[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 23 09:10:23 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
18da2738 by security tracker role at 2020-10-23T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2020-27692
+ RESERVED
+CVE-2020-27691
+ RESERVED
+CVE-2020-27690
+ RESERVED
+CVE-2020-27689
+ RESERVED
+CVE-2020-27688
+ RESERVED
+CVE-2020-27687
+ RESERVED
+CVE-2020-27686
+ RESERVED
+CVE-2020-27685
+ RESERVED
+CVE-2020-27684
+ RESERVED
+CVE-2020-27683
+ RESERVED
+CVE-2020-27682
+ RESERVED
+CVE-2020-27681
+ RESERVED
+CVE-2020-27680
+ RESERVED
+CVE-2020-27679
+ RESERVED
+CVE-2020-27678
+ RESERVED
+CVE-2020-27677
+ RESERVED
+CVE-2020-27676
+ RESERVED
CVE-2021-0200
RESERVED
CVE-2021-0199
@@ -550,22 +584,22 @@ CVE-2020-27602 (BigBlueButton before 2.2.7 does not have a protection mechanism
NOT-FOR-US: BigBlueButton
CVE-2020-27601 (In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat do ...)
NOT-FOR-US: BigBlueButton
-CVE-2020-27673 [Rogue guests can cause DoS of Dom0 via high frequency events]
+CVE-2020-27673 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-332.html
-CVE-2020-27675 [Race condition in Linux event handler may crash dom0]
+CVE-2020-27675 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-331.html
-CVE-2020-27674 [Xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries]
+CVE-2020-27674 (An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-286.html
-CVE-2020-27672 [Xen: x86: Race condition in Xen mapping code]
+CVE-2020-27672 (An issue was discovered in Xen through 4.14.x allowing x86 guest OS us ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-345.html
-CVE-2020-27671 [Xen: undue deferral of IOMMU TLB flushes]
+CVE-2020-27671 (An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-346.html
-CVE-2020-27670 [Xen: unsafe AMD IOMMU page table updates]
+CVE-2020-27670 (An issue was discovered in Xen through 4.14.x allowing x86 guest OS us ...)
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-347.html
CVE-2020-27600
@@ -1339,8 +1373,8 @@ CVE-2020-27218
RESERVED
CVE-2020-27217
RESERVED
-CVE-2020-27216
- RESERVED
+CVE-2020-27216 (In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thr ...)
+ TODO: check
CVE-2020-27215
RESERVED
CVE-2020-27214
@@ -2019,8 +2053,8 @@ CVE-2020-26889
RESERVED
CVE-2020-26888
RESERVED
-CVE-2020-26887
- RESERVED
+CVE-2020-26887 (FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Reb ...)
+ TODO: check
CVE-2020-26886
RESERVED
CVE-2020-26885
@@ -2721,8 +2755,8 @@ CVE-2020-26563
RESERVED
CVE-2020-26562
RESERVED
-CVE-2020-26561
- RESERVED
+CVE-2020-26561 (** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_ ...)
+ TODO: check
CVE-2020-26560
RESERVED
CVE-2020-26559
@@ -5789,8 +5823,8 @@ CVE-2020-25188 (An attacker who convinces a valid user to open a specially craft
NOT-FOR-US: LAquis SCADA
CVE-2020-25187
RESERVED
-CVE-2020-25186
- RESERVED
+CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 2019-09-2 ...)
+ TODO: check
CVE-2020-25185
RESERVED
CVE-2020-25184
@@ -20089,8 +20123,8 @@ CVE-2020-18131
RESERVED
CVE-2020-18130
RESERVED
-CVE-2020-18129
- RESERVED
+CVE-2020-18129 (A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an ad ...)
+ TODO: check
CVE-2020-18128
RESERVED
CVE-2020-18127
@@ -25447,12 +25481,10 @@ CVE-2020-15686
RESERVED
CVE-2020-15685
RESERVED
-CVE-2020-15684
- RESERVED
+CVE-2020-15684 (Mozilla developers reported memory safety bugs present in Firefox 81. ...)
- firefox 82.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684
-CVE-2020-15683
- RESERVED
+CVE-2020-15683 (Mozilla developers and community members reported memory safety bugs p ...)
