[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Nov 13 12:57:11 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b4f14a0f by Moritz Muehlenhoff at 2020-11-13T13:56:29+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -481,9 +481,9 @@ CVE-2020-25709 [assertion failure in Certificate List syntax validation]
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383
NOTE: https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65 (OPENLDAP_REL_ENG_2_4_56)
CVE-2020-28415 (A reflected cross-site scripting (XSS) vulnerability exists in the Tra ...)
- TODO: check
+ NOT-FOR-US: TranzWare Payment Gateway
CVE-2020-28414 (A reflected cross-site scripting (XSS) vulnerability exists in the Tra ...)
- TODO: check
+ NOT-FOR-US: TranzWare Payment Gateway
CVE-2020-28413
RESERVED
CVE-2020-28412
@@ -2279,15 +2279,15 @@ CVE-2020-28273
CVE-2020-28272
RESERVED
CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0 through ...)
- TODO: check
+ NOT-FOR-US: Node deephas
CVE-2020-28270 (Overview:Prototype pollution vulnerability in ‘object-hierarchy- ...)
- TODO: check
+ NOT-FOR-US: Node object-hierarchy-access
CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1 through 1. ...)
- TODO: check
+ NOT-FOR-US: Node field
CVE-2020-28268
RESERVED
CVE-2020-28267 (Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 ...)
- TODO: check
+ NOT-FOR-US: Node strikeentco/set
CVE-2017-18926 (raptor_xml_writer_start_element_common in raptor_xml_writer.c in Rapto ...)
{DSA-4785-1 DLA-2438-1}
- raptor <removed>
@@ -2333,7 +2333,7 @@ CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note
CVE-2020-28248
RESERVED
CVE-2020-28247 (The lettre library through 0.10.0-alpha for Rust allows arbitrary send ...)
- TODO: check
+ NOT-FOR-US: Node lettre
CVE-2020-28246
RESERVED
CVE-2020-28245
@@ -4498,7 +4498,7 @@ CVE-2020-27525
CVE-2020-27524 (On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multi ...)
NOT-FOR-US: Audi
CVE-2020-27523 (Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string sp ...)
- TODO: check
+ NOT-FOR-US: Solstice-Pod
CVE-2020-27522
RESERVED
CVE-2020-27521
@@ -5163,7 +5163,7 @@ CVE-2020-27195 (HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5
NOTE: https://github.com/hashicorp/nomad/issues/9129
NOTE: https://github.com/hashicorp/nomad/commit/a8ea7c5f421297db434b45046fca7a9deef6df85 (0.12.6)
CVE-2020-27193 (A cross-site scripting (XSS) vulnerability in the Color Dialog plugin ...)
- TODO: check
+ NOT-FOR-US: CKEditor plugin
CVE-2020-27192
RESERVED
CVE-2020-27191
@@ -5277,7 +5277,7 @@ CVE-2020-27148
CVE-2020-27147
RESERVED
CVE-2020-27146 (The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace ( ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2020-27145
RESERVED
CVE-2020-27144
@@ -6560,7 +6560,7 @@ CVE-2020-26543
CVE-2017-18924 (** DISPUTED ** oauth2-server (aka node-oauth2-server) through 3.1.1 im ...)
NOT-FOR-US: node-oauth2-server
CVE-2020-26542 (An issue was discovered in the MongoDB Simple LDAP plugin through 2020 ...)
- TODO: check
+ NOT-FOR-US: MongoDB plugin
CVE-2020-26541 (The Linux kernel through 5.8.13 does not properly enforce the Secure B ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Secure Boot key import not supported)
@@ -7316,7 +7316,7 @@ CVE-2020-26170
CVE-2020-26169
RESERVED
CVE-2020-26168 (The LDAP authentication method in LdapLoginModule in Hazelcast IMDG En ...)
- TODO: check
+ NOT-FOR-US: Hazelcast
CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature allows an ano ...)
NOT-FOR-US: FUEL CMS
CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...)
@@ -11258,7 +11258,7 @@ CVE-2020-24462
CVE-2020-24461
RESERVED
CVE-2020-24460 (Incorrect default permissions in the Intel(R) DSA before version 20.8. ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-24459
RESERVED
CVE-2020-24458
@@ -25283,7 +25283,7 @@ CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the d
[buster] - python-django-celery-results <no-dsa> (Minor issue)
NOTE: https://github.com/celery/django-celery-results/issues/142
CVE-2020-17494 (Untangle Firewall NG before 16.0 uses MD5 for passwords. ...)
- TODO: check
+ NOT-FOR-US: Untangle Firewall NG
CVE-2020-17493
RESERVED
CVE-2020-17492
@@ -29061,7 +29061,7 @@ CVE-2020-15785 (A vulnerability has been identified in Siveillance Video Client
CVE-2020-15784 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
NOT-FOR-US: Spectrum Power 4
CVE-2020-15783 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-15782
RESERVED
CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SICAM A8 ...)
