| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.184 2024/05/02 14:51:53 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.185 2024/05/03 06:00:22 wiz Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -20598,27 +20598,27 @@ go115<1.15.7 arbitrary-code-execution h | | | @@ -20598,27 +20598,27 @@ go115<1.15.7 arbitrary-code-execution h |
20598 | gst-plugins1-bad<1.16.3 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2021-3185 | | 20598 | gst-plugins1-bad<1.16.3 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2021-3185 |
20599 | jasper<2.0.25 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2021-3272 | | 20599 | jasper<2.0.25 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2021-3272 |
20600 | jenkins<2.263.2 arbitrary-file-reading https://nvd.nist.gov/vuln/detail/CVE-2021-21615 | | 20600 | jenkins<2.263.2 arbitrary-file-reading https://nvd.nist.gov/vuln/detail/CVE-2021-21615 |
20601 | libgcrypt<1.9.1 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-3345 | | 20601 | libgcrypt<1.9.1 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-3345 |
20602 | mantis<2.24.4 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-29603 | | 20602 | mantis<2.24.4 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-29603 |
20603 | mantis<2.24.4 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-29604 | | 20603 | mantis<2.24.4 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-29604 |
20604 | mantis<2.24.4 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-29605 | | 20604 | mantis<2.24.4 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-29605 |
20605 | ImageMagick<7.0.10.62 divide-by-zero https://nvd.nist.gov/vuln/detail/CVE-2021-20176 | | 20605 | ImageMagick<7.0.10.62 divide-by-zero https://nvd.nist.gov/vuln/detail/CVE-2021-20176 |
20606 | ImageMagick6<6.99.11.62 divide-by-zero https://nvd.nist.gov/vuln/detail/CVE-2021-20176 | | 20606 | ImageMagick6<6.99.11.62 divide-by-zero https://nvd.nist.gov/vuln/detail/CVE-2021-20176 |
20607 | apache-cassandra<2.2.20 authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2020-17516 | | 20607 | apache-cassandra<2.2.20 authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2020-17516 |
20608 | apache-cassandra>=3<3.11.24 authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2020-17516 | | 20608 | apache-cassandra>=3<3.11.24 authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2020-17516 |
20609 | bitcoin<0.19.0 command-injection https://nvd.nist.gov/vuln/detail/CVE-2021-3401 | | 20609 | bitcoin<0.19.0 command-injection https://nvd.nist.gov/vuln/detail/CVE-2021-3401 |
20610 | gitea<1.13.2 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-3382 | | 20610 | gitea<1.13.2 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-3382 |
20611 | gnome-autoar-[0-9]* arbitrary-file-write https://nvd.nist.gov/vuln/detail/CVE-2020-36241 | | 20611 | gnome-autoar<0.3.0 arbitrary-file-write https://nvd.nist.gov/vuln/detail/CVE-2020-36241 |
20612 | mit-krb5-appl-[0-9]* arbitrary-file-write https://nvd.nist.gov/vuln/detail/CVE-2019-25017 | | 20612 | mit-krb5-appl-[0-9]* arbitrary-file-write https://nvd.nist.gov/vuln/detail/CVE-2019-25017 |
20613 | mit-krb5-appl-[0-9]* authorization-bypass https://nvd.nist.gov/vuln/detail/CVE-2019-25018 | | 20613 | mit-krb5-appl-[0-9]* authorization-bypass https://nvd.nist.gov/vuln/detail/CVE-2019-25018 |
20614 | nim<1.2.6 crlf-attack https://nvd.nist.gov/vuln/detail/CVE-2020-15690 | | 20614 | nim<1.2.6 crlf-attack https://nvd.nist.gov/vuln/detail/CVE-2020-15690 |
20615 | opendoas>=6.6<6.8.1 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2019-25016 | | 20615 | opendoas>=6.6<6.8.1 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2019-25016 |
20616 | openjpeg<2.4.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-27814 | | 20616 | openjpeg<2.4.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-27814 |
20617 | php{56,72,73,74}-nextcloud<20.0.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-8293 | | 20617 | php{56,72,73,74}-nextcloud<20.0.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-8293 |
20618 | php{56,72,73,74}-nextcloud<20.0.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-8294 | | 20618 | php{56,72,73,74}-nextcloud<20.0.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-8294 |
20619 | php{56,72,73,74}-nextcloud<20.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-8295 | | 20619 | php{56,72,73,74}-nextcloud<20.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-8295 |
20620 | py{36,37,38,39}-django>=2.2<2.2.18 directory-traversal https://nvd.nist.gov/vuln/detail/CVE-2021-3281 | | 20620 | py{36,37,38,39}-django>=2.2<2.2.18 directory-traversal https://nvd.nist.gov/vuln/detail/CVE-2021-3281 |
20621 | py{36,37,38,39}-django>=3.1<3.1.6 directory-traversal https://nvd.nist.gov/vuln/detail/CVE-2021-3281 | | 20621 | py{36,37,38,39}-django>=3.1<3.1.6 directory-traversal https://nvd.nist.gov/vuln/detail/CVE-2021-3281 |
20622 | py{27,36,37,38,39}-jinja2<2.11.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-28493 | | 20622 | py{27,36,37,38,39}-jinja2<2.11.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-28493 |
20623 | qemu<5.0.0 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2020-17380 | | 20623 | qemu<5.0.0 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2020-17380 |
20624 | qemu<5.1.0 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-29443 | | 20624 | qemu<5.1.0 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-29443 |