[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 19 09:10:27 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a758dde9 by security tracker role at 2020-09-19T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-25780
+ RESERVED
+CVE-2020-25779
+ RESERVED
+CVE-2020-25778
+ RESERVED
+CVE-2020-25777
+ RESERVED
+CVE-2020-25776
+ RESERVED
+CVE-2020-25775
+ RESERVED
+CVE-2020-25774
+ RESERVED
+CVE-2020-25773
+ RESERVED
+CVE-2020-25772
+ RESERVED
+CVE-2020-25771
+ RESERVED
+CVE-2020-25770
+ RESERVED
+CVE-2020-25769
+ RESERVED
CVE-2020-25768
RESERVED
CVE-2020-25767
@@ -1025,7 +1049,7 @@ CVE-2020-25271
CVE-2020-25270
RESERVED
CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...)
- {DSA-4764-1}
+ {DSA-4764-1 DLA-2375-1}
- inspircd <unfixed> (bug #960650)
NOTE: https://docs.inspircd.org/security/2020-01/
NOTE: https://github.com/inspircd/inspircd/commit/07d7dea334fc56642793aa5ae1e05ae3185c474b (v2)
@@ -1130,7 +1154,7 @@ CVE-2019-20918 (An issue was discovered in InspIRCd 3 before 3.1.0. The silence
NOTE: Introduced by: https://github.com/inspircd/inspircd/commit/bcd65de1ec4bb71591ae417fee649d7ecd37cd57 (v3.0.0)
NOTE: Fixed by: https://github.com/inspircd/inspircd/commit/7b47de3c194f239c5fea09a0e49696c9af017d51 (v3.1.0)
CVE-2019-20917 (An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0 ...)
- {DSA-4764-1}
+ {DSA-4764-1 DLA-2375-1}
- inspircd 3.3.0-1
NOTE: https://docs.inspircd.org/security/2019-02/
NOTE: https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 (v2)
@@ -31371,8 +31395,8 @@ CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier (ak
NOT-FOR-US: LG PC Suite
CVE-2020-11862
RESERVED
-CVE-2020-11861
- RESERVED
+CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Micro Foc ...)
+ TODO: check
CVE-2020-11860
RESERVED
CVE-2020-11859
@@ -41177,16 +41201,14 @@ CVE-2020-8255
RESERVED
CVE-2020-8254
RESERVED
-CVE-2020-8253
- RESERVED
-CVE-2020-8252 [fs.realpath.native on may cause buffer overflow]
- RESERVED
+CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...)
+ TODO: check
+CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 12.18.4, an ...)
- libuv1 1.39.0-1
NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one
NOTE: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd
-CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests]
- RESERVED
+CVE-2020-8251 (Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) att ...)
- nodejs <not-affected> (Only affects 14.x series)
NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251
CVE-2020-8250
@@ -41195,12 +41217,12 @@ CVE-2020-8249
RESERVED
CVE-2020-8248
RESERVED
-CVE-2020-8247
- RESERVED
-CVE-2020-8246
- RESERVED
-CVE-2020-8245
- RESERVED
+CVE-2020-8247 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...)
+ TODO: check
+CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...)
+ TODO: check
+CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before ...)
+ TODO: check
CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, &l ...)
- node-bl 4.0.3-1 (bug #969309)
[buster] - node-bl <no-dsa> (Minor issue)
@@ -41219,8 +41241,8 @@ CVE-2020-8239
RESERVED
CVE-2020-8238
RESERVED
-CVE-2020-8237
- RESERVED
+CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lead to ...)
+ TODO: check
CVE-2020-8236
RESERVED
CVE-2020-8235
@@ -41253,8 +41275,8 @@ CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Cl
NOTE: https://hackerone.com/reports/685552
CVE-2020-8226 (A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allow ...)
NOT-FOR-US: phpBB
-CVE-2020-8225
- RESERVED
+CVE-2020-8225 (A cleartext storage of sensitive information in Nextcloud Desktop Clie ...)
+ TODO: check
CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...)
- nextcloud-desktop <not-affected> (Windows-specific)
NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030
@@ -41306,14 +41328,13 @@ CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash &
NOTE: https://hackerone.com/reports/712065
CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...)
NOT-FOR-US: Nextcloud Preferred Providers app
-CVE-2020-8201 [HTTP Request Smuggling due to CR-to-Hyphen conversion]
- RESERVED
+CVE-2020-8201 (Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP d ...)
- nodejs 12.18.4~dfsg-1
[buster] - nodejs <not-affected> (Only affects 12.x and later)
[stretch] - nodejs <not-affected> (Only affects 12.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201
-CVE-2020-8200
- RESERVED
+CVE-2020-8200 (Improper authentication in Citrix StoreFront Server < 1912.0.1000 a ...)
+ TODO: check
CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...)
NOT-FOR-US: Citrix
CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
@@ -41460,8 +41481,8 @@ CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2
- ruby-actionpack-page-caching 1.2.2-1 (bug #960680)
[buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue)
NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
-CVE-2020-8158
- RESERVED
+CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package < 0.2.25 m ...)
+ TODO: check
CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...)
NOT-FOR-US: UniFi Cloud Key
CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...)
@@ -48271,8 +48292,8 @@ CVE-2020-5423
RESERVED
CVE-2020-5422
RESERVED
-CVE-2020-5421
- RESERVED
+CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...)
+ TODO: check
CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...)
NOT-FOR-US: Cloud Foundry
CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a758dde9d5ecb5aca8cca7193b346eeb80a47890
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a758dde9d5ecb5aca8cca7193b346eeb80a47890
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200919/e3348763/attachment.html>
More information about the debian-security-tracker-commits
mailing list