[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 2 20:10:27 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5f06acab by security tracker role at 2020-12-02T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2021-1635
+ RESERVED
+CVE-2021-1634
+ RESERVED
+CVE-2021-1633
+ RESERVED
+CVE-2021-1632
+ RESERVED
+CVE-2021-1631
+ RESERVED
+CVE-2021-1630
+ RESERVED
+CVE-2021-1629
+ RESERVED
+CVE-2021-1628
+ RESERVED
+CVE-2021-1627
+ RESERVED
+CVE-2021-1626
+ RESERVED
+CVE-2020-29477
+ RESERVED
+CVE-2020-29476
+ RESERVED
+CVE-2020-29475
+ RESERVED
+CVE-2020-29474
+ RESERVED
+CVE-2020-29473
+ RESERVED
+CVE-2020-29472
+ RESERVED
+CVE-2020-29471
+ RESERVED
+CVE-2020-29470
+ RESERVED
+CVE-2020-29469
+ RESERVED
+CVE-2020-29468
+ RESERVED
+CVE-2020-29467
+ RESERVED
+CVE-2020-29466
+ RESERVED
+CVE-2020-29465
+ RESERVED
+CVE-2020-29464
+ RESERVED
+CVE-2020-29463
+ RESERVED
+CVE-2020-29462
+ RESERVED
+CVE-2020-29461
+ RESERVED
+CVE-2020-29460
+ RESERVED
+CVE-2020-29459
+ RESERVED
+CVE-2020-29458 (Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. ...)
+ TODO: check
+CVE-2020-29457
+ RESERVED
+CVE-2020-29456 (Multiple cross-site scripting (XSS) vulnerabilities in Papermerge befo ...)
+ TODO: check
CVE-2020-29455
RESERVED
CVE-2020-29454 (Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user ...)
@@ -134,8 +198,8 @@ CVE-2020-29391
RESERVED
CVE-2020-29390 (Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi ...)
NOT-FOR-US: Zeroshell
-CVE-2020-29389
- RESERVED
+CVE-2020-29389 (The official Crux Linux Docker images 3.0 through 3.4 contain a blank ...)
+ TODO: check
CVE-2020-29388
RESERVED
CVE-2020-29387
@@ -464,10 +528,10 @@ CVE-2020-29242
RESERVED
CVE-2020-29241
RESERVED
-CVE-2020-29240
- RESERVED
-CVE-2020-29239
- RESERVED
+CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacke ...)
+ TODO: check
+CVE-2020-29239 (Online Birth Certificate System Project V 1.0 is affected by cross-sit ...)
+ TODO: check
CVE-2020-29238
RESERVED
CVE-2020-29237
@@ -5188,10 +5252,10 @@ CVE-2020-28275
RESERVED
CVE-2020-28274
RESERVED
-CVE-2020-28273
- RESERVED
-CVE-2020-28272
- RESERVED
+CVE-2020-28273 (Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2 ...)
+ TODO: check
+CVE-2020-28272 (Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2 ...)
+ TODO: check
CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0 through ...)
NOT-FOR-US: Node deephas
CVE-2020-28270 (Overview:Prototype pollution vulnerability in ‘object-hierarchy- ...)
@@ -10460,6 +10524,7 @@ CVE-2020-26217 (XStream before version 1.4.14 is vulnerable to Remote Code Execu
CVE-2020-26216 (TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 ...)
NOT-FOR-US: TYPO3 Fluid
CVE-2020-26215 (Jupyter Notebook before version 6.1.5 has an Open redirect vulnerabili ...)
+ {DLA-2477-1}
- jupyter-notebook 6.1.5-1
NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh
NOTE: https://github.com/jupyter/notebook/commit/2e1c56b0c4a903606d4a2eb13e32409296b9799d
@@ -11678,6 +11743,7 @@ CVE-2020-25697
NOTE: Long-standing design limitation in X11, unlikely to get fixed until the world moves to Wayland
NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/3
CVE-2020-25696 (A flaw was found in the psql interactive terminal of PostgreSQL in ver ...)
+ {DLA-2478-1}
- postgresql-13 13.1-1
- postgresql-12 <unfixed>
- postgresql-11 <removed>
@@ -11685,6 +11751,7 @@ CVE-2020-25696 (A flaw was found in the psql interactive terminal of PostgreSQL
- postgresql-9.6 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...)
+ {DLA-2478-1}
- postgresql-13 13.1-1
- postgresql-12 <unfixed>
- postgresql-11 <removed>
@@ -11692,6 +11759,7 @@ CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before 12.5
- postgresql-9.6 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...)
