[Git][security-tracker-team/security-tracker][master] new libpam-tacplus issue
Moritz Muehlenhoff
jmm at debian.org
Sun Jun 7 16:15:41 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f026ad34 by Moritz Muehlenhoff at 2020-06-07T17:15:22+02:00
new libpam-tacplus issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,11 +7,11 @@ CVE-2020-13899
CVE-2020-13898
RESERVED
CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS. ...)
- TODO: check
+ NOT-FOR-US: HESK
CVE-2020-13896
RESERVED
CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows ...)
- TODO: check
+ NOT-FOR-US: DEXT5 Editor
CVE-2020-13893
RESERVED
CVE-2020-13892
@@ -19,9 +19,9 @@ CVE-2020-13892
CVE-2020-13891
RESERVED
CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an A ...)
- TODO: check
+ NOT-FOR-US: Bootstrap theme
CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2020-13888
RESERVED
CVE-2020-13887
@@ -41,7 +41,9 @@ CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2
CVE-2020-13882
RESERVED
CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...)
- TODO: check
+ - libpam-tacplus <unfixed>
+ NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
+ NOTE: https://github.com/kravietz/pam_tacplus/issues/149
CVE-2020-13880
RESERVED
CVE-2020-13879
@@ -232,7 +234,7 @@ CVE-2020-13794
CVE-2020-13793
RESERVED
CVE-2020-13792 (PlayTube 1.8 allows disclosure of user details via ajax.php?type=../ad ...)
- TODO: check
+ NOT-FOR-US: PlayTube
CVE-2019-20837 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...)
NOT-FOR-US: Foxit Reader
CVE-2019-20836 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...)
@@ -388,7 +390,7 @@ CVE-2020-13770
CVE-2020-13769
RESERVED
CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via ...)
- TODO: check
+ NOT-FOR-US: MiniShare
CVE-2020-13767
RESERVED
CVE-2020-13766
@@ -429,7 +431,7 @@ CVE-2020-13757 (Python-RSA 4.0 ignores leading '\0' bytes during decryption of c
[jessie] - python-rsa <no-dsa> (No reverse dependencies)
NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146
CVE-2020-13756 (Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...)
- TODO: check
+ NOT-FOR-US: Sabberworm PHP CSS Parser
CVE-2020-13755
RESERVED
CVE-2020-13753
@@ -658,7 +660,7 @@ CVE-2020-13648
CVE-2020-13647
RESERVED
CVE-2020-13646 (In the cheetah free wifi 5.1 driver file liebaonat.sys, local users ar ...)
- TODO: check
+ NOT-FOR-US: cheetah free wifi
CVE-2020-13645 (In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...)
- glib-networking <unfixed> (bug #961756)
NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135
@@ -783,7 +785,7 @@ CVE-2020-13599
CVE-2020-13598
RESERVED
CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...)
- TODO: check
+ NOT-FOR-US: Calico
CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
{DLA-2233-1}
- python-django 2:2.2.13-1 (bug #962323)
@@ -2437,19 +2439,19 @@ CVE-2020-12855
CVE-2020-12854
RESERVED
CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...)
- TODO: check
+ NOT-FOR-US: Pydio Cells
CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator user ...)
- TODO: check
+ NOT-FOR-US: Pydio Cells
CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or overwrite e ...)
- TODO: check
+ NOT-FOR-US: Pydio Cells
CVE-2020-12850
RESERVED
CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to the web ...)
- TODO: check
+ NOT-FOR-US: Pydio Cells
CVE-2020-12848 (In Pydio Cells 2.0.4, once an authenticated user shares a file selecti ...)
- TODO: check
+ NOT-FOR-US: Pydio Cells
CVE-2020-12847 (Pydio Cells 2.0.4 web application offers an administrative console nam ...)
- TODO: check
+ NOT-FOR-US: Pydio Cells
CVE-2020-12846 (Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remo ...)
NOT-FOR-US: Zimbra
CVE-2020-12845
@@ -6184,9 +6186,9 @@ CVE-2020-11699
CVE-2020-11698
RESERVED
CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a reflective XSS ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a stored XS ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2020-11695
RESERVED
CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarizatio ...)
@@ -7853,7 +7855,7 @@ CVE-2020-11093
CVE-2020-11092
RESERVED
CVE-2020-11091 (In Weave Net before version 2.6.3, an attacker able to run a process a ...)
- TODO: check
+ NOT-FOR-US: Weave Net
CVE-2020-11090
RESERVED
CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp function ...)
@@ -9820,7 +9822,7 @@ CVE-2020-10518
CVE-2020-10517
RESERVED
CVE-2020-10516 (An improper access control vulnerability was identified in the GitHub ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server API
CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...)
NOT-FOR-US: STARFACE UCC Client
CVE-2020-10514 (iCatch DVR firmware before 20200103 do not validate function parameter ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f026ad34a72b5bef5db0cf33c3971fdf1a5ffbeb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f026ad34a72b5bef5db0cf33c3971fdf1a5ffbeb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200607/fe8470ef/attachment.html>
More information about the debian-security-tracker-commits
mailing list