Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5f06acab by security tracker role at 2020-12-02T20:10:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,67 @@ +CVE-2021-1635 + RESERVED +CVE-2021-1634 + RESERVED +CVE-2021-1633 + RESERVED +CVE-2021-1632 + RESERVED +CVE-2021-1631 + RESERVED +CVE-2021-1630 + RESERVED +CVE-2021-1629 + RESERVED +CVE-2021-1628 + RESERVED +CVE-2021-1627 + RESERVED +CVE-2021-1626 + RESERVED +CVE-2020-29477 + RESERVED +CVE-2020-29476 + RESERVED +CVE-2020-29475 + RESERVED +CVE-2020-29474 + RESERVED +CVE-2020-29473 + RESERVED +CVE-2020-29472 + RESERVED +CVE-2020-29471 + RESERVED +CVE-2020-29470 + RESERVED +CVE-2020-29469 + RESERVED +CVE-2020-29468 + RESERVED +CVE-2020-29467 + RESERVED +CVE-2020-29466 + RESERVED +CVE-2020-29465 + RESERVED +CVE-2020-29464 + RESERVED +CVE-2020-29463 + RESERVED +CVE-2020-29462 + RESERVED +CVE-2020-29461 + RESERVED +CVE-2020-29460 + RESERVED +CVE-2020-29459 + RESERVED +CVE-2020-29458 (Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. ...) + TODO: check +CVE-2020-29457 + RESERVED +CVE-2020-29456 (Multiple cross-site scripting (XSS) vulnerabilities in Papermerge befo ...) + TODO: check CVE-2020-29455 RESERVED CVE-2020-29454 (Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user ...) @@ -134,8 +198,8 @@ CVE-2020-29391 RESERVED CVE-2020-29390 (Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi ...) NOT-FOR-US: Zeroshell -CVE-2020-29389 - RESERVED +CVE-2020-29389 (The official Crux Linux Docker images 3.0 through 3.4 contain a blank ...) + TODO: check CVE-2020-29388 RESERVED CVE-2020-29387 @@ -464,10 +528,10 @@ CVE-2020-29242 RESERVED CVE-2020-29241 RESERVED -CVE-2020-29240 - RESERVED -CVE-2020-29239 - RESERVED +CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacke ...) + TODO: check +CVE-2020-29239 (Online Birth Certificate System Project V 1.0 is affected by cross-sit ...) + TODO: check CVE-2020-29238 RESERVED CVE-2020-29237 @@ -5188,10 +5252,10 @@ CVE-2020-28275 RESERVED CVE-2020-28274 RESERVED -CVE-2020-28273 - RESERVED -CVE-2020-28272 - RESERVED +CVE-2020-28273 (Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2 ...) + TODO: check +CVE-2020-28272 (Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2 ...) + TODO: check CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0 through ...) NOT-FOR-US: Node deephas CVE-2020-28270 (Overview:Prototype pollution vulnerability in ‘object-hierarchy- ...) @@ -10460,6 +10524,7 @@ CVE-2020-26217 (XStream before version 1.4.14 is vulnerable to Remote Code Execu CVE-2020-26216 (TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 ...) NOT-FOR-US: TYPO3 Fluid CVE-2020-26215 (Jupyter Notebook before version 6.1.5 has an Open redirect vulnerabili ...) + {DLA-2477-1} - jupyter-notebook 6.1.5-1 NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh NOTE: https://github.com/jupyter/notebook/commit/2e1c56b0c4a903606d4a2eb13e32409296b9799d @@ -11678,6 +11743,7 @@ CVE-2020-25697 NOTE: Long-standing design limitation in X11, unlikely to get fixed until the world moves to Wayland NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/3 CVE-2020-25696 (A flaw was found in the psql interactive terminal of PostgreSQL in ver ...) + {DLA-2478-1} - postgresql-13 13.1-1 - postgresql-12 <unfixed> - postgresql-11 <removed> @@ -11685,6 +11751,7 @@ CVE-2020-25696 (A flaw was found in the psql interactive terminal of PostgreSQL - postgresql-9.6 <removed> NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...) + {DLA-2478-1} - postgresql-13 13.1-1 - postgresql-12 <unfixed> - postgresql-11 <removed> @@ -11692,6 +11759,7 @@ CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before 12.5 - postgresql-9.6 <removed> NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...) + {DLA-2478-1} - postgresql-13 13.1-1 - postgresql-12 <unfixed> - postgresql-11 <removed> @@ -11934,8 +12002,7 @@ CVE-2020-25639 [NULL pointer dereference via nouveau ioctl can lead to DoS] [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://lists.freedesktop.org/archives/nouveau/2020-August/036682.html -CVE-2020-25638 - RESERVED +CVE-2020-25638 (A flaw was found in hibernate-core in versions prior to and