[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 30 05:45:13 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bbd86429 by Salvatore Bonaccorso at 2020-07-30T06:38:44+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -76,7 +76,7 @@ CVE-2020-16097
CVE-2020-16096
RESERVED
CVE-2020-16095 (The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 all ...)
- TODO: check
+ NOT-FOR-US: dlf for TYPO3
CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...)
- claws-mail <unfixed>
NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
@@ -1294,7 +1294,7 @@ CVE-2020-15590
CVE-2020-15589
RESERVED
CVE-2020-15588 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2020-15587
RESERVED
CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net ...)
@@ -1717,7 +1717,7 @@ CVE-2020-15410
CVE-2020-15409
RESERVED
CVE-2020-15408 (An issue was discovered in Pulse Secure Pulse Connect Secure before 9. ...)
- TODO: check
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2020-15407
RESERVED
CVE-2020-15406
@@ -2392,9 +2392,9 @@ CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000
CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that freewvs ...)
NOT-FOR-US: freewvs
CVE-2020-15099 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2020-15098 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2020-15097
RESERVED
CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...)
@@ -2421,7 +2421,7 @@ CVE-2020-15088
CVE-2020-15087 (In Presto before version 337, authenticated users can bypass authoriza ...)
NOT-FOR-US: Presto query engine, different from src:presto
CVE-2020-15086 (In TYPO3 installations with the "mediace" extension from version 7.6.2 ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2020-15085 (In Saleor Storefront before version 2.10.3, request data used to authe ...)
NOT-FOR-US: Saleor Storefront
CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3, the algor ...)
@@ -3718,21 +3718,21 @@ CVE-2020-14495
CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication ...)
NOT-FOR-US: OpenClinic GA
CVE-2020-14493 (A low-privilege user may use SQL syntax to write arbitrary files to th ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-14492 (OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-c ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-14491 (OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check perm ...)
NOT-FOR-US: OpenClinic GA
CVE-2020-14490 (OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files spec ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-14489 (OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate h ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-14488 (OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded f ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-14487 (OpenClinic GA 5.09.02 contains a hidden default user account that may ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-14486 (An attacker may bypass permission/authorization checks in OpenClinic G ...)
- TODO: check
+ NOT-FOR-US: OpenClinic
CVE-2020-14485 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...)
NOT-FOR-US: OpenClinic GA
CVE-2020-14484 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...)
@@ -5303,7 +5303,7 @@ CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafil
CVE-2020-13998 (** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled ...)
NOT-FOR-US: Citrix
CVE-2020-13997 (In Shopware before 6.2.3, the database password is leaked to an unauth ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection at ...)
NOT-FOR-US: J2Store plugin for Joomla!
CVE-2020-13995
@@ -5359,9 +5359,9 @@ CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who co
CVE-2020-13972
RESERVED
CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to use the M ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery ( ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2020-13969
RESERVED
CVE-2020-13968
@@ -5478,17 +5478,17 @@ CVE-2020-13920
CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...)
TODO: check
CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed through ...)
- TODO: check
+ NOT-FOR-US: Ruckus Wireless Unleashed
CVE-2020-13917 (rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remot ...)
- TODO: check
+ NOT-FOR-US: Ruckus Wireless Unleashed
CVE-2020-13916 (A stack buffer overflow in webs in Ruckus Wireless Unleashed through 2 ...)
- TODO: check
+ NOT-FOR-US: Ruckus Wireless Unleashed
CVE-2020-13915 (Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed throu ...)
- TODO: check
+ NOT-FOR-US: Ruckus Wireless Unleashed
CVE-2020-13914 (webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a rem ...)
- TODO: check
+ NOT-FOR-US: Ruckus Wireless Unleashed
CVE-2020-13913 (An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102 ...)
- TODO: check
+ NOT-FOR-US: Ruckus Wireless Unleashed
CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users ...)
NOT-FOR-US: SolarWinds Advanced Monitoring Agent
CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a ...)
@@ -6121,7 +6121,7 @@ CVE-2020-13701
CVE-2020-13700 (An issue was discovered in the acf-to-rest-api plugin through 3.1.0 fo ...)
NOT-FOR-US: acf-to-rest-api plugin for WordPress
CVE-2020-13699 (TeamViewer Desktop for Windows before 15.8.3 does not properly quote i ...)
- TODO: check
+ NOT-FOR-US: TeamViewer Desktop
CVE-2020-13698
RESERVED
CVE-2020-13697
@@ -7957,7 +7957,7 @@ CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG docume
CVE-2020-12881
RESERVED
CVE-2020-12880 (An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect ...)
- TODO: check
+ NOT-FOR-US: Pulse
CVE-2020-12879
RESERVED
CVE-2020-12878
@@ -12780,11 +12780,11 @@ CVE-2020-11478
CVE-2020-11477
RESERVED
CVE-2020-11476 (Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangero ...)
- TODO: check
+ NOT-FOR-US: Concrete5
CVE-2020-11475
RESERVED
CVE-2020-11474 (NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic lin ...)
- TODO: check
+ NOT-FOR-US: NCP Secure Enterprise Client
CVE-2020-11473
RESERVED
CVE-2020-11472
@@ -14038,13 +14038,13 @@ CVE-2020-10987 (The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15
CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC190 ...)
NOT-FOR-US: Tenda
CVE-2020-10985 (Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. ...)
- TODO: check
+ NOT-FOR-US: Gambio GX
CVE-2020-10984 (Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. ...)
- TODO: check
+ NOT-FOR-US: Gambio GX
CVE-2020-10983 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. ...)
- TODO: check
+ NOT-FOR-US: Gambio GX
CVE-2020-10982 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. ...)
- TODO: check
+ NOT-FOR-US: Gambio GX
CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintaine ...)
[experimental] - gitlab 12.8.8-1
- gitlab <unfixed>
@@ -14231,21 +14231,21 @@ CVE-2020-10932 (An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x
NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
CVE-2020-10930 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-10929 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-10928 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-10927 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-10926 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-10925 (This vulnerability allows network-adjacent attackers to compromise the ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-10924 (This vulnerability allows network-adjacent attackers to bypass authent ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-10923 (This vulnerability allows network-adjacent attackers to bypass authent ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-10922 (This vulnerability allows remote attackers to create a denial-of-servi ...)
NOT-FOR-US: C-MORE HMI
CVE-2020-10921 (This vulnerability allows remote attackers to issue commands on affect ...)
@@ -17559,13 +17559,13 @@ CVE-2020-9694
CVE-2020-9693
RESERVED
CVE-2020-9692 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-9691 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-9690 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-9689 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-9688 (Adobe Download Manager version 2.0.0.518 have a command injection vuln ...)
NOT-FOR-US: Adobe
CVE-2020-9687 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbd864295bc9fba628c63459444105786e09bcd0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbd864295bc9fba628c63459444105786e09bcd0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200730/bb6e9008/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list