Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c52cc49a by Salvatore Bonaccorso at 2020-11-10T21:54:33+01:00
Track two CVEs for nextcloud-server
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -49823,7 +49823,7 @@ CVE-2020-8151 (There is a possible information
disclosure issue in Active Resour
NOTE: ActiveResource was extracted to a separate gem in starting in the
4.0 rails
NOTE: release as it was not widely used.
CVE-2020-8150 (A cryptographic issue in Nextcloud Server 19.0.1 allowed an
attacker t ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2020-8149 (Lack of output sanitization allowed an attack to execute
arbitrary she ...)
NOT-FOR-US: Node logkitty
CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability
that enab ...)
@@ -49859,7 +49859,7 @@ CVE-2020-8135 (The uppy npm package < 1.9.3 is
vulnerable to a Server-Side Re
CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS
< 3.1 ...)
NOT-FOR-US: Ghost CMS
CVE-2020-8133 (A wrong generation of the passphrase for the encrypted block in
Nextcl ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2020-8132 (Lack of input validation in pdf-image npm package version <=
2.0.0 ...)
NOT-FOR-US: Node pdf-image package
CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0
allows ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c52cc49a6012bfd61a7b1f790d4de71cd329f1b4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c52cc49a6012bfd61a7b1f790d4de71cd329f1b4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
