Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5f06acab by security tracker role at 2020-12-02T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2021-1635
+ RESERVED
+CVE-2021-1634
+ RESERVED
+CVE-2021-1633
+ RESERVED
+CVE-2021-1632
+ RESERVED
+CVE-2021-1631
+ RESERVED
+CVE-2021-1630
+ RESERVED
+CVE-2021-1629
+ RESERVED
+CVE-2021-1628
+ RESERVED
+CVE-2021-1627
+ RESERVED
+CVE-2021-1626
+ RESERVED
+CVE-2020-29477
+ RESERVED
+CVE-2020-29476
+ RESERVED
+CVE-2020-29475
+ RESERVED
+CVE-2020-29474
+ RESERVED
+CVE-2020-29473
+ RESERVED
+CVE-2020-29472
+ RESERVED
+CVE-2020-29471
+ RESERVED
+CVE-2020-29470
+ RESERVED
+CVE-2020-29469
+ RESERVED
+CVE-2020-29468
+ RESERVED
+CVE-2020-29467
+ RESERVED
+CVE-2020-29466
+ RESERVED
+CVE-2020-29465
+ RESERVED
+CVE-2020-29464
+ RESERVED
+CVE-2020-29463
+ RESERVED
+CVE-2020-29462
+ RESERVED
+CVE-2020-29461
+ RESERVED
+CVE-2020-29460
+ RESERVED
+CVE-2020-29459
+ RESERVED
+CVE-2020-29458 (Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. ...)
+ TODO: check
+CVE-2020-29457
+ RESERVED
+CVE-2020-29456 (Multiple cross-site scripting (XSS) vulnerabilities in
Papermerge befo ...)
+ TODO: check
CVE-2020-29455
RESERVED
CVE-2020-29454 (Editors/LogViewerController.cs in Umbraco through 8.9.1 allows
a user ...)
@@ -134,8 +198,8 @@ CVE-2020-29391
RESERVED
CVE-2020-29390 (Zeroshell 3.9.3 contains a command injection vulnerability in
the /cgi ...)
NOT-FOR-US: Zeroshell
-CVE-2020-29389
- RESERVED
+CVE-2020-29389 (The official Crux Linux Docker images 3.0 through 3.4 contain
a blank ...)
+ TODO: check
CVE-2020-29388
RESERVED
CVE-2020-29387
@@ -464,10 +528,10 @@ CVE-2020-29242
RESERVED
CVE-2020-29241
RESERVED
-CVE-2020-29240
- RESERVED
-CVE-2020-29239
- RESERVED
+CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An
attacke ...)
+ TODO: check
+CVE-2020-29239 (Online Birth Certificate System Project V 1.0 is affected by
cross-sit ...)
+ TODO: check
CVE-2020-29238
RESERVED
CVE-2020-29237
@@ -5188,10 +5252,10 @@ CVE-2020-28275
RESERVED
CVE-2020-28274
RESERVED
-CVE-2020-28273
- RESERVED
-CVE-2020-28272
- RESERVED
+CVE-2020-28273 (Prototype pollution vulnerability in 'set-in' versions 1.0.0
through 2 ...)
+ TODO: check
+CVE-2020-28272 (Prototype pollution vulnerability in 'keyget' versions 1.0.0
through 2 ...)
+ TODO: check
CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0
through ...)
NOT-FOR-US: Node deephas
CVE-2020-28270 (Overview:Prototype pollution vulnerability in
‘object-hierarchy- ...)
@@ -10460,6 +10524,7 @@ CVE-2020-26217 (XStream before version 1.4.14 is
vulnerable to Remote Code Execu
CVE-2020-26216 (TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4,
2.5.11 ...)
NOT-FOR-US: TYPO3 Fluid
CVE-2020-26215 (Jupyter Notebook before version 6.1.5 has an Open redirect
vulnerabili ...)
+ {DLA-2477-1}
- jupyter-notebook 6.1.5-1
NOTE:
https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh
NOTE:
https://github.com/jupyter/notebook/commit/2e1c56b0c4a903606d4a2eb13e32409296b9799d
@@ -11678,6 +11743,7 @@ CVE-2020-25697
NOTE: Long-standing design limitation in X11, unlikely to get fixed
until the world moves to Wayland
NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/3
CVE-2020-25696 (A flaw was found in the psql interactive terminal of
PostgreSQL in ver ...)
+ {DLA-2478-1}
- postgresql-13 13.1-1
- postgresql-12 <unfixed>
- postgresql-11 <removed>
@@ -11685,6 +11751,7 @@ CVE-2020-25696 (A flaw was found in the psql
interactive terminal of PostgreSQL
- postgresql-9.6 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before
12.5, befo ...)
+ {DLA-2478-1}
- postgresql-13 13.1-1
- postgresql-12 <unfixed>
- postgresql-11 <removed>
@@ -11692,6 +11759,7 @@ CVE-2020-25695 (A flaw was found in PostgreSQL versions
before 13.1, before 12.5
- postgresql-9.6 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before
12.5, befo ...)
