diff options
author | Emilio Pozuelo Monfort <pochu@debian.org> | 2020-12-01 10:40:45 +0100 |
---|---|---|
committer | Emilio Pozuelo Monfort <pochu@debian.org> | 2020-12-02 09:32:38 +0100 |
commit | 891f43363dfa83d94d6408125b486eea12dd20c2 (patch) | |
tree | fbc9eaf7be3053b53898b33c0d6a65019cc6cd21 | |
parent | acd9ad5c8770c4a08b3d6db5f5427bec9f1798ec (diff) |
CVE/list: fix whitespace inconsistencies
-rw-r--r-- | data/CVE/list.2007 | 4 | ||||
-rw-r--r-- | data/CVE/list.2008 | 4 | ||||
-rw-r--r-- | data/CVE/list.2009 | 16 | ||||
-rw-r--r-- | data/CVE/list.2010 | 8 | ||||
-rw-r--r-- | data/CVE/list.2011 | 2 | ||||
-rw-r--r-- | data/CVE/list.2012 | 8 | ||||
-rw-r--r-- | data/CVE/list.2013 | 2 | ||||
-rw-r--r-- | data/CVE/list.2014 | 4 | ||||
-rw-r--r-- | data/CVE/list.2015 | 6 | ||||
-rw-r--r-- | data/CVE/list.2016 | 2 | ||||
-rw-r--r-- | data/CVE/list.2017 | 4 | ||||
-rw-r--r-- | data/CVE/list.2018 | 4 | ||||
-rw-r--r-- | data/CVE/list.2019 | 4 | ||||
-rw-r--r-- | data/CVE/list.2020 | 26 |
14 files changed, 47 insertions, 47 deletions
diff --git a/data/CVE/list.2007 b/data/CVE/list.2007 index 6a5bf1448d..3872227598 100644 --- a/data/CVE/list.2007 +++ b/data/CVE/list.2007 @@ -4475,7 +4475,7 @@ CVE-2007-4893 (wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpr CVE-2007-4892 (Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8 ...) NOT-FOR-US: Plesk (Windows) CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer] - - libwmf <unfixed> (unimportant) + - libwmf <unfixed> (unimportant) - racket 5.0.2-1 (unimportant; bug #601525) NOTE: Only present in one of the sample pl-scheme packages (plot) - libgd2 2.0.35.dfsg-3 @@ -7820,7 +7820,7 @@ CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics Libra ...) {DSA-1613-1} - libgd2 2.0.35.dfsg-1 (low) - - libwmf <unfixed> (unimportant) + - libwmf <unfixed> (unimportant) - racket 5.0.2-1 (unimportant; bug #601525) NOTE: Only present in one of the sample pl-scheme packages (plot) NOTE: CPU consumption DoS diff --git a/data/CVE/list.2008 b/data/CVE/list.2008 index 174cd5d05c..9690cdf553 100644 --- a/data/CVE/list.2008 +++ b/data/CVE/list.2008 @@ -3898,7 +3898,7 @@ CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the RFC822 [etch] - uw-imap <not-affected> (Vulnerable code not present) - alpine 2.02-3.1 (low) [lenny] - alpine <no-dsa> (Minor issue) - [squeeze] - alpine 2.00+dfsg-6+squeeze1 + [squeeze] - alpine 2.00+dfsg-6+squeeze1 CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla Fi ...) {DSA-1707-1} - iceweasel 3.0.5-1 @@ -10914,7 +10914,7 @@ CVE-2008-2686 (webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier all NOT-FOR-US: Flux CMS CVE-2008-XXXX [insecure tempfile in wdiff] - wdiff 0.5-18 (low; bug #425254) - [etch] - wdiff <no-dsa> (Minor issue) + [etch] - wdiff <no-dsa> (Minor issue) CVE-2008-2719 (Off-by-one error in the ppscan function (preproc.c) in Netwide Assembl ...) - nasm 2.03.01-1 (low; bug #486715) [etch] - nasm <not-affected> (vulnerable code not present) diff --git a/data/CVE/list.2009 b/data/CVE/list.2009 index 572a620f65..8046bf96c9 100644 --- a/data/CVE/list.2009 +++ b/data/CVE/list.2009 @@ -2688,12 +2688,12 @@ CVE-2009-4024 (Argument injection vulnerability in the ping function in Ping.php CVE-2009-4111 (Argument injection vulnerability in Mail/sendmail.php in the Mail pack ...) {DSA-1938-1} - php-mail 1.1.14-2 (medium; bug #557121) - [lenny] - php-mail 1.1.14-1+lenny1 + [lenny] - php-mail 1.1.14-1+lenny1 [etch] - php-mail 1.1.6-2+etch1 CVE-2009-4023 (Argument injection vulnerability in the sendmail implementation of the ...) {DSA-1938-1} - php-mail 1.1.14-2 (medium; bug #557121) - [lenny] - php-mail 1.1.14-1+lenny1 + [lenny] - php-mail 1.1.14-1+lenny1 [etch] - php-mail 1.1.6-2+etch1 CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...) {DSA-1961-1} @@ -4251,7 +4251,7 @@ CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before - linux-2.6.24 <removed> (high) CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5. ...) {DSA-1936-1} - - libwmf <unfixed> (unimportant) + - libwmf <unfixed> (unimportant) - racket 5.0.2-1 (unimportant; bug #601525) NOTE: Only present in one of the sample pl-scheme packages (plot) - libgd2 2.0.36~rc1~dfsg-3.1 (medium; bug #552534) @@ -4857,7 +4857,7 @@ CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote attacker [lenny] - polipo <no-dsa> (Minor issue) CVE-2009-3304 (GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbi ...) {DSA-1945-1} - - gforge 4.8.2-1 + - gforge 4.8.2-1 CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GF ...) {DSA-1937-1} - gforge 4.8.1-3 (low) @@ -11544,7 +11544,7 @@ CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3. [lenny] - poppler 0.8.7-2 - xpdf 3.02-1.4+lenny1 (medium; bug #524809) [squeeze] - xpdf 3.02-1.4+lenny1 - - kdegraphics 4:4.0 (medium; bug #524810) + - kdegraphics 4:4.0 (medium; bug #524810) - swftools 0.9.2+ds1-2 CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...) {DSA-1793-1 DSA-1790-1} @@ -12013,9 +12013,9 @@ CVE-2009-XXXX [sysvinit: no-root option in expert installer exposes locally expl NOTE: hardly a security issue, if an attacker has local access to the machine and you NOTE: don't use encryption or something similar you have lost anyway NOTE: - this ^ philosophy is flawed; it should not be trivial to get root just because you - NOTE: have local access to the machine. it is worth it to make it as difficult as - NOTE: possible without impacting authorized users. otherwise, why spend so much effort - NOTE: to make sure xscreensaver, gdm, and login are rock solid? + NOTE: have local access to the machine. it is worth it to make it as difficult as + NOTE: possible without impacting authorized users. otherwise, why spend so much effort + NOTE: to make sure xscreensaver, gdm, and login are rock solid? NOTE: - i would like to track as low, rather than unimportant CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...) {DSA-1739-1} diff --git a/data/CVE/list.2010 b/data/CVE/list.2010 index 2714ec1e54..4c620c1372 100644 --- a/data/CVE/list.2010 +++ b/data/CVE/list.2010 @@ -652,7 +652,7 @@ CVE-2010-5051 (Cross-site scripting (XSS) vulnerability in admin/core/admin_func CVE-2010-5050 (Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_sha ...) NOT-FOR-US: ManageEngine ADManager Plus CVE-2010-5049 (SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier ...) - - zabbix 1:1.8.2-1 + - zabbix 1:1.8.2-1 CVE-2010-5048 (Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the ...) NOT-FOR-US: Joomla extension CVE-2010-5047 (SQL injection vulnerability in page.php in V-EVA Press Release Script ...) @@ -6199,9 +6199,9 @@ CVE-2010-2897 (Google Chrome before 5.0.375.125 does not properly mitigate an un CVE-2010-2896 (IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before ...) NOT-FOR-US: IBM FileNet Content Manager CVE-2010-XXXX [flaw that allows unsigned code to access any file on the machine (accessible to the user) and write to it.] - - openjdk-6 6b18-1.8.1-1 + - openjdk-6 6b18-1.8.1-1 CVE-2010-XXXX [flaw in NetX that allows arbitrary unsigned apps to set any java property] - - openjdk-6 6b18-1.8.1-1 + - openjdk-6 6b18-1.8.1-1 CVE-2010-2895 RESERVED CVE-2010-2894 @@ -13151,7 +13151,7 @@ CVE-2010-0207 (In xpdf, the xref table contains an infinite loop which allows re NOTE: Just a crasher, not treated as a security issue CVE-2010-0206 (xpdf allows remote attackers to cause a denial of service (NULL pointe ...) - kdegraphics 4:4.0.0-1 (unimportant) - - xpdf <unfixed> (unimportant) + - xpdf <unfixed> (unimportant) - poppler 0.16.3-1 (unimportant) [squeeze] - poppler 0.12.4-1.2+squeeze1 NOTE: Just a crasher, not treated as a security issue diff --git a/data/CVE/list.2011 b/data/CVE/list.2011 index cc319c7516..1e53781cc6 100644 --- a/data/CVE/list.2011 +++ b/data/CVE/list.2011 @@ -2287,7 +2287,7 @@ CVE-2011-4345 (Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, - namazu2 2.0.21-1 (low) [squeeze] - namazu2 <no-dsa> (Minor issue) CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins be ...) - - jenkins-winstone 0.9.10-jenkins-29+dfsg-1 (bug #649900) + - jenkins-winstone 0.9.10-jenkins-29+dfsg-1 (bug #649900) CVE-2011-4343 (Information disclosure vulnerability in Apache MyFaces Core 2.0.1 thro ...) NOT-FOR-US: Apache MyFaces CVE-2011-4342 (PHP remote file inclusion vulnerability in wp_xml_export.php in the Ba ...) diff --git a/data/CVE/list.2012 b/data/CVE/list.2012 index 51ded9d69b..19dcd0e964 100644 --- a/data/CVE/list.2012 +++ b/data/CVE/list.2012 @@ -280,7 +280,7 @@ CVE-2012-6639 (An privilege elevation vulnerability exists in Cloud-init before NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12299 CVE-2012-6638 (The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linu ...) - linux 3.2.29-1 - - linux-2.6 <removed> + - linux-2.6 <removed> [squeeze] - linux-2.6 2.6.32-47 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf5af0daf8019cec2396cdef8fb042d80fe71fa CVE-2012-6637 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...) @@ -3396,7 +3396,7 @@ CVE-2012-5373 (Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes [jessie] - openjdk-7 <ignored> (Minor issue, no icedtea fix, too complex to backport) [wheezy] - openjdk-7 <no-dsa> (Minor issue, no icedtea fix, too complex to backport) CVE-2012-5372 (Rubinius computes hash values without properly restricting the ability ...) - - rubinius <itp> (bug #591817) + - rubinius <itp> (bug #591817) CVE-2012-5371 (Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes ...) {DLA-263-1} - ruby1.8 <not-affected> (Only affects 1.9.x) @@ -11327,7 +11327,7 @@ CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9. NOTE: Uses the unaffected system libraries since 5.3.3 CVE-2012-2142 (The error function in Error.cc in poppler before 0.21.4 allows remote ...) - xpdf <not-affected> (uses poppler's Error.cc) - - poppler 0.18.4-7 (unimportant; bug #487773) + - poppler 0.18.4-7 (unimportant; bug #487773) NOTE: poppler upstream patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40 CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in agent ...) - net-snmp 5.4.3~dfsg-2.5 (low; bug #672492) @@ -13600,7 +13600,7 @@ CVE-2012-1168 (Moodle before 2.2.2 has a password and web services issue where w CVE-2012-1167 (The JBoss Server in JBoss Enterprise Application Platform 5.1.x before ...) - jbossas4 <not-affected> (Only builds a few libraries, not the full application server) CVE-2012-1166 (The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x be ...) - - ldm 2:2.2.7-1 (bug #663645) + - ldm 2:2.2.7-1 (bug #663645) [squeeze] - ldm <not-affected> (Introduced in 2.2) NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340 CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL befor ...) diff --git a/data/CVE/list.2013 b/data/CVE/list.2013 index e97d1f3a58..ac7a68955c 100644 --- a/data/CVE/list.2013 +++ b/data/CVE/list.2013 @@ -14012,7 +14012,7 @@ CVE-2013-2112 (The svnserve server in Subversion before 1.6.23 and 1.7.x before CVE-2013-2111 (The IMAP functionality in Dovecot before 2.2.2 allows remote attackers ...) - dovecot <not-affected> (vulnerable code appeared in 2.2) [squeeze] - dovecot <not-affected> (vulnerable code appeared in 2.2) - [wheezy] - dovecot <not-affected> (vulnerable code appeared in 2.2) + [wheezy] - dovecot <not-affected> (vulnerable code appeared in 2.2) CVE-2013-2110 (Heap-based buffer overflow in the php_quot_print_encode