Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a18431ed by security tracker role at 2020-03-22T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2020-10816
+ RESERVED
+CVE-2020-10815
+ RESERVED
+CVE-2020-10814
+ RESERVED
+CVE-2020-10813
+ RESERVED
+CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer
derefer ...)
+ TODO: check
+CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based
buffer ov ...)
+ TODO: check
+CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer
derefer ...)
+ TODO: check
+CVE-2020-10809 (An issue was discovered in HDF5 through 1.12.0. A heap-based
buffer ov ...)
+ TODO: check
+CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command
Injectio ...)
+ TODO: check
+CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass
(for RES ...)
+ TODO: check
+CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and
7.x before ...)
+ TODO: check
+CVE-2020-10805
+ RESERVED
+CVE-2016-11022
+ RESERVED
CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL
injection v ...)
- phpmyadmin <unfixed> (bug #954667)
[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -7,11 +33,13 @@ CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x
before 5.0.2, a SQL injec
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/3258978c38bee8cb4b99f249dffac9c8aaea2d80
CVE-2020-10803 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL
injection v ...)
+ {DLA-2154-1}
- phpmyadmin <unfixed> (bug #954666)
NOTE: https://www.phpmyadmin.net/security/PMASA-2020-4/
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a
CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL
injection v ...)
+ {DLA-2154-1}
- phpmyadmin <unfixed> (bug #954665)
NOTE: https://www.phpmyadmin.net/security/PMASA-2020-3/
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe
@@ -271,11 +299,13 @@ CVE-2020-10675 (The Library API in buger jsonparser
through 2019-12-04 allows at
- golang-github-buger-jsonparser <unfixed> (bug #954373)
NOTE: https://github.com/buger/jsonparser/issues/188
CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
+ {DLA-2153-1}
- jackson-databind <unfixed>
NOTE: https://github.com/FasterXML/jackson-databind/issues/2660
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
+ {DLA-2153-1}
- jackson-databind <unfixed>
NOTE: https://github.com/FasterXML/jackson-databind/issues/2659
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a18431edf37c804f69211b5fb78de7c1200b319f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a18431edf37c804f69211b5fb78de7c1200b319f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
