Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 560699bf by Moritz Muehlenhoff at 2020-03-26T23:13:34+01:00 new rust-bumpalo issue NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,9 +1,13 @@ +CVE-2020-XXXX [RUSTSEC-2020-0006: bumpalo: Flaw in `realloc` allows reading unknown memory] + - rust-bumpalo <unfixed> + NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0006.html + NOTE: https://github.com/fitzgen/bumpalo/issues/69 CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through 0.9.8-25 a ...) NOT-FOR-US: VESTA Control Panel CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to ...) NOT-FOR-US: Teradici PCoIP Management Console CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to execute ...) - TODO: check + - serendipity <removed> CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...) NOT-FOR-US: FrozenNode Laravel-Administrator CVE-2020-10962 @@ -12463,13 +12467,13 @@ CVE-2020-5562 CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS ...) NOT-FOR-US: Keijiban Tsumiki CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS c ...) - TODO: check + NOT-FOR-US: WL-Enq CVE-2020-5559 (Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remo ...) - TODO: check + NOT-FOR-US: WL-Enq CVE-2020-5558 (CuteNews 2.0.1 allows remote authenticated attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: CuteNews CVE-2020-5557 (Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote att ...) - TODO: check + NOT-FOR-US: CuteNews CVE-2020-5556 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5555 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers ...) @@ -13122,7 +13126,7 @@ CVE-2020-5284 CVE-2020-5283 RESERVED CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in ...) - TODO: check + NOT-FOR-US: Nick Chan Bot CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify configur ...) TODO: check CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file i ...) @@ -17452,63 +17456,63 @@ CVE-2020-3796 CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3794 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file i ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3791 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3790 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3789 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3788 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3787 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3786 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3785 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3784 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3783 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3782 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3781 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3780 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3779 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3778 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3777 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3776 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3775 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3774 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3773 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3772 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3771 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3770 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3768 RESERVED CVE-2020-3767 RESERVED CVE-2020-3766 (Adobe Genuine Integrity Service versions Version 6.4 and earlier have ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...) @@ -17518,7 +17522,7 @@ CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 201 CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3761 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command inject ...) NOT-FOR-US: Adobe CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer errors ...) @@ -27422,7 +27426,7 @@ CVE-2019-18628 CVE-2019-18627 RESERVED CVE-2019-18626 (Harris Ormed Self Service before 2019.1.4 allows an authenticated user ...) - TODO: check + NOT-FOR-US: Harris Ormed Self Service CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate signed ...) - systemd 244-1 (low) [buster] - systemd <not-affected> (Only affected v243) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/560699bf76af972e51c02a58a020061df911a9ca -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/560699bf76af972e51c02a58a020061df911a9ca You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
