[Git][security-tracker-team/security-tracker][master] new snmptt issue
Moritz Muehlenhoff
jmm at debian.org
Thu Aug 20 19:36:12 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e591cf8 by Moritz Muehlenhoff at 2020-08-20T20:35:44+02:00
new snmptt issue
new linux issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -311,7 +311,8 @@ CVE-2020-24396
CVE-2020-24395
RESERVED
CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) ca ...)
- TODO: check
+ - linux <unfixed>
+ NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832
CVE-2020-24393
RESERVED
CVE-2020-24392
@@ -337,7 +338,7 @@ CVE-2020-24383
CVE-2020-24382
RESERVED
CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) through 3.9 ...)
- TODO: check
+ NOT-FOR-US: GUnet Open eClass Platform
CVE-2020-24380
RESERVED
CVE-2020-24379
@@ -375,11 +376,11 @@ CVE-2020-24364
CVE-2020-24363
RESERVED
CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2020-24362
RESERVED
CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, P ...)
- TODO: check
+ - snmptt 1.4.2-1
CVE-2020-24360
RESERVED
CVE-2020-24359
@@ -673,7 +674,7 @@ CVE-2020-24222
CVE-2020-24221
RESERVED
CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...)
- TODO: check
+ NOT-FOR-US: ShopXO
CVE-2020-24219
RESERVED
CVE-2020-24218
@@ -697,7 +698,7 @@ CVE-2020-24210
CVE-2020-24209
RESERVED
CVE-2020-24208 (A SQL injection vulnerability in SourceCodester Online Shopping Alphaw ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2020-24207
RESERVED
CVE-2020-24206
@@ -1049,7 +1050,7 @@ CVE-2020-24034
CVE-2020-24033
RESERVED
CVE-2020-24032 (tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cm ...)
- TODO: check
+ NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD
CVE-2020-24031
RESERVED
CVE-2020-24030
@@ -1245,7 +1246,7 @@ CVE-2020-23936
CVE-2020-23935
RESERVED
CVE-2020-23934 (An issue was discovered in RiteCMS 2.2.1. An authenticated user can di ...)
- TODO: check
+ NOT-FOR-US: RiteCMS
CVE-2020-23933
REJECTED
CVE-2020-23932
@@ -1965,7 +1966,7 @@ CVE-2020-23576
CVE-2020-23575
RESERVED
CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...)
- TODO: check
+ NOT-FOR-US: Sysax Multi Server
CVE-2020-23573
RESERVED
CVE-2020-23572
@@ -14220,7 +14221,7 @@ CVE-2020-17458
CVE-2020-17457
RESERVED
CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: SEOWON INTECH
CVE-2020-17455
RESERVED
CVE-2020-17454
@@ -16700,11 +16701,11 @@ CVE-2020-16256
CVE-2020-16255
RESERVED
CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...)
- TODO: check
+ NOT-FOR-US: Chartkick gem
CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...)
- ruby-pghero <itp> (bug #882288)
CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. ...)
- TODO: check
+ NOT-FOR-US: Field Test gem
CVE-2020-16251
RESERVED
CVE-2020-16250
@@ -17412,7 +17413,7 @@ CVE-2020-15928
CVE-2020-15927
RESERVED
CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...)
NOT-FOR-US: Loway QueueMetrics
CVE-2020-15924 (There is a SQL Injection in Mida eFramework through 2.9.0 that leads t ...)
@@ -17567,7 +17568,7 @@ CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the m
NOTE: https://github.com/mruby/mruby/issues/5042
NOTE: https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b
CVE-2020-15865 (A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Re ...)
- TODO: check
+ NOT-FOR-US: Stimulsoft
CVE-2020-15864
RESERVED
CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...)
@@ -18178,15 +18179,15 @@ CVE-2020-15640
CVE-2020-15639
RESERVED
CVE-2020-15638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-15637 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-15636 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-15635 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-15634 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-15633 (This vulnerability allows network-adjacent attackers to bypass authent ...)
NOT-FOR-US: D-Link
CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass authent ...)
@@ -18194,9 +18195,9 @@ CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass a
CVE-2020-15631 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
NOT-FOR-US: D-Link
CVE-2020-15630 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-15629 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-15628 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: CentOS-WebPanel.com
CVE-2020-15627 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -18453,9 +18454,9 @@ CVE-2020-15533
CVE-2019-20895
RESERVED
CVE-2020-15532 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK
CVE-2020-15531 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK
CVE-2020-15530 (An issue was discovered in Valve Steam Client 2.10.91.91. The installe ...)
