diff options
| author | Moritz Mühlenhoff <jmm@debian.org> | 2020-10-29 19:52:21 +0100 |
|---|---|---|
| committer | Moritz Mühlenhoff <jmm@debian.org> | 2020-10-29 19:52:21 +0100 |
| commit | 91e443d5b9629243e306928b6bd820e17e9e1bde (patch) | |
| tree | 4b8014f4e230214235a3d7a63d18ed5a944e57f5 | |
| parent | 40a2d6c0280da5a0b4aeeee5f3900142b17073a0 (diff) | |
various bugs
| -rw-r--r-- | data/CVE/list | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/data/CVE/list b/data/CVE/list index 206032dd01..e34995af63 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -698,13 +698,13 @@ CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure - libpam-tacplus <unfixed> (bug #973250) NOTE: https://github.com/kravietz/pam_tacplus/pull/163 CVE-2020-27742 (An Insecure Direct Object Reference vulnerability in Citadel WebCit th ...) - - webcit <unfixed> + - webcit <unfixed> (bug #973385) CVE-2020-27741 (Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit ...) - - webcit <unfixed> + - webcit <unfixed> (bug #973385) CVE-2020-27740 (Citadel WebCit through 926 allows unauthenticated remote attackers to ...) - - webcit <unfixed> + - webcit <unfixed> (bug #973385) CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit through 926 ...) - - webcit <unfixed> + - webcit <unfixed> (bug #973385) CVE-2020-27738 RESERVED CVE-2020-27737 @@ -20855,10 +20855,10 @@ CVE-2020-18187 CVE-2020-18186 RESERVED CVE-2020-18185 (class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrar ...) - - pluxml <unfixed> + - pluxml <unfixed> (bug #973382) NOTE: https://github.com/pluxml/PluXml/issues/321 CVE-2020-18184 (In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_ ...) - - pluxml <unfixed> + - pluxml <unfixed> (bug #973382) NOTE: https://github.com/pluxml/PluXml/issues/320 CVE-2020-18183 RESERVED @@ -52570,19 +52570,19 @@ CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...) NOT-FOR-US: Zoom CVE-2020-6108 (An exploitable code execution vulnerability exists in the fsck_chk_orp ...) - - f2fs-tools <unfixed> + - f2fs-tools <unfixed> (bug #973380) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050 CVE-2020-6107 (An exploitable information disclosure vulnerability exists in the dev_ ...) - - f2fs-tools <unfixed> + - f2fs-tools <unfixed> (bug #973380) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049 CVE-2020-6106 (An exploitable information disclosure vulnerability exists in the init ...) - - f2fs-tools <unfixed> + - f2fs-tools <unfixed> (bug #973380) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048 CVE-2020-6105 (An exploitable code execution vulnerability exists in the multiple dev ...) - - f2fs-tools <unfixed> + - f2fs-tools <unfixed> (bug #973380) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047 CVE-2020-6104 (An exploitable information disclosure vulnerability exists in the get_ ...) - - f2fs-tools <unfixed> + - f2fs-tools <unfixed> (bug #973380) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046 CVE-2020-6103 (An exploitable code execution vulnerability exists in the Shader funct ...) NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll @@ -54101,7 +54101,7 @@ CVE-2020-5423 CVE-2020-5422 (BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA pas ...) NOT-FOR-US: BOSH System Metrics Server CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...) - - libspring-java <unfixed> + - libspring-java <unfixed> (bug #973381) [buster] - libspring-java <no-dsa> (Minor issue) [stretch] - libspring-java <no-dsa> (Minor issue) NOTE: https://tanzu.vmware.com/security/cve-2020-5421 @@ -93816,7 +93816,7 @@ CVE-2019-11029 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the D CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing ...) NOT-FOR-US: GAT-Ship Web Module CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...) - - ruby-omniauth <unfixed> + - ruby-omniauth <unfixed> (bug #973384) [buster] - ruby-omniauth <no-dsa> (Minor issue) [stretch] - ruby-omniauth <no-dsa> (Minor issue) [jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs CSRF protection in apps) |