Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9b9bb351 by Moritz Muehlenhoff at 2021-01-03T19:55:33+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -224,7 +224,7 @@ CVE-2020-35867 (An issue was discovered in the rusqlite
crate before 0.23.0 for
CVE-2020-35866 (An issue was discovered in the rusqlite crate before 0.23.0
for Rust. ...)
NOT-FOR-US: rusqlite rust crate
CVE-2020-35865 (An issue was discovered in the os_str_bytes crate before 2.0.0
for Rus ...)
- TODO: check
+ NOT-FOR-US: Rust os_str_bytes
CVE-2020-35864 (An issue was discovered in the flatbuffers crate through
2020-04-11 fo ...)
NOT-FOR-US: flatbuffers rust crate
CVE-2020-35863 (An issue was discovered in the hyper crate before 0.12.34 for
Rust. HT ...)
@@ -240,7 +240,7 @@ CVE-2020-35859 (An issue was discovered in the
lucet-runtime-internals crate bef
CVE-2020-35858 (An issue was discovered in the prost crate before 0.6.1 for
Rust. Ther ...)
NOT-FOR-US: prost rust crate
CVE-2020-35857 (An issue was discovered in the trust-dns-server crate before
0.18.1 fo ...)
- TODO: check
+ NOT-FOR-US: Rust trust-dns-server
CVE-2019-25011 (NetBox through 2.6.2 allows an Authenticated User to conduct
an XSS at ...)
NOT-FOR-US: NetBox
CVE-2019-25010 (An issue was discovered in the failure crate through
2019-11-13 for Ru ...)
@@ -257,7 +257,7 @@ CVE-2019-25007 (An issue was discovered in the streebog
crate before 0.8.0 for R
CVE-2019-25006 (An issue was discovered in the streebog crate before 0.8.0 for
Rust. T ...)
NOT-FOR-US: streebog rust crate
CVE-2019-25005 (An issue was discovered in the chacha20 crate before 0.2.3 for
Rust. A ...)
- TODO: check
+ NOT-FOR-US: Rust chacha20
CVE-2019-25004 (An issue was discovered in the flatbuffers crate before 0.6.1
for Rust ...)
NOT-FOR-US: flatbuffers rust crate
CVE-2019-25003 (An issue was discovered in the libsecp256k1 crate before 0.3.1
for Rus ...)
@@ -4350,7 +4350,8 @@ CVE-2020-35378 (SQL Injection in the login page in Online
Bus Ticket Reservation
CVE-2020-35377
RESERVED
CVE-2020-35376 (Xpdf 4.02 allows stack consumption because of an incorrect
subroutine ...)
- TODO: check
+ - xpdf <not-affected> (Debian uses poppler, which is not affected)
+ NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42066
CVE-2020-35375
RESERVED
CVE-2020-35374
@@ -7788,7 +7789,7 @@ CVE-2020-29205
CVE-2020-29204 (XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the
20-charact ...)
NOT-FOR-US: XXL-JOB
CVE-2020-29203 (struct2json before 2020-11-18 is affected by a Buffer Overflow
because ...)
- TODO: check
+ NOT-FOR-US: struct2json
CVE-2020-29202
RESERVED
CVE-2020-29201
@@ -12454,21 +12455,21 @@ CVE-2020-28285
CVE-2020-28284
RESERVED
CVE-2020-28283 (Prototype pollution vulnerability in 'libnested' versions
0.0.0 throug ...)
- TODO: check
+ NOT-FOR-US: libnested
CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0
allows ...)
- TODO: check
+ NOT-FOR-US: Node getobject
CVE-2020-28281 (Prototype pollution vulnerability in 'set-object-value'
versions 0.0.0 ...)
- TODO: check
+ NOT-FOR-US: react-atomic-organism
CVE-2020-28280 (Prototype pollution vulnerability in 'predefine' versions
0.0.0 throug ...)
- TODO: check
+ NOT-FOR-US: Node predefine
CVE-2020-28279 (Prototype pollution vulnerability in 'flattenizer' versions
0.0.5 thro ...)
- TODO: check
+ NOT-FOR-US: flattenizer
CVE-2020-28278 (Prototype pollution vulnerability in 'shvl' versions 1.0.0
through 2.0 ...)
- TODO: check
+ NOT-FOR-US: Node shvl
CVE-2020-28277 (Prototype pollution vulnerability in 'dset' versions 1.0.0
through 2.0 ...)
- TODO: check
+ NOT-FOR-US: Node dset
CVE-2020-28276 (Prototype pollution vulnerability in 'deep-set' versions 1.0.0
through ...)
