020-15267
RESERVED
-CVE-2020-15266
- RESERVED
-CVE-2020-15265
- RESERVED
+CVE-2020-15266 (In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.i ...)
+ TODO: check
+CVE-2020-15265 (In Tensorflow before version 2.4.0, an attacker can pass an invalid `a ...)
+ TODO: check
CVE-2020-15264 (The Boxstarter installer before version 2.13.0 configures C:\ProgramDa ...)
NOT-FOR-US: Boxstarter
CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not properly e ...)
@@ -26065,8 +26115,8 @@ CVE-2020-15246
RESERVED
CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...)
NOT-FOR-US: Sylius
-CVE-2020-15244
- RESERVED
+CVE-2020-15244 (In Magento (rubygems openmage/magento-lts package) before versions 19. ...)
+ TODO: check
CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi Authentication a ...)
NOT-FOR-US: Smartstore
CVE-2020-15242 (Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Re ...)
@@ -41973,14 +42023,14 @@ CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move
NOT-FOR-US: Naver Cloud Explorer
CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an ...)
NOT-FOR-US: Naver Cloud Explorer
-CVE-2020-9750
- RESERVED
-CVE-2020-9749
- RESERVED
-CVE-2020-9748
- RESERVED
-CVE-2020-9747
- RESERVED
+CVE-2020-9750 (Adobe Animate version 20.5 (and earlier) is affected by an out-of-boun ...)
+ TODO: check
+CVE-2020-9749 (Adobe Animate version 20.5 (and earlier) is affected by an out-of-boun ...)
+ TODO: check
+CVE-2020-9748 (Adobe Animate version 20.5 (and earlier) is affected by a stack overfl ...)
+ TODO: check
+CVE-2020-9747 (Adobe Animate version 20.5 (and earlier) is affected by a double free ...)
+ TODO: check
CVE-2020-9746 (Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
@@ -45698,7 +45748,7 @@ CVE-2020-8205 (The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulner
NOT-FOR-US: Node uppy
CVE-2020-8204 (A cross site scripting (XSS) vulnerability exists in Pulse Connect Sec ...)
NOT-FOR-US: Pulse
-CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash <= ...)
+CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash before ...)
- node-lodash 4.17.19+dfsg-1 (bug #965283)
[buster] - node-lodash <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d86c62d645ecedaec9a3e5b09c94646e1e15dd85
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d86c62d645ecedaec9a3e5b09c94646e1e15dd85
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201022/424cccb2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list