[Git][security-tracker-team/security-tracker][master] new iotjs issue
Moritz Muehlenhoff
jmm at debian.org
Fri Sep 25 10:28:26 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
297ff01e by Moritz Muehlenhoff at 2020-09-25T11:27:58+02:00
new iotjs issue
pagure n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1980,7 +1980,7 @@ CVE-2020-25205
CVE-2020-25204
RESERVED
CVE-2020-25203 (The Framer Preview application 12 for Android exposes com.framer.viewe ...)
- TODO: check
+ NOT-FOR-US: Framer Preview application
CVE-2020-25576 (An issue was discovered in the rand_core crate before 0.4.2 for Rust. ...)
- rust-rand-core 0.5.0-1 (bug #969911; low)
[buster] - rust-rand-core <no-dsa> (Minor issue)
@@ -3031,7 +3031,7 @@ CVE-2020-24720
CVE-2020-24719
RESERVED
CVE-2020-24718 (bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE th ...)
- TODO: check
+ NOT-FOR-US: bhyve
CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...)
NOT-FOR-US: OpenZFS
CVE-2020-24716 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permiss ...)
@@ -3248,7 +3248,7 @@ CVE-2020-24623 (A potential security vulnerability has been identified in Hewlet
CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...)
NOT-FOR-US: Sonatype
CVE-2020-24621 (A remote code execution (RCE) vulnerability was discovered in the html ...)
- TODO: check
+ NOT-FOR-US: OpenMRS
CVE-2020-24620
RESERVED
CVE-2020-24619 (In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuse ...)
@@ -21130,9 +21130,9 @@ CVE-2020-XXXX [mpv insecure lua loadpath]
[stretch] - mpv <no-dsa> (Minor issue)
NOTE: https://github.com/mpv-player/mpv/commit/cce7062a8a6b6a3b3666aea3ff86db879cba67b6
CVE-2020-15851 (Lack of access control in Nakivo Backup & Replication Transporter ...)
- TODO: check
+ NOT-FOR-US: Nakivo Backup
CVE-2020-15850 (Insecure permissions in Nakivo Backup & Replication Director versi ...)
- TODO: check
+ NOT-FOR-US: Nakivo Backup
CVE-2020-15849
RESERVED
CVE-2020-15848
@@ -21146,7 +21146,7 @@ CVE-2020-15845
CVE-2020-15844
RESERVED
CVE-2020-15843 (ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privil ...)
- TODO: check
+ NOT-FOR-US: ActFax
CVE-2020-15842 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7 ...)
NOT-FOR-US: Liferay
CVE-2020-15841 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7 ...)
@@ -22082,7 +22082,7 @@ CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8
CVE-2020-15522
RESERVED
CVE-2020-15521 (Zoho ManageEngine Applications Manager before 14 build 14730 has no pr ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2020-15520
RESERVED
CVE-2020-15519
@@ -22380,7 +22380,7 @@ CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-b
[jessie] - libmediainfo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mediainfo/bugs/1127/
CVE-2020-15394 (The REST API in Zoho ManageEngine Applications Manager before build 14 ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2019-20893 (An issue was discovered in Activision Infinity Ward Call of Duty Moder ...)
NOT-FOR-US: Activision
CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9.12 di ...)
@@ -22769,9 +22769,9 @@ CVE-2020-15225
CVE-2020-15224
RESERVED
CVE-2020-15223 (In ORY Fosite (the security first OAuth2 & OpenID Connect framewor ...)
- TODO: check
+ NOT-FOR-US: ORY Fosite
CVE-2020-15222 (In ORY Fosite (the security first OAuth2 & OpenID Connect framewor ...)
- TODO: check
+ NOT-FOR-US: ORY Fosite
CVE-2020-15221
RESERVED
CVE-2020-15220
@@ -22906,11 +22906,11 @@ CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any a
CVE-2020-15163 (Python TUF (The Update Framework) reference implementation before vers ...)
- python-tuf <itp> (bug #934151)
CVE-2020-15162 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users a ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2020-15161 (In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attac ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2020-15160 (PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerab ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2020-15159 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) a ...)
