[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon May 11 09:59:12 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb6aa8a5 by Moritz Muehlenhoff at 2020-05-11T10:58:37+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,11 +27,11 @@ CVE-2020-12768 (An issue was discovered in the Linux kernel before 5.6. svm_cpu_
 	- linux 5.6.7-1
 	NOTE: https://git.kernel.org/linus/d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 (5.6-rc4)
 CVE-2020-12766 (Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via t ...)
-	TODO: check
+	NOT-FOR-US: Gnuteca
 CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&action=view&it ...)
-	TODO: check
+	NOT-FOR-US: Solis Miolo
 CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. ...)
-	TODO: check
+	NOT-FOR-US: Gnuteca
 CVE-2020-12763
 	RESERVED
 CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...)
@@ -5145,19 +5145,19 @@ CVE-2020-11058
 CVE-2020-11057
 	RESERVED
 CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...)
-	TODO: check
+	NOT-FOR-US: Sprout Forms
 CVE-2020-11055 (In BookStack greater than or equal to 0.18.0 and less than 0.29.2, the ...)
-	TODO: check
+	NOT-FOR-US: BookStack
 CVE-2020-11054 (In qutebrowser versions less than 1.11.1, reloading a page with certif ...)
 	TODO: check
 CVE-2020-11053 (In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: OAuth2 Proxy
 CVE-2020-11052 (In Sorcery before 0.15.0, there is a brute force vulnerability when us ...)
-	TODO: check
+	NOT-FOR-US: Sorcery
 CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor ...)
 	NOT-FOR-US: Wiki.js
 CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Improper Va ...)
-	TODO: check
+	NOT-FOR-US: Java-WebSocket, different from src:websocket-api
 CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...)
 	- freerdp2 <unfixed>
 	- freerdp <removed>
@@ -5337,7 +5337,7 @@ CVE-2020-11008 (Affected versions of Git have a vulnerability whereby Git can be
 CVE-2020-11007 (In Shopizer before version 2.11.0, using API or Controller based versi ...)
 	NOT-FOR-US: Shopizer
 CVE-2020-11006 (In Shopizer before version 2.11.0, a script can be injected in various ...)
-	TODO: check
+	NOT-FOR-US: Shopizer
 CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...)
 	NOT-FOR-US: WindowsHello
 CVE-2020-11004 (SQL Injection was discovered in Admidio before version 3.3.13. The mai ...)
@@ -9566,9 +9566,9 @@ CVE-2020-9317
 CVE-2020-9316
 	RESERVED
 CVE-2020-9315 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-9314 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-9313
 	RESERVED
 CVE-2020-9312
@@ -13144,7 +13144,7 @@ CVE-2020-7805 (An issue was discovered on KT Slim egg IML500 (R7283, R8112, R842
 CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7,  ...)
 	NOT-FOR-US: Handy Groupware
 CVE-2020-7803 (IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, versio ...)
-	TODO: check
+	NOT-FOR-US: Zoneplayer
 CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
 	NOT-FOR-US: Synergy Systems & Solutions (SSS)
 CVE-2020-7801 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...)
@@ -15844,9 +15844,9 @@ CVE-2020-6654
 CVE-2020-6653
 	RESERVED
 CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by ‘Eval In ...)
 	NOT-FOR-US: UPS companion software
 CVE-2020-6649



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb6aa8a503f50e0286b19c68e8f0f2a2f55a2c83

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb6aa8a503f50e0286b19c68e8f0f2a2f55a2c83
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200511/26cf9f33/attachment.html>


More information about the debian-security-tracker-commits mailing list