[Git][security-tracker-team/security-tracker][master] new u-boot issue
Moritz Muehlenhoff
jmm at debian.org
Fri Mar 20 08:46:59 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f85b22ca by Moritz Muehlenhoff at 2020-03-20T09:46:32+01:00
new u-boot issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2020-10683
RESERVED
CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-10681 (The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd fi ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-10680
RESERVED
CVE-2020-10679
@@ -25,7 +25,7 @@ CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's web application is
CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
NOT-FOR-US: Canon
CVE-2020-10669 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
NOT-FOR-US: Canon
CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
@@ -110,7 +110,10 @@ CVE-2019-20510
CVE-2020-10649
RESERVED
CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...)
- TODO: check
+ - u-boot <unfixed>
+ NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
+ NOTE: https://github.com/u-boot/u-boot/commits/master
+ NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
CVE-2020-10647
RESERVED
CVE-2020-10646
@@ -2726,7 +2729,7 @@ CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for
CVE-2020-9441
RESERVED
CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin through 5 ...)
- TODO: check
+ NOT-FOR-US: CKEditor plugin
CVE-2020-9439
RESERVED
CVE-2020-9438
@@ -2983,11 +2986,11 @@ CVE-2020-9347 (** DISPUTED ** Zoho ManageEngine Password Manager Pro through 10.
CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no protectio ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-9345 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...)
- TODO: check
+ NOT-FOR-US: signoPAD-API/Web
CVE-2020-9344 (Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at ...)
- TODO: check
+ NOT-FOR-US: Subversion ALM
CVE-2020-9343 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...)
- TODO: check
+ NOT-FOR-US: signoPAD-API/Web
CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows virus-detectio ...)
NOT-FOR-US: F-Secure AV parsing engine
CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator ...)
@@ -3143,7 +3146,7 @@ CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for
CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...)
- mahara <removed>
CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...)
- TODO: check
+ NOT-FOR-US: CKEditor plugin
CVE-2020-9280
RESERVED
CVE-2020-9279
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f85b22ca15cdae117b62553393c841d432f357e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f85b22ca15cdae117b62553393c841d432f357e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200320/1847717f/attachment.html>
More information about the debian-security-tracker-commits
mailing list