[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 11 08:10:21 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1d8d863 by security tracker role at 2020-12-11T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2020-35138
+ RESERVED
+CVE-2020-35137
+ RESERVED
+CVE-2020-35136
+ RESERVED
+CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress allows ...)
+ TODO: check
+CVE-2020-35134
+ RESERVED
+CVE-2020-35133
+ RESERVED
+CVE-2020-35132 (An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that a ...)
+ TODO: check
+CVE-2020-35131
+ RESERVED
+CVE-2020-35130
+ RESERVED
+CVE-2020-35129
+ RESERVED
+CVE-2020-35128
+ RESERVED
+CVE-2020-35127 (Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.j ...)
+ TODO: check
+CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct ...)
+ TODO: check
+CVE-2020-35125
+ RESERVED
+CVE-2020-35124
+ RESERVED
+CVE-2020-35123
+ RESERVED
+CVE-2020-35122
+ RESERVED
+CVE-2020-35121
+ RESERVED
+CVE-2020-35120
+ RESERVED
+CVE-2020-35119
+ RESERVED
+CVE-2020-35118
+ RESERVED
+CVE-2020-35117
+ RESERVED
+CVE-2020-35116
+ RESERVED
+CVE-2020-35115
+ RESERVED
+CVE-2020-35114
+ RESERVED
+CVE-2020-35113
+ RESERVED
+CVE-2020-35112
+ RESERVED
+CVE-2020-35111
+ RESERVED
+CVE-2020-35110
+ REJECTED
+ TODO: check
+CVE-2020-35109
+ RESERVED
+CVE-2020-35108
+ RESERVED
+CVE-2020-35107
+ RESERVED
+CVE-2020-35106
+ RESERVED
+CVE-2020-35096
+ RESERVED
+CVE-2020-35090
+ REJECTED
+ TODO: check
+CVE-2020-35076
+ REJECTED
+ TODO: check
+CVE-2020-35061
+ RESERVED
+CVE-2020-35030
+ RESERVED
+CVE-2020-35017
+ RESERVED
+CVE-2020-35001
+ RESERVED
+CVE-2016-15001
+ REJECTED
+ TODO: check
CVE-2020-29670
RESERVED
CVE-2020-29669
@@ -2537,8 +2623,8 @@ CVE-2020-29313
RESERVED
CVE-2020-29312
RESERVED
-CVE-2020-29311
- RESERVED
+CVE-2020-29311 (Ubilling v1.0.9 allows Remote Command Execution as Root user by execut ...)
+ TODO: check
CVE-2020-29310
RESERVED
CVE-2020-29309
@@ -3022,7 +3108,7 @@ CVE-2020-29076
CVE-2020-29075
RESERVED
CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which all ...)
- {DSA-4799-1}
+ {DSA-4799-1 DLA-2490-1}
- x11vnc 0.9.16-5 (bug #975875)
NOTE: https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a
CVE-2020-29073
@@ -3366,7 +3452,7 @@ CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs mishandles particular com
CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User Registration sectio ...)
NOT-FOR-US: Magicpin
CVE-2020-28926 (ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code exe ...)
- {DSA-4806-1}
+ {DSA-4806-1 DLA-2489-1}
- minidlna <unfixed> (bug #976595)
NOTE: https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/
NOTE: https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a (v1_3_0)
@@ -7536,20 +7622,20 @@ CVE-2020-28222
RESERVED
CVE-2020-28221
RESERVED
-CVE-2020-28220
- RESERVED
-CVE-2020-28219
- RESERVED
-CVE-2020-28218
- RESERVED
-CVE-2020-28217
- RESERVED
-CVE-2020-28216
- RESERVED
-CVE-2020-28215
- RESERVED
-CVE-2020-28214
- RESERVED
+CVE-2020-28220 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
+ TODO: check
+CVE-2020-28219 (A CWE-522: Insufficiently Protected Credentials vulnerability exists i ...)
+ TODO: check
+CVE-2020-28218 (A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulne ...)
+ TODO: check
+CVE-2020-28217 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists i ...)
+ TODO: check
+CVE-2020-28216 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists i ...)
+ TODO: check
+CVE-2020-28215 (A CWE-862: Missing Authorization vulnerability exists in Easergy T300 ...)
+ TODO: check
+CVE-2020-28214 (A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability ...)
+ TODO: check
CVE-2020-28213 (A CWE-494: Download of Code Without Integrity Check vulnerability exis ...)
NOT-FOR-US: EcoStruxure Control Expert
CVE-2020-28212 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...)
@@ -8585,8 +8671,7 @@ CVE-2020-27830 [Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2]
NOTE: https://git.kernel.org/linus/f0992098cadb4c9c6a00703b66cafe604e178fea
CVE-2020-27829
RESERVED
-CVE-2020-27828 [heap-based buffer overflow in cp_create function in libjasper/jpc/jpc_enc.c]
- RESERVED
+CVE-2020-27828 (There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Cr ...)
- jasper <removed>
NOTE: https://github.com/jasper-software/jasper/issues/252
NOTE: https://github.com/jasper-software/jasper/pull/253
@@ -8696,8 +8781,7 @@ CVE-2020-27788
RESERVED
CVE-2020-27787
RESERVED
-CVE-2020-27786
- RESERVED
+CVE-2020-27786 (A flaw was found in the Linux kernels implementation of MIDI (kernel 5 ...)
- linux 5.6.14-1
[buster] - linux 4.19.131-1
[stretch] - linux 4.9.228-1
@@ -12286,30 +12370,27 @@ CVE-2020-26419
RESERVED
CVE-2020-26418
RESERVED
-CVE-2020-26417
- RESERVED
-CVE-2020-26416
- RESERVED
-CVE-2020-26415
- RESERVED
+CVE-2020-26417 (Information disclosure via GraphQL in GitLab CE/EE 13.1 and later expo ...)
+ TODO: check
+CVE-2020-26416 (Information disclosure in Advanced Search component of GitLab EE start ...)
+ TODO: check
+CVE-2020-26415 (Information about the starred projects for private user profiles was e ...)
+ TODO: check
CVE-2020-26414
RESERVED
-CVE-2020-26413
- RESERVED
-CVE-2020-26412
- RESERVED
-CVE-2020-26411
- RESERVED
+CVE-2020-26413 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
+CVE-2020-26412 (Removed group members were able to use the To-Do functionality to retr ...)
+ TODO: check
+CVE-2020-26411 (A potential DOS vulnerability was discovered in all versions of Gitlab ...)
- gitlab 13.4.7-1
NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/
CVE-2020-26410
RESERVED
-CVE-2020-26409
- RESERVED
+CVE-2020-26409 (A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>= ...)
- gitlab 13.4.7-1
NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/
-CVE-2020-26408
- RESERVED
+CVE-2020-26408 (A limited information disclosure vulnerability exists in Gitlab CE/EE ...)
- gitlab 13.4.7-1
NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/
CVE-2020-26407 (A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13 ...)
@@ -12586,18 +12667,18 @@ CVE-2020-26273
RESERVED
CVE-2020-26272
RESERVED
-CVE-2020-26271
- RESERVED
-CVE-2020-26270
- RESERVED
-CVE-2020-26269
- RESERVED
-CVE-2020-26268
- RESERVED
-CVE-2020-26267
- RESERVED
-CVE-2020-26266
- RESERVED
+CVE-2020-26271 (In affected versions of TensorFlow under certain cases, loading a save ...)
+ TODO: check
+CVE-2020-26270 (In affected versions of TensorFlow running an LSTM/GRU model where the ...)
+ TODO: check
+CVE-2020-26269 (In TensorFlow release candidate versions 2.4.0rc*, the general impleme ...)
+ TODO: check
+CVE-2020-26268 (In affected versions of TensorFlow the tf.raw_ops.ImmutableConst opera ...)
+ TODO: check
+CVE-2020-26267 (In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute ...)
+ TODO: check
+CVE-2020-26266 (In affected versions of TensorFlow under certain cases a saved model c ...)
