[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Oct 21 14:15:16 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d1cee3d by Moritz Muehlenhoff at 2020-10-21T15:14:56+02:00
NFUs
veyon n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5279,7 +5279,7 @@ CVE-2020-25159
 CVE-2020-25158
 	RESERVED
 CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection ...)
-	TODO: check
+	NOT-FOR-US: R-SeeNet
 CVE-2020-25156
 	RESERVED
 CVE-2020-25155
@@ -6119,7 +6119,7 @@ CVE-2020-24767
 CVE-2020-24766
 	RESERVED
 CVE-2020-24765 (InterMind iMind Server through 3.13.65 allows remote unauthenticated a ...)
-	TODO: check
+	NOT-FOR-US: InterMind iMind Server
 CVE-2020-24764
 	RESERVED
 CVE-2020-24763
@@ -6881,21 +6881,21 @@ CVE-2020-24418
 CVE-2020-24417
 	RESERVED
 CVE-2020-24416 (Marketo Sales Insight plugin version 1.4355 (and earlier) is affected  ...)
-	TODO: check
+	NOT-FOR-US: Marketo Sales Insight plugin
 CVE-2020-24415 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-24414 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-24413 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-24412 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-24411 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-24410 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-24409 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-24408 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a per ...)
 	NOT-FOR-US: Magento
 CVE-2020-24407
@@ -6940,9 +6940,9 @@ CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape th
 CVE-2020-24389
 	RESERVED
 CVE-2020-24388 (An issue was discovered in the _send_secure_msg() function of yubihsm- ...)
-	TODO: check
+	NOT-FOR-US: yubihsm-shell
 CVE-2020-24387 (An issue was discovered in the yh_create_session() function of yubihsm ...)
-	TODO: check
+	NOT-FOR-US: yubihsm-shell
 CVE-2020-24386
 	RESERVED
 CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...)
@@ -6969,7 +6969,7 @@ CVE-2020-24377 (A DNS rebinding vulnerability in the Freebox OS web interface in
 CVE-2020-24376 (A DNS rebinding vulnerability in the UPnP IGD implementations in Freeb ...)
 	NOT-FOR-US: Freebox
 CVE-2020-24375 (A DNS rebinding vulnerability in the UPnP MediaServer implementation i ...)
-	TODO: check
+	NOT-FOR-US: Freebox
 CVE-2020-24374 (A DNS rebinding vulnerability in Freebox HD before 1.5.29. ...)
 	NOT-FOR-US: Freebox
 CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in Freebox ...)
@@ -23606,13 +23606,13 @@ CVE-2020-16163 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validato
 CVE-2020-16162 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x  ...)
 	NOT-FOR-US: RIPE NCC RPKI Validator
 CVE-2020-16161 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Sca ...)
-	TODO: check
+	NOT-FOR-US: GoPro
 CVE-2020-16160 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Dec ...)
-	TODO: check
+	NOT-FOR-US: GoPro
 CVE-2020-16159 (GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GP ...)
-	TODO: check
+	NOT-FOR-US: GoPro
 CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerab ...)
-	TODO: check
+	NOT-FOR-US: GoPro
 CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...)
 	NOT-FOR-US: Nagios Log Server
 CVE-2020-16156
@@ -24207,7 +24207,7 @@ CVE-2020-15933
 CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...)
 	NOT-FOR-US: Overwolf
 CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Netwrix Account Lockout Examiner
 CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary cod ...)
 	NOT-FOR-US: Joplin desktop
 CVE-2020-15929
@@ -25961,7 +25961,7 @@ CVE-2020-15271
 CVE-2020-15270
 	RESERVED
 CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens ...)
-	TODO: check
+	NOT-FOR-US: Spree
 CVE-2020-15268
 	RESERVED
 CVE-2020-15267
@@ -25971,13 +25971,14 @@ CVE-2020-15266
 CVE-2020-15265
 	RESERVED
 CVE-2020-15264 (The Boxstarter installer before version 2.13.0 configures C:\ProgramDa ...)
-	TODO: check
+	NOT-FOR-US: Boxstarter
 CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not properly e ...)
 	NOT-FOR-US: Laravel Orchid Platform
 CVE-2020-15262 (In webpack-subresource-integrity before version 1.5.1, all dynamically ...)
-	TODO: check
+	NOT-FOR-US: Node webpack-subresource-integrity
 CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an unquoted ...)
-	TODO: check
+	- veyon <not-affected> (Windows-specific)
+	NOTE: https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp
 CVE-2020-15260
 	RESERVED
 CVE-2020-15259
@@ -26013,7 +26014,7 @@ CVE-2020-15247
 CVE-2020-15246
 	RESERVED
 CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...)
-	TODO: check
+	NOT-FOR-US: Sylius
 CVE-2020-15244
 	RESERVED
 CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi Authentication a ...)
@@ -42766,7 +42767,7 @@ CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash.
 CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...)
 	NOT-FOR-US: PDFescape
 CVE-2020-9417 (The Transaction Insight reporting component of TIBCO Software Inc.'s T ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2020-9416 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire  ...)
 	NOT-FOR-US: TIBCO
 CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO Software Inc.' ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1cee3d2a40b4ae2bac56d97331ead52ae12810

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1cee3d2a40b4ae2bac56d97331ead52ae12810
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201021/8b3ea175/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list