- TODO: check
+ NOT-FOR-US: Node deep-set
CVE-2020-28275
REJECTED
CVE-2020-28274 (Prototype pollution vulnerability in 'deepref' versions 1.1.1
through ...)
@@ -13662,7 +13663,7 @@ CVE-2020-27834 [attacker can send the same request over
and over again without c
- zabbix <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1907497
NOTE: http://almorabea.net/cves/zabbix.txt
- TODO: check for details, very scarce/incomplete CVE request from
http://almorabea.net/cves/zabbix.txt
+ NOTE: very scarce/incomplete CVE request from
http://almorabea.net/cves/zabbix.txt
CVE-2020-27833
RESERVED
NOT-FOR-US: OpenShift
@@ -17697,7 +17698,7 @@ CVE-2020-26298
CVE-2020-26297
RESERVED
CVE-2020-26296 (Vega is a visualization grammar, a declarative format for
creating, sa ...)
- TODO: check
+ NOT-FOR-US: Node vega
CVE-2020-26295
RESERVED
CVE-2020-26294
@@ -17707,13 +17708,13 @@ CVE-2020-26293
CVE-2020-26292
RESERVED
CVE-2020-26291 (URI.js is a javascript URL mutation library (npm package
urijs). In UR ...)
- TODO: check
+ NOT-FOR-US: Node urijs
CVE-2020-26290 (Dex is a federated OpenID Connect provider written in Go. In
Dex befor ...)
- TODO: check
+ NOT-FOR-US: Dex OIDC provider (differnet from src:dex)
CVE-2020-26289 (date-and-time is an npm package for manipulating date and
time. In dat ...)
NOT-FOR-US: Node date-and-time (different from src:node-date-time)
CVE-2020-26288 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Node parse-server
CVE-2020-26287 (HedgeDoc is a collaborative platform for writing and sharing
markdown. ...)
NOT-FOR-US: HedgeDoc
CVE-2020-26286 (HedgeDoc is a collaborative platform for writing and sharing
markdown. ...)
@@ -53631,7 +53632,7 @@ CVE-2020-11105 (An issue was discovered in USC iLab
cereal through 1.3.0. It emp
CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0.
Serializatio ...)
NOT-FOR-US: USC iLab cereal
CVE-2020-11103 (JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x
before 20.1, ...)
- TODO: check
+ NOT-FOR-US: Webswing
CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the
copying ...)
- qemu 1:4.2-4 (bug #956145)
[buster] - qemu <not-affected> (Vulnerable code/Tulip NIC emulator
added later)
@@ -67578,7 +67579,7 @@ CVE-2020-5808 (In certain scenarios in Tenable.sc prior
to 5.17.0, a scanner cou
CVE-2020-5807 (An unauthenticated remote attacker can send data to
RsvcHost.exe liste ...)
NOT-FOR-US: FactoryTalk Diagnostics
CVE-2020-5806 (An attacker-controlled memory allocation size can be passed to
the C++ ...)
- TODO: check
+ NOT-FOR-US: FactoryTalk
CVE-2020-5805
RESERVED
CVE-2020-5804
@@ -67586,9 +67587,9 @@ CVE-2020-5804
CVE-2020-5803 (Relative Path Traversal in Marvell QConvergeConsole GUI
5.5.0.74 allow ...)
NOT-FOR-US: Marvell QConvergeConsole GUI
CVE-2020-5802 (An attacker-controlled memory allocation size can be passed to
the C++ ...)
- TODO: check
+ NOT-FOR-US: FactoryTalk
CVE-2020-5801 (An attacker can craft and send an OpenNamespace message to port
4241 w ...)
- TODO: check
+ NOT-FOR-US: FactoryTalk
CVE-2020-5800 (The Eat Spray Love mobile app for both iOS and Android contains
logic ...)
NOT-FOR-US: Eat Spray Love mobile app
CVE-2020-5799 (The Eat Spray Love mobile app for both iOS and Android contains
a back ...)
@@ -90961,7 +90962,7 @@ CVE-2019-16283
CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting
(XSS) ex ...)
NOT-FOR-US: NCH Express Invoice
CVE-2019-16281 (Ptarmigan before 0.2.3 lacks API token validation, e.g., an
"if (token ...)
- TODO: check
+ NOT-FOR-US: Ptarmigan
CVE-2019-16280
RESERVED
CVE-2019-16279 (A memory error in the function SSL_accept in nostromo nhttpd
through 1 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b9bb351fd5fbbd06b0b27a493ecf8e562153425
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b9bb351fd5fbbd06b0b27a493ecf8e562153425
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
