diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-10-27 08:10:20 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-10-27 08:10:20 +0000 |
commit | 42546dac48f3ce1e02935da053d9a0bbf675588f (patch) | |
tree | 9e02b39466f5e9db8bbd003f7c6c26ce10e5ce87 | |
parent | aafb2aa3dff7c3cea53e50b537e8945c241c396a (diff) |
automatic update
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 64 |
2 files changed, 44 insertions, 22 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 85f4388b20..66f4e22180 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,3 +1,5 @@ +CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to take own ...) + TODO: check CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...) NOT-FOR-US: Node traceroute CVE-2018-21267 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index b00e0c6787..e861573b6a 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,23 @@ +CVE-2020-27744 + RESERVED +CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAN ...) + TODO: check +CVE-2020-27742 + RESERVED +CVE-2020-27741 + RESERVED +CVE-2020-27740 + RESERVED +CVE-2020-27739 + RESERVED +CVE-2020-27738 + RESERVED +CVE-2020-27737 + RESERVED +CVE-2020-27736 + RESERVED +CVE-2020-27735 + RESERVED CVE-2020-27734 RESERVED CVE-2020-27733 @@ -1149,16 +1169,16 @@ CVE-2020-27185 RESERVED CVE-2020-27184 RESERVED -CVE-2020-27183 - RESERVED -CVE-2020-27182 - RESERVED -CVE-2020-27181 - RESERVED -CVE-2020-27180 - RESERVED -CVE-2020-27179 - RESERVED +CVE-2020-27183 (A RemoteFunctions endpoint with missing access control in konzept-ix p ...) + TODO: check +CVE-2020-27182 (Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publ ...) + TODO: check +CVE-2020-27181 (A hardcoded AES key in CipherUtils.java in the Java applet of konzept- ...) + TODO: check +CVE-2020-27180 (konzept-ix publiXone before 2020.015 allows attackers to download file ...) + TODO: check +CVE-2020-27179 (konzept-ix publiXone before 2020.015 allows attackers to take over arb ...) + TODO: check CVE-2020-27178 (Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4 ...) NOT-FOR-US: Apereo CAS CVE-2020-27177 @@ -1774,10 +1794,10 @@ CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local privilege escalation from NOTE: https://github.com/sympa-community/sympa/issues/1009 NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420 NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235 -CVE-2020-26879 - RESERVED -CVE-2020-26878 - RESERVED +CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded ...) + TODO: check +CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command injection. An ...) + TODO: check CVE-2020-26877 RESERVED CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows remote attac ...) @@ -24327,7 +24347,7 @@ CVE-2020-15970 [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-15969 RESERVED - {DSA-4780-1 DSA-4778-1 DLA-2411-1} + {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1} - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) - firefox 82.0-1 @@ -25071,7 +25091,7 @@ CVE-2020-15684 (Mozilla developers reported memory safety bugs present in Firefo - firefox 82.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684 CVE-2020-15683 (Mozilla developers and community members reported memory safety bugs p ...) - {DSA-4780-1 DSA-4778-1 DLA-2411-1} + {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1} - firefox 82.0-1 - firefox-esr 78.4.0esr-1 - thunderbird 1:78.4.0-1 @@ -25936,8 +25956,8 @@ CVE-2020-15354 REJECTED CVE-2020-15353 RESERVED -CVE-2020-15352 - RESERVED +CVE-2020-15352 (An XML external entity (XXE) vulnerability in Pulse Connect Secure (PC ...) + TODO: check CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...) NOT-FOR-US: IDrive CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...) @@ -41758,8 +41778,8 @@ CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V NOT-FOR-US: Guangzhou CVE-2020-8957 RESERVED -CVE-2020-8956 - RESERVED +CVE-2020-8956 (Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 ...) + TODO: check CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...) {DLA-2157-1} - weechat 2.7.1-1 (bug #951289) @@ -57783,8 +57803,8 @@ CVE-2020-1917 RESERVED CVE-2020-1916 RESERVED -CVE-2020-1915 - RESERVED +CVE-2020-1915 (An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes ...) + TODO: check CVE-2020-1914 (A logic vulnerability when handling the SaveGeneratorLong instruction ...) NOT-FOR-US: Facebook Hermes CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in Facebook ...) |