Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: fd6fa804 by Moritz Muehlenhoff at 2020-07-31T14:53:05+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -232,7 +232,7 @@ CVE-2020-16090 CVE-2020-16089 RESERVED CVE-2020-16088 (iked in OpenIKED, as used in OpenBSD through 6.7, allows authenticatio ...) - TODO: check + NOT-FOR-US: OpenIKED CVE-2020-16087 RESERVED CVE-2020-16086 @@ -2471,9 +2471,9 @@ CVE-2020-15133 CVE-2020-15132 RESERVED CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...) - TODO: check + NOT-FOR-US: Node slp-validate CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...) - TODO: check + NOT-FOR-US: Node slpjs CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists ...) NOT-FOR-US: Traefik CVE-2020-15128 @@ -2483,7 +2483,7 @@ CVE-2020-15127 CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...) NOT-FOR-US: Node parser-server CVE-2020-15125 (In auth0 (npm package) versions before 2.27.1, a DenyList of specific ...) - TODO: check + NOT-FOR-US: Node auth0 CVE-2020-15124 (In Goobi Viewer Core before version 4.8.3, a path traversal vulnerabil ...) NOT-FOR-US: Goobi Viewer Core CVE-2020-15123 (In codecov (npm package) before version 3.7.1 the upload method has a ...) @@ -21204,7 +21204,7 @@ CVE-2020-8217 (A cross site scripting (XSS) vulnerability in Pulse Connect Secur CVE-2020-8216 (An information disclosure vulnerability in meeting of Pulse Connect Se ...) NOT-FOR-US: Pulse CVE-2020-8215 (A buffer overflow is present in canvas version <= 1.6.9, which coul ...) - TODO: check + NOT-FOR-US: Node canvas CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows an atta ...) NOT-FOR-US: servey CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect v1.13.3 ...) @@ -21233,7 +21233,7 @@ CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash & [stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support) NOTE: https://hackerone.com/reports/712065 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...) - TODO: check + NOT-FOR-US: Nextcloud Preferred Providers app CVE-2020-8201 RESERVED CVE-2020-8200 @@ -21253,7 +21253,7 @@ CVE-2020-8194 (Reflected code injection in Citrix ADC and Citrix Gateway version CVE-2020-8193 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...) NOT-FOR-US: Citrix CVE-2020-8192 (A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0 ...) - TODO: check + NOT-FOR-US: Node fastify CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...) @@ -21297,7 +21297,7 @@ CVE-2020-8177 CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.6 ...) NOT-FOR-US: koa-shopify-auth CVE-2020-8175 (Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow ...) - TODO: check + NOT-FOR-US: Node jimp CVE-2020-8174 (napi_get_value_string_*() allows various kinds of memory corruption in ...) {DSA-4696-1} - nodejs 10.21.0~dfsg-1 (bug #962145) @@ -22551,7 +22551,7 @@ CVE-2020-7701 CVE-2020-7700 RESERVED CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...) - TODO: check + NOT-FOR-US: express-fileupload CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...) TODO: check CVE-2020-7697 (This affects all versions of package mock2easy. a malicious user could ...) @@ -212195,9 +212195,9 @@ CVE-2016-7066 (It was found that the improper default permissions on /tmp/auth d CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) ...) NOT-FOR-US: Red Hat JBoss EAP CVE-2016-7064 (A flaw was found in pritunl-client before version 1.0.1116.6. A lack o ...) - TODO: check + NOT-FOR-US: pritunl-client CVE-2016-7063 (A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrar ...) - TODO: check + NOT-FOR-US: pritunl-client CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Co ...) NOT-FOR-US: Red Hat rhscon-core CVE-2016-7061 (An information disclosure vulnerability was found in JBoss Enterprise ...) @@ -282523,7 +282523,7 @@ CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubunt CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch ...) NOT-FOR-US: signond from Ubuntu Touch CVE-2014-1422 (In Ubuntu's trust-store, if a user revokes location access from an app ...) - TODO: check + NOT-FOR-US: Ubuntu trust-store CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the u ...) - mountall <not-affected> (partman-efi in jessie uses secure umask, mount in older releases not affected) NOTE: See https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183 @@ -289209,8 +289209,7 @@ CVE-2013-5961 (Unrestricted file upload vulnerability in lazyseo.php in the Lazy CVE-2013-5960 (The authenticated-encryption feature in the symmetric-encryption imple ...) NOT-FOR-US: OWASP Enterprise Security API for Java CVE-2013-5958 (The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2. ...) - NOT-FOR-US: Symfony - TODO: Check if php-symfony-polyfill/1.17.0-1 needs to be tracked + - symfony <not-affected> (Fixed before initial upload) CVE-2013-5957 (Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location. ...) - civicrm <not-affected> (Fixed before initial upload to the archive) CVE-2013-5956 (Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd6fa804c093857496cc545929273746b2bc8a33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd6fa804c093857496cc545929273746b2bc8a33 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits