Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3d1757f1 by security tracker role at 2020-11-25T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,8 +4,8 @@ CVE-2020-29072 (A Cross-Site Script Inclusion vulnerability was
found on LiquidF
NOT-FOR-US: LiquidFiles
CVE-2020-29071 (An XSS issue was found in the Shares feature of LiquidFiles
before 3.3 ...)
NOT-FOR-US: LiquidFiles
-CVE-2020-29070
- RESERVED
+CVE-2020-29070 (osCommerce 2.3.4.1 has XSS vulnerability via the authenticated
user en ...)
+ TODO: check
CVE-2020-29069 (_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey
Network ...)
NOT-FOR-US: Modern Honey Network
CVE-2020-29068
@@ -9519,8 +9519,8 @@ CVE-2020-26245
RESERVED
CVE-2020-26244
RESERVED
-CVE-2020-26243
- RESERVED
+CVE-2020-26243 (Nanopb is a small code-size Protocol Buffers implementation.
In Nanopb ...)
+ TODO: check
CVE-2020-26242 (Go Ethereum, or "Geth", is the official Golang implementation
of the E ...)
TODO: check
CVE-2020-26241 (Go Ethereum, or "Geth", is the official Golang implementation
of the E ...)
@@ -9584,8 +9584,8 @@ CVE-2020-26214 (In Alerta before version 8.1.0, users may
be able to bypass LDAP
NOT-FOR-US: Alerta
CVE-2020-26213 (In teler before version 0.0.1, if you run teler inside a
Docker contai ...)
NOT-FOR-US: Alerta
-CVE-2020-26212
- RESERVED
+CVE-2020-26212 (GLPI stands for Gestionnaire Libre de Parc Informatique and it
is a Fr ...)
+ TODO: check
CVE-2020-26211 (In BookStack before version 0.30.4, a user with permissions to
edit a ...)
NOT-FOR-US: BookStack app
CVE-2020-26210 (In BookStack before version 0.30.4, a user with permissions to
edit a ...)
@@ -10998,8 +10998,7 @@ CVE-2020-25651 [Possible File Transfer DoS and
Information Leak via active_xfers
NOTE:
https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/9d35d8a86fb310fc1f29d428c0a96995948d2357
NOTE:
https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/e4bfd1b632b6c14e8411dbe3565115a78cd3d256
NOTE:
https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/b7db1c20c9f80154fb54392eb44add3486d3e427
-CVE-2020-25650 [Memory DoS via Arbitrary Entries in active_xfers Hash Table]
- RESERVED
+CVE-2020-25650 (A flaw was found in the way the spice-vdagentd daemon handled
file tra ...)
- spice-vdagent <unfixed> (bug #973769)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
NOTE:
https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332
@@ -168766,7 +168765,7 @@ CVE-2017-18036 (The Github repository importer in
Atlassian Bitbucket Server bef
NOT-FOR-US: Atlassian Bitbucket
CVE-2017-18035 (The
/rest/review-coverage-chart/1.0/data/<repository_name>/.json ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
-CVE-2017-18034 (The source browse resource in Atlassian FishEye and Crucible
before ve ...)
+CVE-2017-18034 (The source browse resource in Atlassian Fisheye and Crucible
before ve ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version
7.6.1 allow ...)
NOT-FOR-US: Jira-importers-plugin in Atlassian Jira
@@ -193228,9 +193227,9 @@ CVE-2017-14590 (Bamboo did not check that the name of
a branch in a Mercurial re
NOT-FOR-US: Atlassian Bamboo
CVE-2017-14589 (It was possible for double OGNL evaluation in FreeMarker
templates thr ...)
NOT-FOR-US: Atlassian Bamboo
-CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before
version 4.4 ...)
+CVE-2017-14588 (Various resources in Atlassian Fisheye and Crucible before
version 4.4 ...)
NOT-FOR-US: Atlassian
-CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye
and Cru ...)
+CVE-2017-14587 (The administration user deletion resource in Atlassian Fisheye
and Cru ...)
NOT-FOR-US: Atlassian
CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to
client-side remote ...)
NOT-FOR-US: Atlassian
@@ -208275,15 +208274,15 @@ CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before
6.1.4, and 6.2.x before 6.2.1 h
NOT-FOR-US: Atlassian Bamboo
CVE-2017-9513 (Several rest inline action resources of Atlassian Activity
Streams bef ...)
NOT-FOR-US: Atlassian Activity Streams
-CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and
Crucible ...)
+CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian Fisheye and
Crucible ...)
NOT-FOR-US: Atlassian
-CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible,
before ...)
+CVE-2017-9511 (The MultiPathResource class in Atlassian Fisheye and Crucible,
before ...)
NOT-FOR-US: Atlassian
-CVE-2017-9510 (The repository changelog resource in Atlassian FishEye before
version ...)
+CVE-2017-9510 (The repository changelog resource in Atlassian Fisheye before
version ...)
NOT-FOR-US: Atlassian
CVE-2017-9509 (The review file upload resource in Atlassian Crucible before
version 4 ...)
NOT-FOR-US: Atlassian
-CVE-2017-9508 (Various resources in Atlassian FishEye and Crucible before
version 4.4 ...)
+CVE-2017-9508 (Various resources in Atlassian Fisheye and Crucible before
version 4.4 ...)
NOT-FOR-US: Atlassian
CVE-2017-9507 (The review dashboard resource in Atlassian Crucible from
version 4.1.0 ...)
NOT-FOR-US: Atlassian
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d1757f183bb10579d3e6ff9a67a751c25e89bb4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d1757f183bb10579d3e6ff9a67a751c25e89bb4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