function in ex ...) - php5 5.5.0~rc3+dfsg-1 [wheezy] - php5 <not-affected> (Vulnerable code not present) diff --git a/data/CVE/list.2014 b/data/CVE/list.2014 index a33d2686a1..84b3d25a66 100644 --- a/data/CVE/list.2014 +++ b/data/CVE/list.2014 @@ -3446,7 +3446,7 @@ CVE-2014-9322 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does - linux 3.16.7-ckt2-1 [wheezy] - linux 3.2.63-2+deb7u2 - linux-2.6 <removed> - [squeeze] - linux-2.6 2.6.32-48squeeze9 + [squeeze] - linux-2.6 2.6.32-48squeeze9 CVE-2014-9321 RESERVED CVE-2014-9320 @@ -13148,7 +13148,7 @@ CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1. NOTE: introduces incompatible changes to older versions, see https://bugzilla.redhat.com/show_bug.cgi?id=1132337#c2 CVE-2014-5339 (Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authent ...) - check-mk 1.2.6p4-1 (bug #758883) - [wheezy] - check-mk <not-affected> (Vulnerable code not present) + [wheezy] - check-mk <not-affected> (Vulnerable code not present) NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7998aa4d53d2fef7302c0761b9c8f47e2f626e18 CVE-2014-5338 (Multiple cross-site scripting (XSS) vulnerabilities in the multisite c ...) - check-mk 1.2.6p4-1 (bug #758883) diff --git a/data/CVE/list.2015 b/data/CVE/list.2015 index 5107c97e2f..9807b573a6 100644 --- a/data/CVE/list.2015 +++ b/data/CVE/list.2015 @@ -6450,8 +6450,8 @@ CVE-2015-7497 (Heap-based buffer overflow in the xmlDictComputeFastQKey function NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756528 (upstream bug not yet open) CVE-2015-7496 (GNOME Display Manager (gdm) before 3.18.2 allows physically proximate ...) - gdm3 3.18.2-1 - [jessie] - gdm3 <not-affected> (Vulnerable code not present, unreproducible) - [wheezy] - gdm3 <not-affected> (Vulnerable code not present, unreproducible) + [jessie] - gdm3 <not-affected> (Vulnerable code not present, unreproducible) + [wheezy] - gdm3 <not-affected> (Vulnerable code not present, unreproducible) [squeeze] - gdm3 <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758032 NOTE: https://git.gnome.org/browse/gdm/commit/?id=5ac2246 @@ -24119,7 +24119,7 @@ CVE-2015-1161 CVE-2015-1396 (A Directory Traversal vulnerability exists in the GNU patch before 2.7 ...) - patch 2.7.3-1 (bug #775901) [wheezy] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied) - [squeeze] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied) + [squeeze] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied) NOTE: https://www.openwall.com/lists/oss-security/2015/01/24/3 CVE-2015-1353 REJECTED diff --git a/data/CVE/list.2016 b/data/CVE/list.2016 index 52659fe653..1e4aaa368e 100644 --- a/data/CVE/list.2016 +++ b/data/CVE/list.2016 @@ -21702,7 +21702,7 @@ CVE-2016-3863 (Multiple stack-based buffer overflows in the AVCC reassembly impl CVE-2016-3862 (media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5 ...) NOT-FOR-US: libstagefright CVE-2016-3861 (LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...) - - android-platform-system-core 1:7.0.0+r1-4 (unimportant; bug #858177) + - android-platform-system-core 1:7.0.0+r1-4 (unimportant; bug #858177) NOTE: Not running as a privileged process in SDK CVE-2016-3860 (sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver ...) NOT-FOR-US: Qualcomm driver for Android diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index 34a4e99b4a..d978e36f13 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -20558,8 +20558,8 @@ CVE-2017-11692 (The function "Token& Scanner::peek" in scanner.cpp in yaml-c [jessie] - yaml-cpp <no-dsa> (Minor issue) [wheezy] - yaml-cpp <no-dsa> (Minor issue) - yaml-cpp0.3 <removed> (bug #870327) - [stretch] - yaml-cpp0.3 <no-dsa> (Minor issue) - [jessie] - yaml-cpp0.3 <no-dsa> (Minor issue) + [stretch] - yaml-cpp0.3 <no-dsa> (Minor issue) + [jessie] - yaml-cpp0.3 <no-dsa> (Minor issue) NOTE: https://github.com/jbeder/yaml-cpp/issues/519 NOTE: https://github.com/jbeder/yaml-cpp/commit/c9460110e072df84b7dee3eb651f2ec5df75fb18 CVE-2017-11690 diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index 08baadd925..4a4315da4f 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -3611,7 +3611,7 @@ CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains - libvncserver 0.9.11+dfsg-1.2 (bug #916941) - italc <removed> [stretch] - italc 1:3.0.3+dfsg1-1+deb9u1 - - veyon 4.1.4+repack1-1 + - veyon 4.1.4+repack1-1 NOTE: https://github.com/LibVNC/libvncserver/issues/253 NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858 NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/ @@ -52930,7 +52930,7 @@ CVE-2018-1049 (In systemd prior to 234 a race condition exists between .mount an {DLA-1580-1} - systemd 234-1 [stretch] - systemd 232-25+deb9u10 - [wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA) + [wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA) NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649 NOTE: https://github.com/systemd/systemd/pull/5916 NOTE: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318 diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 3e70fa4959..f4923ad93e 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -3905,7 +3905,7 @@ CVE-2019-19465 CVE-2019-19464 (The CBC Gem application before 9.24.1 for Android and before 9.26.0 fo ...) NOT-FOR-US: CBC Gem application for Android CVE-2019-19463 (The Anhui Huami Mi Fit application before 4.0.11 for Android has an Un ...) - NOT-FOR-US: Anhui Huami Mi Fit application for Android + NOT-FOR-US: Anhui Huami Mi Fit application for Android CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux 5.6.14-2 @@ -25307,7 +25307,7 @@ CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PC NOTE: fix for vhost limit feature: https://github.com/rabbitmq/rabbitmq-management/commit/42def1b51243397c1cb9192d6d064351e358bacc NOTE: which was only introduced in 3.7.0-beta.19 NOTE: federation management plugin: exploitable only by a remote authenticated malicious user - NOTE: with administrative access + NOTE: with administrative access CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service versions ...) NOT-FOR-US: Pivotal CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a client that s ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index e672db88d5..90d0c172be 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -6406,7 +6406,7 @@ CVE-2020-26568 CVE-2020-26567 (An issue was discovered on D-Link DSR-250N before 3.17B devices. The C ...) NOT-FOR-US: D-Link CVE-2020-26566 (A Denial of Service condition in Motion-Project Motion 3.2 through 4.3 ...) - - motion 4.3.2-1 (bug #972986) + - motion 4.3.2-1 (bug #972986) [buster] - motion <not-affected> (Vulnerable code introduced in 4.2) [stretch] - motion <not-affected> (Vulnerable code introduced in 4.2) NOTE: https://github.com/Motion-Project/motion/security/advisories/GHSA-6f7x-grw7-fw24 @@ -34001,9 +34001,9 @@ CVE-2020-13844 (Arm Armv8-A core implementations utilizing speculative execution NOTE: Hardware issue, mitigations to intrusive to backport (and would require to recompile NOTE: the entire distro, which is not warranted for the impact) NOTE: GCC patches: - NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=a9ba2a9b77bec7eacaf066801f22d1c366a2bc86 - NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=be178ecd5ac1fe1510d960ff95c66d0ff831afe1 - NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=96b7f495f9269d5448822e4fc28882edb35a58d7 + NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=a9ba2a9b77bec7eacaf066801f22d1c366a2bc86 + NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=be178ecd5ac1fe1510d960ff95c66d0ff831afe1 + NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=96b7f495f9269d5448822e4fc28882edb35a58d7 CVE-2020-13843 (An issue was discovered on LG mobile devices with Android OS software ...) NOT-FOR-US: LG mobile devices CVE-2020-13842 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) @@ -38862,7 +38862,7 @@ CVE-2020-11889 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names are mi ...) - python-markdown2 2.3.9-1 (bug #959445) [buster] - python-markdown2 2.3.7-2+deb10u1 - NOTE: https://github.com/trentm/python-markdown2/issues/348 + NOTE: https://github.com/trentm/python-markdown2/issues/348 CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an ...) NOT-FOR-US: svg2png CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...) @@ -39358,7 +39358,7 @@ CVE-2020-11711 CVE-2020-11710 (** DISPUTED ** An issue was discovered in docker-kong (for Kong) throu ...) NOT-FOR-US: docker-kong CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...) - NOT-FOR-US: cpp-httplip + NOT-FOR-US: cpp-httplip NOTE: https://github.com/yhirose/cpp-httplib/issues/425 CVE-2020-11708 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) @@ -47410,11 +47410,11 @@ CVE-2020-8423 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (f CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...) - NOT-FOR-US: Joomla! + NOT-FOR-US: Joomla! CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...) - NOT-FOR-US: Joomla! + NOT-FOR-US: Joomla! CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...) - NOT-FOR-US: Joomla! + NOT-FOR-US: Joomla! CVE-2020-8418 RESERVED CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) @@ -48660,7 +48660,7 @@ CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwor CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...) NOT-FOR-US: JetBrains CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact dependenc ...) - NOT-FOR-US: JetBrains Scala plugin + NOT-FOR-US: JetBrains Scala plugin CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...) NOT-FOR-US: JetBrains CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...) @@ -48996,7 +48996,7 @@ CVE-2020-7749 (This affects all versions of package osm-static-maps. User input CVE-2020-7748 (This affects the package @tsed/core before 5.65.7. This vulnerability ...) NOT-FOR-US: Ts.ED CVE-2020-7747 (This affects all versions of package lightning-server. It is possible ...) - NOT-FOR-US: lightning-server nodejs module + NOT-FOR-US: lightning-server nodejs module CVE-2020-7746 (This affects the package chart.js before 2.9.4. The options parameter ...) - node-chart.js 2.9.4+dfsg+~cs2.10.1-1 [buster] - node-chart.js <ignored> (Minor issue; intrusive to backport) @@ -49583,7 +49583,7 @@ CVE-2020-7484 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the CVE-2020-7483 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause ce ...) NOT-FOR-US: Schneider Electric CVE-2020-7482 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...) - NOT-FOR-US: Andover Continuum + NOT-FOR-US: Andover Continuum CVE-2020-7481 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...) NOT-FOR-US: Andover Continuum CVE-2020-7480 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) @@ -65411,7 +65411,7 @@ CVE-2020-0434 (In Pixel's use of the Catpipe library, there is possible memory c CVE-2020-0433 (In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use ...) - linux 4.19.9-1 [stretch] - linux 4.9.228-1 - NOTE: https://source.android.com/security/bulletin/pixel/2020-09-01 + NOTE: https://source.android.com/security/bulletin/pixel/2020-09-01 NOTE: https://git.kernel.org/linus/f5bbbbe4d63577026f908a809f22f5fd5a90ea1f NOTE: https://git.kernel.org/linus/530ca2c9bd6949c72c9b5cfc330cb3dbccaa3f5b CVE-2020-0432 (In skb_to_mamac of networking.c, there is a possible out of bounds wri ...) |