Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 03a63aae by security tracker role at 2020-11-09T20:10:30+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,7 @@ +CVE-2020-28363 + RESERVED +CVE-2020-28362 + RESERVED CVE-2020-XXXX [slab-out-of-bounds Read in fbcon] - linux <unfixed> NOTE: https://git.kernel.org/linus/3c4e0dff2095c579b142d5a0693257f1c58b4804 @@ -5963,8 +5967,8 @@ CVE-2020-26543 RESERVED CVE-2017-18924 (** DISPUTED ** oauth2-server (aka node-oauth2-server) through 3.1.1 im ...) NOT-FOR-US: node-oauth2-server -CVE-2020-26542 - RESERVED +CVE-2020-26542 (An issue was discovered in the MongoDB Simple LDAP plugin through 2020 ...) + TODO: check CVE-2020-26541 (The Linux kernel through 5.8.13 does not properly enforce the Secure B ...) - linux <unfixed> [stretch] - linux <not-affected> (Secure Boot key import not supported) @@ -7919,8 +7923,7 @@ CVE-2020-25656 RESERVED - linux 5.9.6-1 NOTE: https://www.openwall.com/lists/oss-security/2020/10/16/1 -CVE-2020-25655 - RESERVED +CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could allow se ...) NOT-FOR-US: Red Hat open-cluster-management CVE-2020-25654 [ACL restrictions bypass] RESERVED @@ -8847,31 +8850,31 @@ CVE-2020-25262 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) v NOT-FOR-US: PyroCMS CVE-2020-25261 RESERVED -CVE-2020-25260 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) +CVE-2020-25260 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase -CVE-2020-25259 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) +CVE-2020-25259 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase -CVE-2020-25258 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) +CVE-2020-25258 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase -CVE-2020-25257 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) +CVE-2020-25257 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase -CVE-2020-25256 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) +CVE-2020-25256 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase -CVE-2020-25255 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) +CVE-2020-25255 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase -CVE-2020-25254 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) +CVE-2020-25254 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase -CVE-2020-25253 (An issue was discovered in Hyland OnBase through 18.0.0.32. It allows ...) +CVE-2020-25253 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase -CVE-2020-25252 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) +CVE-2020-25252 (An issue was discovered in Hyland OnBase through 16.0.2.83 and below, ...) NOT-FOR-US: Hyland OnBase -CVE-2020-25251 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) +CVE-2020-25251 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase -CVE-2020-25250 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) +CVE-2020-25250 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase -CVE-2020-25249 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) +CVE-2020-25249 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase -CVE-2020-25248 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) +CVE-2020-25248 (An issue was discovered in Hyland OnBase through 16.0.2.83 and below, ...) NOT-FOR-US: Hyland OnBase CVE-2020-25247 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase @@ -10872,8 +10875,8 @@ CVE-2020-24355 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and p NOT-FOR-US: Zyxel CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...) NOT-FOR-US: Zyxel -CVE-2020-24353 - RESERVED +CVE-2020-24353 (Pega Platform before 8.4.0 has a XSS issue via stream rule parameters ...) + TODO: check CVE-2020-24352 (An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory ...) - qemu <unfixed> (unimportant; bug #968820) [buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later) @@ -13333,16 +13336,16 @@ CVE-2020-23142 RESERVED CVE-2020-23141 RESERVED -CVE-2020-23140 - RESERVED -CVE-2020-23139 - RESERVED -CVE-2020-23138 - RESERVED +CVE-2020-23140 (Microweber 1.1.18 is affected by insufficient session expiration. When ...) + TODO: check +CVE-2020-23139 (Microweber 1.1.18 is affected by broken authentication and session man ...) + TODO: check +CVE-2020-23138 (An unrestricted file upload vulnerability was discovered in the Microw ...) + TODO: check CVE-2020-23137 RESERVED -CVE-2020-23136 - RESERVED +CVE-2020-23136 (Microweber v1.1.18 