[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Sep 4 10:09:12 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
77e47aee by Moritz Muehlenhoff at 2020-09-04T11:08:35+02:00
NFUs
libetpan no-dsa
new xpdf issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -85,13 +85,13 @@ CVE-2020-25107
CVE-2020-25106
RESERVED
CVE-2020-25105 (eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recove ...)
- TODO: check
+ NOT-FOR-US: eramba
CVE-2020-25104 (eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted f ...)
- TODO: check
+ NOT-FOR-US: eramba
CVE-2020-25103
RESERVED
CVE-2020-25102 (silverstripe-advancedreports (aka the Advanced Reports module for Silv ...)
- TODO: check
+ NOT-FOR-US: silverstripe-advancedreports
CVE-2020-25101
RESERVED
CVE-2020-25125 (GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, le ...)
@@ -259,11 +259,11 @@ CVE-2020-25025 (The l10nmgr (aka Localization Manager) extension before 7.4.0, 8
CVE-2020-25024
RESERVED
CVE-2020-25023 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrC ...)
- TODO: check
+ NOT-FOR-US: Noise-Java
CVE-2020-25022 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallba ...)
- TODO: check
+ NOT-FOR-US: Noise-Java
CVE-2020-25021 (An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCi ...)
- TODO: check
+ NOT-FOR-US: Noise-Java
CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectRe ...)
NOT-FOR-US: MPXJ
CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...)
@@ -291,11 +291,11 @@ CVE-2020-25008
CVE-2020-25007
RESERVED
CVE-2020-25006 (Heybbs v1.2 has a SQL injection vulnerability in login.php file via th ...)
- TODO: check
+ NOT-FOR-US: Heybbs
CVE-2020-25005 (Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ...)
- TODO: check
+ NOT-FOR-US: Heybbs
CVE-2020-25004 (Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ...)
- TODO: check
+ NOT-FOR-US: Heybbs
CVE-2020-25003
RESERVED
CVE-2020-25002
@@ -305,12 +305,13 @@ CVE-2020-25001
CVE-2020-25000
RESERVED
CVE-2020-24999 (There is an invalid memory access in the function fprintf located in E ...)
- TODO: check
+ - xpdf <undetermined>
CVE-2020-24998
RESERVED
CVE-2020-24997
RESERVED
CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...)
+ - xpdf <undetermined>
TODO: check
CVE-2020-24995
RESERVED
@@ -423,9 +424,9 @@ CVE-2020-24943
CVE-2020-24942
RESERVED
CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24. ...)
- TODO: check
+ NOT-FOR-US: Laravel
CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...)
- TODO: check
+ NOT-FOR-US: Laravel
CVE-2020-24939
RESERVED
CVE-2020-24938
@@ -553,7 +554,7 @@ CVE-2020-24878
CVE-2020-24877
RESERVED
CVE-2020-24876 (Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 ...)
- TODO: check
+ NOT-FOR-US: Pancake
CVE-2020-24875
RESERVED
CVE-2020-24874
@@ -579,7 +580,7 @@ CVE-2020-24865
CVE-2020-24864
RESERVED
CVE-2020-24863 (A memory corruption vulnerability was found in the kernel function ker ...)
- TODO: check
+ NOT-FOR-US: FreeBSD and MidnightBSD
CVE-2020-24862
RESERVED
CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20 for R ...)
@@ -1579,7 +1580,7 @@ CVE-2020-24387
CVE-2020-24386
RESERVED
CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...)
- TODO: check
+ NOT-FOR-US: FreeBSD and MidnightBSD
CVE-2020-24384
RESERVED
CVE-2020-24383
@@ -2083,7 +2084,7 @@ CVE-2020-24160 (Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijack
CVE-2020-24159 (NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can ...)
NOT-FOR-US: NetEase Youdao Dictionary
CVE-2020-24158 (360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which ...)
- TODO: check
+ NOT-FOR-US: 360 Speed Browser
CVE-2020-24157
RESERVED
CVE-2020-24156
@@ -2772,13 +2773,13 @@ CVE-2020-23816
CVE-2020-23815
RESERVED
CVE-2020-23814 (Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 ...)
- TODO: check
+ NOT-FOR-US: xxl-job
CVE-2020-23813
RESERVED
CVE-2020-23812
RESERVED
CVE-2020-23811 (xxl-job 2.2.0 allows Information Disclosure of username, model, and pa ...)
- TODO: check
+ NOT-FOR-US: xxl-job
CVE-2020-23810
RESERVED
CVE-2020-23809
@@ -18672,6 +18673,7 @@ CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 commu
CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other ...)
{DLA-2329-1}
- libetpan <unfixed> (bug #966647)
+ [buster] - libetpan <no-dsa> (Minor issue)
NOTE: https://github.com/dinhvh/libetpan/issues/386
NOTE: https://github.com/dinhvh/libetpan/pull/387
NOTE: https://github.com/dinhvh/libetpan/pull/388
@@ -28405,9 +28407,9 @@ CVE-2020-12250
CVE-2020-12249
RESERVED
CVE-2020-12248 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-12247 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other & ...)
NOT-FOR-US: Beeline Smart Box
CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...)
@@ -31280,7 +31282,7 @@ CVE-2020-11581 (An issue was discovered in Pulse Secure Pulse Connect Secure (PC
CVE-2020-11580 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2020-11579 (An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. instal ...)
- TODO: check
+ NOT-FOR-US: Chadha PHPKB
CVE-2020-11578
RESERVED
CVE-2020-11577
@@ -31498,7 +31500,7 @@ CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c i
[buster] - linux 4.19.118-1
NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/
CVE-2020-11493 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. ...)
NOT-FOR-US: Docker Desktop on Windows
CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...)
@@ -39071,7 +39073,7 @@ CVE-2020-8578
CVE-2020-8577
RESERVED
CVE-2020-8576 (Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 a ...)
- TODO: check
+ NOT-FOR-US: ONTAP
CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows versions prio ...)
NOT-FOR-US: Active IQ Unified Manager
CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship with th ...)
@@ -40985,7 +40987,7 @@ CVE-2020-7832
CVE-2020-7831 (A vulnerability in the web-based contract management service interface ...)
NOT-FOR-US: Inogard Ebiz4u
CVE-2020-7830 (RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: RAONWIZ
CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...)
NOT-FOR-US: DaviewIndy
CVE-2020-7828 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...)
@@ -45270,61 +45272,61 @@ CVE-2020-6146
CVE-2020-6145 (An SQL injection vulnerability exists in the frappe.desk.reportview.ge ...)
NOT-FOR-US: ERPNext
CVE-2020-6144 (A remote code execution vulnerability exists in the install functional ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6143 (A remote code execution vulnerability exists in the install functional ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6142 (A remote code execution vulnerability exists in the Modules.php functi ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6141 (An exploitable SQL injection vulnerability exists in the login functio ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6140 (SQL injection vulnerability exists in the password reset functionality ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6139 (SQL injection vulnerability exists in the password reset functionality ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6138 (SQL injection vulnerability exists in the password reset functionality ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6137 (SQL injection vulnerability exists in the password reset functionality ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6136 (An exploitable SQL injection vulnerability exists in the DownloadWindo ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6135 (An exploitable SQL injection vulnerability exists in the Validator.php ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6134 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6133 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6132 (SQL injection vulnerability exists in the ID parameters of OS4Ed openS ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6131 (SQL injection vulnerabilities exist in the course_period_id parameters ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6130 (SQL injection vulnerabilities exist in the course_period_id parameters ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6129 (SQL injection vulnerabilities exist in the course_period_id parameters ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6128 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6127 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6126 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6125 (An exploitable SQL injection vulnerability exists in the GetSchool.php ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6124 (An exploitable sql injection vulnerability exists in the email paramet ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6123 (An exploitable sql injection vulnerability exists in the email paramet ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6122 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6121 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6120 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6119 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6118 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6117 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6116
RESERVED
CVE-2020-6115
@@ -46088,9 +46090,9 @@ CVE-2020-5781
CVE-2020-5780
RESERVED
CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates t ...)
- TODO: check
+ NOT-FOR-US: Trading Technologies Messaging
CVE-2020-5778 (A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) du ...)
- TODO: check
+ NOT-FOR-US: Trading Technologies Messaging
CVE-2020-5777 (MAGMI versions prior to 0.7.24 are vulnerable to a remote authenticati ...)
NOT-FOR-US: MAGMI
CVE-2020-5776 (Currently, all versions of MAGMI are vulnerable to CSRF due to the lac ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e47aee3d446ec9eb71ec33af0bf3560444a495
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e47aee3d446ec9eb71ec33af0bf3560444a495
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200904/ebc57738/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list