[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Oct 17 15:46:03 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fdcc7024 by Salvatore Bonaccorso at 2020-10-17T16:45:38+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -34,7 +34,7 @@ CVE-2020-27180
CVE-2020-27179
RESERVED
CVE-2020-27178 (Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4 ...)
- TODO: check
+ NOT-FOR-US: Apereo CAS
CVE-2020-27177
RESERVED
CVE-2020-27176 (Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote C ...)
@@ -509,7 +509,7 @@ CVE-2020-26946
CVE-2020-26945 (MyBatis before 3.5.6 mishandles deserialization of object streams. ...)
NOT-FOR-US: MyBatis
CVE-2020-26944 (An issue was discovered in Aptean Product Configurator 4.61.0000 on Wi ...)
- TODO: check
+ NOT-FOR-US: Aptean
CVE-2020-26943 (An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2. ...)
NOT-FOR-US: blazar-dashboard
CVE-2020-26942
@@ -1060,7 +1060,7 @@ CVE-2020-26674
CVE-2020-26673
RESERVED
CVE-2020-26672 (Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site S ...)
- TODO: check
+ NOT-FOR-US: Testimonial Rotator Wordpress Plugin
CVE-2020-26671
RESERVED
CVE-2020-26670
@@ -4296,7 +4296,7 @@ CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XS
CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...)
NOT-FOR-US: yWorks yEd Desktop
CVE-2020-25214 (In the client in Overwolf 0.149.2.30, a channel can be accessed or inf ...)
- TODO: check
+ NOT-FOR-US: Overwolf
CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...)
NOT-FOR-US: File Manager (wp-file-manager) plugin for WordPress
CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel before 5. ...)
@@ -6055,7 +6055,7 @@ CVE-2020-24410
CVE-2020-24409
RESERVED
CVE-2020-24408 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a per ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-24407
RESERVED
CVE-2020-24406
@@ -20940,9 +20940,9 @@ CVE-2020-17025
CVE-2020-17024
RESERVED
CVE-2020-17023 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17022 (A remote code execution vulnerability exists in the way that Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17021
RESERVED
CVE-2020-17020
@@ -21026,33 +21026,33 @@ CVE-2020-16982
CVE-2020-16981
RESERVED
CVE-2020-16980 (An elevation of privilege vulnerability exists when the Windows iSCSI ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16979
RESERVED
CVE-2020-16978 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16977 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16976 (An elevation of privilege vulnerability exists when the Windows Backup ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16975 (An elevation of privilege vulnerability exists when the Windows Backup ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16974 (An elevation of privilege vulnerability exists when the Windows Backup ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16973 (An elevation of privilege vulnerability exists when the Windows Backup ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16972 (An elevation of privilege vulnerability exists when the Windows Backup ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16971
RESERVED
CVE-2020-16970
RESERVED
CVE-2020-16969 (An information disclosure vulnerability exists in how Microsoft Exchan ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16968 (A remote code execution vulnerability exists when the Windows Camera C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16967 (A remote code execution vulnerability exists when the Windows Camera C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16966
RESERVED
CVE-2020-16965
@@ -21072,65 +21072,65 @@ CVE-2020-16959
CVE-2020-16958
RESERVED
CVE-2020-16957 (A remote code execution vulnerability exists when the Microsoft Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16956 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16955 (An elevation of privilege vulnerability exists in the way that Microso ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16954 (A remote code execution vulnerability exists in Microsoft Office softw ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16953 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16952 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16951 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16950 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16949 (A denial of service vulnerability exists in Microsoft Outlook software ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16948 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16947 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16946 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16945 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16944 (This vulnerability is caused when SharePoint Server does not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16943 (An elevation of privilege vulnerability exists in Microsoft Dynamics 3 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16942 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16941 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16940 (An elevation of privilege vulnerability exists when the Windows User P ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16939 (An elevation of privilege vulnerability exists when Group Policy impro ...)
TODO: check
CVE-2020-16938 (An information disclosure vulnerability exists when the Windows kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16937 (An information disclosure vulnerability exists when the .NET Framework ...)
