Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
31294e14 by security tracker role at 2020-08-29T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-25015
+ RESERVED
CVE-2020-25014
RESERVED
CVE-2020-25013
@@ -20360,18 +20362,18 @@ CVE-2020-15161
RESERVED
CVE-2020-15160
RESERVED
-CVE-2020-15159
- RESERVED
+CVE-2020-15159 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting
(XSS) a ...)
+ TODO: check
CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP
message ...)
NOT-FOR-US: libIEC61850
CVE-2020-15157
RESERVED
CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged
in user ...)
NOT-FOR-US: nodebb-plugin-blog-comments
-CVE-2020-15155
- RESERVED
-CVE-2020-15154
- RESERVED
+CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting
(XSS) v ...)
+ TODO: check
+CVE-2020-15154 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting
(XSS) v ...)
+ TODO: check
CVE-2020-15153
RESERVED
CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to
Server-Side Req ...)
@@ -22335,37 +22337,37 @@ CVE-2020-14407
CVE-2020-14406
RESERVED
CVE-2020-14405 (An issue was discovered in LibVNCServer before 0.9.13.
libvncclient/rf ...)
- {DLA-2264-1}
+ {DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point
release)
NOTE:
https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365
CVE-2020-14404 (An issue was discovered in LibVNCServer before 0.9.13.
libvncserver/rr ...)
- {DLA-2264-1}
+ {DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point
release)
NOTE:
https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14403 (An issue was discovered in LibVNCServer before 0.9.13.
libvncserver/he ...)
- {DLA-2264-1}
+ {DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point
release)
NOTE:
https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14402 (An issue was discovered in LibVNCServer before 0.9.13.
libvncserver/co ...)
- {DLA-2264-1}
+ {DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point
release)
NOTE:
https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13.
libvncserver/sc ...)
- {DLA-2264-1}
+ {DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point
release)
NOTE:
https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af
CVE-2020-14400 (** DISPUTED ** An issue was discovered in LibVNCServer before
0.9.13. ...)
- {DLA-2264-1}
+ {DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point
release)
NOTE:
https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d
CVE-2020-14399 (** DISPUTED ** An issue was discovered in LibVNCServer before
0.9.13. ...)
- {DLA-2264-1}
+ {DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point
release)
NOTE:
https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d
@@ -22376,7 +22378,7 @@ CVE-2020-14398 (An issue was discovered in LibVNCServer
before 0.9.13. An improp
[jessie] - libvncserver <ignored> (Proposed patch might break ABI for
consumers)
NOTE:
https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b
CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13.
libvncserver/rf ...)
- {DLA-2264-1}
+ {DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point
release)
NOTE:
https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0
@@ -22893,7 +22895,7 @@ CVE-2019-20840 (An issue was discovered in LibVNCServer
before 0.9.13. libvncser
NOTE:
https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76
NOTE: Vulnerable code is introduced with the fix for CVE-2017-18922.
CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a
buffer over ...)
- {DLA-2264-1}
+ {DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
[buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point
release)
NOTE:
https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1
@@ -328110,8 +328112,8 @@ CVE-2012-4820 (Unspecified vulnerability in the JRE
component in IBM Java 7 SR2
- openjdk-7 <not-affected> (Vulnerabilities specific to IBM Java)
CVE-2012-4819 (Cross-site scripting (XSS) vulnerability in InfoSphere Business
Glossa ...)
NOT-FOR-US: IBM InfoSphere
-CVE-2012-4818
- RESERVED
+CVE-2012-4818 (IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow
a remo ...)
+ TODO: check
CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1,
and VIOS ...)
NOT-FOR-US: IBM AIX, VIOS
CVE-2012-4816 (IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5
allows rem ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31294e141fba03eef18067f32ff5cda7ca5a9e5b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31294e141fba03eef18067f32ff5cda7ca5a9e5b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