is affected by no session expiry after log-out. ...) + TODO: check CVE-2020-23135 RESERVED CVE-2020-23134 @@ -29739,8 +29742,8 @@ CVE-2020-15299 (A reflected Cross-Site Scripting (XSS) Vulnerability in the King NOT-FOR-US: KingComposer plugin for WordPress CVE-2020-15298 RESERVED -CVE-2020-15297 - RESERVED +CVE-2020-15297 (Insufficient validation in the Bitdefender Update Server and BEST Rela ...) + TODO: check CVE-2020-15296 RESERVED CVE-2020-15295 @@ -32279,8 +32282,8 @@ CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating t NOTE: Minimal backport: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=f00fed20092b6a42283f29c6ee1f58244d74b545 (3.5.1) NOTE: Debian packaging relocates chronyd.pid as well to /run since 3.1-3 NOTE: additionally mitigating the issue. Earlier versions used /var/run/chronyd.pid. -CVE-2020-14366 - RESERVED +CVE-2020-14366 (A vulnerability was found in keycloak, where path traversal using URL- ...) + TODO: check CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...) - ansible <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154 @@ -32946,7 +32949,7 @@ CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.3 has an Observable Dis NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf NOTE: The OpenSSH project is not planning to change the behaviour of OpenSSH regarding NOTE: the issue, details in "3.1 OpenSSH" in the publication. -CVE-2020-14144 (** DISPUTED ** The git hook feature in Gitea 1.1.0 through 1.12.5 allo ...) +CVE-2020-14144 (** DISPUTED ** The git hook feature in Gitea 1.1.0 through 1.12.5 migh ...) - gitea <removed> CVE-2020-14143 RESERVED @@ -46917,10 +46920,10 @@ CVE-2020-9302 RESERVED CVE-2020-9301 RESERVED -CVE-2020-9300 - RESERVED -CVE-2020-9299 - RESERVED +CVE-2020-9300 (The Access Control issues include allowing a regular user to view a re ...) + TODO: check +CVE-2020-9299 (There were XSS vulnerabilities discovered and reported in the Dispatch ...) + TODO: check CVE-2020-9298 (The Spinnaker template resolution functionality is vulnerable to Serve ...) NOT-FOR-US: Spinnaker CVE-2020-9297 (Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java ...) @@ -49371,8 +49374,8 @@ CVE-2020-8278 RESERVED CVE-2020-8277 RESERVED -CVE-2020-8276 - RESERVED +CVE-2020-8276 (The implementation of Brave Desktop's privacy-preserving analytics sys ...) + TODO: check CVE-2020-8275 RESERVED CVE-2020-8274 @@ -49387,8 +49390,8 @@ CVE-2020-8270 RESERVED CVE-2020-8269 RESERVED -CVE-2020-8268 - RESERVED +CVE-2020-8268 (Prototype pollution vulnerability in json8-merge-patch npm package < ...) + TODO: check CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10 and ea ...) NOT-FOR-US: UniFi Protect controller CVE-2020-8266 @@ -49735,8 +49738,8 @@ CVE-2020-8151 (There is a possible information disclosure issue in Active Resour - rails <not-affected> (Vulnerable code splitted out upstream before initial upload to Debian) NOTE: ActiveResource was extracted to a separate gem in starting in the 4.0 rails NOTE: release as it was not widely used. -CVE-2020-8150 - RESERVED +CVE-2020-8150 (A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker t ...) + TODO: check CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...) NOT-FOR-US: Node logkitty CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enab ...) @@ -49771,8 +49774,8 @@ CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Re NOT-FOR-US: Node uppy CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...) NOT-FOR-US: Ghost CMS -CVE-2020-8133 - RESERVED +CVE-2020-8133 (A wrong generation of the passphrase for the encrypted block in Nextcl ...) + TODO: check CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 ...) NOT-FOR-US: Node pdf-image package CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...) @@ -135522,7 +135525,7 @@ CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Va CVE-2018-1000673 REJECTED CVE-2018-1000671 (sympa version 6.2.16 and later contains a CWE-601: URL Redirection to ...) - {DLA-1512-1} + {DLA-2441-1 DLA-1512-1} - sympa 6.2.36~dfsg-1 (bug #908165) NOTE: https://github.com/sympa-community/sympa/issues/268 NOTE: https://github.com/sympa-community/sympa/commit/c6ce32a6c203070702eac45a4442a17d2bf7b0c1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03a63aae6a0d327635aaae19292b0b16e5f1eb62 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03a63aae6a0d327635aaae19292b0b16e5f1eb62 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits