[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Jul 8 15:23:09 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d52e7c15 by Moritz Muehlenhoff at 2020-07-08T16:22:49+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -89,9 +89,9 @@ CVE-2020-15602
CVE-2020-15601
RESERVED
CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to ...)
- TODO: check
+ NOT-FOR-US: CMSUno
CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php user_fir ...)
- TODO: check
+ NOT-FOR-US: Victor CMS
CVE-2020-15598
RESERVED
CVE-2020-15597
@@ -169,7 +169,7 @@ CVE-2020-15574 (SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-
CVE-2020-15573 (SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulner ...)
NOT-FOR-US: SolarWinds Serv-U File Server
CVE-2019-20896 (WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponen ...)
- TODO: check
+ NOT-FOR-US: WebChess
CVE-2020-15572
RESERVED
CVE-2020-15571
@@ -300,15 +300,15 @@ CVE-2020-15519
CVE-2020-15518 (VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup &a ...)
NOT-FOR-US: Veeam
CVE-2020-15517 (The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x th ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2020-15516 (The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2020-15515 (The turn extension through 0.3.2 for TYPO3 allows Remote Code Executio ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2020-15514 (The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYP ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2020-15513 (The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2020-15512
RESERVED
CVE-2020-15511
@@ -1204,7 +1204,7 @@ CVE-2020-15098
CVE-2020-15097
RESERVED
CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...)
- TODO: check
+ - electron <itp> (bug #842420)
CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...)
TODO: check
CVE-2020-15094
@@ -1331,25 +1331,25 @@ CVE-2020-15039
CVE-2020-15038 (The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. ...)
NOT-FOR-US: WordPress plugin
CVE-2020-15037 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-15036 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-15035 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-15034 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-15033 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-15032 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-15031 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-15030 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The ap ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-15027
RESERVED
CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ ...)
@@ -1398,7 +1398,7 @@ CVE-2020-15010
CVE-2020-15009
RESERVED
CVE-2020-15008 (A SQLi exists in the probe code of all Connectwise Automate versions b ...)
- TODO: check
+ NOT-FOR-US: Connectwise
CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...)
- rbdoom3bfg <unfixed> (unimportant)
NOTE: https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabaa6cb9ec
@@ -6808,7 +6808,7 @@ CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of serv
CVE-2020-12822
RESERVED
CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...)
- TODO: check
+ NOT-FOR-US: Gossipsub
CVE-2020-12820
RESERVED
CVE-2020-12819
@@ -7054,7 +7054,7 @@ CVE-2020-12738
CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...)
NOT-FOR-US: Maxum Rumpus
CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and earlier ...)
- TODO: check
+ NOT-FOR-US: Code42
CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...)
NOT-FOR-US: DomainMOD
CVE-2020-12734
@@ -9797,7 +9797,7 @@ CVE-2020-11884 (In the Linux kernel through 5.6.7 on the s390 platform, code exe
CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...)
NOT-FOR-US: Divante vue-storefront-api
CVE-2020-11882 (The O2 Business application 1.2.0 for Android exposes the canvasm.myo2 ...)
- TODO: check
+ NOT-FOR-US: O2 Business
CVE-2020-11881
RESERVED
CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...)
@@ -17204,9 +17204,9 @@ CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection by
CVE-2020-9263
RESERVED
CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
- TODO: check
+ NOT-FOR-US: HUAWEI
CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
- TODO: check
+ NOT-FOR-US: HUAWEI
CVE-2020-9260
RESERVED
CVE-2020-9259
@@ -17276,7 +17276,7 @@ CVE-2020-9228
CVE-2020-9227
RESERVED
CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...)
- TODO: check
+ NOT-FOR-US: HUAWEI
CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...)
TODO: check
CVE-2020-9224
@@ -17528,7 +17528,7 @@ CVE-2020-9102
CVE-2020-9101
RESERVED
CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Th ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...)
NOT-FOR-US: Huawei
CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...)
@@ -18917,11 +18917,11 @@ CVE-2020-8523
CVE-2020-8522
RESERVED
CVE-2020-8521 (SQL injection with start and length parameters in Records.php for phpz ...)
- TODO: check
+ NOT-FOR-US: phpzag
CVE-2020-8520 (SQL injection in order and column parameters in Records.php for phpzag ...)
- TODO: check
+ NOT-FOR-US: phpzag
CVE-2020-8519 (SQL injection with the search parameter in Records.php for phpzag live ...)
- TODO: check
+ NOT-FOR-US: phpzag
CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...)
{DLA-2174-1}
- php-horde-data <unfixed> (bug #951537)
@@ -29696,13 +29696,13 @@ CVE-2020-4079
CVE-2020-4078
RESERVED
CVE-2020-4077 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...)
- TODO: check
+ - electron <itp> (bug #842420)
CVE-2020-4076 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...)
- TODO: check
+ - electron <itp> (bug #842420)
CVE-2020-4075 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary ...)
- TODO: check
+ - electron <itp> (bug #842420)
CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the aut ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2020-4073
RESERVED
CVE-2020-4072 (In generator-jhipster-kotlin version 1.6.0 log entries are created for ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d52e7c151131952624f16af54cce5741f27c11fe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d52e7c151131952624f16af54cce5741f27c11fe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200708/68fb5a3e/attachment.html>
More information about the debian-security-tracker-commits
mailing list