[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 30 20:10:34 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b58f4dc9 by security tracker role at 2020-10-30T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2020-28026
+ RESERVED
+CVE-2020-28025
+ RESERVED
+CVE-2020-28024
+ RESERVED
+CVE-2020-28023
+ RESERVED
+CVE-2020-28022
+ RESERVED
+CVE-2020-28021
+ RESERVED
+CVE-2020-28020
+ RESERVED
+CVE-2020-28019
+ RESERVED
+CVE-2020-28018
+ RESERVED
+CVE-2020-28017
+ RESERVED
+CVE-2020-28016
+ RESERVED
+CVE-2020-28015
+ RESERVED
+CVE-2020-28014
+ RESERVED
+CVE-2020-28013
+ RESERVED
+CVE-2020-28012
+ RESERVED
+CVE-2020-28011
+ RESERVED
+CVE-2020-28010
+ RESERVED
+CVE-2020-28009
+ RESERVED
+CVE-2020-28008
+ RESERVED
+CVE-2020-28007
+ RESERVED
CVE-2020-XXXX [vulnerability with slapd normalization handling with modrdn]
- openldap 2.4.55+dfsg-1
[buster] - openldap 2.4.47+dfsg-3+deb10u3
@@ -804,8 +844,8 @@ CVE-2020-27710
RESERVED
CVE-2020-27709
RESERVED
-CVE-2020-27708
- RESERVED
+CVE-2020-27708 (A vulnerability exists in the Origin Client that could allow a non-Adm ...)
+ TODO: check
CVE-2020-27707
RESERVED
CVE-2020-27706
@@ -5518,8 +5558,8 @@ CVE-2020-25691
RESERVED
CVE-2020-25690
RESERVED
-CVE-2020-25689
- RESERVED
+CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to 21.0.0.F ...)
+ TODO: check
CVE-2020-25688
RESERVED
CVE-2020-25687
@@ -25742,8 +25782,8 @@ CVE-2020-15916 (goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 dev
NOT-FOR-US: Tenda devices
CVE-2020-15915
RESERVED
-CVE-2020-15914
- RESERVED
+CVE-2020-15914 (A cross-site scripting (XSS) vulnerability exists in the Origin Client ...)
+ TODO: check
CVE-2020-15913
RESERVED
CVE-2020-15912 (** DISPUTED ** Tesla Model 3 vehicles allow attackers to open a door b ...)
@@ -27441,10 +27481,10 @@ CVE-2020-15279
RESERVED
CVE-2020-15278 (Red Discord Bot before version 3.4.1 has an unauthorized privilege esc ...)
NOT-FOR-US: Red Discord Bot
-CVE-2020-15277
- RESERVED
-CVE-2020-15276
- RESERVED
+CVE-2020-15277 (baserCMS before version 4.4.1 is affected by Remote Code Execution (RC ...)
+ TODO: check
+CVE-2020-15276 (baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. A ...)
+ TODO: check
CVE-2020-15275
RESERVED
CVE-2020-15274 (In Wiki.js before version 2.5.162, an XSS payload can be injected in a ...)
@@ -47098,8 +47138,8 @@ CVE-2020-8238 (A vulnerability in the authenticated user web interface of Pulse
NOT-FOR-US: Pulse Connect Secure
CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lead to ...)
NOT-FOR-US: Node json-bigint
-CVE-2020-8236
- RESERVED
+CVE-2020-8236 (A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the ...)
+ TODO: check
CVE-2020-8235 (Missing access control in Nextcloud Deck 1.0.4 caused an insecure dire ...)
NOT-FOR-US: Nextcloud Deck
CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 w ...)
@@ -47234,8 +47274,8 @@ CVE-2020-8184 (A reliance on cookies without validation/integrity check security
[buster] - ruby-rack <no-dsa> (Minor issue)
NOTE: https://hackerone.com/reports/895727
NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
-CVE-2020-8183
- RESERVED
+CVE-2020-8183 (A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of ...)
