[Git][security-tracker-team/security-tracker][master] automatic update

Tue Oct 27 08:10:28 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e16c74d by security tracker role at 2020-10-27T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2020-27744
+	RESERVED
+CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAN ...)
+	TODO: check
+CVE-2020-27742
+	RESERVED
+CVE-2020-27741
+	RESERVED
+CVE-2020-27740
+	RESERVED
+CVE-2020-27739
+	RESERVED
+CVE-2020-27738
+	RESERVED
+CVE-2020-27737
+	RESERVED
+CVE-2020-27736
+	RESERVED
+CVE-2020-27735
+	RESERVED
+CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to take own ...)
+	TODO: check
 CVE-2020-27734
 	RESERVED
 CVE-2020-27733
@@ -1552,16 +1574,16 @@ CVE-2020-27185
 	RESERVED
 CVE-2020-27184
 	RESERVED
-CVE-2020-27183
-	RESERVED
-CVE-2020-27182
-	RESERVED
-CVE-2020-27181
-	RESERVED
-CVE-2020-27180
-	RESERVED
-CVE-2020-27179
-	RESERVED
+CVE-2020-27183 (A RemoteFunctions endpoint with missing access control in konzept-ix p ...)
+	TODO: check
+CVE-2020-27182 (Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publ ...)
+	TODO: check
+CVE-2020-27181 (A hardcoded AES key in CipherUtils.java in the Java applet of konzept- ...)
+	TODO: check
+CVE-2020-27180 (konzept-ix publiXone before 2020.015 allows attackers to download file ...)
+	TODO: check
+CVE-2020-27179 (konzept-ix publiXone before 2020.015 allows attackers to take over arb ...)
+	TODO: check
 CVE-2020-27178 (Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4 ...)
 	NOT-FOR-US: Apereo CAS
 CVE-2020-27177
@@ -2177,10 +2199,10 @@ CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local privilege escalation from
 	NOTE: https://github.com/sympa-community/sympa/issues/1009
 	NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420
 	NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235
-CVE-2020-26879
-	RESERVED
-CVE-2020-26878
-	RESERVED
+CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded  ...)
+	TODO: check
+CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command injection. An  ...)
+	TODO: check
 CVE-2020-26877
 	RESERVED
 CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows remote attac ...)
@@ -24819,7 +24841,7 @@ CVE-2020-15970
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-15969
 	RESERVED
-	{DSA-4780-1 DSA-4778-1 DLA-2411-1}
+	{DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1}
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 	- firefox 82.0-1
@@ -25601,7 +25623,7 @@ CVE-2020-15684 (Mozilla developers reported memory safety bugs present in Firefo
 	- firefox 82.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684
 CVE-2020-15683 (Mozilla developers and community members reported memory safety bugs p ...)
-	{DSA-4780-1 DSA-4778-1 DLA-2411-1}
+	{DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1}
 	- firefox 82.0-1
 	- firefox-esr 78.4.0esr-1
 	- thunderbird 1:78.4.0-1
@@ -26506,8 +26528,8 @@ CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by deser
 	NOTE: https://www.openwall.com/lists/oss-security/2020/05/14/11
 CVE-2020-15353
 	RESERVED
-CVE-2020-15352
-	RESERVED
+CVE-2020-15352 (An XML external entity (XXE) vulnerability in Pulse Connect Secure (PC ...)
+	TODO: check
 CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...)
 	NOT-FOR-US: IDrive
 CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...)
@@ -44560,8 +44582,8 @@ CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V
 	NOT-FOR-US: Guangzhou
 CVE-2020-8957
 	RESERVED
-CVE-2020-8956
-	RESERVED
+CVE-2020-8956 (Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4  ...)
+	TODO: check
 CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...)
 	{DLA-2157-1}
 	- weechat 2.7.1-1 (bug #951289)
@@ -63270,8 +63292,8 @@ CVE-2020-1917
 	RESERVED
 CVE-2020-1916
 	RESERVED
-CVE-2020-1915
-	RESERVED
+CVE-2020-1915 (An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes ...)
+	TODO: check
 CVE-2020-1914 (A logic vulnerability when handling the SaveGeneratorLong instruction  ...)
 	NOT-FOR-US: Facebook Hermes
 CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in Facebook  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e16c74db4ac043d5008c1e66ca311b32715d14d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e16c74db4ac043d5008c1e66ca311b32715d14d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201027/fb4c6f83/attachment-0001.html>
