Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
146a9244 by security tracker role at 2020-12-31T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2020-35930
+ RESERVED
+CVE-2020-35929
+ RESERVED
+CVE-2020-35928 (An issue was discovered in the concread crate before 0.2.6 for
Rust. A ...)
+ TODO: check
+CVE-2020-35927 (An issue was discovered in the thex crate through 2020-12-08
for Rust. ...)
+ TODO: check
+CVE-2020-35926 (An issue was discovered in the nanorand crate before 0.5.1 for
Rust. I ...)
+ TODO: check
+CVE-2020-35925 (An issue was discovered in the magnetic crate before 2.0.1 for
Rust. M ...)
+ TODO: check
+CVE-2020-35924 (An issue was discovered in the try-mutex crate before 0.3.0
for Rust. ...)
+ TODO: check
+CVE-2020-35923 (An issue was discovered in the ordered-float crate before
1.1.1 and 2. ...)
+ TODO: check
+CVE-2020-35922 (An issue was discovered in the mio crate before 0.7.6 for
Rust. It has ...)
+ TODO: check
+CVE-2020-35920 (An issue was discovered in the socket2 crate before 0.3.16 for
Rust. I ...)
+ TODO: check
+CVE-2020-35918 (An issue was discovered in the branca crate before 0.10.0 for
Rust. De ...)
+ TODO: check
+CVE-2020-35917 (An issue was discovered in the pyo3 crate before 0.12.4 for
Rust. Ther ...)
+ TODO: check
+CVE-2020-35915 (An issue was discovered in the futures-intrusive crate before
0.4.0 fo ...)
+ TODO: check
+CVE-2020-35909 (An issue was discovered in the multihash crate before 0.11.3
for Rust. ...)
+ TODO: check
+CVE-2020-35908 (An issue was discovered in the futures-util crate before 0.3.2
for Rus ...)
+ TODO: check
+CVE-2020-35907 (An issue was discovered in the futures-task crate before 0.3.5
for Rus ...)
+ TODO: check
+CVE-2020-35906 (An issue was discovered in the futures-task crate before 0.3.6
for Rus ...)
+ TODO: check
+CVE-2020-35905 (An issue was discovered in the futures-util crate before 0.3.7
for Rus ...)
+ TODO: check
+CVE-2020-35904 (An issue was discovered in the crossbeam-channel crate before
0.4.4 fo ...)
+ TODO: check
+CVE-2020-35903 (An issue was discovered in the dync crate before 0.5.0 for
Rust. VecCo ...)
+ TODO: check
+CVE-2020-35902 (An issue was discovered in the actix-codec crate before
0.3.0-beta.1 f ...)
+ TODO: check
+CVE-2020-35901 (An issue was discovered in the actix-http crate before
2.0.0-alpha.1 f ...)
+ TODO: check
+CVE-2020-35900 (An issue was discovered in the array-queue crate through
2020-09-26 fo ...)
+ TODO: check
+CVE-2020-35899 (An issue was discovered in the actix-service crate before
1.0.6 for Ru ...)
+ TODO: check
+CVE-2020-35898 (An issue was discovered in the actix-utils crate before 2.0.0
for Rust ...)
+ TODO: check
+CVE-2020-35897 (An issue was discovered in the atom crate before 0.3.6 for
Rust. An un ...)
+ TODO: check
+CVE-2020-35896 (An issue was discovered in the ws crate through 2020-09-25 for
Rust. T ...)
+ TODO: check
+CVE-2020-35895 (An issue was discovered in the stack crate before 0.3.1 for
Rust. Arra ...)
+ TODO: check
+CVE-2020-35894 (An issue was discovered in the obstack crate before 0.1.4 for
Rust. Un ...)
+ TODO: check
+CVE-2020-35893 (An issue was discovered in the simple-slab crate before 0.3.3
for Rust ...)
+ TODO: check
+CVE-2020-35892 (An issue was discovered in the simple-slab crate before 0.3.3
for Rust ...)