+ TODO: check
CVE-2020-26265
RESERVED
CVE-2020-26264
@@ -12743,8 +12824,8 @@ CVE-2020-26203
RESERVED
CVE-2020-26202
RESERVED
-CVE-2020-26201
- RESERVED
+CVE-2020-26201 (Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak pass ...)
+ TODO: check
CVE-2020-26200
RESERVED
CVE-2020-26199
@@ -13287,8 +13368,8 @@ CVE-2020-25969
RESERVED
CVE-2020-25968
RESERVED
-CVE-2020-25967
- RESERVED
+CVE-2020-25967 (The member center function in fastadmin V1.0.0.20200506_beta is vulner ...)
+ TODO: check
CVE-2020-25966 (** DISPUTED ** Sectona Spectra before 3.4.0 has a vulnerable SOAP API ...)
NOT-FOR-US: Sectona Spectra
CVE-2020-25965
@@ -13561,8 +13642,8 @@ CVE-2020-25840
RESERVED
CVE-2020-25839 (NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected b ...)
NOT-FOR-US: NetIQ Identity Manager
-CVE-2020-25838
- RESERVED
+CVE-2020-25838 (Unauthorized disclosure of sensitive information vulnerability in Micr ...)
+ TODO: check
CVE-2020-25837 (Sensitive information disclosure vulnerability in Micro Focus Self Ser ...)
NOT-FOR-US: Micro Focus
CVE-2020-25836
@@ -15246,8 +15327,8 @@ CVE-2020-25193
RESERVED
CVE-2020-25192
RESERVED
-CVE-2020-25191
- RESERVED
+CVE-2020-25191 (Incorrect permissions are set by default for an API entry-point of a s ...)
+ TODO: check
CVE-2020-25190
RESERVED
CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer overflo ...)
@@ -16440,16 +16521,16 @@ CVE-2020-24639
RESERVED
CVE-2020-24638
RESERVED
-CVE-2020-24637
- RESERVED
+CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for an atta ...)
+ TODO: check
CVE-2020-24636
RESERVED
CVE-2020-24635
RESERVED
-CVE-2020-24634
- RESERVED
-CVE-2020-24633
- RESERVED
+CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by sending e ...)
+ TODO: check
+CVE-2020-24633 (There are multiple buffer overflow vulnerabilities that could lead to ...)
+ TODO: check
CVE-2020-24632 (A remote execution of arbitrary commandss vulnerability was discovered ...)
NOT-FOR-US: Aruba
CVE-2020-24631 (A remote execution of arbitrary commands vulnerability was discovered ...)
@@ -16863,8 +16944,8 @@ CVE-2020-24449
RESERVED
CVE-2020-24448
RESERVED
-CVE-2020-24447
- RESERVED
+CVE-2020-24447 (Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affe ...)
+ TODO: check
CVE-2020-24446
RESERVED
CVE-2020-24445 (AEM's Cloud Service offering, as well as versions 6.5.6.0 (and below), ...)
@@ -16877,8 +16958,8 @@ CVE-2020-24442 (Adobe Connect version 11.0 (and earlier) is affected by a reflec
NOT-FOR-US: Adobe
CVE-2020-24441 (Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not ...)
NOT-FOR-US: Adobe
-CVE-2020-24440
- RESERVED
+CVE-2020-24440 (Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontroll ...)
+ TODO: check
CVE-2020-24439 (Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 202 ...)
NOT-FOR-US: Adobe
CVE-2020-24438 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
@@ -26788,8 +26869,8 @@ CVE-2020-19529
RESERVED
CVE-2020-19528
RESERVED
-CVE-2020-19527
- RESERVED
+CVE-2020-19527 (iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metac ...)
+ TODO: check
CVE-2020-19526
RESERVED
CVE-2020-19525
@@ -27558,8 +27639,8 @@ CVE-2020-19144
RESERVED
CVE-2020-19143
RESERVED
-CVE-2020-19142
- RESERVED
+CVE-2020-19142 (iCMS 7 attackers to execute arbitrary OS commands via shell metacharac ...)
+ TODO: check
CVE-2020-19141
RESERVED
CVE-2020-19140
@@ -30788,8 +30869,7 @@ CVE-2020-17532
RESERVED
CVE-2020-17531 (A Java Serialization vulnerability was found in Apache Tapestry 4. Apa ...)
NOT-FOR-US: Apache Tapestry
-CVE-2020-17530
- RESERVED
+CVE-2020-17530 (Forced OGNL evaluation, when evaluated on raw user input in tag attrib ...)
- libstruts1.2-java <not-affected> (Specific to 2.x)
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-061
CVE-2020-17529 (Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incuba ...)
@@ -32716,8 +32796,8 @@ CVE-2020-16610 (Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site R
NOT-FOR-US: Hoosk Codeigniter CMS
CVE-2020-16609
RESERVED
-CVE-2020-16608
- RESERVED
+CVE-2020-16608 (Notable 1.8.4 allows XSS via crafted Markdown text, with resultant rem ...)
+ TODO: check
CVE-2020-16607
RESERVED
CVE-2020-16606
@@ -33652,7 +33732,7 @@ CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and pri
CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...)
NOT-FOR-US: Octopus Deploy
CVE-2020-16196
- RESERVED
+ REJECTED
CVE-2020-16195
RESERVED
CVE-2020-16194
@@ -40975,8 +41055,8 @@ CVE-2020-13558
RESERVED
CVE-2020-13557
RESERVED
-CVE-2020-13556
- RESERVED
+CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP server ...)
+ TODO: check
CVE-2020-13555
RESERVED
CVE-2020-13554
@@ -41031,16 +41111,16 @@ CVE-2020-13532
RESERVED
CVE-2020-13531 (A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 pro ...)
NOT-FOR-US: Pixar OpenUSD
-CVE-2020-13530
- RESERVED
+CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...)
+ TODO: check
CVE-2020-13529
RESERVED
CVE-2020-13528
RESERVED
CVE-2020-13527
RESERVED
-CVE-2020-13526
- RESERVED
+CVE-2020-13526 (SQL injection vulnerability exists in the handling of sort parameters ...)
+ TODO: check
CVE-2020-13525 (The sort parameter in the download page /sysworkflow/en/neoclassic/rep ...)
NOT-FOR-US: ProcessMaker
CVE-2020-13524 (An out-of-bounds memory corruption vulnerability exists in the way Pix ...)
@@ -41051,8 +41131,8 @@ CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in Sof
NOT-FOR-US: SoftPerfect
CVE-2020-13521
REJECTED
-CVE-2020-13520
- RESERVED
+CVE-2020-13520 (An out of bounds memory corruption vulnerability exists in the way Pix ...)
+ TODO: check
CVE-2020-13519
RESERVED
CVE-2020-13518
@@ -41437,8 +41517,7 @@ CVE-2020-13359 (The Terraform API in GitLab CE/EE 12.10+ exposed the object stor
CVE-2020-13358 (A vulnerability in the internal Kubernetes agent api in GitLab CE/EE v ...)
- gitlab 13.3.9-1
NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
-CVE-2020-13357
- RESERVED
+CVE-2020-13357 (An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13. ...)
- gitlab 13.4.7-1
NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/
CVE-2020-13356 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -43089,7 +43168,7 @@ CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial
CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...)
NOT-FOR-US: iframe plugin for WordPress
CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17 ...)
- {DSA-4806-1 DLA-2318-1 DLA-2315-1}
+ {DSA-4806-1 DLA-2489-1 DLA-2318-1 DLA-2315-1}
- wpa 2:2.9.0-16 (bug #976106)
[buster] - wpa <no-dsa> (Minor issue)
- gupnp 1.2.3-1
@@ -53341,8 +53420,8 @@ CVE-2020-9303
RESERVED
CVE-2020-9302
RESERVED
-CVE-2020-9301
- RESERVED
+CVE-2020-9301 (Nolan Ray from Apple Information Security identified a security vulner ...)
+ TODO: check
CVE-2020-9300 (The Access Control issues include allowing a regular user to view a re ...)
NOT-FOR-US: Netflix dispatch
CVE-2020-9299 (There were XSS vulnerabilities discovered and reported in the Dispatch ...)
@@ -54250,8 +54329,8 @@ CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library ver
NOT-FOR-US: Google Closure Library
CVE-2020-8909
RESERVED
-CVE-2020-8908
- RESERVED
+CVE-2020-8908 (A temp directory creation vulnerability exist in Guava versions prior ...)
+ TODO: check
CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
- google-compute-image-packages <unfixed>
NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
@@ -57707,8 +57786,8 @@ CVE-2020-7562 (A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Ser
NOT-FOR-US: Modicon
CVE-2020-7561 (A CWE-284: Improper Access Control vulnerability exists in Easergy T30 ...)
NOT-FOR-US: Easergy
-CVE-2020-7560
- RESERVED
+CVE-2020-7560 (A CWE-123: Write-what-where Condition vulnerability exists in EcoStrux ...)
+ TODO: check
CVE-2020-7559 (A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer ...)
NOT-FOR-US: EcoStruxure Control Expert
CVE-2020-7558 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition ...)
@@ -57729,8 +57808,8 @@ CVE-2020-7551 (A CWE-119 Improper Restriction of Operations within the Bounds of
NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7550 (A CWE-119 Improper Restriction of Operations within the Bounds of a Me ...)
NOT-FOR-US: IGSS Definition (Def.exe)
-CVE-2020-7549
- RESERVED
+CVE-2020-7549 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ TODO: check
CVE-2020-7548 (A CWE-330 - Use of Insufficiently Random Values vulnerability exists i ...)
NOT-FOR-US: Schneider
CVE-2020-7547 (A CWE-284: Improper Access Control vulnerability exists in EcoStruxure ...)
@@ -57741,24 +57820,24 @@ CVE-2020-7545 (A CWE-284:Improper Access Control vulnerability exists in EcoStru
NOT-FOR-US: Schneider
CVE-2020-7544 (A CWE-269 Improper Privilege Management vulnerability exists in EcoStr ...)
NOT-FOR-US: EcoStruxure Operator Terminal Expert runtime
-CVE-2020-7543
- RESERVED
-CVE-2020-7542
- RESERVED
-CVE-2020-7541
- RESERVED
-CVE-2020-7540
- RESERVED
-CVE-2020-7539
- RESERVED
+CVE-2020-7543 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ TODO: check
+CVE-2020-7542 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ TODO: check
+CVE-2020-7541 (A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in ...)
+ TODO: check
+CVE-2020-7540 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ TODO: check
+CVE-2020-7539 (A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnera ...)
+ TODO: check
CVE-2020-7538 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: EcoStruxure Control Expert
-CVE-2020-7537
- RESERVED
-CVE-2020-7536
- RESERVED
-CVE-2020-7535
- RESERVED
+CVE-2020-7537 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ TODO: check
+CVE-2020-7536 (A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnera ...)
+ TODO: check
+CVE-2020-7535 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
CVE-2020-7534
RESERVED
CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web Server o ...)
@@ -63912,6 +63991,7 @@ CVE-2019-20220 (In Support Incident Tracker (SiT!) 3.67, the search_id parameter
CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor i ...)
NOT-FOR-US: ngiflib
CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u ...)
+ {DLA-2340-2}
- sqlite3 3.30.1+fossil191229-1
[buster] - sqlite3 3.27.2-3+deb10u1
[jessie] - sqlite3 <no-dsa> (Minor issue)
@@ -64824,8 +64904,8 @@ CVE-2020-4831
RESERVED
CVE-2020-4830
RESERVED
-CVE-2020-4829
- RESERVED
+CVE-2020-4829 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...)
+ TODO: check
CVE-2020-4828
RESERVED
CVE-2020-4827
@@ -120363,8 +120443,8 @@ CVE-2019-4740 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is v
NOT-FOR-US: IBM
CVE-2019-4739
RESERVED
-CVE-2019-4738
- RESERVED
+CVE-2019-4738 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 a ...)
+ TODO: check
CVE-2019-4737 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...)
NOT-FOR-US: IBM
CVE-2019-4736 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site requ ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1d8d863b91a7975a0103576ffbe1a21442f049a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1d8d863b91a7975a0103576ffbe1a21442f049a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201211/3350312c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list