{DSA-4778-1 DLA-2411-1}
- firefox 82.0-1
- firefox-esr 78.4.0esr-1
@@ -25460,16 +25492,13 @@ CVE-2020-15683
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15683
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15683
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15683
-CVE-2020-15682
- RESERVED
+CVE-2020-15682 (When a link to an external protocol was clicked, a prompt was presente ...)
- firefox 82.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15682
-CVE-2020-15681
- RESERVED
+CVE-2020-15681 (When multiple WASM threads had a reference to a module, and were looki ...)
- firefox 82.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15681
-CVE-2020-15680
- RESERVED
+CVE-2020-15680 (If a valid external protocol handler was referenced in an image tag, t ...)
- firefox 82.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15680
CVE-2020-15679
@@ -26542,8 +26571,8 @@ CVE-2020-15272
RESERVED
CVE-2020-15271
RESERVED
-CVE-2020-15270
- RESERVED
+CVE-2020-15270 (Parse Server (npm package parse-server) broadcasts events to all clien ...)
+ TODO: check
CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens ...)
NOT-FOR-US: Spree
CVE-2020-15268
@@ -27080,9 +27109,9 @@ CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verificat
CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...)
NOT-FOR-US: Node traceroute
CVE-2018-21267
- RESERVED
+ REJECTED
CVE-2018-21266
- RESERVED
+ REJECTED
CVE-2020-15046 (The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a ...)
NOT-FOR-US: Supermicro
CVE-2020-15045
@@ -27183,12 +27212,12 @@ CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and
- mediawiki 1:1.31.8-1
[stretch] - mediawiki <postponed> (Minor issue)
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
-CVE-2020-15004
- RESERVED
-CVE-2020-15003
- RESERVED
-CVE-2020-15002
- RESERVED
+CVE-2020-15004 (OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. ...)
+ TODO: check
+CVE-2020-15003 (OX App Suite through 7.10.3 allows Information Exposure because a user ...)
+ TODO: check
+CVE-2020-15002 (OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/me ...)
+ TODO: check
CVE-2020-15001 (An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0 ...)
NOT-FOR-US: Yubico YubiKey 5 NFC devices
CVE-2020-15000 (A PIN management problem was discovered on Yubico YubiKey 5 devices 5. ...)
@@ -31805,8 +31834,7 @@ CVE-2020-13329 (An issue has been discovered in GitLab affecting versions from 1
- gitlab 13.2.3-2
CVE-2020-13328 (An issue has been discovered in GitLab affecting versions prior to 13. ...)
- gitlab 13.2.3-2
-CVE-2020-13327
- RESERVED
+CVE-2020-13327 (An issue has been discovered in GitLab Runner affecting all versions s ...)
- gitlab-ci-multi-runner <unfixed>
CVE-2020-13326 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...)
- gitlab 13.2.3-2
@@ -36248,8 +36276,8 @@ CVE-2020-11855 (An Authorization Bypass vulnerability on Micro Focus Operation B
NOT-FOR-US: Micro Focus
CVE-2020-11854
RESERVED
-CVE-2020-11853
- RESERVED
+CVE-2020-11853 (An arbitrary code execution vulnerability exists in Micro Focus Operat ...)
+ TODO: check
CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure Messaging ...)
NOT-FOR-US: Micro Focus
CVE-2020-11851
@@ -40116,8 +40144,7 @@ CVE-2020-10723 (A memory corruption issue was found in DPDK versions 17.05 and a
CVE-2020-10722 (A vulnerability was found in DPDK versions 18.05 and above. A missing ...)
{DSA-4688-1}
- dpdk 19.11.2-1 (bug #960936)
-CVE-2020-10721
- RESERVED
+CVE-2020-10721 (A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When usi ...)
NOT-FOR-US: fabric8-maven-plugin
CVE-2020-10720 (A flaw was found in the Linux kernel's implementation of GRO in versio ...)
- linux 5.2.6-1
@@ -43445,8 +43472,8 @@ CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 tr
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=68386dfb1fa33471372a8cd2e74686758a2f527b (v4.8.0)
NOTE: Follow-up: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=0dd53533e20d2948351a99ec5336fbc9b82b226a (v4.8.0)
NOTE: Introduced due to: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 (v4.7.0)
-CVE-2020-9361
- RESERVED
+CVE-2020-9361 (CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local use ...)
