summaryrefslogtreecommitdiffstats
path: root/data/CVE/list.2020
diff options
context:
space:
mode:
Diffstat (limited to 'data/CVE/list.2020')
-rw-r--r--data/CVE/list.202026
1 files changed, 26 insertions, 0 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index f3f572ea16..bc2141d933 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -32,11 +32,15 @@ CVE-2020-11621
RESERVED
CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2682
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2680
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -1076,16 +1080,22 @@ CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid m
NOTE: https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240
CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2670
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2666
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2664
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -1383,11 +1393,15 @@ CVE-2020-10970
RESERVED
CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2642
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2662
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -2078,12 +2092,16 @@ CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows at
CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2153-1}
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2660
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2153-1}
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2659
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -4459,18 +4477,24 @@ CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-o
CVE-2020-9548 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2135-1}
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2634
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-9547 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2135-1}
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2634
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2135-1}
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2631
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -6030,6 +6054,8 @@ CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type par
CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...)
{DLA-2111-1}
- jackson-databind <unfixed>
+ [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2620
NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default

© 2014-2024 Faster IT GmbH | imprint | privacy policy