[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Feb 17 10:21:46 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e8e784d by Moritz Muehlenhoff at 2021-02-17T11:21:22+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14613,11 +14613,11 @@ CVE-2021-21319
CVE-2021-21318
RESERVED
CVE-2021-21317 (uap-core in an open-source npm package which contains the core of Brow ...)
- TODO: check
+ NOT-FOR-US: Node uap-core
CVE-2021-21316 (less-openui5 is an npm package which enables building OpenUI5 themes w ...)
NOT-FOR-US: less-openui5 npm package
CVE-2021-21315 (The System Information Library for Node.JS (npm package "systeminforma ...)
- TODO: check
+ NOT-FOR-US: Node systeminformation
CVE-2021-21314
RESERVED
CVE-2021-21313
@@ -21165,7 +21165,7 @@ CVE-2020-29459
CVE-2020-29458 (Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. ...)
NOT-FOR-US: Textpattern CMS
CVE-2020-29457 (A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4. ...)
- TODO: check
+ NOT-FOR-US: OPC UA .NET
CVE-2020-29456 (Multiple cross-site scripting (XSS) vulnerabilities in Papermerge befo ...)
NOT-FOR-US: Papermerge
CVE-2020-29455 (A cross-Site Scripting (XSS) vulnerability in this.showInvalid and thi ...)
@@ -22407,7 +22407,7 @@ CVE-2020-28920
CVE-2020-28919
RESERVED
CVE-2020-28918 (DualShield 5.9.8.0821 allows username enumeration on its login form. A ...)
- TODO: check
+ NOT-FOR-US: DualShield
CVE-2020-28917 (An issue was discovered in the view_statistics (aka View frontend stat ...)
NOT-FOR-US: TYPO3 extension
CVE-2020-28916 (hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX desc ...)
@@ -32770,15 +32770,15 @@ CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior
CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior ...)
NOT-FOR-US: Qualcomm QCMAP
CVE-2020-25857 (The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Modul ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2020-25856 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module pri ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2020-25855 (The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior t ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2020-25854 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module pri ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2020-25853 (The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2020-25852
RESERVED
CVE-2020-25851
@@ -34132,7 +34132,7 @@ CVE-2020-25342
CVE-2020-25341
RESERVED
CVE-2020-25340 (An issue was discovered in NFStream 5.2.0. Because some allocated modu ...)
- TODO: check
+ NOT-FOR-US: NFStream (not src:ndpi)
CVE-2020-25339
RESERVED
CVE-2020-25338
@@ -35067,7 +35067,7 @@ CVE-2020-24946
CVE-2020-24945
RESERVED
CVE-2020-24944 (picoquic (before 3rd of July 2020) allows attackers to cause a denial ...)
- TODO: check
+ NOT-FOR-US: picoquic
CVE-2020-24943
RESERVED
CVE-2020-24942
@@ -35298,9 +35298,9 @@ CVE-2020-24840
CVE-2020-24839
RESERVED
CVE-2020-24838 (An integer overflow has been found in the the latest version of Issuer ...)
- TODO: check
+ NOT-FOR-US: Issuer
CVE-2020-24837 (An integer underflow has been found in the latest version of ZCFees. T ...)
- TODO: check
+ NOT-FOR-US: ZCFees
CVE-2020-24836
RESERVED
CVE-2020-24835
@@ -37448,7 +37448,7 @@ CVE-2020-23851
CVE-2020-23850
RESERVED
CVE-2020-23849 (Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 ...)
- TODO: check
+ NOT-FOR-US: jsoneditor
CVE-2020-23848
RESERVED
CVE-2020-23847
@@ -40296,7 +40296,7 @@ CVE-2020-22427 (NagiosXI 5.6.11 is affected by a remote code execution (RCE) vul
CVE-2020-22426
RESERVED
CVE-2020-22425 (Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, whe ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2020-22424
RESERVED
CVE-2020-22423
@@ -42799,7 +42799,7 @@ CVE-2020-21178
CVE-2020-21177
RESERVED
CVE-2020-21176 (SQL injection vulnerability in the model.increment and model.decrement ...)
- TODO: check
+ NOT-FOR-US: ThinkJS
CVE-2020-21175
RESERVED
CVE-2020-21174
@@ -47668,7 +47668,7 @@ CVE-2020-18752
CVE-2020-18751
RESERVED
CVE-2020-18750 (Buffer overflow in pdf2json 0.69 allows local users to execute arbitra ...)
- TODO: check
+ NOT-FOR-US: pdf2json
CVE-2020-18749
RESERVED
CVE-2020-18748
@@ -47694,7 +47694,7 @@ CVE-2020-18739
CVE-2020-18738
RESERVED
CVE-2020-18737 (An issue was discovered in Typora 0.9.67. There is an XSS vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Typora
CVE-2020-18736
RESERVED
CVE-2020-18735
@@ -53350,9 +53350,9 @@ CVE-2020-16048
CVE-2020-16047
RESERVED
CVE-2020-16046 (Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147. ...)
- TODO: check
+ - chromium <not-affected> (Only affects Chrome on iOS)
CVE-2020-16045 (Use after Free in Payments in Google Chrome on Android prior to 87.0.4 ...)
- TODO: check
+ - chromium <not-affected> (Only affects Chrome on Android)
CVE-2020-16044 (Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowe ...)
{DSA-4846-1 DSA-4842-1 DSA-4827-1 DLA-2541-1 DLA-2521-1}
- firefox 84.0.2-1
@@ -54142,7 +54142,7 @@ CVE-2020-15800 (A vulnerability has been identified in SCALANCE X-200 switch fam
CVE-2020-15799 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Siemens
CVE-2020-15798 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
NOT-FOR-US: DCA Vantage Analyzer
CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
@@ -57856,7 +57856,7 @@ CVE-2020-14420
CVE-2020-14419
RESERVED
CVE-2020-14418 (A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that al ...)
- TODO: check
+ NOT-FOR-US: madCodeHook
CVE-2020-14417
RESERVED
CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...)
@@ -58864,7 +58864,7 @@ CVE-2020-14099
CVE-2020-14098 (The login verification can be bypassed by using the problem that the t ...)
NOT-FOR-US: Xiaomi
CVE-2020-14097 (Wrong nginx configuration, causing specific paths to be downloaded wit ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14096 (Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen ...)
NOT-FOR-US: Xiaomi
CVE-2020-14095 (In Xiaomi router R3600, ROM version<1.0.20, a connect service suffe ...)
@@ -59381,7 +59381,7 @@ CVE-2020-13924
CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerce comp ...)
NOT-FOR-US: Apache OFBiz
CVE-2020-13922 (Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary ...)
- TODO: check
+ NOT-FOR-US: Apache DolphinScheduler
CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storag ...)
NOT-FOR-US: Apache SkyWalking
CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...)
@@ -60369,7 +60369,7 @@ CVE-2020-13587
CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...)
NOT-FOR-US: SoftMaker
CVE-2020-13585 (An out-of-bounds write vulnerability exists in the PSD Header processi ...)
- TODO: check
+ NOT-FOR-US: AccuSoft
CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...)
{DSA-4797-1}
- webkit2gtk 2.30.3-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e8e784d4d8cff3c426da6dd01a2d541630bef11
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e8e784d4d8cff3c426da6dd01a2d541630bef11
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210217/d37c774f/attachment.html>
More information about the debian-security-tracker-commits
mailing list