From f94054389f5c213c6fa61f61ec61d09ca082ecab Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 26 Nov 2020 08:10:19 +0000 Subject: automatic update --- data/CVE/list | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 124 insertions(+), 19 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index e0ad98f1d6..326e66b33b 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,4 +1,112 @@ -CVE-2020-29074 [creates shared memory segments world-writable] +CVE-2020-29128 (petl before 1.68, in some configurations, allows resolution of entitie ...) + TODO: check +CVE-2020-29127 + RESERVED +CVE-2020-29126 + RESERVED +CVE-2020-29125 + RESERVED +CVE-2020-29124 + RESERVED +CVE-2020-29123 + RESERVED +CVE-2020-29122 + RESERVED +CVE-2020-29121 + RESERVED +CVE-2020-29120 + RESERVED +CVE-2020-29119 + RESERVED +CVE-2020-29118 + RESERVED +CVE-2020-29117 + RESERVED +CVE-2020-29116 + RESERVED +CVE-2020-29115 + RESERVED +CVE-2020-29114 + RESERVED +CVE-2020-29113 + RESERVED +CVE-2020-29112 + RESERVED +CVE-2020-29111 + RESERVED +CVE-2020-29110 + RESERVED +CVE-2020-29109 + RESERVED +CVE-2020-29108 + RESERVED +CVE-2020-29107 + RESERVED +CVE-2020-29106 + RESERVED +CVE-2020-29105 + RESERVED +CVE-2020-29104 + RESERVED +CVE-2020-29103 + RESERVED +CVE-2020-29102 + RESERVED +CVE-2020-29101 + RESERVED +CVE-2020-29100 + RESERVED +CVE-2020-29099 + RESERVED +CVE-2020-29098 + RESERVED +CVE-2020-29097 + RESERVED +CVE-2020-29096 + RESERVED +CVE-2020-29095 + RESERVED +CVE-2020-29094 + RESERVED +CVE-2020-29093 + RESERVED +CVE-2020-29092 + RESERVED +CVE-2020-29091 + RESERVED +CVE-2020-29090 + RESERVED +CVE-2020-29089 + RESERVED +CVE-2020-29088 + RESERVED +CVE-2020-29087 + RESERVED +CVE-2020-29086 + RESERVED +CVE-2020-29085 + RESERVED +CVE-2020-29084 + RESERVED +CVE-2020-29083 + RESERVED +CVE-2020-29082 + RESERVED +CVE-2020-29081 + RESERVED +CVE-2020-29080 + RESERVED +CVE-2020-29079 + RESERVED +CVE-2020-29078 + RESERVED +CVE-2020-29077 + RESERVED +CVE-2020-29076 + RESERVED +CVE-2020-29075 + RESERVED +CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which all ...) - x11vnc (bug #975875) NOTE: https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a CVE-2020-29073 @@ -269,14 +377,14 @@ CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may enc CVE-2020-28950 RESERVED CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only to addre ...) - {DLA-2465-1} + {DLA-2466-1 DLA-2465-1} - drupal7 - php-pear NOTE: https://github.com/pear/Archive_Tar/issues/33 NOTE: https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da NOTE: https://www.drupal.org/sa-core-2020-013 CVE-2020-28948 (Archive_Tar through 1.4.10 allows an unserialization attack because ph ...) - {DLA-2465-1} + {DLA-2466-1 DLA-2465-1} - drupal7 - php-pear NOTE: https://github.com/pear/Archive_Tar/issues/33 @@ -7293,16 +7401,16 @@ CVE-2020-27257 RESERVED CVE-2020-27256 RESERVED -CVE-2020-27255 - RESERVED +CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...) + TODO: check CVE-2020-27254 RESERVED -CVE-2020-27253 - RESERVED +CVE-2020-27253 (A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx ...) + TODO: check CVE-2020-27252 RESERVED -CVE-2020-27251 - RESERVED +CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...) + TODO: check CVE-2020-27250 RESERVED CVE-2020-27249 @@ -10993,20 +11101,17 @@ CVE-2020-25654 (An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and - pacemaker 2.0.5~rc2-1 (bug #973254) NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191 -CVE-2020-25653 [UNIX Doman Socket Peer PID Retrieved via SO_PEERCRED is Subject to Race Condition] - RESERVED +CVE-2020-25653 (A race condition vulnerability was found in the way the spice-vdagentd ...) - spice-vdagent (bug #973769) NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/51c415df82a52e9ec033225783c77df95f387891 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/5c50131797e985d0a5654c1fd7000ae945ed29a7 -CVE-2020-25652 [Possibility to Exhaust File Descriptors in vdagentd] - RESERVED +CVE-2020-25652 (A flaw was found in the spice-vdagentd daemon, where it did not proper ...) - spice-vdagent (bug #973769) NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/91caa9223857708475d29df1768208fed1675340 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/812ca777469a377c84b9861d7d326bfc72563304 -CVE-2020-25651 [Possible File Transfer DoS and Information Leak via active_xfers Hash Map] - RESERVED +CVE-2020-25651 (A flaw was found in the SPICE file transfer protocol. File data from t ...) - spice-vdagent (bug #973769) NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332 @@ -35980,10 +36085,10 @@ CVE-2020-14193 RESERVED CVE-2020-14192 RESERVED -CVE-2020-14191 - RESERVED -CVE-2020-14190 - RESERVED +CVE-2020-14191 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...) + TODO: check +CVE-2020-14190 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...) + TODO: check CVE-2020-14189 (The execute function in in the Atlassian gajira-comment GitHub Action ...) NOT-FOR-US: Atlassian CVE-2020-14188 (The preprocessArgs function in the Atlassian gajira-create GitHub Acti ...) -- cgit v1.2.3