[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Jul 16 22:09:42 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a18a6fdd by Moritz Muehlenhoff at 2020-07-16T23:09:25+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2019-20915 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
- TODO: check
+ - libredwg <itp> (bug #595191)
CVE-2019-20914 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...)
- TODO: check
+ - libredwg <itp> (bug #595191)
CVE-2019-20913 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
- TODO: check
+ - libredwg <itp> (bug #595191)
CVE-2019-20912 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
- TODO: check
+ - libredwg <itp> (bug #595191)
CVE-2019-20911 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
- TODO: check
+ - libredwg <itp> (bug #595191)
CVE-2019-20910 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
- TODO: check
+ - libredwg <itp> (bug #595191)
CVE-2019-20909 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...)
- TODO: check
+ - libredwg <itp> (bug #595191)
CVE-2020-XXXX [XSA 329]
- linux <unfixed>
[buster] - linux <not-affected> (Only affects 5.5 and later)
@@ -1728,7 +1728,7 @@ CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Th
CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The ap ...)
NOT-FOR-US: NeDi
CVE-2020-15027 (ConnectWise Automate through 2020.x has insufficient validation on cer ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ ...)
NOT-FOR-US: Bludit
CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ...)
@@ -1840,7 +1840,7 @@ CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't
NOTE: https://github.com/chocolate-doom/chocolate-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1
NOTE: https://github.com/fabiangreffrath/crispy-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1
CVE-2020-14982 (A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later be ...)
- TODO: check
+ NOT-FOR-US: Kronos WebTA
CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...)
NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS
CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...)
@@ -2777,7 +2777,7 @@ CVE-2020-14550 (Vulnerability in the MySQL Client product of Oracle MySQL (compo
- mariadb-10.3 <unfixed>
- mariadb-10.1 <removed>
CVE-2020-14549 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14548 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
NOT-FOR-US: Oracle
CVE-2020-14547 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -2819,15 +2819,15 @@ CVE-2020-14533 (Vulnerability in the Oracle Commerce Platform product of Oracle
CVE-2020-14532 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
NOT-FOR-US: Oracle
CVE-2020-14531 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14530 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14529 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14528 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14526
RESERVED
CVE-2020-14525
@@ -4213,11 +4213,11 @@ CVE-2020-14068 (An issue was discovered in MK-AUTH 19.01. The web login function
CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does not consi ...)
NOT-FOR-US: Navigate CMS
CVE-2020-14066 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaSc ...)
- TODO: check
+ NOT-FOR-US: IceWarp Email Server
CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload files ...)
- TODO: check
+ NOT-FOR-US: IceWarp Email Server
CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user ac ...)
- TODO: check
+ NOT-FOR-US: IceWarp Email Server
CVE-2020-14063
RESERVED
CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
@@ -17557,11 +17557,11 @@ CVE-2020-9313
CVE-2020-9312
RESERVED
CVE-2020-9311 (In SilverStripe through 4.5, malicious users with a valid Silverstripe ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2020-9310
REJECTED
CVE-2020-9309 (Silverstripe CMS through 4.5 can be susceptible to script execution fr ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...)
- libarchive 3.4.0-2 (bug #951759)
[buster] - libarchive <not-affected> (rar5 support added in 3.4.0)
@@ -18381,7 +18381,7 @@ CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows X
CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...)
NOT-FOR-US: Western Digital
CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804R ...)
- TODO: check
+ NOT-FOR-US: Guangzhou
CVE-2020-8957
RESERVED
CVE-2020-8956
@@ -22332,7 +22332,7 @@ CVE-2020-7294
CVE-2020-7293
RESERVED
CVE-2020-7292 (Inappropriate Encoding for output context in McAfee Web Gateway (MWG) ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
NOT-FOR-US: McAfee
CVE-2020-7290 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
@@ -25318,9 +25318,9 @@ CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon & Mainten
CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...)
NOT-FOR-US: WordPress plugin
CVE-2020-6165 (SilverStripe 4.5.0 allows attackers to read certain records that shoul ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2020-6164 (In SilverStripe through 4.5.0, a specific URL path configured by defau ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because ...)
NOT-FOR-US: WikibaseMediaInfo MediaWiki extension
CVE-2020-6162 (An issue was discovered in Bftpd 5.3. Under certain circumstances, an ...)
@@ -26215,7 +26215,7 @@ CVE-2020-5767
CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Wordpress plugin
CVE-2020-5765 (Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable to a d ...)
NOT-FOR-US: MX Player Android App
CVE-2020-5763
@@ -29502,7 +29502,7 @@ CVE-2020-4464
CVE-2020-4463
RESERVED
CVE-2020-4462 (IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4461 (IBM Security Access Manager Appliance 9.0.7.1 could allow an authentic ...)
NOT-FOR-US: IBM
CVE-2020-4460
@@ -29794,7 +29794,7 @@ CVE-2020-4318
CVE-2020-4317
RESERVED
CVE-2020-4316 (IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4315
RESERVED
CVE-2020-4314
@@ -37926,7 +37926,7 @@ CVE-2019-19328 (ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI
CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-S ...)
NOT-FOR-US: Wikibase Wikidata Query Service GUI
CVE-2019-19326 (Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows ...)
NOT-FOR-US: SilverStripe
CVE-2019-19324 (Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a18a6fdd1d8ba0514fd9b5ab7b5ba336ce0e71bb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a18a6fdd1d8ba0514fd9b5ab7b5ba336ce0e71bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200716/b464972e/attachment.html>
More information about the debian-security-tracker-commits
mailing list