NOT-FOR-US: baserCMS
CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP message ...)
@@ -26120,7 +26120,11 @@ CVE-2020-13993 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0.
CVE-2020-13992 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Sto ...)
NOT-FOR-US: Mods for HESK
CVE-2020-13991 (vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow ...)
- TODO: check
+ - iotjs <unfixed>
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3858
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3859
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3860
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/3867
CVE-2020-13990
RESERVED
CVE-2020-13989
@@ -27378,7 +27382,7 @@ CVE-2020-13523 (An exploitable information disclosure vulnerability exists in So
CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in SoftPerfe ...)
NOT-FOR-US: SoftPerfect
CVE-2020-13521 (Parameter psAttribute in ednareporting.asmx is vulnerable to unauthent ...)
- TODO: check
+ NOT-FOR-US: ednareporting.asmx
CVE-2020-13520
RESERVED
CVE-2020-13519
@@ -27404,25 +27408,25 @@ CVE-2020-13510
CVE-2020-13509
RESERVED
CVE-2020-13508 (An SQL injection vulnerability exists in the Alias.asmx Web Service fu ...)
- TODO: check
+ NOT-FOR-US: Alias.asmx
CVE-2020-13507 (An SQL injection vulnerability exists in the Alias.asmx Web Service fu ...)
- TODO: check
+ NOT-FOR-US: Alias.asmx
CVE-2020-13506
RESERVED
CVE-2020-13505 (Parameter psClass in ednareporting.asmx is vulnerable to unauthenticat ...)
- TODO: check
+ NOT-FOR-US: ednareporting.asmx
CVE-2020-13504 (Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauth ...)
- TODO: check
+ NOT-FOR-US: ednareporting.asmx
CVE-2020-13503 (Parameter AttFilterName in ednareporting.asmx is vulnerable to unauthe ...)
- TODO: check
+ NOT-FOR-US: ednareporting.asmx
CVE-2020-13502 (An exploitable SQL injection vulnerability exists in the DNAPoints.asm ...)
- TODO: check
+ NOT-FOR-US: DNAPoints.asmx
CVE-2020-13501 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...)
- TODO: check
+ NOT-FOR-US: CHaD.asmx
CVE-2020-13500 (SQL injection vulnerability exists in the CHaD.asmx web service functi ...)
- TODO: check
+ NOT-FOR-US: CHaD.asmx
CVE-2020-13499 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...)
- TODO: check
+ NOT-FOR-US: CHaD.asmx
CVE-2020-13498
RESERVED
CVE-2020-13497
@@ -27676,7 +27680,7 @@ CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD0
CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...)
NOT-FOR-US: jw.util
CVE-2020-13387 (Pexip Infinity before 23.4 has a lack of input validation, leading to ...)
- TODO: check
+ NOT-FOR-US: Pexip Infinity
CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...)
NOT-FOR-US: SmartDraw
CVE-2020-13385
@@ -29052,7 +29056,7 @@ CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_par
[jessie] - libcroco <ignored> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libcroco/-/issues/8
CVE-2020-12824 (Pexip Infinity 23.x before 23.3 has improper input validation, leading ...)
- TODO: check
+ NOT-FOR-US: Pexip Infinity
CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...)
{DLA-2212-1}
- openconnect 8.10-1 (unimportant; bug #960620)
@@ -32346,7 +32350,7 @@ CVE-2020-11807 (Because of Unrestricted Upload of a File with a Dangerous Type,
CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...)
NOT-FOR-US: MailStore Outlook Add-in
CVE-2020-11805 (Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Acc ...)
- TODO: check
+ NOT-FOR-US: Pexip Reverse Proxy and TURN Server
CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to improper sanit ...)
NOT-FOR-US: Titan SpamTitan
CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...)
@@ -41843,9 +41847,9 @@ CVE-2020-8350
CVE-2020-8349
RESERVED
CVE-2020-8348 (A DOM-based cross-site scripting (XSS) vulnerability was reported in L ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8347 (A reflective cross-site scripting (XSS) vulnerability was reported in ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8346 (A denial of service vulnerability was reported in the Lenovo Vantage c ...)
