[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Oct 2 09:24:13 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
52f07ea7 by Salvatore Bonaccorso at 2020-10-02T10:23:45+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2020-26526
CVE-2020-26525
RESERVED
CVE-2020-26524 (CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. ...)
- TODO: check
+ NOT-FOR-US: CodeLathe FileCloud
CVE-2020-26523 (Froala Editor before 3.2.2 allows XSS via pasted content. ...)
- TODO: check
+ NOT-FOR-US: Froala Editor
CVE-2020-26522
RESERVED
CVE-2020-26521
@@ -17,7 +17,7 @@ CVE-2020-26520
CVE-2020-26519 (fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during pixmap si ...)
TODO: check
CVE-2020-26518 (Artica Pandora FMS before 743 allows unauthenticated attackers to cond ...)
- TODO: check
+ NOT-FOR-US: Artica Pandora FMS
CVE-2020-26517
RESERVED
CVE-2020-26516
@@ -22798,7 +22798,7 @@ CVE-2019-20904
CVE-2019-20903 (The hyperlinks functionality in atlaskit/editor-core in before version ...)
TODO: check
CVE-2019-20902 (Upgrading Crowd via XML Data Transfer can reactivate a disabled user f ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20901 (The login.jsp resource in Jira before version 8.5.2, and from version ...)
NOT-FOR-US: Atlassian
CVE-2019-20900 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -26412,7 +26412,7 @@ CVE-2020-14225
CVE-2020-14224
RESERVED
CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scri ...)
- TODO: check
+ NOT-FOR-US: HCL Digital Experience
CVE-2020-14222
RESERVED
CVE-2020-14221
@@ -27184,7 +27184,7 @@ CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public
NOTE: https://issues.apache.org/jira/browse/SOLR-14561
NOTE: https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2
CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and v ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2020-13939
RESERVED
CVE-2020-13938
@@ -29836,9 +29836,9 @@ CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolet
CVE-2020-12871
RESERVED
CVE-2020-12870 (RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username ...)
- TODO: check
+ NOT-FOR-US: RainbowFish PacsOne Server
CVE-2020-12869 (RainbowFish PacsOne Server 6.8.4 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: RainbowFish PacsOne Server
CVE-2020-12868
RESERVED
CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...)
@@ -30306,7 +30306,7 @@ CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remot
CVE-2020-12716
RESERVED
CVE-2020-12715 (RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: RainbowFish PacsOne Server
CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual Applia ...)
NOT-FOR-US: CipherMail
CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...)
@@ -39987,7 +39987,7 @@ CVE-2020-9493
CVE-2020-9492
RESERVED
CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted valu ...)
{DSA-4757-1}
- apache2 2.4.46-1
@@ -40012,9 +40012,9 @@ CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache L
NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b (release-2.x)
NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb (master)
CVE-2020-9487 (In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time pass ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2020-9486 (In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine p ...)
- TODO: check
+ NOT-FOR-US: Apache NiFi
CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and below. A sto ...)
- airflow <itp> (bug #819700)
CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...)
@@ -43416,7 +43416,7 @@ CVE-2020-8111
CVE-2020-8110
RESERVED
CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that results ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...)
NOT-FOR-US: Bitdefender
CVE-2020-8107
@@ -47007,7 +47007,7 @@ CVE-2020-6656
CVE-2020-6655
RESERVED
CVE-2020-6654 (A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configu ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 & prior stores the user l ...)
NOT-FOR-US: Eaton
CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...)
@@ -49272,17 +49272,17 @@ CVE-2020-5791
CVE-2020-5790
RESERVED
CVE-2020-5789 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...)
- TODO: check
+ NOT-FOR-US: Teltonika
CVE-2020-5788 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...)
- TODO: check
+ NOT-FOR-US: Teltonika
CVE-2020-5787 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...)
- TODO: check
+ NOT-FOR-US: Teltonika
CVE-2020-5786 (Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 all ...)
- TODO: check
+ NOT-FOR-US: Teltonika
CVE-2020-5785 (Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04 ...)
- TODO: check
+ NOT-FOR-US: Teltonika
CVE-2020-5784 (Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 al ...)
- TODO: check
+ NOT-FOR-US: Teltonika
CVE-2020-5783 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does n ...)
NOT-FOR-US: IgniteNet HeliOS GLinq
CVE-2020-5782 (In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ...)
@@ -50162,7 +50162,7 @@ CVE-2020-5389
CVE-2020-5388
RESERVED
CVE-2020-5387 (Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Ex ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource ...)
NOT-FOR-US: EMC
CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f07ea74552c76cbc7fb5d57be046c6882b9e22
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f07ea74552c76cbc7fb5d57be046c6882b9e22
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201002/a33d4f09/attachment.html>
More information about the debian-security-tracker-commits
mailing list