From 3d1757f183bb10579d3e6ff9a67a751c25e89bb4 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 25 Nov 2020 20:10:33 +0000 Subject: automatic update --- data/CVE/list | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index e93765a9fe..a424a2c8bf 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -4,8 +4,8 @@ CVE-2020-29072 (A Cross-Site Script Inclusion vulnerability was found on LiquidF NOT-FOR-US: LiquidFiles CVE-2020-29071 (An XSS issue was found in the Shares feature of LiquidFiles before 3.3 ...) NOT-FOR-US: LiquidFiles -CVE-2020-29070 - RESERVED +CVE-2020-29070 (osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user en ...) + TODO: check CVE-2020-29069 (_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network ...) NOT-FOR-US: Modern Honey Network CVE-2020-29068 @@ -9519,8 +9519,8 @@ CVE-2020-26245 RESERVED CVE-2020-26244 RESERVED -CVE-2020-26243 - RESERVED +CVE-2020-26243 (Nanopb is a small code-size Protocol Buffers implementation. In Nanopb ...) + TODO: check CVE-2020-26242 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...) TODO: check CVE-2020-26241 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...) @@ -9584,8 +9584,8 @@ CVE-2020-26214 (In Alerta before version 8.1.0, users may be able to bypass LDAP NOT-FOR-US: Alerta CVE-2020-26213 (In teler before version 0.0.1, if you run teler inside a Docker contai ...) NOT-FOR-US: Alerta -CVE-2020-26212 - RESERVED +CVE-2020-26212 (GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Fr ...) + TODO: check CVE-2020-26211 (In BookStack before version 0.30.4, a user with permissions to edit a ...) NOT-FOR-US: BookStack app CVE-2020-26210 (In BookStack before version 0.30.4, a user with permissions to edit a ...) @@ -10998,8 +10998,7 @@ CVE-2020-25651 [Possible File Transfer DoS and Information Leak via active_xfers NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/9d35d8a86fb310fc1f29d428c0a96995948d2357 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/e4bfd1b632b6c14e8411dbe3565115a78cd3d256 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/b7db1c20c9f80154fb54392eb44add3486d3e427 -CVE-2020-25650 [Memory DoS via Arbitrary Entries in active_xfers Hash Table] - RESERVED +CVE-2020-25650 (A flaw was found in the way the spice-vdagentd daemon handled file tra ...) - spice-vdagent (bug #973769) NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332 @@ -168766,7 +168765,7 @@ CVE-2017-18036 (The Github repository importer in Atlassian Bitbucket Server bef NOT-FOR-US: Atlassian Bitbucket CVE-2017-18035 (The /rest/review-coverage-chart/1.0/data/<repository_name>/.json ...) NOT-FOR-US: Atlassian Fisheye and Crucible -CVE-2017-18034 (The source browse resource in Atlassian FishEye and Crucible before ve ...) +CVE-2017-18034 (The source browse resource in Atlassian Fisheye and Crucible before ve ...) NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allow ...) NOT-FOR-US: Jira-importers-plugin in Atlassian Jira @@ -193228,9 +193227,9 @@ CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial re NOT-FOR-US: Atlassian Bamboo CVE-2017-14589 (It was possible for double OGNL evaluation in FreeMarker templates thr ...) NOT-FOR-US: Atlassian Bamboo -CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before version 4.4 ...) +CVE-2017-14588 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...) NOT-FOR-US: Atlassian -CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye and Cru ...) +CVE-2017-14587 (The administration user deletion resource in Atlassian Fisheye and Cru ...) NOT-FOR-US: Atlassian CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to client-side remote ...) NOT-FOR-US: Atlassian @@ -208275,15 +208274,15 @@ CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 h NOT-FOR-US: Atlassian Bamboo CVE-2017-9513 (Several rest inline action resources of Atlassian Activity Streams bef ...) NOT-FOR-US: Atlassian Activity Streams -CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and Crucible ...) +CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible ...) NOT-FOR-US: Atlassian -CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible, before ...) +CVE-2017-9511 (The MultiPathResource class in Atlassian Fisheye and Crucible, before ...) NOT-FOR-US: Atlassian -CVE-2017-9510 (The repository changelog resource in Atlassian FishEye before version ...) +CVE-2017-9510 (The repository changelog resource in Atlassian Fisheye before version ...) NOT-FOR-US: Atlassian CVE-2017-9509 (The review file upload resource in Atlassian Crucible before version 4 ...) NOT-FOR-US: Atlassian -CVE-2017-9508 (Various resources in Atlassian FishEye and Crucible before version 4.4 ...) +CVE-2017-9508 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...) NOT-FOR-US: Atlassian CVE-2017-9507 (The review dashboard resource in Atlassian Crucible from version 4.1.0 ...) NOT-FOR-US: Atlassian -- cgit v1.2.3