+ {DLA-2478-1}
- postgresql-13 13.1-1
- postgresql-12 <unfixed>
- postgresql-11 <removed>
@@ -11934,8 +12002,7 @@ CVE-2020-25639 [NULL pointer dereference via nouveau ioctl can lead to DoS]
[buster] - linux <not-affected> (Vulnerable code introduced later)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.freedesktop.org/archives/nouveau/2020-August/036682.html
-CVE-2020-25638
- RESERVED
+CVE-2020-25638 (A flaw was found in hibernate-core in versions prior to and including ...)
- libhibernate3-java <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1881353
CVE-2020-25637 (A double free memory issue was found to occur in the libvirt API, in v ...)
@@ -12776,10 +12843,10 @@ CVE-2020-25268 (Remote Code Execution can occur via the external news feed in IL
NOT-FOR-US: ILIAS
CVE-2020-25267 (An XSS issue exists in the question-pool file-upload preview feature i ...)
NOT-FOR-US: ILIAS
-CVE-2020-25266
- RESERVED
-CVE-2020-25265
- RESERVED
+CVE-2020-25266 (AppImage appimaged before 1.0.3 does not properly check whether a down ...)
+ TODO: check
+CVE-2020-25265 (AppImage libappimage before 1.0.3 allows attackers to trigger an overw ...)
+ TODO: check
CVE-2020-25264
RESERVED
CVE-2020-25263 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the ...)
@@ -36312,8 +36379,7 @@ CVE-2020-14370 (An information disclosure vulnerability was found in containers/
- libpod 2.0.6+dfsg1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874268
NOTE: https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074
-CVE-2020-14369
- RESERVED
+CVE-2020-14369 (This release fixes a Cross Site Request Forgery vulnerability was foun ...)
NOT-FOR-US: Red Hat CloudForm
CVE-2020-14368
RESERVED
@@ -37512,8 +37578,7 @@ CVE-2020-13958 (A vulnerability in Apache OpenOffice scripting events allows an
NOT-FOR-US: Apache OpenOffice
CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 ...)
- lucene-solr <not-affected> (Vulnerable functionality not yet present)
-CVE-2020-13956 [incorrect handling of malformed authority component in request URIs]
- RESERVED
+CVE-2020-13956 (Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misin ...)
{DSA-4772-1 DLA-2405-1}
- httpcomponents-client 4.5.13-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587
@@ -38773,18 +38838,18 @@ CVE-2020-13500 (SQL injection vulnerability exists in the CHaD.asmx web service
NOT-FOR-US: CHaD.asmx
CVE-2020-13499 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...)
NOT-FOR-US: CHaD.asmx
-CVE-2020-13498
- RESERVED
-CVE-2020-13497
- RESERVED
-CVE-2020-13496
- RESERVED
+CVE-2020-13498 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...)
+ TODO: check
+CVE-2020-13497 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...)
+ TODO: check
+CVE-2020-13496 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...)
+ TODO: check
CVE-2020-13495
RESERVED
-CVE-2020-13494
- RESERVED
-CVE-2020-13493
- RESERVED
+CVE-2020-13494 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsin ...)
+ TODO: check
+CVE-2020-13493 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+ TODO: check
CVE-2020-13492
RESERVED
CVE-2020-13491
@@ -41207,8 +41272,8 @@ CVE-2020-12526
RESERVED
CVE-2020-12525
RESERVED
-CVE-2020-12524
- RESERVED
+CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause the Phoeni ...)
+ TODO: check
CVE-2020-12523
RESERVED
CVE-2020-12522
@@ -194589,8 +194654,8 @@ CVE-2017-14453 (On Insteon Hub 2245-222 devices with firmware version 1012, spec
NOT-FOR-US: Insteon Hub
CVE-2017-14452 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
NOT-FOR-US: Insteon Hub
-CVE-2017-14451
- RESERVED
+CVE-2017-14451 (An exploitable out-of-bounds read vulnerability exists in libevm (Ethe ...)
+ TODO: check
CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image parsing functi ...)
{DSA-4184-1 DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
@@ -230186,8 +230251,8 @@ CVE-2017-2912 (An exploitable vulnerability exists in the remote control functio
NOT-FOR-US: Circle with Disney
CVE-2017-2911 (An exploitable vulnerability exists in the remote control functionalit ...)
NOT-FOR-US: Circle with Disney
-CVE-2017-2910
- RESERVED
+CVE-2017-2910 (An exploitable Out-of-bounds Write vulnerability exists in the xls_add ...)
+ TODO: check
CVE-2017-2909 (An infinite loop programming error exists in the DNS server functional ...)
- smplayer 18.5.0~ds1-1 (bug #898943)
[stretch] - smplayer <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f06acabc157520b71493ccdbdf73828fbe1e601
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f06acabc157520b71493ccdbdf73828fbe1e601
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201202/74cc35e8/attachment.html>
More information about the debian-security-tracker-commits
mailing list