From 06ff607a4ec6d335df0df4b06f742bee6f230194 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Fri, 13 Nov 2020 00:09:10 +0900 Subject: [PATCH] Auto Update 2020/11/13 00:09:10 --- 2015/CVE-2015-1538.json | 2 +- 2015/CVE-2015-3636.json | 2 +- 2015/CVE-2015-5602.json | 8 ++++---- 2015/CVE-2015-8562.json | 4 ++-- 2017/CVE-2017-15361.json | 4 ++-- 2017/CVE-2017-3881.json | 8 ++++---- 2017/CVE-2017-5638.json | 4 ++-- 2017/CVE-2017-7921.json | 14 +++++++------- 2018/CVE-2018-6389.json | 4 ++-- 2018/CVE-2018-7600.json | 8 ++++---- 2019/CVE-2019-17558.json | 4 ++-- 2019/CVE-2019-19781.json | 12 ++++++------ 2019/CVE-2019-7238.json | 4 ++-- 2020/CVE-2020-1472.json | 24 ++++++++++++------------ 2020/CVE-2020-14882.json | 28 ++++++++++++++-------------- 2020/CVE-2020-15228.json | 25 +++++++++++++++++++++++++ 2020/CVE-2020-15999.json | 8 ++++---- 2020/CVE-2020-16126.json | 25 +++++++++++++++++++++++++ 2020/CVE-2020-17382.json | 8 ++++---- 2020/CVE-2020-2020.json | 25 +++++++++++++++++++++++++ 2020/CVE-2020-28414.json | 25 +++++++++++++++++++++++++ 2020/CVE-2020-28415.json | 25 +++++++++++++++++++++++++ 2020/CVE-2020-2883.json | 4 ++-- 2020/CVE-2020-3952.json | 12 ++++++------ 2020/CVE-2020-6287.json | 8 ++++---- README.md | 25 +++++++++++++++++++++++++ 26 files changed, 235 insertions(+), 85 deletions(-) create mode 100644 2020/CVE-2020-15228.json create mode 100644 2020/CVE-2020-16126.json create mode 100644 2020/CVE-2020-2020.json create mode 100644 2020/CVE-2020-28414.json create mode 100644 2020/CVE-2020-28415.json diff --git a/2015/CVE-2015-1538.json b/2015/CVE-2015-1538.json index 280bf7d8f2..a7fca711f7 100644 --- a/2015/CVE-2015-1538.json +++ b/2015/CVE-2015-1538.json @@ -59,7 +59,7 @@ "description": "An exploit for CVE-2015-1538-1 - Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution", "fork": false, "created_at": "2015-09-10T23:00:59Z", - "updated_at": "2020-09-09T16:16:48Z", + "updated_at": "2020-11-12T10:10:45Z", "pushed_at": "2015-09-10T23:01:09Z", "stargazers_count": 192, "watchers_count": 192, diff --git a/2015/CVE-2015-3636.json b/2015/CVE-2015-3636.json index 6897bf57c0..676b61d1b0 100644 --- a/2015/CVE-2015-3636.json +++ b/2015/CVE-2015-3636.json @@ -82,7 +82,7 @@ "description": "PoC code for 32 bit Android OS", "fork": false, "created_at": "2015-09-12T01:31:36Z", - "updated_at": "2020-10-12T09:52:11Z", + "updated_at": "2020-11-12T10:10:34Z", "pushed_at": "2015-12-15T05:42:02Z", "stargazers_count": 130, "watchers_count": 130, diff --git a/2015/CVE-2015-5602.json b/2015/CVE-2015-5602.json index 25c71b1c80..a21dea20af 100644 --- a/2015/CVE-2015-5602.json +++ b/2015/CVE-2015-5602.json @@ -13,13 +13,13 @@ "description": "Sudo <= 1.8.14 Local Privilege Escalation and vulnerable container", "fork": false, "created_at": "2017-12-16T00:23:30Z", - "updated_at": "2020-03-29T08:18:39Z", + "updated_at": "2020-11-12T13:12:48Z", "pushed_at": "2017-12-16T00:39:19Z", - "stargazers_count": 7, - "watchers_count": 7, + "stargazers_count": 8, + "watchers_count": 8, "forks_count": 12, "forks": 12, - "watchers": 7, + "watchers": 8, "score": 0 }, { diff --git a/2015/CVE-2015-8562.json b/2015/CVE-2015-8562.json index 0ecdf4fbe4..0d85973e03 100644 --- a/2015/CVE-2015-8562.json +++ b/2015/CVE-2015-8562.json @@ -132,8 +132,8 @@ "pushed_at": "2020-03-23T15:56:02Z", "stargazers_count": 4, "watchers_count": 4, - "forks_count": 3, - "forks": 3, + "forks_count": 4, + "forks": 4, "watchers": 4, "score": 0 }, diff --git a/2017/CVE-2017-15361.json b/2017/CVE-2017-15361.json index bcdc0a29b4..a14020c63b 100644 --- a/2017/CVE-2017-15361.json +++ b/2017/CVE-2017-15361.json @@ -86,8 +86,8 @@ "pushed_at": "2018-09-04T21:35:36Z", "stargazers_count": 33, "watchers_count": 33, - "forks_count": 24, - "forks": 24, + "forks_count": 25, + "forks": 25, "watchers": 33, "score": 0 }, diff --git a/2017/CVE-2017-3881.json b/2017/CVE-2017-3881.json index e168d0f2fe..ff56bb6b82 100644 --- a/2017/CVE-2017-3881.json +++ b/2017/CVE-2017-3881.json @@ -13,13 +13,13 @@ "description": "CVE-2017-3881 Cisco Catalyst Remote Code Execution PoC", "fork": false, "created_at": "2017-04-10T03:44:04Z", - "updated_at": "2020-09-23T11:03:49Z", + "updated_at": "2020-11-12T10:36:38Z", "pushed_at": "2017-04-12T09:17:27Z", - "stargazers_count": 170, - "watchers_count": 170, + "stargazers_count": 171, + "watchers_count": 171, "forks_count": 81, "forks": 81, - "watchers": 170, + "watchers": 171, "score": 0 }, { diff --git a/2017/CVE-2017-5638.json b/2017/CVE-2017-5638.json index 4347dbd96d..9f3ab7d652 100644 --- a/2017/CVE-2017-5638.json +++ b/2017/CVE-2017-5638.json @@ -86,8 +86,8 @@ "pushed_at": "2017-03-09T19:50:50Z", "stargazers_count": 21, "watchers_count": 21, - "forks_count": 18, - "forks": 18, + "forks_count": 19, + "forks": 19, "watchers": 21, "score": 0 }, diff --git a/2017/CVE-2017-7921.json b/2017/CVE-2017-7921.json index d34aa1749f..6d20c0cc93 100644 --- a/2017/CVE-2017-7921.json +++ b/2017/CVE-2017-7921.json @@ -36,13 +36,13 @@ "description": "海康威视未授权访问检测poc及口令爆破", "fork": false, "created_at": "2020-11-12T09:02:10Z", - "updated_at": "2020-11-12T09:02:15Z", - "pushed_at": "2020-11-12T09:02:12Z", - "stargazers_count": 0, - "watchers_count": 0, - "forks_count": 0, - "forks": 0, - "watchers": 0, + "updated_at": "2020-11-12T11:53:42Z", + "pushed_at": "2020-11-12T09:33:24Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 2, + "forks": 2, + "watchers": 1, "score": 0 } ] \ No newline at end of file diff --git a/2018/CVE-2018-6389.json b/2018/CVE-2018-6389.json index 65cc1b4ea4..0197a37771 100644 --- a/2018/CVE-2018-6389.json +++ b/2018/CVE-2018-6389.json @@ -473,8 +473,8 @@ "description": null, "fork": false, "created_at": "2020-10-18T14:01:59Z", - "updated_at": "2020-11-12T02:52:44Z", - "pushed_at": "2020-11-12T02:52:42Z", + "updated_at": "2020-11-12T12:21:51Z", + "pushed_at": "2020-11-12T12:21:49Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 1, diff --git a/2018/CVE-2018-7600.json b/2018/CVE-2018-7600.json index 81b5bb8394..46902d197b 100644 --- a/2018/CVE-2018-7600.json +++ b/2018/CVE-2018-7600.json @@ -36,13 +36,13 @@ "description": "Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 \/ CVE-2018-7600 \/ SA-CORE-2018-002)", "fork": false, "created_at": "2018-04-12T22:53:14Z", - "updated_at": "2020-10-27T13:33:49Z", + "updated_at": "2020-11-12T11:45:52Z", "pushed_at": "2019-03-13T07:11:23Z", - "stargazers_count": 440, - "watchers_count": 440, + "stargazers_count": 441, + "watchers_count": 441, "forks_count": 145, "forks": 145, - "watchers": 440, + "watchers": 441, "score": 0 }, { diff --git a/2019/CVE-2019-17558.json b/2019/CVE-2019-17558.json index a84a0d52f8..8b747a03c2 100644 --- a/2019/CVE-2019-17558.json +++ b/2019/CVE-2019-17558.json @@ -40,8 +40,8 @@ "pushed_at": "2020-11-07T05:55:00Z", "stargazers_count": 2047, "watchers_count": 2047, - "forks_count": 546, - "forks": 546, + "forks_count": 545, + "forks": 545, "watchers": 2047, "score": 0 }, diff --git a/2019/CVE-2019-19781.json b/2019/CVE-2019-19781.json index ec463ef2ec..1606fc5a24 100644 --- a/2019/CVE-2019-19781.json +++ b/2019/CVE-2019-19781.json @@ -40,8 +40,8 @@ "pushed_at": "2020-01-18T07:01:29Z", "stargazers_count": 352, "watchers_count": 352, - "forks_count": 114, - "forks": 114, + "forks_count": 113, + "forks": 113, "watchers": 352, "score": 0 }, @@ -82,13 +82,13 @@ "description": "Test a host for susceptibility to CVE-2019-19781", "fork": false, "created_at": "2020-01-11T00:26:16Z", - "updated_at": "2020-10-23T20:03:04Z", + "updated_at": "2020-11-12T11:23:32Z", "pushed_at": "2020-10-23T19:35:42Z", - "stargazers_count": 98, - "watchers_count": 98, + "stargazers_count": 99, + "watchers_count": 99, "forks_count": 29, "forks": 29, - "watchers": 98, + "watchers": 99, "score": 0 }, { diff --git a/2019/CVE-2019-7238.json b/2019/CVE-2019-7238.json index fd9c598db0..cdf7946955 100644 --- a/2019/CVE-2019-7238.json +++ b/2019/CVE-2019-7238.json @@ -17,8 +17,8 @@ "pushed_at": "2019-02-25T07:37:07Z", "stargazers_count": 134, "watchers_count": 134, - "forks_count": 43, - "forks": 43, + "forks_count": 44, + "forks": 44, "watchers": 134, "score": 0 }, diff --git a/2020/CVE-2020-1472.json b/2020/CVE-2020-1472.json index 08146214ac..5503990d59 100644 --- a/2020/CVE-2020-1472.json +++ b/2020/CVE-2020-1472.json @@ -36,13 +36,13 @@ "description": "Test tool for CVE-2020-1472", "fork": false, "created_at": "2020-09-08T08:58:37Z", - "updated_at": "2020-11-09T17:44:53Z", + "updated_at": "2020-11-12T13:58:04Z", "pushed_at": "2020-10-21T12:10:28Z", - "stargazers_count": 1182, - "watchers_count": 1182, + "stargazers_count": 1183, + "watchers_count": 1183, "forks_count": 267, "forks": 267, - "watchers": 1182, + "watchers": 1183, "score": 0 }, { @@ -82,13 +82,13 @@ "description": "PoC for Zerologon - all research credits go to Tom Tervoort of Secura", "fork": false, "created_at": "2020-09-14T16:56:51Z", - "updated_at": "2020-11-11T15:44:42Z", + "updated_at": "2020-11-12T14:01:25Z", "pushed_at": "2020-11-03T09:45:24Z", - "stargazers_count": 694, - "watchers_count": 694, + "stargazers_count": 695, + "watchers_count": 695, "forks_count": 201, "forks": 201, - "watchers": 694, + "watchers": 695, "score": 0 }, { @@ -266,13 +266,13 @@ "description": "Ladon Moudle CVE-2020-1472 Exploit 域控提权神器", "fork": false, "created_at": "2020-09-15T16:10:21Z", - "updated_at": "2020-11-08T11:21:47Z", + "updated_at": "2020-11-12T14:04:11Z", "pushed_at": "2020-09-15T16:40:53Z", - "stargazers_count": 42, - "watchers_count": 42, + "stargazers_count": 43, + "watchers_count": 43, "forks_count": 10, "forks": 10, - "watchers": 42, + "watchers": 43, "score": 0 }, { diff --git a/2020/CVE-2020-14882.json b/2020/CVE-2020-14882.json index b0c87dd2a0..09843090c2 100644 --- a/2020/CVE-2020-14882.json +++ b/2020/CVE-2020-14882.json @@ -17,8 +17,8 @@ "pushed_at": "2020-11-07T05:55:00Z", "stargazers_count": 2047, "watchers_count": 2047, - "forks_count": 546, - "forks": 546, + "forks_count": 545, + "forks": 545, "watchers": 2047, "score": 0 }, @@ -59,13 +59,13 @@ "description": "CVE-2020–14882、CVE-2020–14883", "fork": false, "created_at": "2020-10-28T11:43:37Z", - "updated_at": "2020-11-11T07:10:25Z", + "updated_at": "2020-11-12T14:47:52Z", "pushed_at": "2020-11-04T02:26:59Z", - "stargazers_count": 153, - "watchers_count": 153, - "forks_count": 28, - "forks": 28, - "watchers": 153, + "stargazers_count": 164, + "watchers_count": 164, + "forks_count": 29, + "forks": 29, + "watchers": 164, "score": 0 }, { @@ -381,13 +381,13 @@ "description": null, "fork": false, "created_at": "2020-11-09T08:03:44Z", - "updated_at": "2020-11-12T06:23:26Z", + "updated_at": "2020-11-12T10:07:30Z", "pushed_at": "2020-11-12T06:23:23Z", - "stargazers_count": 1, - "watchers_count": 1, - "forks_count": 0, - "forks": 0, - "watchers": 1, + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 1, + "forks": 1, + "watchers": 2, "score": 0 }, { diff --git a/2020/CVE-2020-15228.json b/2020/CVE-2020-15228.json new file mode 100644 index 0000000000..d7a94f41ea --- /dev/null +++ b/2020/CVE-2020-15228.json @@ -0,0 +1,25 @@ +[ + { + "id": 312263531, + "name": "fix-CVE-2020-15228", + "full_name": "guettli\/fix-CVE-2020-15228", + "owner": { + "login": "guettli", + "id": 414336, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/414336?v=4", + "html_url": "https:\/\/github.com\/guettli" + }, + "html_url": "https:\/\/github.com\/guettli\/fix-CVE-2020-15228", + "description": "Fix CVE-2020-15228 (set-env, add-path in Github-Actions)", + "fork": false, + "created_at": "2020-11-12T11:59:47Z", + "updated_at": "2020-11-12T15:02:45Z", + "pushed_at": "2020-11-12T15:02:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-15999.json b/2020/CVE-2020-15999.json index 06b162e399..219a3adc2f 100644 --- a/2020/CVE-2020-15999.json +++ b/2020/CVE-2020-15999.json @@ -13,13 +13,13 @@ "description": "CVE-2020-15999", "fork": false, "created_at": "2020-10-28T16:16:25Z", - "updated_at": "2020-11-11T03:47:51Z", + "updated_at": "2020-11-12T09:46:24Z", "pushed_at": "2020-11-03T17:53:20Z", - "stargazers_count": 18, - "watchers_count": 18, + "stargazers_count": 19, + "watchers_count": 19, "forks_count": 4, "forks": 4, - "watchers": 18, + "watchers": 19, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-16126.json b/2020/CVE-2020-16126.json new file mode 100644 index 0000000000..e9cac8f34c --- /dev/null +++ b/2020/CVE-2020-16126.json @@ -0,0 +1,25 @@ +[ + { + "id": 312235133, + "name": "Ubuntu-Gnome-privilege-escalation", + "full_name": "zev3n\/Ubuntu-Gnome-privilege-escalation", + "owner": { + "login": "zev3n", + "id": 31406753, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/31406753?v=4", + "html_url": "https:\/\/github.com\/zev3n" + }, + "html_url": "https:\/\/github.com\/zev3n\/Ubuntu-Gnome-privilege-escalation", + "description": "A bash script exploit of [CVE-2020-16126\/CVE-2020-16127] to achieve privilege