+ TODO: check
+CVE-2020-35891 (An issue was discovered in the ordnung crate through
2020-09-03 for Ru ...)
+ TODO: check
+CVE-2020-35890 (An issue was discovered in the ordnung crate through
2020-09-03 for Ru ...)
+ TODO: check
+CVE-2020-35889 (An issue was discovered in the crayon crate through 2020-08-31
for Rus ...)
+ TODO: check
+CVE-2020-35888 (An issue was discovered in the arr crate through 2020-08-25
for Rust. ...)
+ TODO: check
+CVE-2020-35887 (An issue was discovered in the arr crate through 2020-08-25
for Rust. ...)
+ TODO: check
+CVE-2020-35886 (An issue was discovered in the arr crate through 2020-08-25
for Rust. ...)
+ TODO: check
+CVE-2020-35885 (An issue was discovered in the alpm-rs crate through
2020-08-20 for Ru ...)
+ TODO: check
+CVE-2020-35884 (An issue was discovered in the tiny_http crate through
2020-06-16 for ...)
+ TODO: check
+CVE-2020-35883 (An issue was discovered in the mozwire crate through
2020-08-18 for Ru ...)
+ TODO: check
+CVE-2020-35882 (An issue was discovered in the rocket crate before 0.4.5 for
Rust. Loc ...)
+ TODO: check
+CVE-2020-35881 (An issue was discovered in the traitobject crate through
2020-06-01 fo ...)
+ TODO: check
+CVE-2020-35880 (An issue was discovered in the bigint crate through 2020-05-07
for Rus ...)
+ TODO: check
+CVE-2020-35879 (An issue was discovered in the rulinalg crate through
2020-02-11 for R ...)
+ TODO: check
+CVE-2020-35878 (An issue was discovered in the ozone crate through 2020-07-04
for Rust ...)
+ TODO: check
+CVE-2020-35877 (An issue was discovered in the ozone crate through 2020-07-04
for Rust ...)
+ TODO: check
+CVE-2020-35876 (An issue was discovered in the rio crate through 2020-05-11
for Rust. ...)
+ TODO: check
+CVE-2020-35875 (An issue was discovered in the tokio-rustls crate before
0.13.1 for Ru ...)
+ TODO: check
+CVE-2020-35874 (An issue was discovered in the internment crate through
2020-05-28 for ...)
+ TODO: check
+CVE-2020-35873 (An issue was discovered in the rusqlite crate before 0.23.0
for Rust. ...)
+ TODO: check
+CVE-2020-35872 (An issue was discovered in the rusqlite crate before 0.23.0
for Rust. ...)
+ TODO: check
+CVE-2020-35871 (An issue was discovered in the rusqlite crate before 0.23.0
for Rust. ...)
+ TODO: check
+CVE-2020-35870 (An issue was discovered in the rusqlite crate before 0.23.0
for Rust. ...)
+ TODO: check
+CVE-2020-35869 (An issue was discovered in the rusqlite crate before 0.23.0
for Rust. ...)
+ TODO: check
+CVE-2020-35868 (An issue was discovered in the rusqlite crate before 0.23.0
for Rust. ...)
+ TODO: check
+CVE-2020-35867 (An issue was discovered in the rusqlite crate before 0.23.0
for Rust. ...)
+ TODO: check
+CVE-2020-35866 (An issue was discovered in the rusqlite crate before 0.23.0
for Rust. ...)
+ TODO: check
+CVE-2020-35865 (An issue was discovered in the os_str_bytes crate before 2.0.0
for Rus ...)
+ TODO: check
+CVE-2020-35864 (An issue was discovered in the flatbuffers crate through
2020-04-11 fo ...)
+ TODO: check
+CVE-2020-35863 (An issue was discovered in the hyper crate before 0.12.34 for
Rust. HT ...)
