Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f85b22ca by Moritz Muehlenhoff at 2020-03-20T09:46:32+01:00
new u-boot issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2020-10683
RESERVED
CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code
execution ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-10681 (The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a
.pxd fi ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-10680
RESERVED
CVE-2020-10679
@@ -25,7 +25,7 @@ CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's
web application is
CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500
4.0.0.0 pri ...)
NOT-FOR-US: Canon
CVE-2020-10669 (The web application exposed by the Canon Oce Colorwave 500
4.0.0.0 pri ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500
4.0.0.0 pri ...)
NOT-FOR-US: Canon
CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500
4.0.0.0 pri ...)
@@ -110,7 +110,10 @@ CVE-2019-20510
CVE-2020-10649
RESERVED
CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified
boot re ...)
- TODO: check
+ - u-boot <unfixed>
+ NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
+ NOTE: https://github.com/u-boot/u-boot/commits/master
+ NOTE:
https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
CVE-2020-10647
RESERVED
CVE-2020-10646
@@ -2726,7 +2729,7 @@ CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has
Insecure Permissions for
CVE-2020-9441
RESERVED
CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin
through 5 ...)
- TODO: check
+ NOT-FOR-US: CKEditor plugin
CVE-2020-9439
RESERVED
CVE-2020-9438
@@ -2983,11 +2986,11 @@ CVE-2020-9347 (** DISPUTED ** Zoho ManageEngine
Password Manager Pro through 10.
CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no
protectio ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-9345 (An issue was discovered in signotec signoPAD-API/Web (formerly
Websock ...)
- TODO: check
+ NOT-FOR-US: signoPAD-API/Web
CVE-2020-9344 (Subversion ALM for the enterprise before 8.8.2 allows reflected
XSS at ...)
- TODO: check
+ NOT-FOR-US: Subversion ALM
CVE-2020-9343 (An issue was discovered in signotec signoPAD-API/Web (formerly
Websock ...)
- TODO: check
+ NOT-FOR-US: signoPAD-API/Web
CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows
virus-detectio ...)
NOT-FOR-US: F-Secure AV parsing engine
CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an
administrator ...)
@@ -3143,7 +3146,7 @@ CVE-2020-9283 (golang.org/x/crypto before
v0.0.0-20200220183623-bac4c82f6975 for
CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10
before ...)
- mahara <removed>
CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data
Processor ...)
- TODO: check
+ NOT-FOR-US: CKEditor plugin
CVE-2020-9280
RESERVED
CVE-2020-9279
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f85b22ca15cdae117b62553393c841d432f357e3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f85b22ca15cdae117b62553393c841d432f357e3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