- steam <not-affected> (Steam on Windows)
CVE-2020-15529 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation ...)
@@ -19293,23 +19294,23 @@ CVE-2020-15153
CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Req ...)
TODO: check
CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...)
- TODO: check
+ NOT-FOR-US: OpenMage
CVE-2020-15150
RESERVED
CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...)
- TODO: check
+ NOT-FOR-US: NodeBB
CVE-2020-15148
RESERVED
CVE-2020-15147
RESERVED
CVE-2020-15146 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...)
- TODO: check
+ NOT-FOR-US: SyliusResourceBundle
CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...)
NOT-FOR-US: Composer-Setup for Windows
CVE-2020-15144
RESERVED
CVE-2020-15143 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...)
- TODO: check
+ NOT-FOR-US: SyliusResourceBundle
CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with ...)
TODO: check
CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...)
@@ -19323,11 +19324,11 @@ CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview
NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9
NOTE: https://github.com/PrismJS/prism/commit/8bba4880202ef6bd7a1e379fe9aebe69dd75f7be
CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...)
- TODO: check
+ NOT-FOR-US: HoRNDIS
CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...)
TODO: check
CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...)
- TODO: check
+ NOT-FOR-US: Node save-server
CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...)
- ruby-faye <unfixed> (bug #967063)
[buster] - ruby-faye <no-dsa> (Minor issue)
@@ -19341,7 +19342,7 @@ CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of cert
NOTE: https://github.com/faye/faye-websocket-ruby/pull/129
NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/
CVE-2020-15132 (In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget pa ...)
- TODO: check
+ NOT-FOR-US: Sulu
CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...)
NOT-FOR-US: Node slp-validate
CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...)
@@ -19351,7 +19352,7 @@ CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there e
CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...)
NOT-FOR-US: October CMS
CVE-2020-15127 (In Contour ( Ingress controller for Kubernetes) before version 1.7.0, ...)
- TODO: check
+ NOT-FOR-US: Countour
CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...)
NOT-FOR-US: Node parser-server
CVE-2020-15125 (In auth0 (npm package) versions before 2.27.1, a DenyList of specific ...)
@@ -19394,7 +19395,7 @@ CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.
CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able ...)
NOT-FOR-US: jupyterhub-kubespawner
CVE-2020-15109 (In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bilit ...)
- TODO: check
+ NOT-FOR-US: solidus
CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of "Clon ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v
@@ -19797,13 +19798,13 @@ CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assu
NOTE: https://bugs.freedroid.org/b/issue952
NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html
CVE-2020-14937 (Memory access out of buffer boundaries issues was discovered in Contik ...)
- TODO: check
+ NOT-FOR-US: Contiki-NG
CVE-2020-14936 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...)
- TODO: check
+ NOT-FOR-US: Contiki-NG
CVE-2020-14935 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...)
- TODO: check
+ NOT-FOR-US: Contiki-NG
CVE-2020-14934 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...)
- TODO: check
+ NOT-FOR-US: Contiki-NG
CVE-2020-14933 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachme ...)
- squirrelmail <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1
@@ -24410,7 +24411,7 @@ CVE-2020-13185
CVE-2020-13184
RESERVED
CVE-2020-13183 (Reflected Cross Site Scripting in Teradici PCoIP Management Console pr ...)
- TODO: check
+ NOT-FOR-US: Teradici
CVE-2020-13182
RESERVED
CVE-2020-13181
@@ -24484,7 +24485,7 @@ CVE-2020-13152 (A remote user can create a specially crafted M3U file, media pla
- amarok <removed> (unimportant)
NOTE: Elevated resource usage in client application, no security impact
CVE-2020-13151 (Aerospike Community Edition 4.9.0.5 allows for unauthenticated submiss ...)
- TODO: check
+ NOT-FOR-US: Aerospike
CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 secon ...)
NOT-FOR-US: D-link
CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...)
@@ -24565,7 +24566,7 @@ CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerabil
CVE-2020-13123
RESERVED
CVE-2020-13122 (The novish command-line interface, included in NoviFlow NoviWare befor ...)
- TODO: check
+ NOT-FOR-US: Noviflow
CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...)
NOT-FOR-US: Submitty
CVE-2020-13120
@@ -25873,7 +25874,7 @@ CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management
CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...)