+ TODO: check
+CVE-2020-35862 (An issue was discovered in the bitvec crate before 0.17.4 for
Rust. Bi ...)
+ TODO: check
+CVE-2020-35861 (An issue was discovered in the bumpalo crate before 3.2.1 for
Rust. Th ...)
+ TODO: check
+CVE-2020-35860 (An issue was discovered in the cbox crate through 2020-03-19
for Rust. ...)
+ TODO: check
+CVE-2020-35859 (An issue was discovered in the lucet-runtime-internals crate
before 0. ...)
+ TODO: check
+CVE-2020-35858 (An issue was discovered in the prost crate before 0.6.1 for
Rust. Ther ...)
+ TODO: check
+CVE-2020-35857 (An issue was discovered in the trust-dns-server crate before
0.18.1 fo ...)
+ TODO: check
+CVE-2019-25011
+ RESERVED
+CVE-2019-25010 (An issue was discovered in the failure crate through
2019-11-13 for Ru ...)
+ TODO: check
+CVE-2019-25009 (An issue was discovered in the http crate before 0.1.20 for
Rust. The ...)
+ TODO: check
+CVE-2019-25008 (An issue was discovered in the http crate before 0.1.20 for
Rust. Head ...)
+ TODO: check
+CVE-2019-25007 (An issue was discovered in the streebog crate before 0.8.0 for
Rust. T ...)
+ TODO: check
+CVE-2019-25006 (An issue was discovered in the streebog crate before 0.8.0 for
Rust. T ...)
+ TODO: check
+CVE-2019-25005 (An issue was discovered in the chacha20 crate before 0.2.3 for
Rust. A ...)
+ TODO: check
+CVE-2019-25004 (An issue was discovered in the flatbuffers crate before 0.6.1
for Rust ...)
+ TODO: check
+CVE-2019-25003 (An issue was discovered in the libsecp256k1 crate before 0.3.1
for Rus ...)
+ TODO: check
+CVE-2019-25002 (An issue was discovered in the sodiumoxide crate before 0.2.5
for Rust ...)
+ TODO: check
+CVE-2019-25001 (An issue was discovered in the serde_cbor crate before 0.10.2
for Rust ...)
+ TODO: check
+CVE-2018-25001 (An issue was discovered in the libpulse-binding crate before
2.5.0 for ...)
+ TODO: check
CVE-2021-21493
RESERVED
CVE-2021-21492
@@ -108,8 +264,8 @@ CVE-2020-35853
RESERVED
CVE-2020-35852
RESERVED
-CVE-2020-35851
- RESERVED
+CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters
properly. Att ...)
+ TODO: check
CVE-2021-21443
RESERVED
CVE-2021-21442
@@ -346,14 +502,14 @@ CVE-2020-35745
RESERVED
CVE-2020-35744
RESERVED
-CVE-2020-35743
- RESERVED
-CVE-2020-35742
- RESERVED
-CVE-2020-35741
- RESERVED
-CVE-2020-35740
- RESERVED
+CVE-2020-35743 (HGiga MailSherlock contains a SQL injection flaw. Attackers
can inject ...)
+ TODO: check
+CVE-2020-35742 (HGiga MailSherlock contains a vulnerability of SQL Injection.
Attacker ...)
+ TODO: check
+CVE-2020-35741 (HGiga MailSherlock does not validate user parameters on
multiple login ...)
+ TODO: check
+CVE-2020-35740 (HGiga MailSherlock does not validate specific URL parameters
properly ...)
+ TODO: check
CVE-2020-35739
RESERVED
CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples
in pack ...)
@@ -6311,15 +6467,15 @@ CVE-2020-29608
RESERVED
CVE-2020-29607 (A file upload restriction bypass vulnerability in Pluck CMS
before 4.7 ...)
NOT-FOR-US: Pluck CMS
-CVE-2020-35921 [RUSTSEC-2020-0080: miow: `miow` invalidly assumes the memory
layout of std::net::SocketAddr]
+CVE-2020-35921 (An issue was discovered in the miow crate before 0.3.6 for
Rust. It ha ...)
