[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 31 20:10:27 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
146a9244 by security tracker role at 2020-12-31T20:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2020-35930
+ RESERVED
+CVE-2020-35929
+ RESERVED
+CVE-2020-35928 (An issue was discovered in the concread crate before 0.2.6 for Rust. A ...)
+ TODO: check
+CVE-2020-35927 (An issue was discovered in the thex crate through 2020-12-08 for Rust. ...)
+ TODO: check
+CVE-2020-35926 (An issue was discovered in the nanorand crate before 0.5.1 for Rust. I ...)
+ TODO: check
+CVE-2020-35925 (An issue was discovered in the magnetic crate before 2.0.1 for Rust. M ...)
+ TODO: check
+CVE-2020-35924 (An issue was discovered in the try-mutex crate before 0.3.0 for Rust. ...)
+ TODO: check
+CVE-2020-35923 (An issue was discovered in the ordered-float crate before 1.1.1 and 2. ...)
+ TODO: check
+CVE-2020-35922 (An issue was discovered in the mio crate before 0.7.6 for Rust. It has ...)
+ TODO: check
+CVE-2020-35920 (An issue was discovered in the socket2 crate before 0.3.16 for Rust. I ...)
+ TODO: check
+CVE-2020-35918 (An issue was discovered in the branca crate before 0.10.0 for Rust. De ...)
+ TODO: check
+CVE-2020-35917 (An issue was discovered in the pyo3 crate before 0.12.4 for Rust. Ther ...)
+ TODO: check
+CVE-2020-35915 (An issue was discovered in the futures-intrusive crate before 0.4.0 fo ...)
+ TODO: check
+CVE-2020-35909 (An issue was discovered in the multihash crate before 0.11.3 for Rust. ...)
+ TODO: check
+CVE-2020-35908 (An issue was discovered in the futures-util crate before 0.3.2 for Rus ...)
+ TODO: check
+CVE-2020-35907 (An issue was discovered in the futures-task crate before 0.3.5 for Rus ...)
+ TODO: check
+CVE-2020-35906 (An issue was discovered in the futures-task crate before 0.3.6 for Rus ...)
+ TODO: check
+CVE-2020-35905 (An issue was discovered in the futures-util crate before 0.3.7 for Rus ...)
+ TODO: check
+CVE-2020-35904 (An issue was discovered in the crossbeam-channel crate before 0.4.4 fo ...)
+ TODO: check
+CVE-2020-35903 (An issue was discovered in the dync crate before 0.5.0 for Rust. VecCo ...)
+ TODO: check
+CVE-2020-35902 (An issue was discovered in the actix-codec crate before 0.3.0-beta.1 f ...)
+ TODO: check
+CVE-2020-35901 (An issue was discovered in the actix-http crate before 2.0.0-alpha.1 f ...)
+ TODO: check
+CVE-2020-35900 (An issue was discovered in the array-queue crate through 2020-09-26 fo ...)
+ TODO: check
+CVE-2020-35899 (An issue was discovered in the actix-service crate before 1.0.6 for Ru ...)
+ TODO: check
+CVE-2020-35898 (An issue was discovered in the actix-utils crate before 2.0.0 for Rust ...)
+ TODO: check
+CVE-2020-35897 (An issue was discovered in the atom crate before 0.3.6 for Rust. An un ...)
+ TODO: check
+CVE-2020-35896 (An issue was discovered in the ws crate through 2020-09-25 for Rust. T ...)
+ TODO: check
+CVE-2020-35895 (An issue was discovered in the stack crate before 0.3.1 for Rust. Arra ...)
+ TODO: check
+CVE-2020-35894 (An issue was discovered in the obstack crate before 0.1.4 for Rust. Un ...)
+ TODO: check
+CVE-2020-35893 (An issue was discovered in the simple-slab crate before 0.3.3 for Rust ...)
+ TODO: check
+CVE-2020-35892 (An issue was discovered in the simple-slab crate before 0.3.3 for Rust ...)
+ TODO: check
+CVE-2020-35891 (An issue was discovered in the ordnung crate through 2020-09-03 for Ru ...)
+ TODO: check
+CVE-2020-35890 (An issue was discovered in the ordnung crate through 2020-09-03 for Ru ...)
+ TODO: check
+CVE-2020-35889 (An issue was discovered in the crayon crate through 2020-08-31 for Rus ...)
+ TODO: check
+CVE-2020-35888 (An issue was discovered in the arr crate through 2020-08-25 for Rust. ...)
+ TODO: check
+CVE-2020-35887 (An issue was discovered in the arr crate through 2020-08-25 for Rust. ...)
+ TODO: check
+CVE-2020-35886 (An issue was discovered in the arr crate through 2020-08-25 for Rust. ...)
+ TODO: check
+CVE-2020-35885 (An issue was discovered in the alpm-rs crate through 2020-08-20 for Ru ...)
+ TODO: check
+CVE-2020-35884 (An issue was discovered in the tiny_http crate through 2020-06-16 for ...)
+ TODO: check
+CVE-2020-35883 (An issue was discovered in the mozwire crate through 2020-08-18 for Ru ...)
+ TODO: check
+CVE-2020-35882 (An issue was discovered in the rocket crate before 0.4.5 for Rust. Loc ...)
+ TODO: check
+CVE-2020-35881 (An issue was discovered in the traitobject crate through 2020-06-01 fo ...)
+ TODO: check
+CVE-2020-35880 (An issue was discovered in the bigint crate through 2020-05-07 for Rus ...)
+ TODO: check
+CVE-2020-35879 (An issue was discovered in the rulinalg crate through 2020-02-11 for R ...)
+ TODO: check
+CVE-2020-35878 (An issue was discovered in the ozone crate through 2020-07-04 for Rust ...)
+ TODO: check
+CVE-2020-35877 (An issue was discovered in the ozone crate through 2020-07-04 for Rust ...)
+ TODO: check
+CVE-2020-35876 (An issue was discovered in the rio crate through 2020-05-11 for Rust. ...)
+ TODO: check
+CVE-2020-35875 (An issue was discovered in the tokio-rustls crate before 0.13.1 for Ru ...)
+ TODO: check
+CVE-2020-35874 (An issue was discovered in the internment crate through 2020-05-28 for ...)
+ TODO: check
+CVE-2020-35873 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ TODO: check
+CVE-2020-35872 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ TODO: check
+CVE-2020-35871 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ TODO: check
+CVE-2020-35870 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ TODO: check
+CVE-2020-35869 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ TODO: check
+CVE-2020-35868 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ TODO: check
+CVE-2020-35867 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ TODO: check
+CVE-2020-35866 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ TODO: check
+CVE-2020-35865 (An issue was discovered in the os_str_bytes crate before 2.0.0 for Rus ...)
+ TODO: check
+CVE-2020-35864 (An issue was discovered in the flatbuffers crate through 2020-04-11 fo ...)
+ TODO: check
+CVE-2020-35863 (An issue was discovered in the hyper crate before 0.12.34 for Rust. HT ...)
+ TODO: check
+CVE-2020-35862 (An issue was discovered in the bitvec crate before 0.17.4 for Rust. Bi ...)
+ TODO: check
+CVE-2020-35861 (An issue was discovered in the bumpalo crate before 3.2.1 for Rust. Th ...)
+ TODO: check
+CVE-2020-35860 (An issue was discovered in the cbox crate through 2020-03-19 for Rust. ...)
+ TODO: check
+CVE-2020-35859 (An issue was discovered in the lucet-runtime-internals crate before 0. ...)
+ TODO: check
+CVE-2020-35858 (An issue was discovered in the prost crate before 0.6.1 for Rust. Ther ...)
+ TODO: check
+CVE-2020-35857 (An issue was discovered in the trust-dns-server crate before 0.18.1 fo ...)
+ TODO: check
+CVE-2019-25011
+ RESERVED
+CVE-2019-25010 (An issue was discovered in the failure crate through 2019-11-13 for Ru ...)
+ TODO: check
+CVE-2019-25009 (An issue was discovered in the http crate before 0.1.20 for Rust. The ...)
+ TODO: check
+CVE-2019-25008 (An issue was discovered in the http crate before 0.1.20 for Rust. Head ...)
+ TODO: check
+CVE-2019-25007 (An issue was discovered in the streebog crate before 0.8.0 for Rust. T ...)
+ TODO: check
+CVE-2019-25006 (An issue was discovered in the streebog crate before 0.8.0 for Rust. T ...)
+ TODO: check
+CVE-2019-25005 (An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ...)
+ TODO: check
+CVE-2019-25004 (An issue was discovered in the flatbuffers crate before 0.6.1 for Rust ...)
+ TODO: check
+CVE-2019-25003 (An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rus ...)
+ TODO: check
+CVE-2019-25002 (An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust ...)
+ TODO: check
+CVE-2019-25001 (An issue was discovered in the serde_cbor crate before 0.10.2 for Rust ...)
+ TODO: check
+CVE-2018-25001 (An issue was discovered in the libpulse-binding crate before 2.5.0 for ...)
+ TODO: check
CVE-2021-21493
RESERVED
CVE-2021-21492
@@ -108,8 +264,8 @@ CVE-2020-35853
RESERVED
CVE-2020-35852
RESERVED
-CVE-2020-35851
- RESERVED
+CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters properly. Att ...)
+ TODO: check
CVE-2021-21443
RESERVED
CVE-2021-21442
@@ -346,14 +502,14 @@ CVE-2020-35745
RESERVED
CVE-2020-35744
RESERVED
-CVE-2020-35743
- RESERVED
-CVE-2020-35742
- RESERVED
-CVE-2020-35741
- RESERVED
-CVE-2020-35740
- RESERVED
+CVE-2020-35743 (HGiga MailSherlock contains a SQL injection flaw. Attackers can inject ...)
+ TODO: check
+CVE-2020-35742 (HGiga MailSherlock contains a vulnerability of SQL Injection. Attacker ...)
+ TODO: check
+CVE-2020-35741 (HGiga MailSherlock does not validate user parameters on multiple login ...)
+ TODO: check
+CVE-2020-35740 (HGiga MailSherlock does not validate specific URL parameters properly ...)
+ TODO: check
CVE-2020-35739
RESERVED
CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack ...)
@@ -6311,15 +6467,15 @@ CVE-2020-29608
RESERVED
CVE-2020-29607 (A file upload restriction bypass vulnerability in Pluck CMS before 4.7 ...)
NOT-FOR-US: Pluck CMS
-CVE-2020-35921 [RUSTSEC-2020-0080: miow: `miow` invalidly assumes the memory layout of std::net::SocketAddr]
+CVE-2020-35921 (An issue was discovered in the miow crate before 0.3.6 for Rust. It ha ...)
- rust-miow 0.3.6-1 (bug #976871)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0080.html
NOTE: https://github.com/yoshuawuyts/miow/issues/38
-CVE-2020-35919 [RUSTSEC-2020-0078: net2: `net2` invalidly assumes the memory layout of std::net::SocketAddr]
+CVE-2020-35919 (An issue was discovered in the net2 crate before 0.2.36 for Rust. It h ...)
- rust-net2 0.2.37-1 (bug #976870)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0078.html
NOTE: https://github.com/deprecrated/net2-rs/issues/105
-CVE-2020-35916 [RUSTSEC-2020-0073: image: Mutable reference with immutable provenance]
+CVE-2020-35916 (An issue was discovered in the image crate before 0.23.12 for Rust. A ...)
- rust-image <unfixed> (bug #976869)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0073.html
NOTE: https://github.com/image-rs/image/issues/1357
@@ -7996,23 +8152,23 @@ CVE-2020-26235 (In Rust time crate from version 0.2.7 and before version 0.2.23,
NOTE: https://github.com/time-rs/time/issues/293
NOTE: Introduced by: https://github.com/time-rs/time/commit/5f1c4927124fefbd8d2886f83a574beb381411e9 (v0.2.7)
NOTE: Deprecated in: https://github.com/time-rs/time/commit/f153a1ca5fdfec979f16c49619e6034cc67e186d (v0.2.23)
-CVE-2020-35914
+CVE-2020-35914 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
- rust-lock-api <unfixed> (bug #975319)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
-CVE-2020-35913
+CVE-2020-35913 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
- rust-lock-api <unfixed> (bug #975319)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
-CVE-2020-35912
+CVE-2020-35912 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
- rust-lock-api <unfixed> (bug #975319)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
-CVE-2020-35911
+CVE-2020-35911 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
- rust-lock-api <unfixed> (bug #975319)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
-CVE-2020-35910 [RUSTSEC-2020-0070: lock_api: Some lock_api lock guard objects can cause data races]
+CVE-2020-35910 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
- rust-lock-api <unfixed> (bug #975319)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
NOTE: https://github.com/Amanieu/parking_lot/pull/262
@@ -12185,8 +12341,8 @@ CVE-2020-28277 (Prototype pollution vulnerability in 'dset' versions 1.0.0 throu
TODO: check
CVE-2020-28276 (Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through ...)
TODO: check
-CVE-2020-28275 (Prototype pollution vulnerability in 'cache-base' versions 0.7.0 throu ...)
- TODO: check
+CVE-2020-28275
+ REJECTED
CVE-2020-28274 (Prototype pollution vulnerability in 'deepref' versions 1.1.1 through ...)
NOT-FOR-US: Node deepref
CVE-2020-28273 (Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2 ...)
@@ -18435,24 +18591,24 @@ CVE-2020-25852
RESERVED
CVE-2020-25851
RESERVED
-CVE-2020-25850
- RESERVED
+CVE-2020-25850 (The function, view the source code, of HGiga MailSherlock does not val ...)
+ TODO: check
CVE-2020-25849 (MailGates and MailAudit products contain Command Injection flaw, which ...)
NOT-FOR-US: MailGates and MailAudit
-CVE-2020-25848
- RESERVED
+CVE-2020-25848 (HGiga MailSherlock contains weak authentication flaw that attackers gr ...)
+ TODO: check
CVE-2020-25847 (This command injection vulnerability allows attackers to execute arbit ...)
NOT-FOR-US: QNAP
-CVE-2020-25846
- RESERVED
-CVE-2020-25845
- RESERVED
-CVE-2020-25844
- RESERVED
-CVE-2020-25843
- RESERVED
-CVE-2020-25842
- RESERVED
+CVE-2020-25846 (The digest generation function of NHIServiSignAdapter has not been ver ...)
+ TODO: check
+CVE-2020-25845 (Multiple functions of NHIServiSignAdapter failed to verify the users&# ...)
+ TODO: check
+CVE-2020-25844 (The digest generation function of NHIServiSignAdapter has not been ver ...)
+ TODO: check
+CVE-2020-25843 (NHIServiSignAdapter fails to verify the length of digital credential f ...)
+ TODO: check
+CVE-2020-25842 (The encryption function of NHIServiSignAdapter fail to verify the file ...)
+ TODO: check
CVE-2020-25841
RESERVED
CVE-2020-25840
@@ -18560,12 +18716,12 @@ CVE-2020-25801
RESERVED
CVE-2020-25800
RESERVED
-CVE-2020-25799
- RESERVED
+CVE-2020-25799 (LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quo ...)
+ TODO: check
CVE-2020-25798 (A stored cross-site scripting (XSS) vulnerability in LimeSurvey before ...)
- limesurvey <itp> (bug #472802)
-CVE-2020-25797
- RESERVED
+CVE-2020-25797 (LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add ...)
+ TODO: check
CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload ...)
NOT-FOR-US: Typesetter CMS
CVE-2020-25789 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
@@ -50954,14 +51110,14 @@ CVE-2020-11837
RESERVED
CVE-2020-11836
RESERVED
-CVE-2020-11835
- RESERVED
-CVE-2020-11834
- RESERVED
-CVE-2020-11833
- RESERVED
-CVE-2020-11832
- RESERVED
+CVE-2020-11835 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_d ...)
+ TODO: check
+CVE-2020-11834 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the ...)
+ TODO: check
+CVE-2020-11833 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_m ...)
+ TODO: check
+CVE-2020-11832 (In functions charging_limit_current_write and charging_limit_time_writ ...)
+ TODO: check
CVE-2020-11831 (OvoiceManager has system permission to write vulnerability reports for ...)
NOT-FOR-US: OvoiceManager
CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system command ...)
@@ -133981,16 +134137,16 @@ CVE-2018-19947 (The vulnerability have been reported to affect earlier versions
NOT-FOR-US: QNAP
CVE-2018-19946 (The vulnerability have been reported to affect earlier versions of Hel ...)
NOT-FOR-US: QNAP
-CVE-2018-19945
- RESERVED
-CVE-2018-19944
- RESERVED
+CVE-2018-19945 (A vulnerability has been reported to affect earlier QNAP devices runni ...)
+ TODO: check
+CVE-2018-19944 (A cleartext transmission of sensitive information vulnerability has be ...)
+ TODO: check
CVE-2018-19943 (If exploited, this cross-site scripting vulnerability could allow remo ...)
NOT-FOR-US: QNAP
CVE-2018-19942
RESERVED
-CVE-2018-19941
- RESERVED
+CVE-2018-19941 (A vulnerability has been reported to affect QNAP NAS. If exploited, th ...)
+ TODO: check
CVE-2018-19940
RESERVED
CVE-2018-19939 (The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/146a924403f18fd9eab849ba1dc75fe47ae9f6ca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/146a924403f18fd9eab849ba1dc75fe47ae9f6ca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201231/e3558679/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list