NOT-FOR-US: fastecdsa
CVE-2020-12606 (An issue was discovered in DB Soft SGLAC before 20.05.001. The Procedi ...)
- TODO: check
+ NOT-FOR-US: DB Soft
CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...)
@@ -26125,7 +26126,7 @@ CVE-2020-12482
CVE-2020-12481
RESERVED
CVE-2020-12480 (In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed ...)
- TODO: check
+ NOT-FOR-US: Play Framework
CVE-2020-12479 (TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a ...)
- teampass <itp> (bug #730180)
CVE-2020-12478 (TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve file ...)
@@ -26677,7 +26678,7 @@ CVE-2020-12289
CVE-2020-12288
RESERVED
CVE-2020-12287 (Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Too ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-20791 (OpenThread before 2019-12-13 has a stack-based buffer overflow in Mesh ...)
NOT-FOR-US: OpenThread
CVE-2018-21232 (re2c before 2.0 has uncontrolled recursion that causes stack consumpti ...)
@@ -28432,7 +28433,7 @@ CVE-2020-11850
CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...)
NOT-FOR-US: Micro Focus
CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Management Cen ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2020-11847
RESERVED
CVE-2020-11846
@@ -28994,7 +28995,7 @@ CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allo
CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...)
NOT-FOR-US: CyberSolutions CyberMail
CVE-2020-11733 (An issue was discovered on Spirent TestCenter and Avalanche appliance ...)
- TODO: check
+ NOT-FOR-US: Spirent
CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...)
NOT-FOR-US: Media Library Assistant plugin for WordPress
CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...)
@@ -33933,7 +33934,7 @@ CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to
CVE-2020-10056
RESERVED
CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...)
- TODO: check
+ NOT-FOR-US: Desigo
CVE-2020-10054
RESERVED
CVE-2020-10053
@@ -34533,7 +34534,7 @@ CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. T
CVE-2020-9768 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2020-9767 (A vulnerability related to Dynamic-link Library (“DLL”) lo ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...)
@@ -34690,69 +34691,69 @@ CVE-2020-9726
CVE-2020-9725
RESERVED
CVE-2020-9724 (Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9723 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9722 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9721 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9720 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9719 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9718 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9717 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9716 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9715 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9714 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9713
RESERVED
CVE-2020-9712 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9711
RESERVED
CVE-2020-9710 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9709
RESERVED
CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9707 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9706 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9705 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9704 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9703 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9702 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9701 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9700 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9699 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9698 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9697 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9696 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9695
RESERVED
CVE-2020-9694 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9693 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9692 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
NOT-FOR-US: Magento
CVE-2020-9691 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
@@ -35416,7 +35417,7 @@ CVE-2020-9417
CVE-2020-9416
RESERVED
CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO Software Inc.' ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...)
NOT-FOR-US: TIBCO
CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...)
@@ -35883,9 +35884,9 @@ CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R
CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
NOT-FOR-US: Huawei
CVE-2020-9242 (FusionCompute 8.0.0 have a command injection vulnerability. The softwa ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9241 (Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00), ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9240
RESERVED
CVE-2020-9239
@@ -35893,7 +35894,7 @@ CVE-2020-9239
CVE-2020-9238
RESERVED
CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9236
RESERVED
CVE-2020-9235
@@ -35901,7 +35902,7 @@ CVE-2020-9235
CVE-2020-9234
RESERVED
CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9232
RESERVED
CVE-2020-9231
@@ -35909,9 +35910,9 @@ CVE-2020-9231
CVE-2020-9230
RESERVED
CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 ...)
NOT-FOR-US: Huawei
CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...)
@@ -36161,7 +36162,7 @@ CVE-2020-9105
CVE-2020-9104
RESERVED
CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...)
NOT-FOR-US: Huawei
CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...)
@@ -36209,9 +36210,9 @@ CVE-2020-9081
CVE-2020-9080
RESERVED
CVE-2020-9079 (FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulne ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9078 (FusionCompute 8.0.0 have local privilege escalation vulnerability. A l ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9077 (HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R ...)
NOT-FOR-US: Huawei
CVE-2020-9076 (HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier ...)
@@ -36295,7 +36296,7 @@ CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
CVE-2020-9037
RESERVED
CVE-2020-9036 (Jeedom through 4.0.38 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: Jeedom
CVE-2020-9035
RESERVED
CVE-2019-20474 (An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.4 ...)
@@ -36711,9 +36712,9 @@ CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive i
CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Parallels
CVE-2020-8870 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-8869 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Quest Foglight Evolve
CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...)