NOT-FOR-US: Lenovo
CVE-2020-8345
@@ -41873,7 +41877,7 @@ CVE-2020-8335 (The BIOS tamper detection mechanism was not triggered in Lenovo T
CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
NOT-FOR-US: Lenovo
CVE-2020-8333 (A potential vulnerability in the SMI callback function used in the EEP ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8332
RESERVED
CVE-2020-8331
@@ -47487,7 +47491,7 @@ CVE-2020-6155
CVE-2020-6154
RESERVED
CVE-2020-6153 (An exploitable SQL injection vulnerability exists in the FavoritesServ ...)
- TODO: check
+ NOT-FOR-US: eDNA Enterprise Data Historian
CVE-2020-6152 (A code execution vulnerability exists in the DICOM parse_dicom_meta_in ...)
NOT-FOR-US: Accusoft
CVE-2020-6151 (A memory corruption vulnerability exists in the TIFF handle_COMPRESSIO ...)
@@ -47811,7 +47815,7 @@ CVE-2020-6022
CVE-2020-6021
RESERVED
CVE-2020-6020 (Check Point Security Management's Internal CA web management before Ju ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2020-6019
RESERVED
CVE-2020-6018
@@ -87271,7 +87275,7 @@ CVE-2019-11558
CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress ...)
NOT-FOR-US: WebDorado Contact Form Builder plugi for WordPress
CVE-2019-11556 (Pagure before 5.6 allows XSS via the templates/blame.html blame view. ...)
- TODO: check
+ - pagure <not-affected> (Fixed before initial release)
CVE-2019-11554 (The Audible application through 2.34.0 for Android has Missing SSL Cer ...)
NOT-FOR-US: Audible application for Android
CVE-2019-11553 (In Code42 for Enterprise through 6.8.4, an administrator without web r ...)
@@ -100278,9 +100282,9 @@ CVE-2018-20747
CVE-2018-20746
RESERVED
CVE-2019-7178 (Pexip Infinity before 20.1 allows privilege escalation by restoring a ...)
- TODO: check
+ NOT-FOR-US: Pexip Infinity
CVE-2019-7177 (Pexip Infinity before 20.1 allows Code Injection onto nodes via an adm ...)
- TODO: check
+ NOT-FOR-US: Pexip Infinity
CVE-2019-7176 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
@@ -144164,7 +144168,7 @@ CVE-2018-10587 (NetGain Enterprise Manager (EM) is affected by OS Command Inject
CVE-2018-10586 (NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-S ...)
NOT-FOR-US: NetGain Enterprise Manager
CVE-2018-10585 (Pexip Infinity before 18 allows remote Denial of Service (XML parsing) ...)
- TODO: check
+ NOT-FOR-US: Pexip Infinity
CVE-2018-10584
RESERVED
CVE-2018-10583 (An information disclosure vulnerability occurs when LibreOffice 6.0.3 ...)
@@ -144576,7 +144580,7 @@ CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM g
[wheezy] - xen <not-affected> (No QMP support in wheezy)
NOTE: https://xenbits.xen.org/xsa/advisory-258.html
CVE-2018-10432 (Pexip Infinity before 18 allows Remote Denial of Service (TLS handshak ...)
- TODO: check
+ NOT-FOR-US: Pexip Infinity
CVE-2018-10431 (D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell me ...)
NOT-FOR-US: D-Link
CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a ...)
@@ -170470,7 +170474,7 @@ CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered
CVE-2017-17478 (An XSS issue was discovered in Designer Studio in Pegasystems Pega Pla ...)
NOT-FOR-US: Pegasystems Pega Platform
CVE-2017-17477 (Pexip Infinity before 17 allows an unauthenticated remote attacker to ...)
- TODO: check
+ NOT-FOR-US: Pexip Infinity
CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/297ff01e388f4c7767b85f81698bec7db1f54e1d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/297ff01e388f4c7767b85f81698bec7db1f54e1d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200925/49f89ae5/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list