diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-11-26 22:37:38 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-11-26 22:37:38 +0100 |
commit | 3f819c3f1cae30615fec5bccb5b15359d1cc04c2 (patch) | |
tree | ddb5dfadc8dcd305c5a63f417a18baf34b3f6c63 /data | |
parent | 4b74fd67b43097a11b9804345692fb620234b91f (diff) |
new kamailio, jupyter-server issues
NFUs
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2015.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 25 |
2 files changed, 15 insertions, 12 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index ed5d300478..5107c97e2f 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -11717,7 +11717,7 @@ CVE-2015-5438 CVE-2015-5437 REJECTED CVE-2015-5436 (A potential security vulnerability has been identified with HP Integra ...) - TODO: check + NOT-FOR-US: HP CVE-2015-5435 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 ...) NOT-FOR-US: HP CVE-2015-5434 (HPE Networking Products, originally branded as Comware 5, Comware 7, H ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 71a967d966..f5abd6774d 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -316,7 +316,7 @@ CVE-2020-28984 (prive/formulaires/configurer_preferences.php in SPIP before 3.2. - spip 3.2.8-1 NOTE: https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8 CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used i ...) - TODO: check + NOTE: disputed libsvm non issue CVE-2020-28973 RESERVED CVE-2020-28972 @@ -1639,7 +1639,9 @@ CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5. NOTE: https://git.kernel.org/linus/3c4e0dff2095c579b142d5a0693257f1c58b4804 NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/2 CVE-2020-28361 (Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy So ...) - TODO: check, this might be specific to Kamailio as used in the specified product + - kamailio 5.4.0-1 + [buster] - kamailio <no-dsa> (Minor issue) + NOTE: https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html CVE-2020-28360 (Insufficient RegEx in private-ip npm package v1.0.5 and below insuffic ...) NOT-FOR-US: Node private-ip CVE-2020-28359 @@ -4250,7 +4252,7 @@ CVE-2020-27209 CVE-2020-27208 RESERVED CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sq ...) - TODO: check + NOT-FOR-US: Zetetic SQLCipher CVE-2020-27206 RESERVED CVE-2020-27205 @@ -6351,11 +6353,11 @@ CVE-2020-26243 (Nanopb is a small code-size Protocol Buffers implementation. In NOTE: https://github.com/nanopb/nanopb/commit/edf6dcbffee4d614ac0c2c1b258ab95185bdb6e9 (0.4.4) NOTE: https://github.com/nanopb/nanopb/issues/615 CVE-2020-26242 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...) - TODO: check + NOT-FOR-US: Go Ethereum CVE-2020-26241 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...) - TODO: check + NOT-FOR-US: Go Ethereum CVE-2020-26240 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...) - TODO: check + NOT-FOR-US: Go Ethereum CVE-2020-26239 (Scratch Addons is a WebExtension that supports both Chrome and Firefox ...) NOT-FOR-US: Scratch Addons CVE-2020-26238 (Cron-utils is a Java library to parse, validate, migrate crons as well ...) @@ -6373,7 +6375,9 @@ CVE-2020-26234 CVE-2020-26233 RESERVED CVE-2020-26232 (Jupyter Server before version 1.0.6 has an Open redirect vulnerability ...) - TODO: check + - jupyter-server 1.0.7-1 + NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v + NOTE: https://github.com/jupyter-server/jupyter_server/commit/3d83e49090289c431da253e2bdb8dc479cbcb157 CVE-2020-26231 (October is a free, open-source, self-hosted CMS platform based on the ...) NOT-FOR-US: October CMS CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app for Spa ...) @@ -35457,7 +35461,6 @@ CVE-2020-12912 (A potential vulnerability in the AMD extension to Linux "hwmon" NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1897402 NOTE: https://support.lenovo.com/lu/uk/product_security/LEN-50481 NOTE: CONFIG_SENSORS_AMD_ENERGY not enabled in Debian builds - TODO: check, correctness CVE-2020-12911 (A denial of service vulnerability exists in the D3DKMTCreateAllocation ...) NOT-FOR-US: AMD ATIKMDAG.SYS CVE-2020-12910 @@ -37034,7 +37037,7 @@ CVE-2020-12340 CVE-2020-12339 RESERVED CVE-2020-12338 (Insufficient control flow management in the Open WebRTC Toolkit before ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-12337 (Improper buffer restrictions in firmware for some Intel(R) NUCs may al ...) NOT-FOR-US: Intel CVE-2020-12336 (Insecure default variable initialization in firmware for some Intel(R) ...) @@ -48172,9 +48175,9 @@ CVE-2020-7781 CVE-2020-7780 RESERVED CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular Expressi ...) - TODO: check + NOT-FOR-US: Node djvalidator CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The attacker ...) - TODO: check + NOT-FOR-US: Node systeminformation CVE-2020-7777 (This affects all versions of package jsen. If an attacker can control ...) NOT-FOR-US: Node jsen CVE-2020-7776 |