[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 25 20:10:40 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3d1757f1 by security tracker role at 2020-11-25T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,8 +4,8 @@ CVE-2020-29072 (A Cross-Site Script Inclusion vulnerability was found on LiquidF
NOT-FOR-US: LiquidFiles
CVE-2020-29071 (An XSS issue was found in the Shares feature of LiquidFiles before 3.3 ...)
NOT-FOR-US: LiquidFiles
-CVE-2020-29070
- RESERVED
+CVE-2020-29070 (osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user en ...)
+ TODO: check
CVE-2020-29069 (_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network ...)
NOT-FOR-US: Modern Honey Network
CVE-2020-29068
@@ -9519,8 +9519,8 @@ CVE-2020-26245
RESERVED
CVE-2020-26244
RESERVED
-CVE-2020-26243
- RESERVED
+CVE-2020-26243 (Nanopb is a small code-size Protocol Buffers implementation. In Nanopb ...)
+ TODO: check
CVE-2020-26242 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...)
TODO: check
CVE-2020-26241 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...)
@@ -9584,8 +9584,8 @@ CVE-2020-26214 (In Alerta before version 8.1.0, users may be able to bypass LDAP
NOT-FOR-US: Alerta
CVE-2020-26213 (In teler before version 0.0.1, if you run teler inside a Docker contai ...)
NOT-FOR-US: Alerta
-CVE-2020-26212
- RESERVED
+CVE-2020-26212 (GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Fr ...)
+ TODO: check
CVE-2020-26211 (In BookStack before version 0.30.4, a user with permissions to edit a ...)
NOT-FOR-US: BookStack app
CVE-2020-26210 (In BookStack before version 0.30.4, a user with permissions to edit a ...)
@@ -10998,8 +10998,7 @@ CVE-2020-25651 [Possible File Transfer DoS and Information Leak via active_xfers
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/9d35d8a86fb310fc1f29d428c0a96995948d2357
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/e4bfd1b632b6c14e8411dbe3565115a78cd3d256
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/b7db1c20c9f80154fb54392eb44add3486d3e427
-CVE-2020-25650 [Memory DoS via Arbitrary Entries in active_xfers Hash Table]
- RESERVED
+CVE-2020-25650 (A flaw was found in the way the spice-vdagentd daemon handled file tra ...)
- spice-vdagent <unfixed> (bug #973769)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332
@@ -168766,7 +168765,7 @@ CVE-2017-18036 (The Github repository importer in Atlassian Bitbucket Server bef
NOT-FOR-US: Atlassian Bitbucket
CVE-2017-18035 (The /rest/review-coverage-chart/1.0/data/<repository_name>/.json ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
-CVE-2017-18034 (The source browse resource in Atlassian FishEye and Crucible before ve ...)
+CVE-2017-18034 (The source browse resource in Atlassian Fisheye and Crucible before ve ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allow ...)
NOT-FOR-US: Jira-importers-plugin in Atlassian Jira
@@ -193228,9 +193227,9 @@ CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial re
NOT-FOR-US: Atlassian Bamboo
CVE-2017-14589 (It was possible for double OGNL evaluation in FreeMarker templates thr ...)
NOT-FOR-US: Atlassian Bamboo
-CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before version 4.4 ...)
+CVE-2017-14588 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...)
NOT-FOR-US: Atlassian
-CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye and Cru ...)
+CVE-2017-14587 (The administration user deletion resource in Atlassian Fisheye and Cru ...)
NOT-FOR-US: Atlassian
CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to client-side remote ...)
NOT-FOR-US: Atlassian
@@ -208275,15 +208274,15 @@ CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 h
NOT-FOR-US: Atlassian Bamboo
CVE-2017-9513 (Several rest inline action resources of Atlassian Activity Streams bef ...)
NOT-FOR-US: Atlassian Activity Streams
-CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and Crucible ...)
+CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible ...)
NOT-FOR-US: Atlassian
-CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible, before ...)
+CVE-2017-9511 (The MultiPathResource class in Atlassian Fisheye and Crucible, before ...)
NOT-FOR-US: Atlassian
-CVE-2017-9510 (The repository changelog resource in Atlassian FishEye before version ...)
+CVE-2017-9510 (The repository changelog resource in Atlassian Fisheye before version ...)
NOT-FOR-US: Atlassian
CVE-2017-9509 (The review file upload resource in Atlassian Crucible before version 4 ...)
NOT-FOR-US: Atlassian
-CVE-2017-9508 (Various resources in Atlassian FishEye and Crucible before version 4.4 ...)
+CVE-2017-9508 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...)
NOT-FOR-US: Atlassian
CVE-2017-9507 (The review dashboard resource in Atlassian Crucible from version 4.1.0 ...)
NOT-FOR-US: Atlassian
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d1757f183bb10579d3e6ff9a67a751c25e89bb4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d1757f183bb10579d3e6ff9a67a751c25e89bb4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201125/85dbae07/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list