- rust-miow 0.3.6-1 (bug #976871)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0080.html
NOTE: https://github.com/yoshuawuyts/miow/issues/38
-CVE-2020-35919 [RUSTSEC-2020-0078: net2: `net2` invalidly assumes the memory
layout of std::net::SocketAddr]
+CVE-2020-35919 (An issue was discovered in the net2 crate before 0.2.36 for
Rust. It h ...)
- rust-net2 0.2.37-1 (bug #976870)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0078.html
NOTE: https://github.com/deprecrated/net2-rs/issues/105
-CVE-2020-35916 [RUSTSEC-2020-0073: image: Mutable reference with immutable
provenance]
+CVE-2020-35916 (An issue was discovered in the image crate before 0.23.12 for
Rust. A ...)
- rust-image <unfixed> (bug #976869)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0073.html
NOTE: https://github.com/image-rs/image/issues/1357
@@ -7996,23 +8152,23 @@ CVE-2020-26235 (In Rust time crate from version 0.2.7
and before version 0.2.23,
NOTE: https://github.com/time-rs/time/issues/293
NOTE: Introduced by:
https://github.com/time-rs/time/commit/5f1c4927124fefbd8d2886f83a574beb381411e9
(v0.2.7)
NOTE: Deprecated in:
https://github.com/time-rs/time/commit/f153a1ca5fdfec979f16c49619e6034cc67e186d
(v0.2.23)
-CVE-2020-35914
+CVE-2020-35914 (An issue was discovered in the lock_api crate before 0.4.2 for
Rust. A ...)
- rust-lock-api <unfixed> (bug #975319)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
-CVE-2020-35913
+CVE-2020-35913 (An issue was discovered in the lock_api crate before 0.4.2 for
Rust. A ...)
- rust-lock-api <unfixed> (bug #975319)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
-CVE-2020-35912
+CVE-2020-35912 (An issue was discovered in the lock_api crate before 0.4.2 for
Rust. A ...)
- rust-lock-api <unfixed> (bug #975319)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
-CVE-2020-35911
+CVE-2020-35911 (An issue was discovered in the lock_api crate before 0.4.2 for
Rust. A ...)
- rust-lock-api <unfixed> (bug #975319)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
-CVE-2020-35910 [RUSTSEC-2020-0070: lock_api: Some lock_api lock guard objects
can cause data races]
+CVE-2020-35910 (An issue was discovered in the lock_api crate before 0.4.2 for
Rust. A ...)
- rust-lock-api <unfixed> (bug #975319)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
@@ -12185,8 +12341,8 @@ CVE-2020-28277 (Prototype pollution vulnerability in
'dset' versions 1.0.0 throu
TODO: check
CVE-2020-28276 (Prototype pollution vulnerability in 'deep-set' versions 1.0.0
through ...)
TODO: check
-CVE-2020-28275 (Prototype pollution vulnerability in 'cache-base' versions
0.7.0 throu ...)
- TODO: check
+CVE-2020-28275
+ REJECTED
CVE-2020-28274 (Prototype pollution vulnerability in 'deepref' versions 1.1.1
through ...)
NOT-FOR-US: Node deepref
CVE-2020-28273 (Prototype pollution vulnerability in 'set-in' versions 1.0.0
through 2 ...)
@@ -18435,24 +18591,24 @@ CVE-2020-25852
RESERVED
CVE-2020-25851
RESERVED
-CVE-2020-25850
- RESERVED
+CVE-2020-25850 (The function, view the source code, of HGiga MailSherlock does
not val ...)
+ TODO: check
CVE-2020-25849 (MailGates and MailAudit products contain Command Injection
flaw, which ...)
NOT-FOR-US: MailGates and MailAudit
-CVE-2020-25848
- RESERVED
+CVE-2020-25848 (HGiga MailSherlock contains weak authentication flaw that
attackers gr ...)