+ TODO: check
CVE-2020-8182 (Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to ...)
NOT-FOR-US: Nextcloud Deck
CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...)
@@ -47265,8 +47305,8 @@ CVE-2020-8174 (napi_get_value_string_*() allows various kinds of memory corrupti
[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#napi_get_value_string_-allows-various-kinds-of-memory-corruption-high-cve-2020-8174
-CVE-2020-8173
- RESERVED
+CVE-2020-8173 (A too small set of random characters being used for encryption in Next ...)
+ TODO: check
CVE-2020-8172 (TLS session reuse can lead to host certificate verification bypass in ...)
- nodejs <not-affected> (Only affects 12.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#tls-session-reuse-can-lead-to-host-certificate-verification-bypass-high-cve-2020-8172
@@ -48399,10 +48439,10 @@ CVE-2020-7762
RESERVED
CVE-2020-7761
RESERVED
-CVE-2020-7760
- RESERVED
-CVE-2020-7759
- RESERVED
+CVE-2020-7760 (This affects the package codemirror before 5.58.2; the package org.apa ...)
+ TODO: check
+CVE-2020-7759 (The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable ...)
+ TODO: check
CVE-2020-7758
RESERVED
CVE-2020-7757
@@ -49257,8 +49297,8 @@ CVE-2020-7375
RESERVED
CVE-2020-7374 (Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scan ...)
NOT-FOR-US: Documalis Free PDF Editor
-CVE-2020-7373
- RESERVED
+CVE-2020-7373 (vBulletin 5.5.4 through 5.6.2 allows remote command execution via craf ...)
+ TODO: check
CVE-2020-7372
RESERVED
CVE-2020-7371 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
@@ -52863,8 +52903,8 @@ CVE-2020-6016
RESERVED
CVE-2020-6015
RESERVED
-CVE-2020-6014
- RESERVED
+CVE-2020-6014 (Check Point Endpoint Security Client for Windows, with Anti-Bot or Thr ...)
+ TODO: check
CVE-2020-6013 (ZoneAlarm Firewall and Antivirus products before version 15.8.109.1843 ...)
NOT-FOR-US: ZoneAlarm
CVE-2020-6012 (ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the ...)
@@ -56442,16 +56482,16 @@ CVE-2020-4590 (IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.
NOT-FOR-US: IBM
CVE-2020-4589 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
NOT-FOR-US: IBM
-CVE-2020-4588
- RESERVED
+CVE-2020-4588 (IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary execut ...)
+ TODO: check
CVE-2020-4587 (IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is ...)
NOT-FOR-US: IBM
CVE-2020-4586
RESERVED
CVE-2020-4585
RESERVED
-CVE-2020-4584
- RESERVED
+CVE-2020-4584 (IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive ...)
+ TODO: check
CVE-2020-4583
RESERVED
CVE-2020-4582
@@ -97443,7 +97483,7 @@ CVE-2019-1010176 (JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is
CVE-2019-1010175
RESERVED
CVE-2019-1010174 (CImg The CImg Library v.2.3.3 and earlier is affected by: command inje ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1
NOTE: https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146 (v.2.3.4)
CVE-2019-1010173 (Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is ...)
@@ -156855,31 +156895,31 @@ CVE-2018-7642 (The swap_std_reloc_in function in aoutx.h in the Binary File Desc
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22887
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25
CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/185
NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7640 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/185
NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7639 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/185
NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7638 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/185
NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7637 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/185
@@ -156981,13 +157021,13 @@ CVE-2018-7591
CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in acco ...)
NOT-FOR-US: Hoosk
CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in load_bmp in CI ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/184
NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/183
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b58f4dc9b8dfb5b98b20ceba5c205f254e8a53b8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b58f4dc9b8dfb5b98b20ceba5c205f254e8a53b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201030/d73c1aa0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list