[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 29 21:10:33 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cf22a766 by security tracker role at 2020-09-29T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigge ...)
+ TODO: check
+CVE-2020-26147
+ RESERVED
+CVE-2020-26146
+ RESERVED
+CVE-2020-26145
+ RESERVED
+CVE-2020-26144
+ RESERVED
+CVE-2020-26143
+ RESERVED
+CVE-2020-26142
+ RESERVED
+CVE-2020-26141
+ RESERVED
+CVE-2020-26140
+ RESERVED
+CVE-2020-26139
+ RESERVED
+CVE-2020-26138
+ RESERVED
+CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...)
+ TODO: check
CVE-2020-26136
RESERVED
CVE-2020-26135
@@ -186,8 +210,8 @@ CVE-2020-26055
RESERVED
CVE-2020-26054
RESERVED
-CVE-2020-26053
- RESERVED
+CVE-2020-26053 (Cybereason Endpoint Solutions Cybereason Endpoint Protection Version 2 ...)
+ TODO: check
CVE-2020-26052
RESERVED
CVE-2020-26051
@@ -206,12 +230,12 @@ CVE-2020-26045
RESERVED
CVE-2020-26044
RESERVED
-CVE-2020-26043
- RESERVED
-CVE-2020-26042
- RESERVED
-CVE-2020-26041
- RESERVED
+CVE-2020-26043 (An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerabil ...)
+ TODO: check
+CVE-2020-26042 (An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection ...)
+ TODO: check
+CVE-2020-26041 (An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code E ...)
+ TODO: check
CVE-2020-26040
RESERVED
CVE-2020-26039
@@ -825,10 +849,10 @@ CVE-2020-25763
RESERVED
CVE-2020-25762
RESERVED
-CVE-2020-25761
- RESERVED
-CVE-2020-25760
- RESERVED
+CVE-2020-25761 (Projectworlds Visitor Management System in PHP 1.0 allows XSS. The fil ...)
+ TODO: check
+CVE-2020-25760 (Projectworlds Visitor Management System in PHP 1.0 allows SQL Injectio ...)
+ TODO: check
CVE-2020-25759
RESERVED
CVE-2020-25758
@@ -11068,8 +11092,8 @@ CVE-2020-20802
RESERVED
CVE-2020-20801
RESERVED
-CVE-2020-20800
- RESERVED
+CVE-2020-20800 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection ...)
+ TODO: check
CVE-2020-20799
RESERVED
CVE-2020-20798
@@ -22000,10 +22024,10 @@ CVE-2020-XXXX [veyon-configurator tmp handling]
- veyon 4.4.1+repack1-1 (bug #964568)
[buster] - veyon <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/07/1
-CVE-2020-15595
- RESERVED
-CVE-2020-15594
- RESERVED
+CVE-2020-15595 (An issue was discovered in Zoho Application Control Plus before versio ...)
+ TODO: check
+CVE-2020-15594 (An SSRF issue was discovered in Zoho Application Control Plus before v ...)
+ TODO: check
CVE-2020-15593 (SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It u ...)
NOT-FOR-US: SteelCentral Aternity Agent
CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privil ...)
@@ -22889,8 +22913,8 @@ CVE-2020-15218
RESERVED
CVE-2020-15217
RESERVED
-CVE-2020-15216
- RESERVED
+CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go) before ve ...)
+ TODO: check
CVE-2020-15215
RESERVED
CVE-2020-15214 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...)
@@ -26157,8 +26181,8 @@ CVE-2020-14032
RESERVED
CVE-2020-14031 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ou ...)
NOT-FOR-US: Ozeki NG SMS Gateway
-CVE-2020-14030
- RESERVED
+CVE-2020-14030 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It sto ...)
+ TODO: check
CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RS ...)
NOT-FOR-US: Ozeki NG SMS Gateway
CVE-2020-14028 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By lev ...)
@@ -27195,8 +27219,8 @@ CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL poi
NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=77f55eac6c433e23e82a1b88b2d74f385c4c7d82
-CVE-2020-13658
- RESERVED
+CVE-2020-13658 (In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF atta ...)
+ TODO: check
CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free Antivirus ...)
NOT-FOR-US: Avast
CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implementation ...)
@@ -27956,32 +27980,32 @@ CVE-2020-13333
RESERVED
CVE-2020-13332
RESERVED
-CVE-2020-13331
- RESERVED
-CVE-2020-13330
- RESERVED
-CVE-2020-13329
- RESERVED
-CVE-2020-13328
- RESERVED
+CVE-2020-13331 (An issue has been discovered in GitLab affecting versions prior to 12. ...)
+ TODO: check
+CVE-2020-13330 (An issue has been discovered in GitLab affecting versions prior to 12. ...)
+ TODO: check
+CVE-2020-13329 (An issue has been discovered in GitLab affecting versions from 12.6.2 ...)
+ TODO: check
+CVE-2020-13328 (An issue has been discovered in GitLab affecting versions prior to 13. ...)
+ TODO: check
CVE-2020-13327
RESERVED
-CVE-2020-13326
- RESERVED
-CVE-2020-13325
- RESERVED
-CVE-2020-13324
- RESERVED
-CVE-2020-13323
- RESERVED
-CVE-2020-13322
- RESERVED
-CVE-2020-13321
- RESERVED
-CVE-2020-13320
- RESERVED
-CVE-2020-13319
- RESERVED
+CVE-2020-13326 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...)
+ TODO: check
+CVE-2020-13325 (A vulnerability was discovered in GitLab versions prior 13.1. The comm ...)
+ TODO: check
+CVE-2020-13324 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...)
+ TODO: check
+CVE-2020-13323 (A vulnerability was discovered in GitLab versions prior 13.1. Under ce ...)
+ TODO: check
+CVE-2020-13322 (A vulnerability was discovered in GitLab versions after 12.9. Due to i ...)
+ TODO: check
+CVE-2020-13321 (A vulnerability was discovered in GitLab versions prior to 13.1. Usern ...)
+ TODO: check
+CVE-2020-13320 (An issue has been discovered in GitLab before version 12.10.13 that al ...)
+ TODO: check
+CVE-2020-13319 (An issue has been discovered in GitLab affecting versions prior to 13. ...)
+ TODO: check
CVE-2020-13318 (A vulnerability was discovered in GitLab versions before 13.0.12, 13.1 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
@@ -28048,8 +28072,8 @@ CVE-2020-13298 (A vulnerability was discovered in GitLab versions before 13.1.10
CVE-2020-13297 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
-CVE-2020-13296
- RESERVED
+CVE-2020-13296 (An issue has been discovered in GitLab affecting versions >=10.7 &l ...)
+ TODO: check
CVE-2020-13295 (For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd ...)
- gitlab-ci-multi-runner <unfixed>
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
@@ -30333,6 +30357,7 @@ CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404
CVE-2020-12403
RESERVED
+ {DLA-2388-1}
- nss 2:3.55-1
[buster] - nss <no-dsa> (Minor issue)
NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38
@@ -30340,12 +30365,13 @@ CVE-2020-12403
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1868931
CVE-2020-12402 (During RSA key generation, bignum implementations used a variation of ...)
- {DSA-4726-1 DLA-2266-1}
+ {DSA-4726-1 DLA-2388-1 DLA-2266-1}
- nss 2:3.53.1-1 (bug #963152)
NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
NOTE: Fixed upstream in 3.53.1
CVE-2020-12401 [ECDSA timing attack mitigation bypass]
RESERVED
+ {DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
[buster] - nss <no-dsa> (Minor issue)
@@ -30355,6 +30381,7 @@ CVE-2020-12401 [ECDSA timing attack mitigation bypass]
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401
CVE-2020-12400 [P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function]
RESERVED
+ {DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
[buster] - nss <no-dsa> (Minor issue)
@@ -30364,7 +30391,7 @@ CVE-2020-12400 [P-384 and P-521 implementation uses a side-channel vulnerable mo
NOTE: Issue relates to CVE-2020-6829 and resolved in the same commits.
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12400
CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures, which ...)
- {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
+ {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2388-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- nss 2:3.53-1 (bug #961752)
@@ -42180,8 +42207,8 @@ CVE-2020-8258
RESERVED
CVE-2020-8257
RESERVED
-CVE-2020-8256
- RESERVED
+CVE-2020-8256 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web int ...)
+ TODO: check
CVE-2020-8255
RESERVED
CVE-2020-8254
@@ -42219,8 +42246,8 @@ CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.
[stretch] - node-bl <no-dsa> (Minor issue)
NOTE: https://hackerone.com/reports/966347
NOTE: https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
-CVE-2020-8243
- RESERVED
+CVE-2020-8243 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web int ...)
+ TODO: check
CVE-2020-8242
RESERVED
CVE-2020-8241
@@ -42229,8 +42256,8 @@ CVE-2020-8240
RESERVED
CVE-2020-8239
RESERVED
-CVE-2020-8238
- RESERVED
+CVE-2020-8238 (A vulnerability in the authenticated user web interface of Pulse Conne ...)
+ TODO: check
CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lead to ...)
NOT-FOR-US: Node json-bigint
CVE-2020-8236
@@ -45699,6 +45726,7 @@ CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to be
- firefox <not-affected> (Firefox on iOS)
CVE-2020-6829 [Side channel attack on ECDSA signature generation]
RESERVED
+ {DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
[buster] - nss <no-dsa> (Minor issue)
@@ -51508,8 +51536,8 @@ CVE-2020-4609
RESERVED
CVE-2020-4608
RESERVED
-CVE-2020-4607
- RESERVED
+CVE-2020-4607 (IBM Security Secret Server (IBM Security Verify Privilege Vault Remote ...)
+ TODO: check
CVE-2020-4606
RESERVED
CVE-2020-4605
@@ -69755,7 +69783,7 @@ CVE-2019-17008 (When using nested workers, a use-after-free could occur during w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17008
CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS]
RESERVED
- {DSA-4579-1 DLA-2015-1}
+ {DSA-4579-1 DLA-2388-1 DLA-2015-1}
- nss 2:3.45-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1798
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1533216
@@ -69764,7 +69792,7 @@ CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCe
NOTE: but then reverted until the 2:3.45-1 upload).
CVE-2019-17006 [Check length of inputs for cryptographic primitives]
RESERVED
- {DSA-4726-1 DLA-2058-1}
+ {DSA-4726-1 DLA-2388-1 DLA-2058-1}
- nss 2:3.47-1
NOTE: Fixed upstream in NSS 3.46.
NOTE: Upstream bug (currently non-public): https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
@@ -86746,7 +86774,7 @@ CVE-2019-11746 (A use-after-free vulnerability can occur while manipulating vide
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746
CVE-2019-11745 (When encrypting with a block cipher, if a call to NSC_EncryptUpdate wa ...)
- {DSA-4579-1 DLA-2008-1}
+ {DSA-4579-1 DLA-2388-1 DLA-2008-1}
- nss 2:3.47.1-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public)
NOTE: https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda
@@ -86836,7 +86864,7 @@ CVE-2019-11730 (A vulnerability exists where if a user opens a locally saved HTM
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11730
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11730
CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a segmentation fa ...)
- {DLA-1857-1}
+ {DLA-2388-1 DLA-1857-1}
- firefox 68.0-1 (unimportant)
- firefox-esr 60.8.0esr-1 (unimportant)
[buster] - firefox-esr 60.8.0esr-1~deb10u1
@@ -86888,7 +86916,7 @@ CVE-2019-11720 (Some unicode characters are incorrectly treated as whitespace du
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11720
CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with leading 0 ...)
- {DLA-1857-1}
+ {DLA-2388-1 DLA-1857-1}
- firefox 68.0-1 (unimportant)
- firefox-esr 60.8.0esr-1 (unimportant)
[buster] - firefox-esr 60.8.0esr-1~deb10u1
@@ -122899,7 +122927,7 @@ CVE-2018-18509 (A flaw during verification of certain S/MIME signatures causes e
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18511
CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in a denial of service]
RESERVED
- {DLA-1704-1}
+ {DLA-2388-1 DLA-1704-1}
- nss 2:3.42.1-1 (bug #921614)
NOTE: https://hg.mozilla.org/projects/nss/rev/08d1b0c1117f
NOTE: https://hg.mozilla.org/projects/nss/rev/5e70b72131ac
@@ -139037,7 +139065,7 @@ CVE-2018-12405 (Mozilla developers and community members reported memory safety
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-12405
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-12405
CVE-2018-12404 (A cached side channel attack during handshakes using RSA encryption co ...)
- {DLA-1704-1}
+ {DLA-2388-1 DLA-1704-1}
- nss 2:3.41-1
NOTE: http://cat.eyalro.net/
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1485864 (not public)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf22a7666fca8d59bd7fe88f9459544c62c355ad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf22a7666fca8d59bd7fe88f9459544c62c355ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200929/932b95c8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list