[Git][security-tracker-team/security-tracker][master] new telegram issue

Moritz Muehlenhoff jmm at debian.org
Wed May 6 17:26:01 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
11ec150e by Moritz Muehlenhoff at 2020-05-06T18:25:42+02:00
new telegram issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,7 +63,7 @@ CVE-2020-12651
 CVE-2020-12650
 	RESERVED
 CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
-	TODO: check
+	NOT-FOR-US: Gurbalib
 CVE-2020-12648
 	RESERVED
 CVE-2020-12647
@@ -417,7 +417,8 @@ CVE-2020-12476
 CVE-2020-12475 (TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for ...)
 	NOT-FOR-US: TP-Link
 CVE-2020-12474 (Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, an ...)
-	TODO: check
+	- telegram-desktop 2.1.0+ds-1
+	NOTE: https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474
 CVE-2020-12473 (MonoX through 5.1.40.5152 allows admins to execute arbitrary programs  ...)
 	NOT-FOR-US: MonoX
 CVE-2020-12472 (MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comm ...)
@@ -458,7 +459,7 @@ CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3)
 CVE-2020-12463 (An elevation of privilege vulnerability exists in Avira Software Updat ...)
-	TODO: check
+	NOT-FOR-US: Avira
 CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with  ...)
 	NOT-FOR-US: ninja-forms plugin for WordPress
 CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...)
@@ -508,7 +509,7 @@ CVE-2020-12441
 CVE-2020-12440
 	RESERVED
 CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...)
-	TODO: check
+	NOT-FOR-US: Grin
 CVE-2020-12438 (An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03 ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2020-12437
@@ -1230,11 +1231,11 @@ CVE-2020-12146
 CVE-2020-12145
 	RESERVED
 CVE-2020-12144 (Details The certificate used to identify the Silver Peak Cloud Portal  ...)
-	TODO: check
+	NOT-FOR-US: Silver Peak Cloud Portal
 CVE-2020-12143 (Summary - The certificate used to identify Orchestrator to EdgeConnect ...)
-	TODO: check
+	NOT-FOR-US: EdgeConnect
 CVE-2020-12142 (a. IPSec UDP key material can be retrieved from machine-to-machine int ...)
-	TODO: check
+	NOT-FOR-US: EdgeConnect
 CVE-2020-12141
 	RESERVED
 CVE-2020-12140
@@ -2636,7 +2637,7 @@ CVE-2020-11802
 CVE-2020-11801
 	RESERVED
 CVE-2019-20768 (ServiceNow IT Service Management Kingston through Patch 14-1, London t ...)
-	TODO: check
+	NOT-FOR-US: ServiceNow IT Service Management Kingston
 CVE-2020-11800
 	RESERVED
 CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11ec150eb1e7940b82daa0ed116acff66ba59a2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11ec150eb1e7940b82daa0ed116acff66ba59a2a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200506/ee7a8f21/attachment.html>


More information about the debian-security-tracker-commits mailing list