[Git][security-tracker-team/security-tracker][master] new kleopatra issue

Moritz Muehlenhoff jmm at debian.org
Wed Sep 2 11:33:54 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3cf21ebb by Moritz Muehlenhoff at 2020-09-02T12:33:27+02:00
new kleopatra issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2020-25072
 CVE-2020-25071
 	RESERVED
 CVE-2020-25070 (USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the ...)
-	TODO: check
+	NOT-FOR-US: User-friendly SVN
 CVE-2020-25069 (USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: User-friendly SVN
 CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain sensitive i ...)
 	- plinth <unfixed>
 	[buster] - plinth <no-dsa> (Minor issue)
@@ -207,7 +207,9 @@ CVE-2020-24974
 CVE-2020-24973
 	RESERVED
 CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG  ...)
-	TODO: check
+	- kleopatra <unfixed>
+	NOTE: https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b
+	NOTE: https://security.gentoo.org/glsa/202008-21
 CVE-2020-24971
 	RESERVED
 CVE-2020-24970
@@ -241,7 +243,7 @@ CVE-2020-24957
 CVE-2020-24956
 	RESERVED
 CVE-2020-24955 (SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local  ...)
-	TODO: check
+	NOT-FOR-US: SUPERAntiSyware Professional
 CVE-2020-24954
 	RESERVED
 CVE-2020-24953
@@ -3331,7 +3333,7 @@ CVE-2020-23452
 CVE-2020-23451
 	RESERVED
 CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed  ...)
-	TODO: check
+	NOT-FOR-US: Spiceworks
 CVE-2020-23449
 	RESERVED
 CVE-2020-23448
@@ -15449,7 +15451,7 @@ CVE-2020-17407
 CVE-2020-17406
 	RESERVED
 CVE-2020-17405 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: Senstar Symphony
 CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit
 CVE-2020-17403 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -17948,19 +17950,19 @@ CVE-2020-16212
 CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out- ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2020-16210 (The affected product is vulnerable to reflected cross-site scripting,  ...)
-	TODO: check
+	NOT-FOR-US: N-Tron
 CVE-2020-16209
 	RESERVED
 CVE-2020-16208 (The affected product is vulnerable to cross-site request forgery, whic ...)
-	TODO: check
+	NOT-FOR-US: N-Tron
 CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multipl ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2020-16206 (The affected product is vulnerable to stored cross-site scripting, whi ...)
-	TODO: check
+	NOT-FOR-US: N-Tron
 CVE-2020-16205 (Using a specially crafted URL command, a remote authenticated user can ...)
 	NOT-FOR-US: G-Cam and G-Code
 CVE-2020-16204 (The affected product is vulnerable due to an undocumented interface fo ...)
-	TODO: check
+	NOT-FOR-US: N-Tron
 CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
 	NOT-FOR-US: Delta Industrial Automation
 CVE-2020-16202
@@ -18615,7 +18617,7 @@ CVE-2020-15906
 CVE-2020-15905
 	RESERVED
 CVE-2020-15904 (A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allo ...)
-	TODO: check
+	NOT-FOR-US: bsdiff4 (different from src:bsdiff)
 CVE-2020-15903
 	RESERVED
 CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url o ...)
@@ -20519,7 +20521,7 @@ CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Si
 CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...)
 	NOT-FOR-US: OpenMage
 CVE-2020-15150 (There is a vulnerability in Paginator (Elixir/Hex package) which makes ...)
-	TODO: check
+	NOT-FOR-US: Paginator
 CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...)
 	NOT-FOR-US: NodeBB
 CVE-2020-15148
@@ -21939,7 +21941,7 @@ CVE-2020-14516
 CVE-2020-14515
 	RESERVED
 CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus traffic ca ...)
-	TODO: check
+	NOT-FOR-US: PLC
 CVE-2020-14513
 	RESERVED
 CVE-2020-14512 (GateManager versions prior to 9.2c, The affected product uses a weak h ...)
@@ -24766,11 +24768,11 @@ CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 befo
 	NOTE: https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38 (3.0 branch)
 	NOTE: https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815 (2.2. branch)
 CVE-2020-13595 (The Bluetooth Low Energy (BLE) controller implementation in Espressif  ...)
-	TODO: check
+	NOT-FOR-US: Espressif
 CVE-2020-13594 (The Bluetooth Low Energy (BLE) controller implementation in Espressif  ...)
-	TODO: check
+	NOT-FOR-US: Espressif
 CVE-2020-13593 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation  ...)
-	TODO: check
+	NOT-FOR-US: Espressif
 CVE-2020-13662 [Drupal SA 2020-003]
 	RESERVED
 	{DSA-4693-1 DLA-2250-1}
@@ -30661,9 +30663,9 @@ CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
 CVE-2020-11618 (THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top b ...)
