Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a18431ed by security tracker role at 2020-03-22T20:10:21+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,29 @@ +CVE-2020-10816 + RESERVED +CVE-2020-10815 + RESERVED +CVE-2020-10814 + RESERVED +CVE-2020-10813 + RESERVED +CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) + TODO: check +CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) + TODO: check +CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) + TODO: check +CVE-2020-10809 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) + TODO: check +CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injectio ...) + TODO: check +CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass (for RES ...) + TODO: check +CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before ...) + TODO: check +CVE-2020-10805 + RESERVED +CVE-2016-11022 + RESERVED CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) - phpmyadmin <unfixed> (bug #954667) [jessie] - phpmyadmin <not-affected> (Vulnerable code not present) @@ -7,11 +33,13 @@ CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injec NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3258978c38bee8cb4b99f249dffac9c8aaea2d80 CVE-2020-10803 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) + {DLA-2154-1} - phpmyadmin <unfixed> (bug #954666) NOTE: https://www.phpmyadmin.net/security/PMASA-2020-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) + {DLA-2154-1} - phpmyadmin <unfixed> (bug #954665) NOTE: https://www.phpmyadmin.net/security/PMASA-2020-3/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe @@ -271,11 +299,13 @@ CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows at - golang-github-buger-jsonparser <unfixed> (bug #954373) NOTE: https://github.com/buger/jsonparser/issues/188 CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2153-1} - jackson-databind <unfixed> NOTE: https://github.com/FasterXML/jackson-databind/issues/2660 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2153-1} - jackson-databind <unfixed> NOTE: https://github.com/FasterXML/jackson-databind/issues/2659 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a18431edf37c804f69211b5fb78de7c1200b319f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a18431edf37c804f69211b5fb78de7c1200b319f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits