[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Tue, 27 Oct 2020 01:11:04 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8e16c74d by security tracker role at 2020-10-27T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2020-27744
+       RESERVED
+CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a 
failure of RAN ...)
+       TODO: check
+CVE-2020-27742
+       RESERVED
+CVE-2020-27741
+       RESERVED
+CVE-2020-27740
+       RESERVED
+CVE-2020-27739
+       RESERVED
+CVE-2020-27738
+       RESERVED
+CVE-2020-27737
+       RESERVED
+CVE-2020-27736
+       RESERVED
+CVE-2020-27735
+       RESERVED
+CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to 
take own ...)
+       TODO: check
 CVE-2020-27734
        RESERVED
 CVE-2020-27733
@@ -1552,16 +1574,16 @@ CVE-2020-27185
        RESERVED
 CVE-2020-27184
        RESERVED
-CVE-2020-27183
-       RESERVED
-CVE-2020-27182
-       RESERVED
-CVE-2020-27181
-       RESERVED
-CVE-2020-27180
-       RESERVED
-CVE-2020-27179
-       RESERVED
+CVE-2020-27183 (A RemoteFunctions endpoint with missing access control in 
konzept-ix p ...)
+       TODO: check
+CVE-2020-27182 (Multiple cross-site scripting (XSS) vulnerabilities in 
konzept-ix publ ...)
+       TODO: check
+CVE-2020-27181 (A hardcoded AES key in CipherUtils.java in the Java applet of 
konzept- ...)
+       TODO: check
+CVE-2020-27180 (konzept-ix publiXone before 2020.015 allows attackers to 
download file ...)
+       TODO: check
+CVE-2020-27179 (konzept-ix publiXone before 2020.015 allows attackers to take 
over arb ...)
+       TODO: check
 CVE-2020-27178 (Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x 
before 6.2.4 ...)
        NOT-FOR-US: Apereo CAS
 CVE-2020-27177
@@ -2177,10 +2199,10 @@ CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local 
privilege escalation from
        NOTE: https://github.com/sympa-community/sympa/issues/1009
        NOTE: 
https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420
        NOTE: 
https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235
-CVE-2020-26879
-       RESERVED
-CVE-2020-26878
-       RESERVED
+CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is 
hardcoded  ...)
+       TODO: check
+CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command 
injection. An  ...)
+       TODO: check
 CVE-2020-26877
        RESERVED
 CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows 
remote attac ...)
@@ -24819,7 +24841,7 @@ CVE-2020-15970
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-15969
        RESERVED
-       {DSA-4780-1 DSA-4778-1 DLA-2411-1}
+       {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1}
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
        - firefox 82.0-1
@@ -25601,7 +25623,7 @@ CVE-2020-15684 (Mozilla developers reported memory 
safety bugs present in Firefo
        - firefox 82.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684
 CVE-2020-15683 (Mozilla developers and community members reported memory 
safety bugs p ...)
-       {DSA-4780-1 DSA-4778-1 DLA-2411-1}
+       {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1}
        - firefox 82.0-1
        - firefox-esr 78.4.0esr-1
        - thunderbird 1:78.4.0-1
@@ -26506,8 +26528,8 @@ CVE-2013-7489 (The Beaker library through 1.11.0 for 
Python is affected by deser
        NOTE: https://www.openwall.com/lists/oss-security/2020/05/14/11
 CVE-2020-15353
        RESERVED
-CVE-2020-15352
-       RESERVED
+CVE-2020-15352 (An XML external entity (XXE) vulnerability in Pulse Connect 
Secure (PC ...)
+       TODO: check
 CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to 
%PROGRAMFILES ...)
        NOT-FOR-US: IDrive
 CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The 
decoding ...)
@@ -44560,8 +44582,8 @@ CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 
through 2.9.0-181024 and V
        NOT-FOR-US: Guangzhou
 CVE-2020-8957
        RESERVED
-CVE-2020-8956
-       RESERVED
+CVE-2020-8956 (Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 
9.1R4  ...)
+       TODO: check
 CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat 
through 2 ...)
        {DLA-2157-1}
        - weechat 2.7.1-1 (bug #951289)
@@ -63270,8 +63292,8 @@ CVE-2020-1917
        RESERVED
 CVE-2020-1916
        RESERVED
-CVE-2020-1915
-       RESERVED
+CVE-2020-1915 (An out-of-bounds read in the JavaScript Interpreter in Facebook 
Hermes ...)
+       TODO: check
 CVE-2020-1914 (A logic vulnerability when handling the SaveGeneratorLong 
instruction  ...)
        NOT-FOR-US: Facebook Hermes
 CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in 
Facebook  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e16c74db4ac043d5008c1e66ca311b32715d14d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e16c74db4ac043d5008c1e66ca311b32715d14d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to