summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsecurity tracker role <sectracker@soriano.debian.org>2020-10-27 08:10:20 +0000
committersecurity tracker role <sectracker@soriano.debian.org>2020-10-27 08:10:20 +0000
commit42546dac48f3ce1e02935da053d9a0bbf675588f (patch)
tree9e02b39466f5e9db8bbd003f7c6c26ce10e5ce87
parentaafb2aa3dff7c3cea53e50b537e8945c241c396a (diff)
automatic update
-rw-r--r--data/CVE/2018.list2
-rw-r--r--data/CVE/2020.list64
2 files changed, 44 insertions, 22 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 85f4388b20..66f4e22180 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,3 +1,5 @@
+CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to take own ...)
+ TODO: check
CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...)
NOT-FOR-US: Node traceroute
CVE-2018-21267
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index b00e0c6787..e861573b6a 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,23 @@
+CVE-2020-27744
+ RESERVED
+CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAN ...)
+ TODO: check
+CVE-2020-27742
+ RESERVED
+CVE-2020-27741
+ RESERVED
+CVE-2020-27740
+ RESERVED
+CVE-2020-27739
+ RESERVED
+CVE-2020-27738
+ RESERVED
+CVE-2020-27737
+ RESERVED
+CVE-2020-27736
+ RESERVED
+CVE-2020-27735
+ RESERVED
CVE-2020-27734
RESERVED
CVE-2020-27733
@@ -1149,16 +1169,16 @@ CVE-2020-27185
RESERVED
CVE-2020-27184
RESERVED
-CVE-2020-27183
- RESERVED
-CVE-2020-27182
- RESERVED
-CVE-2020-27181
- RESERVED
-CVE-2020-27180
- RESERVED
-CVE-2020-27179
- RESERVED
+CVE-2020-27183 (A RemoteFunctions endpoint with missing access control in konzept-ix p ...)
+ TODO: check
+CVE-2020-27182 (Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publ ...)
+ TODO: check
+CVE-2020-27181 (A hardcoded AES key in CipherUtils.java in the Java applet of konzept- ...)
+ TODO: check
+CVE-2020-27180 (konzept-ix publiXone before 2020.015 allows attackers to download file ...)
+ TODO: check
+CVE-2020-27179 (konzept-ix publiXone before 2020.015 allows attackers to take over arb ...)
+ TODO: check
CVE-2020-27178 (Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4 ...)
NOT-FOR-US: Apereo CAS
CVE-2020-27177
@@ -1774,10 +1794,10 @@ CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local privilege escalation from
NOTE: https://github.com/sympa-community/sympa/issues/1009
NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420
NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235
-CVE-2020-26879
- RESERVED
-CVE-2020-26878
- RESERVED
+CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded ...)
+ TODO: check
+CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command injection. An ...)
+ TODO: check
CVE-2020-26877
RESERVED
CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows remote attac ...)
@@ -24327,7 +24347,7 @@ CVE-2020-15970
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15969
RESERVED
- {DSA-4780-1 DSA-4778-1 DLA-2411-1}
+ {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1}
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
- firefox 82.0-1
@@ -25071,7 +25091,7 @@ CVE-2020-15684 (Mozilla developers reported memory safety bugs present in Firefo
- firefox 82.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684
CVE-2020-15683 (Mozilla developers and community members reported memory safety bugs p ...)
- {DSA-4780-1 DSA-4778-1 DLA-2411-1}
+ {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1}
- firefox 82.0-1
- firefox-esr 78.4.0esr-1
- thunderbird 1:78.4.0-1
@@ -25936,8 +25956,8 @@ CVE-2020-15354
REJECTED
CVE-2020-15353
RESERVED
-CVE-2020-15352
- RESERVED
+CVE-2020-15352 (An XML external entity (XXE) vulnerability in Pulse Connect Secure (PC ...)
+ TODO: check
CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...)
NOT-FOR-US: IDrive
CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...)
@@ -41758,8 +41778,8 @@ CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V
NOT-FOR-US: Guangzhou
CVE-2020-8957
RESERVED
-CVE-2020-8956
- RESERVED
+CVE-2020-8956 (Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 ...)
+ TODO: check
CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...)
{DLA-2157-1}
- weechat 2.7.1-1 (bug #951289)
@@ -57783,8 +57803,8 @@ CVE-2020-1917
RESERVED
CVE-2020-1916
RESERVED
-CVE-2020-1915
- RESERVED
+CVE-2020-1915 (An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes ...)
+ TODO: check
CVE-2020-1914 (A logic vulnerability when handling the SaveGeneratorLong instruction ...)
NOT-FOR-US: Facebook Hermes
CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in Facebook ...)

© 2014-2024 Faster IT GmbH | imprint | privacy policy