@@ -34323,7 +34323,7 @@ CVE-2020-13879
CVE-2020-13878
RESERVED
CVE-2020-13877 (SQL Injection issues in various ASPX pages of ResourceXpress Meeting M ...)
- TODO: check
+ NOT-FOR-US: ResourceXpress Meeting Monitor
CVE-2020-13876
RESERVED
CVE-2020-13875
@@ -34681,7 +34681,7 @@ CVE-2020-13775 (ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger
NOTE: Fixed by: https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8 (znc-1.8.1-rc1)
NOTE: Introduced with: https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001 (znc-1.8.0)
CVE-2020-13774 (An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivant ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2020-13773
RESERVED
CVE-2020-13772
@@ -36706,9 +36706,9 @@ CVE-2020-12929
CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master ...)
NOT-FOR-US: AMD Ryzen Master
CVE-2020-12927 (A potential vulnerability in a dynamically loaded AMD driver in AMD VB ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12926 (The Trusted Platform Modules (TPM) reference software may not properly ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2020-12925
RESERVED
CVE-2020-12924
@@ -38302,7 +38302,7 @@ CVE-2020-12357
CVE-2020-12356 (Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.8 ...)
NOT-FOR-US: Intel
CVE-2020-12355 (Authentication bypass by capture-replay in RPMB protocol message authe ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-12354 (Incorrect default permissions in Windows(R) installer in Intel(R) AMT ...)
NOT-FOR-US: Intel
CVE-2020-12353 (Improper permissions in the Intel(R) Data Center Manager Console befor ...)
@@ -42300,13 +42300,13 @@ CVE-2020-11211
CVE-2020-11210
RESERVED
CVE-2020-11209 (u'Improper authorization in DSP process could allow unauthorized users ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11208 (u'Out of Bound issue in DSP services while processing received argumen ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11207 (u'Buffer overflow in LibFastCV library due to improper size checks wit ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11206 (u'Possible buffer overflow in Fastrpc while handling received paramete ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11205 (u'Possible integer overflow to heap overflow while processing command ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11204
@@ -42314,9 +42314,9 @@ CVE-2020-11204
CVE-2020-11203
RESERVED
CVE-2020-11202 (u'Buffer overflow/underflow occurs when typecasting the buffer passed ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11201 (u'Arbitrary access to DSP memory due to improper check in loaded libra ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11200
RESERVED
CVE-2020-11199
@@ -50015,7 +50015,7 @@ CVE-2020-8278
CVE-2020-8277
RESERVED
CVE-2020-8276 (The implementation of Brave Desktop's privacy-preserving analytics sys ...)
- TODO: check
+ NOT-FOR-US: Brave
CVE-2020-8275
RESERVED
CVE-2020-8274
@@ -50031,7 +50031,7 @@ CVE-2020-8270
CVE-2020-8269
RESERVED
CVE-2020-8268 (Prototype pollution vulnerability in json8-merge-patch npm package < ...)
- TODO: check
+ NOT-FOR-US: Node json8-merge-patch
CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10 and ea ...)
NOT-FOR-US: UniFi Protect controller
CVE-2020-8266
@@ -51398,7 +51398,7 @@ CVE-2020-7772
CVE-2020-7771
RESERVED
CVE-2020-7770 (This affects the package json8 before 1.0.3. The function adds in the ...)
- TODO: check
+ NOT-FOR-US: Node json8
CVE-2020-7769 (This affects the package nodemailer before 6.4.16. Use of crafted reci ...)
TODO: check
CVE-2020-7768 (The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 ...)
@@ -53159,9 +53159,9 @@ CVE-2020-7035
CVE-2020-7034
RESERVED
CVE-2020-7033 (A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Clien ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2020-7032 (An XML external entity (XXE) vulnerability in Avaya WebLM admin interf ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2020-7031
RESERVED
CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered in the ...)
@@ -57160,7 +57160,7 @@ CVE-2020-5428
CVE-2020-5427
RESERVED
CVE-2020-5426 (Scheduler for TAS prior to version 1.4.0 was permitting plaintext tran ...)
- TODO: check
+ NOT-FOR-US: Vmware
CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x v ...)
NOT-FOR-US: Vmware
CVE-2020-5424
@@ -72449,9 +72449,9 @@ CVE-2020-0595 (Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM
CVE-2020-0594 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM ...)
NOT-FOR-US: Intel
CVE-2020-0593 (Improper buffer restrictions in BIOS firmware for some Intel(R) Proces ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0592 (Out of bounds write in BIOS firmware for some Intel(R) Processors may ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0591 (Improper buffer restrictions in BIOS firmware for some Intel(R) Proces ...)
NOT-FOR-US: Intel
CVE-2020-0590 (Improper input validation in BIOS firmware for some Intel(R) Processor ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4f14a0f7a63b76c589afd36a680ca97a9b3583f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4f14a0f7a63b76c589afd36a680ca97a9b3583f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201113/8f8caf60/attachment.html>
More information about the debian-security-tracker-commits
mailing list