Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c52cc49a by Salvatore Bonaccorso at 2020-11-10T21:54:33+01:00 Track two CVEs for nextcloud-server - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -49823,7 +49823,7 @@ CVE-2020-8151 (There is a possible information disclosure issue in Active Resour NOTE: ActiveResource was extracted to a separate gem in starting in the 4.0 rails NOTE: release as it was not widely used. CVE-2020-8150 (A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker t ...) - TODO: check + - nextcloud-server <itp> (bug #941708) CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...) NOT-FOR-US: Node logkitty CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enab ...) @@ -49859,7 +49859,7 @@ CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Re CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...) NOT-FOR-US: Ghost CMS CVE-2020-8133 (A wrong generation of the passphrase for the encrypted block in Nextcl ...) - TODO: check + - nextcloud-server <itp> (bug #941708) CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 ...) NOT-FOR-US: Node pdf-image package CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c52cc49a6012bfd61a7b1f790d4de71cd329f1b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c52cc49a6012bfd61a7b1f790d4de71cd329f1b4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits