[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sun Nov 1 20:10:36 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4b436b08 by security tracker role at 2020-11-01T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-28046 (An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker ...)
+ TODO: check
+CVE-2020-28045 (An unsigned-library issue was discovered in ProlinOS through 2.4.161.8 ...)
+ TODO: check
+CVE-2020-28044 (An attacker with physical access to a PAX Point Of Sale device with Pr ...)
+ TODO: check
+CVE-2020-28043 (MISP through 2.4.133 allows SSRF in the REST client via the use_full_p ...)
+ TODO: check
CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT signature verification unless ...)
TODO: check
CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 ...)
@@ -5235,8 +5243,8 @@ CVE-2020-25851
RESERVED
CVE-2020-25850
RESERVED
-CVE-2020-25849
- RESERVED
+CVE-2020-25849 (MailGates and MailAudit products contain Command Injection flaw, which ...)
+ TODO: check
CVE-2020-25848
RESERVED
CVE-2020-25847
@@ -27614,6 +27622,7 @@ CVE-2020-15252 (In XWiki before version 12.5 and 11.10.6, any user with SCRIPT r
CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version ...)
NOT-FOR-US: Channelmgnt plug-in for Sopel
CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryF ...)
+ {DLA-2426-1}
- junit4 <unfixed> (bug #972231)
NOTE: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
NOTE: https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae
@@ -30084,7 +30093,7 @@ CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 sub
[buster] - linux 4.19.146-1
NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed
CVE-2020-14355 (Multiple buffer overflow vulnerabilities were found in the QUIC image ...)
- {DSA-4771-1}
+ {DSA-4771-1 DLA-2428-1 DLA-2427-1}
- spice 0.14.3-2 (bug #971750)
- spice-gtk <unfixed> (bug #971751)
[buster] - spice-gtk <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b436b08d0b7eb04a5a6f7cda14b42bb4099d14f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b436b08d0b7eb04a5a6f7cda14b42bb4099d14f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201101/3cfded50/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list