[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Jul 15 10:00:55 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1df391b9 by Moritz Muehlenhoff at 2020-07-15T11:00:36+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1474,15 +1474,15 @@ CVE-2020-15106
CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...)
NOT-FOR-US: Django Two-Factor Authentication
CVE-2020-15104 (In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when valid ...)
- TODO: check
+ NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-15103
RESERVED
CVE-2020-15102
RESERVED
CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...)
- TODO: check
+ NOT-FOR-US: freewvs
CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that freewvs ...)
- TODO: check
+ NOT-FOR-US: freewvs
CVE-2020-15099
RESERVED
CVE-2020-15098
@@ -1537,7 +1537,7 @@ CVE-2020-15076
CVE-2020-15075
RESERVED
CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 generates new user auth ...)
- TODO: check
+ NOT-FOR-US: OpenVPN Access Server
CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS vulnerability ...)
- phplist <itp> (bug #612288)
CVE-2020-15072 (An issue was discovered in phpList through 3.5.4. An error-based SQL I ...)
@@ -2743,27 +2743,27 @@ CVE-2020-14509
CVE-2020-14508
RESERVED
CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to multiple pat ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2020-14506
RESERVED
CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2020-14504
RESERVED
CVE-2020-14503 (Advantech iView, versions 5.6 and prior, has an improper input validat ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2020-14502
RESERVED
CVE-2020-14501 (Advantech iView, versions 5.6 and prior, has an improper authenticatio ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2020-14500
RESERVED
CVE-2020-14499 (Advantech iView, versions 5.6 and prior, has an improper access contro ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2020-14498
RESERVED
CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2020-14496
RESERVED
CVE-2020-14495
@@ -10278,7 +10278,7 @@ CVE-2020-11829
CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...)
NOT-FOR-US: ColorOS
CVE-2020-11827 (In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak fi ...)
- TODO: check
+ NOT-FOR-US: GOG Galaxy client
CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...)
NOT-FOR-US: Memono
CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...)
@@ -11572,7 +11572,7 @@ CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user
CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2020-11546 (SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution ...)
- TODO: check
+ NOT-FOR-US: SuperWebMailer
CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to multiple ...)
NOT-FOR-US: Project Worlds Official Car Rental System 1
CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...)
@@ -12628,16 +12628,16 @@ CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in clipr
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
CVE-2020-11084 (In iPear, the manual execution of the eval() function can lead to comm ...)
- TODO: check
+ NOT-FOR-US: iPear
CVE-2020-11083 (In October from version 1.0.319 and before version 1.0.466, a user wit ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would allow an ...)
- ruby-kaminari 1.0.1-6 (bug #961847)
[jessie] - ruby-kaminari <no-dsa> (No reverse dependency)
NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
NOTE: https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8
CVE-2020-11081 (osquery before version 4.4.0 enables a priviledge escalation vulnerabi ...)
- TODO: check
+ - osquery <itp> (bug #803502)
CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...)
{DSA-4696-1}
- nodejs 10.21.0~dfsg-1 (bug #962145)
@@ -15725,23 +15725,23 @@ CVE-2020-10047
CVE-2020-10046
RESERVED
CVE-2020-10045 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-10044 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-10043 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-10042 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-10041 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-10040 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-10039 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-10038 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-10037 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-10036
RESERVED
CVE-2020-10035
@@ -17192,7 +17192,7 @@ CVE-2020-9397
CVE-2020-9396
RESERVED
CVE-2020-9395 (An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, an ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2020-9394 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...)
NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...)
@@ -17453,7 +17453,7 @@ CVE-2020-9299
CVE-2020-9298
RESERVED
CVE-2020-9297 (Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java ...)
- TODO: check
+ NOT-FOR-US: Netflix Titus
CVE-2020-9296 (Netflix Titus uses Java Bean Validation (JSR 380) custom constraint va ...)
NOT-FOR-US: Netflix Conductor
CVE-2020-9295
@@ -18335,7 +18335,7 @@ CVE-2020-8918
CVE-2020-8917
RESERVED
CVE-2020-8916 (A memory leak in Openthread's wpantund versions up to commit 0e5d1601f ...)
- TODO: check
+ NOT-FOR-US: wpantund
CVE-2020-8915
RESERVED
CVE-2020-8914
@@ -20029,7 +20029,7 @@ CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v
CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
NOT-FOR-US: Citrix
CVE-2020-8186 (A command injection vulnerability in the `devcert` module may lead to ...)
- TODO: check
+ NOT-FOR-US: Node devcert
CVE-2020-8185 (A denial of service vulnerability exists in Rails <6.0.3.2 that all ...)
[experimental] - rails 6.0.3.2+dfsg-1 (bug #964081)
- rails <not-affected> (Introduced in rails 6.x)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1df391b9836897b5a5e15ff549c69a6fa7d8fc8f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1df391b9836897b5a5e15ff549c69a6fa7d8fc8f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200715/3a3700e0/attachment.html>
More information about the debian-security-tracker-commits
mailing list