+ {DLA-2478-1}
- postgresql-13 13.1-1
- postgresql-12 <unfixed>
- postgresql-11 <removed>
@@ -11934,8 +12002,7 @@ CVE-2020-25639 [NULL pointer dereference via nouveau
ioctl can lead to DoS]
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://lists.freedesktop.org/archives/nouveau/2020-August/036682.html
-CVE-2020-25638
- RESERVED
+CVE-2020-25638 (A flaw was found in hibernate-core in versions prior to and
including ...)
- libhibernate3-java <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1881353
CVE-2020-25637 (A double free memory issue was found to occur in the libvirt
API, in v ...)
@@ -12776,10 +12843,10 @@ CVE-2020-25268 (Remote Code Execution can occur via
the external news feed in IL
NOT-FOR-US: ILIAS
CVE-2020-25267 (An XSS issue exists in the question-pool file-upload preview
feature i ...)
NOT-FOR-US: ILIAS
-CVE-2020-25266
- RESERVED
-CVE-2020-25265
- RESERVED
+CVE-2020-25266 (AppImage appimaged before 1.0.3 does not properly check
whether a down ...)
+ TODO: check
+CVE-2020-25265 (AppImage libappimage before 1.0.3 allows attackers to trigger
an overw ...)
+ TODO: check
CVE-2020-25264
RESERVED
CVE-2020-25263 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF)
via the ...)
@@ -36312,8 +36379,7 @@ CVE-2020-14370 (An information disclosure vulnerability
was found in containers/
- libpod 2.0.6+dfsg1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874268
NOTE:
https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074
-CVE-2020-14369
- RESERVED
+CVE-2020-14369 (This release fixes a Cross Site Request Forgery vulnerability
was foun ...)
NOT-FOR-US: Red Hat CloudForm
CVE-2020-14368
RESERVED
@@ -37512,8 +37578,7 @@ CVE-2020-13958 (A vulnerability in Apache OpenOffice
scripting events allows an
NOT-FOR-US: Apache OpenOffice
CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0
to 8.6.2 ...)
- lucene-solr <not-affected> (Vulnerable functionality not yet present)
-CVE-2020-13956 [incorrect handling of malformed authority component in request
URIs]
- RESERVED
+CVE-2020-13956 (Apache HttpClient versions prior to version 4.5.13 and 5.0.3
can misin ...)
{DSA-4772-1 DLA-2405-1}
- httpcomponents-client 4.5.13-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587
@@ -38773,18 +38838,18 @@ CVE-2020-13500 (SQL injection vulnerability exists in
the CHaD.asmx web service
NOT-FOR-US: CHaD.asmx
CVE-2020-13499 (An SQL injection vulnerability exists in the CHaD.asmx web
service fun ...)
NOT-FOR-US: CHaD.asmx
-CVE-2020-13498
- RESERVED
-CVE-2020-13497
- RESERVED
-CVE-2020-13496
- RESERVED
+CVE-2020-13498 (An exploitable vulnerability exists in the way Pixar OpenUSD
20.05 han ...)
+ TODO: check
+CVE-2020-13497 (An exploitable vulnerability exists in the way Pixar OpenUSD
20.05 han ...)
+ TODO: check
+CVE-2020-13496 (An exploitable vulnerability exists in the way Pixar OpenUSD
20.05 han ...)
+ TODO: check
CVE-2020-13495
RESERVED
-CVE-2020-13494
- RESERVED
-CVE-2020-13493
- RESERVED
+CVE-2020-13494 (A heap overflow vulnerability exists in the Pixar OpenUSD
20.05 parsin ...)
+ TODO: check
+CVE-2020-13493 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05
when the s ...)
+ TODO: check
CVE-2020-13492
RESERVED
CVE-2020-13491
@@ -41207,8 +41272,8 @@ CVE-2020-12526
RESERVED
CVE-2020-12525
RESERVED
-CVE-2020-12524
- RESERVED
+CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause
the Phoeni ...)
+ TODO: check
CVE-2020-12523
RESERVED
CVE-2020-12522
@@ -194589,8 +194654,8 @@ CVE-2017-14453 (On Insteon Hub 2245-222 devices with
firmware version 1012, spec
NOT-FOR-US: Insteon Hub
CVE-2017-14452 (An exploitable buffer overflow vulnerability exists in the
PubNub mess ...)
NOT-FOR-US: Insteon Hub
-CVE-2017-14451
- RESERVED
+CVE-2017-14451 (An exploitable out-of-bounds read vulnerability exists in
libevm (Ethe ...)
+ TODO: check
CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image
parsing functi ...)
{DSA-4184-1 DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
@@ -230186,8 +230251,8 @@ CVE-2017-2912 (An exploitable vulnerability exists in
the remote control functio
NOT-FOR-US: Circle with Disney
CVE-2017-2911 (An exploitable vulnerability exists in the remote control
functionalit ...)
NOT-FOR-US: Circle with Disney
-CVE-2017-2910
- RESERVED
+CVE-2017-2910 (An exploitable Out-of-bounds Write vulnerability exists in the
xls_add ...)
+ TODO: check
CVE-2017-2909 (An infinite loop programming error exists in the DNS server
functional ...)
- smplayer 18.5.0~ds1-1 (bug #898943)
[stretch] - smplayer <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f06acabc157520b71493ccdbdf73828fbe1e601
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f06acabc157520b71493ccdbdf73828fbe1e601
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
