[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu May 14 16:44:27 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cbd1181f by Moritz Muehlenhoff at 2020-05-14T17:44:10+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -338,13 +338,13 @@ CVE-2020-12702
CVE-2020-12701
RESERVED
CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows Information D ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2020-12699 (The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2020-12698 (The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Co ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Ser ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...)
NOT-FOR-US: iframe plugin for WordPress
CVE-2020-12695
@@ -962,7 +962,7 @@ CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that
CVE-2020-12428
RESERVED
CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 for MyClou ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2020-12426
RESERVED
CVE-2020-12425
@@ -2135,7 +2135,7 @@ CVE-2020-11934
CVE-2020-11933
RESERVED
CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu Server logge ...)
- TODO: check
+ NOT-FOR-US: Subiquity installer for Ubuntu
CVE-2020-11931
RESERVED
NOT-FOR-US: Ubuntu snap packaging of Pulseaudio
@@ -5298,21 +5298,21 @@ CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 1.2.1,
CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability w ...)
TODO: check
CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulne ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2020-11069 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2020-11068
RESERVED
CVE-2020-11067 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2020-11066 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2020-11065 (In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2020-11064 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2020-11063 (In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that t ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h
@@ -5334,7 +5334,7 @@ CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds se
NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011
CVE-2020-11057 (In XWiki Platform 7.2 through 11.10.2, registered users without script ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...)
NOT-FOR-US: Sprout Forms
CVE-2020-11055 (In BookStack greater than or equal to 0.18.0 and less than 0.29.2, the ...)
@@ -6746,7 +6746,7 @@ CVE-2020-10656
CVE-2020-10655
RESERVED
CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...)
- TODO: check
+ NOT-FOR-US: Ping Identity PingID
CVE-2020-10653
RESERVED
CVE-2020-10652
@@ -8639,25 +8639,25 @@ CVE-2020-9768 (A use after free issue was addressed with improved memory managem
CVE-2020-9767
RESERVED
CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10026
REJECTED
CVE-2020-10025
REJECTED
CVE-2020-10024 (The arm platform-specific code uses a signed integer comparison when v ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10023 (The shell subsystem contains a buffer overflow, whereby an adversary w ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10022 (A malformed JSON payload that is received from an UpdateHub server may ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10021 (Out-of-bounds Write in the USB Mass Storage memoryWrite handler with u ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10020
REJECTED
CVE-2020-10019 (USB DFU has a potential buffer overflow where the requested length (wL ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the ...)
{DSA-4641-1}
- webkit2gtk 2.28.0-2
@@ -9271,9 +9271,9 @@ CVE-2020-9504
CVE-2020-9503
RESERVED
CVE-2020-9502 (Some Dahua products with Build time before December 2019 have Session ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2020-9501 (Attackers can obtain Cloud Key information from the Dahua Web P2P cont ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...)
NOT-FOR-US: Dahua
CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...)
@@ -17835,9 +17835,9 @@ CVE-2020-5897 (In versions 7.1.5-7.1.9, there is use-after-free memory vulnerabi
CVE-2020-5896 (On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Se ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5895 (On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and ...)
- TODO: check
+ NOT-FOR-US: NGINX Controller
CVE-2020-5894 (On versions 3.0.0-3.3.0, the NGINX Controller webserver does not inval ...)
- TODO: check
+ NOT-FOR-US: NGINX Controller
CVE-2020-5893 (In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Ed ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5892 (In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP A ...)
@@ -17949,17 +17949,17 @@ CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Ent
CVE-2020-5839
RESERVED
CVE-2020-5838 (Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-s ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect file perm ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2020-5836 (Symantec Endpoint Protection, prior to 14.3, can potentially reset the ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2020-5835 (Symantec Endpoint Protection Manager, prior to 14.3, has a race condit ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2020-5834 (Symantec Endpoint Protection Manager, prior to 14.3, may be susceptibl ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2020-5833 (Symantec Endpoint Protection Manager, prior to 14.3, may be susceptibl ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2020-5832 (Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6 ...)
NOT-FOR-US: Symantec
CVE-2020-5831 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...)
@@ -18549,7 +18549,7 @@ CVE-2020-5540
CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do no ...)
NOT-FOR-US: GRANDIT
CVE-2020-5538 (Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: PALLET CONTROL
CVE-2020-5537
RESERVED
CVE-2020-5536 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...)
@@ -18866,7 +18866,7 @@ CVE-2020-5411
CVE-2020-5410
RESERVED
CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects to u ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2020-5408
RESERVED
CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 ...)
@@ -28081,27 +28081,27 @@ CVE-2020-2020
CVE-2020-2019
RESERVED
CVE-2020-2018 (An authentication bypass vulnerability in Palo Alto Networks PAN-OS Pa ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2020-2017 (A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Pa ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2020-2016 (A race condition due to insecure creation of a file in a temporary dir ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2020-2015 (A buffer overflow vulnerability in the PAN-OS management server allows ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2020-2014 (An OS Command Injection vulnerability in PAN-OS management server allo ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2020-2013 (A cleartext transmission of sensitive information vulnerability in Pal ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2020-2012 (Improper restriction of XML external entity reference ('XXE') vulnerab ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2020-2011 (An improper input validation vulnerability in the configuration daemon ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2020-2010 (An OS command injection vulnerability in PAN-OS management interface a ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2020-2009 (An external control of filename vulnerability in the SD WAN component ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2020-2008 (An OS command injection and external control of filename vulnerability ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2020-2007 (An OS command injection vulnerability in the management server compone ...)
TODO: check
CVE-2020-2006 (A stack-based buffer overflow vulnerability in the management server c ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbd1181f8efc19025bfd446768fd05340063ecca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbd1181f8efc19025bfd446768fd05340063ecca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200514/75604de9/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list