escalation.", + "fork": false, + "created_at": "2020-11-12T09:58:42Z", + "updated_at": "2020-11-12T10:34:58Z", + "pushed_at": "2020-11-12T10:24:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-17382.json b/2020/CVE-2020-17382.json index fd69aa6307..7a3de44331 100644 --- a/2020/CVE-2020-17382.json +++ b/2020/CVE-2020-17382.json @@ -13,13 +13,13 @@ "description": "PoC exploits for CVE-2020-17382", "fork": false, "created_at": "2020-09-17T18:26:32Z", - "updated_at": "2020-11-09T11:40:46Z", + "updated_at": "2020-11-12T14:57:06Z", "pushed_at": "2020-10-02T18:45:43Z", - "stargazers_count": 97, - "watchers_count": 97, + "stargazers_count": 98, + "watchers_count": 98, "forks_count": 23, "forks": 23, - "watchers": 97, + "watchers": 98, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-2020.json b/2020/CVE-2020-2020.json new file mode 100644 index 0000000000..4ef819390a --- /dev/null +++ b/2020/CVE-2020-2020.json @@ -0,0 +1,25 @@ +[ + { + "id": 312256179, + "name": "CVE-2020-2020-14882", + "full_name": "x51\/CVE-2020-2020-14882", + "owner": { + "login": "x51", + "id": 45651912, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/45651912?v=4", + "html_url": "https:\/\/github.com\/x51" + }, + "html_url": "https:\/\/github.com\/x51\/CVE-2020-2020-14882", + "description": null, + "fork": false, + "created_at": "2020-11-12T11:27:39Z", + "updated_at": "2020-11-12T12:16:35Z", + "pushed_at": "2020-11-12T12:26:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-28414.json b/2020/CVE-2020-28414.json new file mode 100644 index 0000000000..c37f2ef3c0 --- /dev/null +++ b/2020/CVE-2020-28414.json @@ -0,0 +1,25 @@ +[ + { + "id": 312285919, + "name": "CVE-2020-28414", + "full_name": "jet-pentest\/CVE-2020-28414", + "owner": { + "login": "jet-pentest", + "id": 71512502, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/71512502?v=4", + "html_url": "https:\/\/github.com\/jet-pentest" + }, + "html_url": "https:\/\/github.com\/jet-pentest\/CVE-2020-28414", + "description": null, + "fork": false, + "created_at": "2020-11-12T13:31:50Z", + "updated_at": "2020-11-12T13:32:04Z", + "pushed_at": "2020-11-12T13:32:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-28415.json b/2020/CVE-2020-28415.json new file mode 100644 index 0000000000..070e869d1e --- /dev/null +++ b/2020/CVE-2020-28415.json @@ -0,0 +1,25 @@ +[ + { + "id": 312286062, + "name": "CVE-2020-28415", + "full_name": "jet-pentest\/CVE-2020-28415", + "owner": { + "login": "jet-pentest", + "id": 71512502, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/71512502?v=4", + "html_url": "https:\/\/github.com\/jet-pentest" + }, + "html_url": "https:\/\/github.com\/jet-pentest\/CVE-2020-28415", + "description": null, + "fork": false, + "created_at": "2020-11-12T13:32:23Z", + "updated_at": "2020-11-12T13:32:34Z", + "pushed_at": "2020-11-12T13:32:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-2883.json b/2020/CVE-2020-2883.json index a3e4f6b415..e753fd1b7b 100644 --- a/2020/CVE-2020-2883.json +++ b/2020/CVE-2020-2883.json @@ -17,8 +17,8 @@ "pushed_at": "2020-05-10T09:29:36Z", "stargazers_count": 163, "watchers_count": 163, - "forks_count": 32, - "forks": 32, + "forks_count": 31, + "forks": 31, "watchers": 163, "score": 0 }, diff --git a/2020/CVE-2020-3952.json b/2020/CVE-2020-3952.json index