including ...) - libhibernate3-java <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1881353 CVE-2020-25637 (A double free memory issue was found to occur in the libvirt API, in v ...) @@ -12776,10 +12843,10 @@ CVE-2020-25268 (Remote Code Execution can occur via the external news feed in IL NOT-FOR-US: ILIAS CVE-2020-25267 (An XSS issue exists in the question-pool file-upload preview feature i ...) NOT-FOR-US: ILIAS -CVE-2020-25266 - RESERVED -CVE-2020-25265 - RESERVED +CVE-2020-25266 (AppImage appimaged before 1.0.3 does not properly check whether a down ...) + TODO: check +CVE-2020-25265 (AppImage libappimage before 1.0.3 allows attackers to trigger an overw ...) + TODO: check CVE-2020-25264 RESERVED CVE-2020-25263 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the ...) @@ -36312,8 +36379,7 @@ CVE-2020-14370 (An information disclosure vulnerability was found in containers/ - libpod 2.0.6+dfsg1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874268 NOTE: https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074 -CVE-2020-14369 - RESERVED +CVE-2020-14369 (This release fixes a Cross Site Request Forgery vulnerability was foun ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-14368 RESERVED @@ -37512,8 +37578,7 @@ CVE-2020-13958 (A vulnerability in Apache OpenOffice scripting events allows an NOT-FOR-US: Apache OpenOffice CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 ...) - lucene-solr <not-affected> (Vulnerable functionality not yet present) -CVE-2020-13956 [incorrect handling of malformed authority component in request URIs] - RESERVED +CVE-2020-13956 (Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misin ...) {DSA-4772-1 DLA-2405-1} - httpcomponents-client 4.5.13-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587 @@ -38773,18 +38838,18 @@ CVE-2020-13500 (SQL injection vulnerability exists in the CHaD.asmx web service NOT-FOR-US: CHaD.asmx CVE-2020-13499 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...) NOT-FOR-US: CHaD.asmx -CVE-2020-13498 - RESERVED -CVE-2020-13497 - RESERVED -CVE-2020-13496 - RESERVED +CVE-2020-13498 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) + TODO: check +CVE-2020-13497 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) + TODO: check +CVE-2020-13496 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) + TODO: check CVE-2020-13495 RESERVED -CVE-2020-13494 - RESERVED -CVE-2020-13493 - RESERVED +CVE-2020-13494 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsin ...) + TODO: check +CVE-2020-13493 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...) + TODO: check CVE-2020-13492 RESERVED CVE-2020-13491 @@ -41207,8 +41272,8 @@ CVE-2020-12526 RESERVED CVE-2020-12525 RESERVED -CVE-2020-12524 - RESERVED +CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause the Phoeni ...) + TODO: check CVE-2020-12523 RESERVED CVE-2020-12522 @@ -194589,8 +194654,8 @@ CVE-2017-14453 (On Insteon Hub 2245-222 devices with firmware version 1012, spec NOT-FOR-US: Insteon Hub CVE-2017-14452 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...) NOT-FOR-US: Insteon Hub -CVE-2017-14451 - RESERVED +CVE-2017-14451 (An exploitable out-of-bounds read vulnerability exists in libevm (Ethe ...) + TODO: check CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image parsing functi ...) {DSA-4184-1 DSA-4177-1 DLA-1341-1} - libsdl2-image 2.0.3+dfsg1-1 @@ -230186,8 +230251,8 @@ CVE-2017-2912 (An exploitable vulnerability exists in the remote control functio NOT-FOR-US: Circle with Disney CVE-2017-2911 (An exploitable vulnerability exists in the remote control functionalit ...) NOT-FOR-US: Circle with Disney -CVE-2017-2910 - RESERVED +CVE-2017-2910 (An exploitable Out-of-bounds Write vulnerability exists in the xls_add ...) + TODO: check CVE-2017-2909 (An infinite loop programming error exists in the DNS server functional ...) - smplayer 18.5.0~ds1-1 (bug #898943) [stretch] - smplayer <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f06acabc157520b71493ccdbdf73828fbe1e601 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f06acabc157520b71493ccdbdf73828fbe1e601 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits