[Git][security-tracker-team/security-tracker][master] new telegram issue
Moritz Muehlenhoff
jmm at debian.org
Wed May 6 17:26:01 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
11ec150e by Moritz Muehlenhoff at 2020-05-06T18:25:42+02:00
new telegram issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -63,7 +63,7 @@ CVE-2020-12651
CVE-2020-12650
RESERVED
CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
- TODO: check
+ NOT-FOR-US: Gurbalib
CVE-2020-12648
RESERVED
CVE-2020-12647
@@ -417,7 +417,8 @@ CVE-2020-12476
CVE-2020-12475 (TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for ...)
NOT-FOR-US: TP-Link
CVE-2020-12474 (Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, an ...)
- TODO: check
+ - telegram-desktop 2.1.0+ds-1
+ NOTE: https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474
CVE-2020-12473 (MonoX through 5.1.40.5152 allows admins to execute arbitrary programs ...)
NOT-FOR-US: MonoX
CVE-2020-12472 (MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comm ...)
@@ -458,7 +459,7 @@ CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel
- linux <unfixed>
NOTE: https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3)
CVE-2020-12463 (An elevation of privilege vulnerability exists in Avira Software Updat ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with ...)
NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...)
@@ -508,7 +509,7 @@ CVE-2020-12441
CVE-2020-12440
RESERVED
CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...)
- TODO: check
+ NOT-FOR-US: Grin
CVE-2020-12438 (An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03 ...)
NOT-FOR-US: PHP-Fusion
CVE-2020-12437
@@ -1230,11 +1231,11 @@ CVE-2020-12146
CVE-2020-12145
RESERVED
CVE-2020-12144 (Details The certificate used to identify the Silver Peak Cloud Portal ...)
- TODO: check
+ NOT-FOR-US: Silver Peak Cloud Portal
CVE-2020-12143 (Summary - The certificate used to identify Orchestrator to EdgeConnect ...)
- TODO: check
+ NOT-FOR-US: EdgeConnect
CVE-2020-12142 (a. IPSec UDP key material can be retrieved from machine-to-machine int ...)
- TODO: check
+ NOT-FOR-US: EdgeConnect
CVE-2020-12141
RESERVED
CVE-2020-12140
@@ -2636,7 +2637,7 @@ CVE-2020-11802
CVE-2020-11801
RESERVED
CVE-2019-20768 (ServiceNow IT Service Management Kingston through Patch 14-1, London t ...)
- TODO: check
+ NOT-FOR-US: ServiceNow IT Service Management Kingston
CVE-2020-11800
RESERVED
CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11ec150eb1e7940b82daa0ed116acff66ba59a2a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11ec150eb1e7940b82daa0ed116acff66ba59a2a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200506/ee7a8f21/attachment.html>
More information about the debian-security-tracker-commits
mailing list