c043e37ee4..d454943f3d 100644 --- a/2020/CVE-2020-3952.json +++ b/2020/CVE-2020-3952.json @@ -59,13 +59,13 @@ "description": "Exploit for CVE-2020-3952 in vCenter 6.7", "fork": false, "created_at": "2020-04-16T07:40:51Z", - "updated_at": "2020-11-10T15:40:43Z", + "updated_at": "2020-11-12T11:31:31Z", "pushed_at": "2020-04-16T08:38:42Z", - "stargazers_count": 224, - "watchers_count": 224, - "forks_count": 53, - "forks": 53, - "watchers": 224, + "stargazers_count": 225, + "watchers_count": 225, + "forks_count": 54, + "forks": 54, + "watchers": 225, "score": 0 }, { diff --git a/2020/CVE-2020-6287.json b/2020/CVE-2020-6287.json index 8b45e18e46..7c5ce0a8a7 100644 --- a/2020/CVE-2020-6287.json +++ b/2020/CVE-2020-6287.json @@ -36,13 +36,13 @@ "description": "PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Original Metasploit PR module: https:\/\/github.com\/rapid7\/metasploit-framework\/pull\/13852\/commits\/d1e2c75b3eafa7f62a6aba9fbe6220c8da97baa8 This PoC only create user with unauthentication permission and no more administrator permission set. This project is created only for educational purposes and cannot be used for law violation or personal gain. The author of this project is not responsible for any possible harm caused by the materials of this project. Original finding: CVE-2020-6287: Pablo Artuso CVE-2020-6286: Yvan 'iggy' G. Usage: python sap-CVE-2020-6287-add-user.py @@ -2368,6 +2371,14 @@ Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerab - [Langriklol/CVE-2020-15227](https://github.com/Langriklol/CVE-2020-15227) - [hu4wufu/CVE-2020-15227](https://github.com/hu4wufu/CVE-2020-15227) +### CVE-2020-15228 (2020-10-01) + + +In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modified without the intention of the workflow or action author. The runner will release an update that disables the `set-env` and `add-path` workflow commands in the near future. For now, users should upgrade to `@actions/core v1.2.6` or later, and replace any instance of the `set-env` or `add-path` commands in their workflows with the new Environment File Syntax. Workflows and actions using the old commands or older versions of the toolkit will start to warn, then error out during workflow execution. + + +- [guettli/fix-CVE-2020-15228](https://github.com/guettli/fix-CVE-2020-15228) + ### CVE-2020-15367 (2020-07-07) @@ -2443,6 +2454,14 @@ Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed - [marcinguy/CVE-2020-15999](https://github.com/marcinguy/CVE-2020-15999) +### CVE-2020-16126 (2020-11-10) + + +An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. + + +- [zev3n/Ubuntu-Gnome-privilege-escalation](https://github.com/zev3n/Ubuntu-Gnome-privilege-escalation) + ### CVE-2020-16152 - [eriknl/CVE-2020-16152](https://github.com/eriknl/CVE-2020-16152) @@ -2865,6 +2884,12 @@ The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an - [dievus/CVE-2020-28351](https://github.com/dievus/CVE-2020-28351) +### CVE-2020-28414 +- [jet-pentest/CVE-2020-28414](https://github.com/jet-pentest/CVE-2020-28414) + +### CVE-2020-28415 +- [jet-pentest/CVE-2020-28415](https://github.com/jet-pentest/CVE-2020-28415) + ### CVE-2020-72381 - [jdordonezn/CVE-2020-72381](https://github.com/jdordonezn/CVE-2020-72381)