+ TODO: check
CVE-2020-9360
RESERVED
CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...)
@@ -43525,8 +43552,8 @@ CVE-2020-9333
RESERVED
CVE-2020-9332 (ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 ...)
NOT-FOR-US: FabulaTech
-CVE-2020-9331
- RESERVED
+CVE-2020-9331 (CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Pri ...)
+ TODO: check
CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...)
NOT-FOR-US: Xerox
CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...)
@@ -56708,8 +56735,7 @@ CVE-2020-3998
RESERVED
CVE-2020-3997
RESERVED
-CVE-2020-3996
- RESERVED
+CVE-2020-3996 (Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t prop ...)
NOT-FOR-US: Velero
CVE-2020-3995 (In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-20 ...)
NOT-FOR-US: VMware
@@ -73720,8 +73746,7 @@ CVE-2019-17008 (When using nested workers, a use-after-free could occur during w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17008
-CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS]
- RESERVED
+CVE-2019-17007 (In Network Security Services before 3.44, a malformed Netscape Certifi ...)
{DSA-4579-1 DLA-2388-1 DLA-2015-1}
- nss 2:3.45-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1798
@@ -73729,8 +73754,7 @@ CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCe
NOTE: https://hg.mozilla.org/projects/nss/rev/1473dd7efe2ce4f8722a33ebb03a3425e09887de
NOTE: Fixed in 3.44 upstream (and there was an upload of 3.44 to unstable
NOTE: but then reverted until the 2:3.45-1 upload).
-CVE-2019-17006 [Check length of inputs for cryptographic primitives]
- RESERVED
+CVE-2019-17006 (In Network Security Services (NSS) before 3.46, several cryptographic ...)
{DSA-4726-1 DLA-2388-1 DLA-2058-1}
- nss 2:3.47-1
NOTE: Fixed upstream in NSS 3.46.
@@ -80927,24 +80951,24 @@ CVE-2019-14721 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an
NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14720
RESERVED
-CVE-2019-14719
- RESERVED
-CVE-2019-14718
- RESERVED
-CVE-2019-14717
- RESERVED
-CVE-2019-14716
- RESERVED
-CVE-2019-14715
- RESERVED
+CVE-2019-14719 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow ...)
+ TODO: check
+CVE-2019-14718 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have I ...)
+ TODO: check
+CVE-2019-14717 (Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 hav ...)
+ TODO: check
+CVE-2019-14716 (Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocum ...)
+ TODO: check
+CVE-2019-14715 (Verifone Pinpad Payment Terminals allow undocumented physical access t ...)
+ TODO: check
CVE-2019-14714
RESERVED
-CVE-2019-14713
- RESERVED
-CVE-2019-14712
- RESERVED
-CVE-2019-14711
- RESERVED
+CVE-2019-14713 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow ...)
+ TODO: check
+CVE-2019-14712 (Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of ...)
+ TODO: check
+CVE-2019-14711 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a ...)
+ TODO: check
CVE-2019-14710
RESERVED
CVE-2019-14709 (A cleartext password storage issue was discovered on MicroDigital N-se ...)
@@ -126879,8 +126903,7 @@ CVE-2018-18509 (A flaw during verification of certain S/MIME signatures causes e
{DSA-4392-1 DLA-1678-1}
- thunderbird 1:60.5.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18511
-CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in a denial of service]
- RESERVED
+CVE-2018-18508 (In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a ...)
{DLA-2388-1 DLA-1704-1}
- nss 2:3.42.1-1 (bug #921614)
NOTE: https://hg.mozilla.org/projects/nss/rev/08d1b0c1117f
@@ -154688,8 +154711,8 @@ CVE-2018-8064
RESERVED
CVE-2018-8063
RESERVED
-CVE-2018-8062
- RESERVED
+CVE-2018-8062 (A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devic ...)
+ TODO: check
CVE-2018-8061 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileg ...)
NOT-FOR-US: HWiNFO AMD64 Kernel driver
CVE-2018-8060 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileg ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18da2738b3a337b68245159be553247e4e5dbe2e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18da2738b3a337b68245159be553247e4e5dbe2e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201023/c97ce1f0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list