+ TODO: check
CVE-2020-25847 (This command injection vulnerability allows attackers to
execute arbit ...)
NOT-FOR-US: QNAP
-CVE-2020-25846
- RESERVED
-CVE-2020-25845
- RESERVED
-CVE-2020-25844
- RESERVED
-CVE-2020-25843
- RESERVED
-CVE-2020-25842
- RESERVED
+CVE-2020-25846 (The digest generation function of NHIServiSignAdapter has not
been ver ...)
+ TODO: check
+CVE-2020-25845 (Multiple functions of NHIServiSignAdapter failed to verify the
users&# ...)
+ TODO: check
+CVE-2020-25844 (The digest generation function of NHIServiSignAdapter has not
been ver ...)
+ TODO: check
+CVE-2020-25843 (NHIServiSignAdapter fails to verify the length of digital
credential f ...)
+ TODO: check
+CVE-2020-25842 (The encryption function of NHIServiSignAdapter fail to verify
the file ...)
+ TODO: check
CVE-2020-25841
RESERVED
CVE-2020-25840
@@ -18560,12 +18716,12 @@ CVE-2020-25801
RESERVED
CVE-2020-25800
RESERVED
-CVE-2020-25799
- RESERVED
+CVE-2020-25799 (LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in
the Quo ...)
+ TODO: check
CVE-2020-25798 (A stored cross-site scripting (XSS) vulnerability in
LimeSurvey before ...)
- limesurvey <itp> (bug #472802)
-CVE-2020-25797
- RESERVED
+CVE-2020-25797 (LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in
the Add ...)
+ TODO: check
CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to
upload ...)
NOT-FOR-US: Typesetter CMS
CVE-2020-25789 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before
2020-09-1 ...)
@@ -50954,14 +51110,14 @@ CVE-2020-11837
RESERVED
CVE-2020-11836
RESERVED
-CVE-2020-11835
- RESERVED
-CVE-2020-11834
- RESERVED
-CVE-2020-11833
- RESERVED
-CVE-2020-11832
- RESERVED
+CVE-2020-11835 (In
/SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_d ...)
+ TODO: check
+CVE-2020-11834 (In
/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the ...)
+ TODO: check
+CVE-2020-11833 (In
/SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_m ...)
+ TODO: check
+CVE-2020-11832 (In functions charging_limit_current_write and
charging_limit_time_writ ...)
+ TODO: check
CVE-2020-11831 (OvoiceManager has system permission to write vulnerability
reports for ...)
NOT-FOR-US: OvoiceManager
CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system
command ...)
@@ -133981,16 +134137,16 @@ CVE-2018-19947 (The vulnerability have been
reported to affect earlier versions
NOT-FOR-US: QNAP
CVE-2018-19946 (The vulnerability have been reported to affect earlier
versions of Hel ...)
NOT-FOR-US: QNAP
-CVE-2018-19945
- RESERVED
-CVE-2018-19944
- RESERVED
+CVE-2018-19945 (A vulnerability has been reported to affect earlier QNAP
devices runni ...)
+ TODO: check
+CVE-2018-19944 (A cleartext transmission of sensitive information
vulnerability has be ...)
+ TODO: check
CVE-2018-19943 (If exploited, this cross-site scripting vulnerability could
allow remo ...)
NOT-FOR-US: QNAP
CVE-2018-19942
RESERVED
-CVE-2018-19941
- RESERVED
+CVE-2018-19941 (A vulnerability has been reported to affect QNAP NAS. If
exploited, th ...)
+ TODO: check
CVE-2018-19940
RESERVED
CVE-2018-19939 (The Goodix GT9xx touchscreen driver for custom Linux kernels
on Xiaomi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/146a924403f18fd9eab849ba1dc75fe47ae9f6ca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/146a924403f18fd9eab849ba1dc75fe47ae9f6ca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
