[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Mar 23 15:58:10 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a5111ed6 by Moritz Muehlenhoff at 2020-03-23T16:57:51+01:00
NFUs
lwip spu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -12522,7 +12522,7 @@ CVE-2020-5407
CVE-2020-5406
RESERVED
CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x pri ...)
- TODO: check
+ NOT-FOR-US: Spring Cloud Config
CVE-2020-5404 (The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and ...)
NOT-FOR-US: Reactor Netty, different from src:netty
CVE-2020-5403 (Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a UR ...)
@@ -12857,7 +12857,7 @@ CVE-2020-5264
CVE-2020-5263
RESERVED
CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...)
- TODO: check
+ NOT-FOR-US: EasyBuild
CVE-2020-5261
RESERVED
CVE-2020-5260
@@ -17536,9 +17536,9 @@ CVE-2019-19854 (An issue was discovered in Serpico (aka SimplE RePort wrIting an
CVE-2019-19853
RESERVED
CVE-2019-19852 (An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13 ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2019-19851 (An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13 ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2019-19850 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
NOT-FOR-US: TYPO3
CVE-2019-19849 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...)
@@ -21780,7 +21780,7 @@ CVE-2019-19543 (In the Linux kernel before 5.1.6, there is a use-after-free in s
CVE-2019-19539 (An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01AB ...)
NOT-FOR-US: Idelji Web ViewPoint
CVE-2019-19538 (In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0. ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...)
{DLA-2114-1 DLA-2068-1}
- linux 5.2.17-1
@@ -23154,7 +23154,7 @@ CVE-2019-19284
CVE-2019-19283
RESERVED
CVE-2019-19282 (A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-19281 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
NOT-FOR-US: Siemens
CVE-2019-19280
@@ -23559,7 +23559,7 @@ CVE-2019-19137
CVE-2019-19136
RESERVED
CVE-2019-19135 (In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do ...)
- TODO: check
+ NOT-FOR-US: OPC Foundation OPC UA .NET Standard codebase
CVE-2019-19134 (The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to ...)
NOT-FOR-US: Hero Maps Premium plugin for WordPress
CVE-2019-19133 (The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected ...)
@@ -26326,7 +26326,7 @@ CVE-2020-0817
CVE-2020-0816 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
NOT-FOR-US: Microsoft
CVE-2020-0815 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-0814 (An elevation of privilege vulnerability exists in Windows Installer be ...)
NOT-FOR-US: Microsoft
CVE-2020-0813 (An information disclosure vulnerability exists when Chakra improperly ...)
@@ -26440,7 +26440,7 @@ CVE-2020-0760
CVE-2020-0759 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
NOT-FOR-US: Microsoft
CVE-2020-0758 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-0757 (An elevation of privilege vulnerability exists when Windows improperly ...)
NOT-FOR-US: Microsoft
CVE-2020-0756 (An information disclosure vulnerability exists in the Cryptography Nex ...)
@@ -26556,7 +26556,7 @@ CVE-2020-0702 (A security feature bypass vulnerability exists in Surface Hub whe
CVE-2020-0701 (An elevation of privilege vulnerability exists in the way that the Win ...)
NOT-FOR-US: Microsoft
CVE-2020-0700 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-0699
RESERVED
CVE-2020-0698 (An information disclosure vulnerability exists when the Telephony Serv ...)
@@ -27396,7 +27396,7 @@ CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authentic
CVE-2020-0547
RESERVED
CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Modu ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0545
RESERVED
CVE-2020-0544
@@ -27428,7 +27428,7 @@ CVE-2020-0532
CVE-2020-0531
RESERVED
CVE-2020-0530 (Improper buffer restrictions in firmware for Intel(R) NUC may allow an ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0529
RESERVED
CVE-2020-0528
@@ -27436,7 +27436,7 @@ CVE-2020-0528
CVE-2020-0527
RESERVED
CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0525
RESERVED
CVE-2020-0524
@@ -27458,9 +27458,9 @@ CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 1
CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before version 26 ...)
TODO: check
CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R) Graphic ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0514 (Improper default permissions in the installer for Intel(R) Graphics Dr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0513
RESERVED
CVE-2020-0512
@@ -27472,7 +27472,7 @@ CVE-2020-0510
CVE-2020-0509
RESERVED
CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) Graphics D ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before versions 15. ...)
TODO: check
CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before versions 1 ...)
@@ -30515,7 +30515,7 @@ CVE-2019-17638
CVE-2019-17637
RESERVED
CVE-2019-17636 (In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre ...)
- TODO: check
+ NOT-FOR-US: Eclipse Theia
CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a dese ...)
NOT-FOR-US: Eclipse Memory Analyzer
CVE-2019-17634 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cros ...)
@@ -34436,7 +34436,7 @@ CVE-2019-16260
CVE-2019-16259
RESERVED
CVE-2019-16258 (The bootloader of the homee Brain Cube V2 through 2.23.0 allows attack ...)
- TODO: check
+ NOT-FOR-US: homee Brain Cube V2
CVE-2019-16257 (Some Motorola devices include the SIMalliance Toolbox Browser (aka S at T ...)
NOT-FOR-US: SIMalliance Toolbox Browser
CVE-2019-16256 (Some Samsung devices include the SIMalliance Toolbox Browser (aka S at T ...)
@@ -39771,9 +39771,9 @@ CVE-2019-14628
CVE-2019-14627
RESERVED
CVE-2019-14626 (Improper access control in PCIe function for the Intel® FPGA Prog ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14625 (Improper access control in on-card storage for the Intel® FPGA Pr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14624
RESERVED
CVE-2019-14623
@@ -47600,17 +47600,17 @@ CVE-2019-12372 (Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injecti
CVE-2019-12371
RESERVED
CVE-2019-12370 (The Spark application through 2.0.2 for Android allows XSS via an even ...)
- TODO: check
+ NOT-FOR-US: some Android application
CVE-2019-12369 (The TypeApp application through 1.9.5.35 for Android allows XSS via an ...)
- TODO: check
+ NOT-FOR-US: some Android application
CVE-2019-12368 (The Edison Mail application through 1.7.1 for Android allows XSS via a ...)
- TODO: check
+ NOT-FOR-US: some Android application
CVE-2019-12367 (The BlueMail application through 1.9.5.36 for Android allows XSS via a ...)
- TODO: check
+ NOT-FOR-US: some Android application
CVE-2019-12366 (The Nine application through 4.5.3a for Android allows XSS via an even ...)
- TODO: check
+ NOT-FOR-US: some Android application
CVE-2019-12365 (The Newton application through 10.0.23 for Android allows XSS via an e ...)
- TODO: check
+ NOT-FOR-US: some Android application
CVE-2019-12364
RESERVED
CVE-2019-12363 (An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2 ...)
@@ -48259,47 +48259,47 @@ CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) e
CVE-2019-12133 (Multiple Zoho ManageEngine products suffer from local privilege escala ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2019-12132 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/d ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12131 (An issue was detected in ONAP APPC through Dublin and SDC through Dubl ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12130 (In ONAP CLI through Dublin, by accessing an applicable port (30234, 30 ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12129 (In ONAP MSB through Dublin, by accessing an applicable port (30234, 30 ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12128 (In ONAP SO through Dublin, by accessing an applicable port (30234, 302 ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12127 (In ONAP OOM through Dublin, by accessing an applicable port (30234, 30 ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12126 (In ONAP DCAE through Dublin, by accessing an applicable port (30234, 3 ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12125 (In ONAP Logging through Dublin, by accessing an applicable port (30234 ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12124 (An issue was discovered in ONAP APPC before Dublin. By using an expose ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12123 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/p ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12122 (An issue was discovered in ONAP Portal through Dublin. By executing a ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12121 (An issue was detected in ONAP Portal through Dublin. By executing a pa ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12120 (An issue was discovered in ONAP VNFSDK through Dublin. By accessing po ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12119 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12118 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12117 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12116 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12115 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12114 (An issue was discovered in ONAP HOLMES before Dublin. By accessing por ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12113 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/p ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12112 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/u ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12111 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...)
{DLA-1811-1}
- miniupnpd 2.1-6 (bug #930050)
=====================================
data/next-point-update.txt
=====================================
@@ -57,3 +57,5 @@ CVE-2020-8141
[buster] - node-dot 1.1.1-1+deb10u1
CVE-2020-5267
[buster] - rails 2:5.2.2.1+dfsg-1+deb10u1
+CVE-2020-8597
+ [buster] - lwip 2.0.3-3+deb10u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5111ed67fae751ce70fffca5af83de5e5e4aff3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5111ed67fae751ce70fffca5af83de5e5e4aff3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200323/7659009a/attachment.html>
More information about the debian-security-tracker-commits
mailing list