TODO: check
CVE-2020-16936 (An elevation of privilege vulnerability exists when the Windows Backup ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16935 (An elevation of privilege vulnerability exists when Windows improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16934 (An elevation of privilege vulnerability exists in the way that Microso ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16933 (A security feature bypass vulnerability exists in Microsoft Word softw ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16932 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16931 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16930 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16929 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16928 (An elevation of privilege vulnerability exists in the way that Microso ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16927 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
TODO: check
CVE-2020-16926
@@ -21138,85 +21138,85 @@ CVE-2020-16926
CVE-2020-16925
RESERVED
CVE-2020-16924 (A remote code execution vulnerability exists when the Windows Jet Data ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16923 (A remote code execution vulnerability exists in the way that Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16922 (A spoofing vulnerability exists when Windows incorrectly validates fil ...)
TODO: check
CVE-2020-16921 (An information disclosure vulnerability exists in Text Services Framew ...)
TODO: check
CVE-2020-16920 (An elevation of privilege vulnerability exists when the Windows Applic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16919 (An information disclosure vulnerability exists when the Windows Enterp ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16918 (A remote code execution vulnerability exists when the Base3D rendering ...)
TODO: check
CVE-2020-16917
RESERVED
CVE-2020-16916 (An elevation of privilege vulnerability exists when Windows improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16915 (A memory corruption vulnerability exists when Windows Media Foundation ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16914 (An information disclosure vulnerability exists in the way that the Win ...)
TODO: check
CVE-2020-16913 (An elevation of privilege vulnerability exists in Windows when the Win ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16912 (An elevation of privilege vulnerability exists when the Windows Backup ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16911 (A remote code execution vulnerability exists in the way that the Windo ...)
TODO: check
CVE-2020-16910 (A security feature bypass vulnerability exists when Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16909 (An elevation of privilege vulnerability exists in Windows Error Report ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16908 (An elevation of privilege vulnerability exists in Windows Setup in the ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16907 (An elevation of privilege vulnerability exists in Windows when the Win ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16906
RESERVED
CVE-2020-16905 (An elevation of privilege vulnerability exists in Windows Error Report ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16904 (An elevation of privilege vulnerability exists in the way Azure Functi ...)
TODO: check
CVE-2020-16903
RESERVED
CVE-2020-16902 (An elevation of privilege vulnerability exists in the Windows Installe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16901 (An information disclosure vulnerability exists when the Windows kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16900 (An elevation of privilege vulnerability exists when the Windows Event ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16899 (A denial of service vulnerability exists when the Windows TCP/IP stack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16898 (A remote code execution vulnerability exists when the Windows TCP/IP s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16897 (An information disclosure vulnerability exists when NetBIOS over TCP ( ...)
TODO: check
CVE-2020-16896 (An information disclosure vulnerability exists in Remote Desktop Proto ...)
TODO: check
CVE-2020-16895 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16894 (A remote code execution vulnerability exists when Windows Network Addr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16893
RESERVED
CVE-2020-16892 (An elevation of privilege vulnerability exists in the way that the Win ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16891 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
TODO: check
CVE-2020-16890 (An elevation of privilege vulnerability exists when the Windows kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16889 (An information disclosure vulnerability exists when the Windows Kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16888
RESERVED
CVE-2020-16887 (An elevation of privilege vulnerability exists in the way that the Win ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16886 (A security feature bypass vulnerability exists in the PowerShellGet V2 ...)
TODO: check
CVE-2020-16885 (An elevation of privilege vulnerability exists when the Windows Storag ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16884 (A remote code execution vulnerability exists in the way that the IEToE ...)
NOT-FOR-US: IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer
CVE-2020-16883
@@ -21232,9 +21232,9 @@ CVE-2020-16879 (An information disclosure vulnerability exists when a Windows Pr
CVE-2020-16878 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
NOT-FOR-US: Microsoft
CVE-2020-16877 (An elevation of privilege vulnerability exists when Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16876 (An elevation of privilege vulnerability exists when the Windows Applic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16875 (A remote code execution vulnerability exists in Microsoft Exchange ser ...)
NOT-FOR-US: Microsoft
CVE-2020-16874 (A remote code execution vulnerability exists in Visual Studio when it ...)
@@ -22532,7 +22532,7 @@ CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0
CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...)
NOT-FOR-US: Kee Vault KeePassRPC
CVE-2020-16270 (OLIMPOKS before 5.1.0 allows Auth/Admin ErrorMessage XSS. ...)
- TODO: check
+ NOT-FOR-US: OLIMPOKS
CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...)
- radare2 <unfixed>
NOTE: https://github.com/radareorg/radare2/issues/17383
@@ -23504,7 +23504,7 @@ CVE-2020-15869 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1
CVE-2020-15868 (Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect ...)
NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro
CVE-2020-15867 (The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authentic ...)
- TODO: check
+ NOT-FOR-US: Go Git Service
CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...)
- mruby <unfixed> (bug #972051)
[buster] - mruby <no-dsa> (Minor issue)
@@ -25130,7 +25130,7 @@ CVE-2020-15254 (Crossbeam is a set of tools for concurrent programming. In cross
CVE-2020-15253 (Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting v ...)
NOT-FOR-US: Grocy
CVE-2020-15252 (In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right ( ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version ...)
NOT-FOR-US: Channelmgnt plug-in for Sopel
CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryF ...)
@@ -55229,7 +55229,7 @@ CVE-2020-3993
CVE-2020-3992
RESERVED
CVE-2020-3991 (VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3990 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
NOT-FOR-US: VMware
CVE-2020-3989 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
@@ -64317,7 +64317,7 @@ CVE-2020-1684 (On Juniper Networks SRX Series configured with application identi
CVE-2020-1683 (On Juniper Networks Junos OS devices, a specific SNMP OID poll causes ...)
NOT-FOR-US: Juniper
CVE-2020-1682 (An input validation vulnerability exists in Juniper Networks Junos OS, ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2020-1681 (Receipt of a specifically malformed NDP packet sent from the local are ...)
NOT-FOR-US: Juniper
CVE-2020-1680 (On Juniper Networks MX Series with MS-MIC or MS-MPC card configured wi ...)
@@ -65202,7 +65202,7 @@ CVE-2020-1245 (An elevation of privilege vulnerability exists in Windows when th
CVE-2020-1244 (A denial of service vulnerability exists when Connected User Experienc ...)
NOT-FOR-US: Microsoft
CVE-2020-1243 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-1242 (An information disclosure vulnerability exists in the way that Microso ...)
NOT-FOR-US: Microsoft
CVE-2020-1241 (A security feature bypass vulnerability exists when Windows Kernel fai ...)
@@ -65354,7 +65354,7 @@ CVE-2020-1169 (An elevation of privilege vulnerability exists when the Windows R
CVE-2020-1168
RESERVED
CVE-2020-1167 (A remote code execution vulnerability exists in the way that Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-1166 (An elevation of privilege vulnerability exists when Windows improperly ...)
NOT-FOR-US: Microsoft
CVE-2020-1165 (An elevation of privilege vulnerability exists when Windows improperly ...)
@@ -65528,7 +65528,7 @@ CVE-2020-1082 (An elevation of privilege vulnerability exists in Windows Error R
CVE-2020-1081 (An elevation of privilege vulnerability exists when the Windows Printe ...)
NOT-FOR-US: Microsoft
CVE-2020-1080 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-1079 (An elevation of privilege vulnerability exists when the Windows fails ...)
NOT-FOR-US: Microsoft
CVE-2020-1078 (An elevation of privilege vulnerability exists in Windows Installer be ...)
@@ -65594,7 +65594,7 @@ CVE-2020-1049 (A cross site scripting vulnerability exists when Microsoft Dynami
CVE-2020-1048 (An elevation of privilege vulnerability exists when the Windows Print ...)
NOT-FOR-US: Microsoft
CVE-2020-1047 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-1046 (A remote code execution vulnerability exists when Microsoft .NET Frame ...)
NOT-FOR-US: Microsoft
CVE-2020-1045 (A security feature bypass vulnerability exists in the way Microsoft AS ...)
@@ -66160,7 +66160,7 @@ CVE-2020-0766 (An elevation of privilege vulnerability exists when the Microsoft
CVE-2020-0765 (An information disclosure vulnerability exists in the Remote Desktop C ...)
NOT-FOR-US: Microsoft
CVE-2020-0764 (An elevation of privilege vulnerability exists when the Windows Storag ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-0763 (An elevation of privilege vulnerability exists when Windows Defender S ...)
NOT-FOR-US: Microsoft
CVE-2020-0762 (An elevation of privilege vulnerability exists when Windows Defender S ...)
@@ -87731,7 +87731,7 @@ CVE-2019-12307
CVE-2019-12306
RESERVED
CVE-2019-12305 (In EZCast Pro II, the administrator password md5 hash is provided upon ...)
- TODO: check
+ NOT-FOR-US: EZCast Pro II
CVE-2019-12304
RESERVED
CVE-2019-12303 (In Rancher 2 through 2.2.3, Project owners can inject additional fluen ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdcc70244680849024edc7239668a3d3c54ae1ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fdcc70244680849024edc7239668a3d3c54ae1ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201017/c3538a2a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list