diff options
| author | Moritz Mühlenhoff <jmm@debian.org> | 2020-10-29 19:52:21 +0100 |
|---|---|---|
| committer | Moritz Mühlenhoff <jmm@debian.org> | 2020-10-29 19:52:21 +0100 |
| commit | 71d72b112285653e9c1c50b6f2aff22112fd5f87 (patch) | |
| tree | ca08e88916bcac46ae80287f324ff8f95530b03d /data | |
| parent | 93494ce55292e541baa53c3505875617068388a9 (diff) | |
various bugs
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/2015.list | 2 | ||||
| -rw-r--r-- | data/CVE/2020.list | 24 |
2 files changed, 13 insertions, 13 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 024193c2e1..420e18cc7a 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -559,7 +559,7 @@ CVE-2015-9286 (Controllers.outgoing in controllers/index.js in NodeBB before 0.7 CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. ...) NOT-FOR-US: esoTalk CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...) - - ruby-omniauth <unfixed> + - ruby-omniauth <unfixed> (bug #973384) [buster] - ruby-omniauth <no-dsa> (Minor issue) [stretch] - ruby-omniauth <no-dsa> (Minor issue) [jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs CSRF protection in apps) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 2265c44e9b..4fb4df8fda 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -498,13 +498,13 @@ CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure - libpam-tacplus <unfixed> (bug #973250) NOTE: https://github.com/kravietz/pam_tacplus/pull/163 CVE-2020-27742 (An Insecure Direct Object Reference vulnerability in Citadel WebCit th ...) - - webcit <unfixed> + - webcit <unfixed> (bug #973385) CVE-2020-27741 (Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit ...) - - webcit <unfixed> + - webcit <unfixed> (bug #973385) CVE-2020-27740 (Citadel WebCit through 926 allows unauthenticated remote attackers to ...) - - webcit <unfixed> + - webcit <unfixed> (bug #973385) CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit through 926 ...) - - webcit <unfixed> + - webcit <unfixed> (bug #973385) CVE-2020-27738 RESERVED CVE-2020-27737 @@ -20162,10 +20162,10 @@ CVE-2020-18187 CVE-2020-18186 RESERVED CVE-2020-18185 (class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrar ...) - - pluxml <unfixed> + - pluxml <unfixed> (bug #973382) NOTE: https://github.com/pluxml/PluXml/issues/321 CVE-2020-18184 (In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_ ...) - - pluxml <unfixed> + - pluxml <unfixed> (bug #973382) NOTE: https://github.com/pluxml/PluXml/issues/320 CVE-2020-18183 RESERVED @@ -49232,19 +49232,19 @@ CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...) NOT-FOR-US: Zoom CVE-2020-6108 (An exploitable code execution vulnerability exists in the fsck_chk_orp ...) - - f2fs-tools <unfixed> + - f2fs-tools <unfixed> (bug #973380) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050 CVE-2020-6107 (An exploitable information disclosure vulnerability exists in the dev_ ...) - - f2fs-tools <unfixed> + - f2fs-tools <unfixed> (bug #973380) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049 CVE-2020-6106 (An exploitable information disclosure vulnerability exists in the init ...) - - f2fs-tools <unfixed> + - f2fs-tools <unfixed> (bug #973380) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048 CVE-2020-6105 (An exploitable code execution vulnerability exists in the multiple dev ...) - - f2fs-tools <unfixed> + - f2fs-tools <unfixed> (bug #973380) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047 CVE-2020-6104 (An exploitable information disclosure vulnerability exists in the get_ ...) - - f2fs-tools <unfixed> + - f2fs-tools <unfixed> (bug #973380) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046 CVE-2020-6103 (An exploitable code execution vulnerability exists in the Shader funct ...) NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll @@ -50710,7 +50710,7 @@ CVE-2020-5423 CVE-2020-5422 (BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA pas ...) NOT-FOR-US: BOSH System Metrics Server CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...) - - libspring-java <unfixed> + - libspring-java <unfixed> (bug #973381) [buster] - libspring-java <no-dsa> (Minor issue) [stretch] - libspring-java <no-dsa> (Minor issue) NOTE: https://tanzu.vmware.com/security/cve-2020-5421 |