[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Apr 27 15:55:23 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb662229 by Moritz Muehlenhoff at 2020-04-27T16:55:07+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2020-12272
RESERVED
CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...)
- TODO: check
+ NOT-FOR-US: SFOS
CVE-2020-12270 (React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alpha ...)
- TODO: check
+ NOT-FOR-US: Bluezone
CVE-2020-12269
RESERVED
CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 h ...)
@@ -39,7 +39,7 @@ CVE-2020-12255
CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escal ...)
NOT-FOR-US: Avira Antivirus
CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or a ...)
- TODO: check
+ NOT-FOR-US: Croogo
CVE-2020-12253
RESERVED
CVE-2020-12252
@@ -290,7 +290,7 @@ CVE-2020-12130 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile
CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder para ...)
NOT-FOR-US: AirDisk Pro app for iOS
CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal rela ...)
- TODO: check
+ NOT-FOR-US: DONG JOO CHO File Transfer iFamily
CVE-2020-12127
RESERVED
CVE-2020-12126
@@ -416,7 +416,7 @@ CVE-2020-12073 (The responsive-add-ons plugin before 2.2.7 for WordPress has inc
CVE-2020-12072
RESERVED
CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post content. ...)
- TODO: check
+ NOT-FOR-US: Anchor
CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for Wordpress suff ...)
NOT-FOR-US: Advanced Woo Search plugin for WordPress
CVE-2020-12069
@@ -709,7 +709,7 @@ CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash
CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...)
TODO: check
CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2020-11937
RESERVED
CVE-2020-11936
@@ -1631,7 +1631,7 @@ CVE-2020-11808
CVE-2020-11807
RESERVED
CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...)
- TODO: check
+ NOT-FOR-US: MailStore Outlook Add-in
CVE-2020-11805
RESERVED
CVE-2020-11804
@@ -1653,9 +1653,9 @@ CVE-2020-11798
CVE-2020-11797
RESERVED
CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...)
- TODO: check
+ NOT-FOR-US: JetBrains Space
CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was ...)
- TODO: check
+ NOT-FOR-US: JetBrains Space
CVE-2020-11794
RESERVED
CVE-2020-11793 (A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKi ...)
@@ -2165,23 +2165,23 @@ CVE-2020-11695
CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarizatio ...)
- pycharm <itp> (bug #742394)
CVE-2020-11693 (JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2020-11692 (In JetBrains YouTrack before 2020.1.659, DB export was accessible to r ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAut ...)
- TODO: check
+ NOT-FOR-US: JetBrains Hub
CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server could be ...)
TODO: check
CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without appropriate perm ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state is kept a ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2020-11687 (In JetBrains TeamCity before 2019.2.2, password values were shown in a ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2020-11686 (In JetBrains TeamCity before 2019.1.4, a project administrator was abl ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2020-11685 (In JetBrains GoLand before 2019.3.2, the plugin repository was accesse ...)
- TODO: check
+ NOT-FOR-US: JetBrains GoLand
CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) and KK ...)
NOT-FOR-US: Samsung mobile devices
CVE-2015-9546 (An issue was discovered on Samsung mobile devices with KK(4.4) and lat ...)
@@ -3078,7 +3078,7 @@ CVE-2020-11418
CVE-2020-11417
RESERVED
CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats. ...)
- TODO: check
+ NOT-FOR-US: JetBrains Space
CVE-2020-11415
RESERVED
CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...)
@@ -3954,7 +3954,7 @@ CVE-2020-11006
CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...)
NOT-FOR-US: WindowsHello
CVE-2020-11004 (SQL Injection was discovered in Admidio before version 3.3.13. The mai ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...)
NOT-FOR-US: Oasis (not the same as src:oasis)
CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...)
@@ -9142,7 +9142,7 @@ CVE-2020-8869
CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Quest Foglight Evolve
CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...)
- TODO: check
+ NOT-FOR-US: OPC Foundation UA .NET Standard
CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...)
{DLA-2162-1}
- php-horde-form <unfixed> (bug #955020)
@@ -9256,7 +9256,7 @@ CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-146
NOTE: state on context switch"). But there is need to apply as well the prerequistite
NOTE: d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load").
CVE-2020-8831 (Apport creates a world writable lock file with root ownership in the w ...)
- TODO: check
+ NOT-FOR-US: Apport
CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 ...)
NOT-FOR-US: Prismview
CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB parameters ove ...)
@@ -9343,9 +9343,9 @@ CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFiel
CVE-2020-8799
RESERVED
CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to cha ...)
