Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2c338d27 by Moritz Muehlenhoff at 2020-03-23T16:48:34+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -299,9 +299,9 @@ CVE-2020-10809 (An issue was discovered in HDF5 through
1.12.0. A heap-based buf
CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command
Injectio ...)
NOT-FOR-US: Vesta Control Panel
CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass
(for RES ...)
- TODO: check
+ NOT-FOR-US: Caldera
CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and
7.x before ...)
- TODO: check
+ NOT-FOR-US: eZ Publish Kernel
CVE-2020-10805
RESERVED
CVE-2016-11022
@@ -328,9 +328,9 @@ CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x
before 5.0.2, a SQL injec
CVE-2020-10801
RESERVED
CVE-2020-10800 (lix through 15.8.7 allows man-in-the-middle attackers to
execute arbit ...)
- TODO: check
+ NOT-FOR-US: lix node (different from src:lix)
CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks
via an ...)
- TODO: check
+ NOT-FOR-US: svglib
CVE-2020-10798
RESERVED
CVE-2020-10797
@@ -608,7 +608,7 @@ CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to
execute arbitrary OS
- libperlspeak-perl <removed> (bug #954238)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173
CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT
AUTHORITY\SYSTE ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop on Windows
CVE-2020-10664
RESERVED
CVE-2020-10663
@@ -2640,7 +2640,7 @@ CVE-2020-9754
CVE-2020-9753
RESERVED
CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can
move a lo ...)
- TODO: check
+ NOT-FOR-US: Naver Cloud Explorer
CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to
download an ...)
NOT-FOR-US: Naver Cloud Explorer
CVE-2020-9750
@@ -6278,11 +6278,11 @@ CVE-2020-8141 (The dot package v1.1.2 uses Function()
to compile templates. This
[buster] - node-dot <no-dsa> (Will be fixed via point release)
NOTE: https://hackerone.com/reports/390929
CVE-2020-8140 (A code injection in Nextcloud Desktop Client 2.6.2 for macOS
allowed t ...)
- TODO: check
+ - nextcloud-desktop <not-affected> (MacOS-specific)
CVE-2020-8139 (A missing access control check in Nextcloud Server < 18.0.1,
< 1 ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server
< 1 ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may
result in ...)
TODO: check
CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart <
1.0.5 allo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c338d27633ba40515bb7c1024c760c2ebbc7007
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c338d27633ba40515bb7c1024c760c2ebbc7007
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