@@ -37009,7 +37010,7 @@ CVE-2020-8765
CVE-2020-8764
RESERVED
CVE-2020-8763 (Improper permissions in the installer for the Intel(R) RealSense(TM) D ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-8762
RESERVED
CVE-2020-8761
@@ -37017,7 +37018,7 @@ CVE-2020-8761
CVE-2020-8760
RESERVED
CVE-2020-8759 (Improper access control in the installer for Intel(R) SSD DCT versions ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-8758
RESERVED
CVE-2020-8757
@@ -37049,10 +37050,9 @@ CVE-2020-8745
CVE-2020-8744
RESERVED
CVE-2020-8743 (Improper permissions in the installer for the Intel(R) Mailbox Interfa ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-8742 (Improper input validation in the firmware for Intel(R) NUCs may allow ...)
NOT-FOR-US: Intel
- TODO: check
CVE-2020-8741
RESERVED
CVE-2020-8740
@@ -37064,7 +37064,7 @@ CVE-2020-8738
CVE-2020-8737
RESERVED
CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing Improv ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-8735
RESERVED
CVE-2020-8734
@@ -37125,7 +37125,7 @@ CVE-2020-8708 (Improper authentication for some Intel(R) Server Boards, Server S
CVE-2020-8707 (Buffer overflow in daemon for some Intel(R) Server Boards, Server Syst ...)
NOT-FOR-US: Intel
CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards, Server Sy ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-8705
RESERVED
CVE-2020-8704
@@ -37162,16 +37162,15 @@ CVE-2020-8689 (Improper buffer restrictions in the Intel(R) Wireless for Open So
- iwd 1.5-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00379.html
CVE-2020-8688 (Improper input validation in the Intel(R) RAID Web Console 3 for Windo ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-8687 (Uncontrolled search path in the installer for Intel(R) RSTe Software R ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-8686
RESERVED
CVE-2020-8685 (Improper authentication in subsystem for Intel (R) LED Manager for NUC ...)
NOT-FOR-US: Intel
- TODO: check
CVE-2020-8684 (Improper access control in firmware for Intel(R) PAC with Arria(R) 10 ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-8683 (Improper buffer restrictions in system driver for some Intel(R) Graphi ...)
TODO: check
CVE-2020-8682 (Out of bounds read in system driver for some Intel(R) Graphics Drivers ...)
@@ -38215,9 +38214,9 @@ CVE-2020-8235
CVE-2020-8234
RESERVED
CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware <v1 ...)
- TODO: check
+ NOT-FOR-US: Edgeswitch
CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...)
- TODO: check
+ NOT-FOR-US: Edgeswitch
CVE-2020-8231
RESERVED
CVE-2020-8230 (A memory corruption vulnerability exists in NextCloud Desktop Client v ...)
@@ -38257,15 +38256,15 @@ CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows an
CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect before v ...)
NOT-FOR-US: UniFi Protect
CVE-2020-8212 (Improper access control in Citrix XenMobile Server 10.12 before RP3, C ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2020-8211 (Improper input validation in Citrix XenMobile Server 10.12 before RP3, ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2020-8210 (Insufficient protection of secrets in Citrix XenMobile Server 10.12 be ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2020-8209 (Improper access control in Citrix XenMobile Server 10.12 before RP2, C ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2020-8208 (Improper input validation in Citrix XenMobile Server 10.12 before RP1, ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2020-8207 (Improper access control in Citrix Workspace app for Windows 1912 CU1 a ...)
NOT-FOR-US: Citrix
CVE-2020-8206 (An improper authentication vulnerability exists in Pulse Connect Secur ...)
@@ -39868,7 +39867,7 @@ CVE-2020-7585 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and ear
CVE-2020-7584 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU family ...)
NOT-FOR-US: Siemens
CVE-2020-7583 (A vulnerability has been identified in Automation License Manager 5 (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-7582
RESERVED
CVE-2020-7581 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...)
@@ -40312,7 +40311,7 @@ CVE-2020-7376
CVE-2020-7375
RESERVED
CVE-2020-7374 (Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scan ...)
- TODO: check
+ NOT-FOR-US: Documalis Free PDF Editor
CVE-2020-7373
RESERVED
CVE-2020-7372
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e591cf8b5d6adbf7bf5d55197a691710944ae16
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e591cf8b5d6adbf7bf5d55197a691710944ae16
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200820/da55e518/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list