- TODO: check
+ NOT-FOR-US: Juplink
CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to ...)
- TODO: check
+ NOT-FOR-US: Juplink
CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...)
NOT-FOR-US: Biscom Secure File Transfer (SFT)
CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a gro ...)
@@ -12001,9 +12001,9 @@ CVE-2020-7645
CVE-2020-7644
RESERVED
CVE-2020-7643 (paypal-adaptive through 0.4.2 manipulation of JavaScript objects resul ...)
- TODO: check
+ NOT-FOR-US: Node paypal-adaptive
CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious JavaScript. The ...)
- TODO: check
+ NOT-FOR-US: Node lazysizes
CVE-2020-7641
RESERVED
CVE-2020-7640
@@ -12325,13 +12325,13 @@ CVE-2020-7492
CVE-2020-7491
RESERVED
CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7488 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7487 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7486 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TC ...)
NOT-FOR-US: Schneider Electric
CVE-2020-7485 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in th ...)
@@ -12628,7 +12628,7 @@ CVE-2020-7352
CVE-2020-7351
RESERVED
CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from an ins ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Metasploit Framework
CVE-2020-7349
RESERVED
CVE-2020-7348
@@ -13116,13 +13116,13 @@ CVE-2020-7136
CVE-2020-7135
RESERVED
CVE-2020-7134 (A remote access to sensitive data vulnerability was discovered in HPE ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7133 (A unauthorized remote access vulnerability was discovered in HPE IOT + ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7132 (A potential security vulnerability has been identified in HPE Onboard ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7131 (This document describes a security vulnerability in Blade Maintenance ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote information discl ...)
NOT-FOR-US: HPE
CVE-2020-7129
@@ -13348,7 +13348,7 @@ CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version send
CVE-2020-7056
RESERVED
CVE-2020-7055 (An issue was discovered in Elementor 2.7.4. Arbitrary file upload is p ...)
- TODO: check
+ NOT-FOR-US: Elementor
CVE-2020-7054 (MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in li ...)
NOT-FOR-US: libIEC61850
CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm t ...)
@@ -16164,19 +16164,19 @@ CVE-2020-5872
CVE-2020-5871
RESERVED
CVE-2020-5870 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanis ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2020-5869 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not s ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2020-5868 (In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discover ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2020-5867 (In versions prior to 3.3.0, the NGINX Controller Agent installer scrip ...)
- TODO: check
+ NOT-FOR-US: NGINX Controller
CVE-2020-5866 (In versions of NGINX Controller prior to 3.3.0, the helper.sh script, ...)
- TODO: check
+ NOT-FOR-US: NGINX Controller
CVE-2020-5865 (In versions prior to 3.3.0, the NGINX Controller is configured to comm ...)
- TODO: check
+ NOT-FOR-US: NGINX Controller
CVE-2020-5864 (In versions of NGINX Controller prior to 3.2.0, communication between ...)
- TODO: check
+ NOT-FOR-US: NGINX Controller
CVE-2020-5863 (In NGINX Controller versions prior to 3.2.0, an unauthenticated attack ...)
NOT-FOR-US: NGINX Controller
CVE-2020-5862 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under ...)
@@ -16424,7 +16424,7 @@ CVE-2020-5742
CVE-2020-5741
RESERVED
CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows allows a loc ...)
- TODO: check
+ NOT-FOR-US: Plex Media Server
CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...)
NOT-FOR-US: Grandstream
CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...)
@@ -16762,7 +16762,7 @@ CVE-2020-5573
CVE-2020-5572
RESERVED
CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...)
- TODO: check
+ NOT-FOR-US: SHARP AQUOS
CVE-2020-5570
RESERVED
CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password tool (for ...)
@@ -20398,7 +20398,7 @@ CVE-2020-4087
CVE-2020-4086
RESERVED
CVE-2020-4085 ("HCL Connections is vulnerable to possible information leakage and cou ...)
- TODO: check
+ NOT-FOR-US: HCL Connections
CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scri ...)
NOT-FOR-US: HCL Connections
CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...)
@@ -26707,6 +26707,7 @@ CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse
NOTE: https://www.openwall.com/lists/oss-security/2020/03/13/1
CVE-2020-1952
RESERVED
+ NOT-FOR-US: Apache IoTDB
CVE-2020-1951 (A carefully crafted or corrupt PSD file can cause an infinite loop in ...)
{DLA-2161-1}
- tika <unfixed> (bug #954302)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb6622298bb155bded2e925af6d4b9ddc87b3ad2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb6622298bb155bded2e925af6d4b9ddc87b3ad2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200427/26fad703/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list