-	TODO: check
+	NOT-FOR-US: THOMSON
 CVE-2020-11617 (The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA ...)
-	TODO: check
+	NOT-FOR-US: THOMSON
 CVE-2020-11616
 	RESERVED
 CVE-2020-11615
@@ -39372,7 +39374,7 @@ CVE-2020-8343
 CVE-2020-8342
 	RESERVED
 CVE-2020-8341 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2020-8340
 	RESERVED
 CVE-2020-8339
@@ -39384,7 +39386,7 @@ CVE-2020-8337 (An unquoted search path vulnerability was reported in versions pr
 CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on some Th ...)
 	NOT-FOR-US: Lenovo
 CVE-2020-8335 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
 	NOT-FOR-US: Lenovo
 CVE-2020-8333
@@ -39975,7 +39977,7 @@ CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefen
 CVE-2020-8098
 	RESERVED
 CVE-2020-8097 (An improper authentication vulnerability in Bitdefender Endpoint Secur ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2020-8096 (Untrusted Search Path vulnerability in Bitdefender High-Level Antimalw ...)
 	NOT-FOR-US: Bitdefender
 CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion  ...)
@@ -41390,19 +41392,19 @@ CVE-2020-7529
 CVE-2020-7528
 	RESERVED
 CVE-2020-7527 (Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) a ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7526 (Improper Input Validation vulnerability exists in PowerChute Business  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7525 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7524 (Out-of-bounds Write vulnerability exists in Modicon M218 Logic Control ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7523 (Improper Privilege Management vulnerability exists in Schneider Electr ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7522 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7521 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7520 (A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnera ...)
 	NOT-FOR-US: Schneider
 CVE-2020-7519 (A CWE-521: Weak Password Requirements vulnerability exists in Easergy  ...)
@@ -42910,9 +42912,9 @@ CVE-2020-6876
 CVE-2020-6875
 	RESERVED
 CVE-2020-6874 (A ZTE product is impacted by the cryptographic issues vulnerability. T ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2020-6873 (A ZTE product has a DoS vulnerability. Because the equipment couldn&#8 ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2020-6872 (The server management software module of ZTE has a storage XSS vulnera ...)
 	NOT-FOR-US: ZTE
 CVE-2020-6871 (The server management software module of ZTE has an authentication iss ...)
@@ -45008,9 +45010,9 @@ CVE-2020-6154
 CVE-2020-6153
 	RESERVED
 CVE-2020-6152 (A code execution vulnerability exists in the DICOM parse_dicom_meta_in ...)
-	TODO: check
+	NOT-FOR-US: Accusoft
 CVE-2020-6151 (A memory corruption vulnerability exists in the TIFF handle_COMPRESSIO ...)
-	TODO: check
+	NOT-FOR-US: Accusoft
 CVE-2020-6150
 	RESERVED
 CVE-2020-6149
@@ -45846,9 +45848,9 @@ CVE-2020-5779
 CVE-2020-5778
 	RESERVED
 CVE-2020-5777 (MAGMI versions prior to 0.7.24 are vulnerable to a remote authenticati ...)
-	TODO: check
+	NOT-FOR-US: MAGMI
 CVE-2020-5776 (Currently, all versions of MAGMI are vulnerable to CSRF due to the lac ...)
-	TODO: check
+	NOT-FOR-US: MAGMI
 CVE-2020-5775 (Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote,  ...)
 	NOT-FOR-US: Canvas LMS
 CVE-2020-5774 (Nessus versions 8.11.0 and earlier were found to maintain sessions lon ...)
@@ -46156,7 +46158,7 @@ CVE-2020-5624 (SQL injection vulnerability in the XooNIps 3.48 and earlier allow
 CVE-2020-5623 (NITORI App for Android versions 6.0.4 and earlier and NITORI App for i ...)
 	NOT-FOR-US: NITORI App for Android and iOS
 CVE-2020-5622 (Shadankun Server Security Type (excluding normal blocking method types ...)
-	TODO: check
+	NOT-FOR-US: Shadankun Server Security Type
 CVE-2020-5621 (Cross-site request forgery (CSRF) vulnerability in NETGEAR switching h ...)
 	NOT-FOR-US: Netgear
 CVE-2020-5620 (Cross-site scripting vulnerability in Exment prior to v3.6.0 allows re ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cf21ebb3ab3432734850815cd86be8602df339c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cf21ebb3ab3432734850815cd86be8602df339c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200902/819dad8e/attachment.html>

More information about the debian-security-tracker-commits mailing list