diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2021-02-22 18:21:59 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-02-22 18:21:59 +0100 |
commit | b458206a85ef6a9528e3e27b1c19ae92cecf550c (patch) | |
tree | e5ffdd803ecf111e5a4a25ab30e609dcdbcd2605 /data/CVE/2020.list | |
parent | 5dbef0322a72bf097ff9c01cea8825f4f30a0c15 (diff) |
new three.js issues
NFUs
Diffstat (limited to 'data/CVE/2020.list')
-rw-r--r-- | data/CVE/2020.list | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 6b1b02109f..652c397525 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1390,7 +1390,7 @@ CVE-2020-35666 (Steedos Platform through 1.21.24 allows NoSQL injection because CVE-2020-35665 (An unauthenticated command-execution vulnerability exists in TerraMast ...) NOT-FOR-US: TerraMaster TOS CVE-2020-35664 (An issue was discovered in Acronis Cyber Protect before 15 Update 1 bu ...) - TODO: check + NOT-FOR-US: Acronis CVE-2020-35663 RESERVED CVE-2020-35662 @@ -1641,7 +1641,7 @@ CVE-2020-35558 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbC CVE-2020-35557 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35556 (An issue was discovered in Acronis Cyber Protect before 15 Update 1 bu ...) - TODO: check + NOT-FOR-US: Acronis CVE-2020-35555 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) NOT-FOR-US: LG mobile devices CVE-2020-35554 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) @@ -5423,7 +5423,7 @@ CVE-2020-28500 (All versions of package lodash; all versions of package org.fuji - node-lodash <unfixed> NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1018905 CVE-2020-28499 (All versions of package merge are vulnerable to Prototype Pollution vi ...) - TODO: check + NOTE: Only bogus references listed, unclear what this is about CVE-2020-28498 (The package elliptic before 6.5.4 are vulnerable to Cryptographic Issu ...) - node-elliptic <unfixed> NOTE: https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f @@ -5431,7 +5431,9 @@ CVE-2020-28498 (The package elliptic before 6.5.4 are vulnerable to Cryptographi CVE-2020-28497 RESERVED CVE-2020-28496 (This affects the package three before 0.125.0. This can happen when ha ...) - TODO: check + - three.js <unfixed> + NOTE: https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e + NOTE: https://github.com/mrdoob/three.js/issues/21132 CVE-2020-28495 (This affects the package total.js before 3.4.7. The set function can b ...) NOT-FOR-US: Node total.js CVE-2020-28494 (This affects the package total.js before 3.4.7. The issue occurs in th ...) @@ -5996,7 +5998,7 @@ CVE-2020-28250 (Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remot CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. ...) NOT-FOR-US: Joplin CVE-2020-28248 (An integer overflow in the PngImg::InitStorage_() function of png-img ...) - TODO: check + NOT-FOR-US: png-img CVE-2020-28247 (The lettre library through 0.10.0-alpha for Rust allows arbitrary send ...) NOT-FOR-US: Node lettre CVE-2020-28246 |