[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 27 22:04:06 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
610553fc by Salvatore Bonaccorso at 2020-04-27T23:03:37+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24,9 +24,9 @@ CVE-2020-12276
CVE-2020-12275
RESERVED
CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url param ...)
- TODO: check
+ NOT-FOR-US: TestLink
CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...)
- TODO: check
+ NOT-FOR-US: TestLink
CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...)
TODO: check
CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...)
@@ -44,7 +44,7 @@ CVE-2020-12267 (setMarkdown in Qt before 5.14.2 has a use-after-free related to
CVE-2019-20790 (OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, ...)
TODO: check
CVE-2020-12266 (An issue was discovered on WAVLINK WL-WN579G3 M79X3.V5030.180719, WL-W ...)
- TODO: check
+ NOT-FOR-US: WAVLINK
CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...)
TODO: check
CVE-2020-12264
@@ -303,7 +303,7 @@ CVE-2020-12140
CVE-2020-12139
RESERVED
CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact ...)
- TODO: check
+ NOT-FOR-US: AMD ATI atillk64.sys specific issue
CVE-2020-12136
RESERVED
CVE-2020-12135 (bson before 0.8 incorrectly uses int rather than size_t for many varia ...)
@@ -337,7 +337,7 @@ CVE-2020-12122
CVE-2020-12121
RESERVED
CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2020-12119
RESERVED
CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2.0 all ...)
@@ -734,7 +734,7 @@ CVE-2020-11943
CVE-2020-11942
RESERVED
CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...)
- TODO: check
+ NOT-FOR-US: Open-AudIT
CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...)
TODO: check
CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...)
@@ -1624,9 +1624,9 @@ CVE-2020-11824
CVE-2020-11823 (In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored ...)
- dolibarr <removed>
CVE-2020-11822 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the appli ...)
- TODO: check
+ NOT-FOR-US: Rukovoditel
CVE-2020-11821 (In Rukovoditel 2.5.2, users' passwords and usernames are stored in a c ...)
- TODO: check
+ NOT-FOR-US: Rukovoditel
CVE-2020-11820 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
NOT-FOR-US: Rukovoditel
CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file lo ...)
@@ -1634,7 +1634,7 @@ CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php f
CVE-2020-11818 (In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF at ...)
NOT-FOR-US: Rukovoditel
CVE-2020-11817 (In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the s ...)
- TODO: check
+ NOT-FOR-US: Rukovoditel
CVE-2020-11816 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
NOT-FOR-US: Rukovoditel
CVE-2020-11815 (In Rukovoditel 2.5.2, attackers can upload arbitrary file to the serve ...)
@@ -3125,7 +3125,7 @@ CVE-2020-11422
CVE-2020-11421
RESERVED
CVE-2020-11420 (UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker ...)
- TODO: check
+ NOT-FOR-US: UPS Adapter CS141
CVE-2020-11419
RESERVED
CVE-2020-11418
@@ -3135,7 +3135,7 @@ CVE-2020-11417
CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats. ...)
NOT-FOR-US: JetBrains Space
CVE-2020-11415 (An issue was discovered in Sonatype Nexus Repository Manager 2.x befor ...)
- TODO: check
+ NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...)
NOT-FOR-US: Progress Telerik UI
CVE-2020-11413
@@ -8215,7 +8215,7 @@ CVE-2020-9296
CVE-2020-9295
RESERVED
CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...)
- TODO: check
+ NOT-FOR-US: FortiMail Fortiguard
CVE-2020-9293
RESERVED
CVE-2020-9292
@@ -8707,7 +8707,7 @@ CVE-2020-9074
CVE-2020-9073
RESERVED
CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9071
RESERVED
CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...)
@@ -8715,7 +8715,7 @@ CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0
CVE-2020-9069
RESERVED
CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...)
NOT-FOR-US: Huawei
CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169 ...)
@@ -27111,7 +27111,7 @@ CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C
CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)
NOT-FOR-US: Huawei
CVE-2020-1880 (Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1879 (There is an improper integrity checking vulnerability on some huawei p ...)
NOT-FOR-US: Huawei
CVE-2020-1878 (Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D ...)
@@ -27181,7 +27181,7 @@ CVE-2020-1847
CVE-2020-1846
RESERVED
CVE-2020-1845 (Huawei PCManager product with versions earlier than 10.0.5.53 have a l ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1844 (PCManager with versions earlier than 10.0.5.51 have a privilege escala ...)
NOT-FOR-US: Huawei
CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...)
@@ -27257,13 +27257,13 @@ CVE-2020-1809
CVE-2020-1808
RESERVED
CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1806 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1805 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1804 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1803 (Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C63 ...)
NOT-FOR-US: Huawei
CVE-2020-1802 (There is an insufficient integrity validation vulnerability in several ...)
@@ -33301,7 +33301,7 @@ CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420
NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c
CVE-2019-18223 (ZOOM International Call Recording 6.3.1 suffers from multiple authenti ...)
- TODO: check
+ NOT-FOR-US: ZOOM International Call Recording
CVE-2019-18222 (The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 a ...)
- mbedtls 2.16.4-1
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/610553fc7d1a203eb8b7dcc55bdfc233451198b3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/610553fc7d1a203eb8b7dcc55bdfc233451198b3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200427/76d50172/attachment.html>
More information about the debian-security-tracker-commits
mailing list