Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a5111ed6 by Moritz Muehlenhoff at 2020-03-23T16:57:51+01:00
NFUs
lwip spu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -12522,7 +12522,7 @@ CVE-2020-5407
CVE-2020-5406
RESERVED
CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions
2.1.x pri ...)
- TODO: check
+ NOT-FOR-US: Spring Cloud Config
CVE-2020-5404 (The HttpClient from Reactor Netty, versions 0.9.x prior to
0.9.5, and ...)
NOT-FOR-US: Reactor Netty, different from src:netty
CVE-2020-5403 (Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed
to a UR ...)
@@ -12857,7 +12857,7 @@ CVE-2020-5264
CVE-2020-5263
RESERVED
CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access
Token (P ...)
- TODO: check
+ NOT-FOR-US: EasyBuild
CVE-2020-5261
RESERVED
CVE-2020-5260
@@ -17536,9 +17536,9 @@ CVE-2019-19854 (An issue was discovered in Serpico (aka
SimplE RePort wrIting an
CVE-2019-19853
RESERVED
CVE-2019-19852 (An XSS Injection vulnerability exists in Sangoma FreePBX and
PBXact 13 ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2019-19851 (An XSS Injection vulnerability exists in Sangoma FreePBX and
PBXact 13 ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2019-19850 (An issue was discovered in TYPO3 before 8.7.30, 9.x before
9.5.12, and ...)
NOT-FOR-US: TYPO3
CVE-2019-19849 (An issue was discovered in TYPO3 before 8.7.30, 9.x before
9.5.12, and ...)
@@ -21780,7 +21780,7 @@ CVE-2019-19543 (In the Linux kernel before 5.1.6, there
is a use-after-free in s
CVE-2019-19539 (An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY
and L01AB ...)
NOT-FOR-US: Idelji Web ViewPoint
CVE-2019-19538 (In Sangoma FreePBX 13 through 15 and sysadmin (aka System
Admin) 13.0. ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition
bug that ...)
{DLA-2114-1 DLA-2068-1}
- linux 5.2.17-1
@@ -23154,7 +23154,7 @@ CVE-2019-19284
CVE-2019-19283
RESERVED
CVE-2019-19282 (A vulnerability has been identified in OpenPCS 7 V8.1 (All
versions), ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-19281 (A vulnerability has been identified in SIMATIC ET 200SP Open
Controlle ...)
NOT-FOR-US: Siemens
CVE-2019-19280
@@ -23559,7 +23559,7 @@ CVE-2019-19137
CVE-2019-19136
RESERVED
CVE-2019-19135 (In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28,
servers do ...)
- TODO: check
+ NOT-FOR-US: OPC Foundation OPC UA .NET Standard codebase
CVE-2019-19134 (The Hero Maps Premium plugin 2.2.1 and prior for WordPress is
prone to ...)
NOT-FOR-US: Hero Maps Premium plugin for WordPress
CVE-2019-19133 (The CSS Hero plugin through 4.0.3 for WordPress is prone to
reflected ...)
@@ -26326,7 +26326,7 @@ CVE-2020-0817
CVE-2020-0816 (A remote code execution vulnerability exists when Microsoft
Edge impro ...)
NOT-FOR-US: Microsoft
CVE-2020-0815 (An elevation of privilege vulnerability exists when Azure
DevOps Serve ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-0814 (An elevation of privilege vulnerability exists in Windows
Installer be ...)
NOT-FOR-US: Microsoft
CVE-2020-0813 (An information disclosure vulnerability exists when Chakra
improperly ...)
@@ -26440,7 +26440,7 @@ CVE-2020-0760
CVE-2020-0759 (A remote code execution vulnerability exists in Microsoft Excel
softwa ...)
NOT-FOR-US: Microsoft
CVE-2020-0758 (An elevation of privilege vulnerability exists when Azure
DevOps Serve ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-0757 (An elevation of privilege vulnerability exists when Windows
improperly ...)
NOT-FOR-US: Microsoft
CVE-2020-0756 (An information disclosure vulnerability exists in the
Cryptography Nex ...)
@@ -26556,7 +26556,7 @@ CVE-2020-0702 (A security feature bypass vulnerability
exists in Surface Hub whe
CVE-2020-0701 (An elevation of privilege vulnerability exists in the way that
the Win ...)
NOT-FOR-US: Microsoft
CVE-2020-0700 (A Cross-site Scripting (XSS) vulnerability exists when Azure
DevOps Se ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-0699
RESERVED
CVE-2020-0698 (An information disclosure vulnerability exists when the
Telephony Serv ...)
@@ -27396,7 +27396,7 @@ CVE-2020-0548 (Cleanup errors in some Intel(R)
Processors may allow an authentic
CVE-2020-0547
RESERVED
CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent
Memory Modu ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0545
RESERVED
CVE-2020-0544
@@ -27428,7 +27428,7 @@ CVE-2020-0532
CVE-2020-0531
RESERVED
CVE-2020-0530 (Improper buffer restrictions in firmware for Intel(R) NUC may
allow an ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0529
RESERVED
CVE-2020-0528
@@ -27436,7 +27436,7 @@ CVE-2020-0528
CVE-2020-0527
RESERVED
CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may
allow a pri ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0525
RESERVED
CVE-2020-0524
@@ -27458,9 +27458,9 @@ CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics
Drivers before version 1
CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before
version 26 ...)
TODO: check
CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R)
Graphic ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0514 (Improper default permissions in the installer for Intel(R)
Graphics Dr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0513
RESERVED
CVE-2020-0512
@@ -27472,7 +27472,7 @@ CVE-2020-0510
CVE-2020-0509
RESERVED
CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R)
Graphics D ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before
versions 15. ...)
TODO: check
CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before
versions 1 ...)
@@ -30515,7 +30515,7 @@ CVE-2019-17638
CVE-2019-17637
RESERVED
CVE-2019-17636 (In Eclipse Theia versions 0.3.9 through 0.15.0, one of the
default pre ...)
- TODO: check
+ NOT-FOR-US: Eclipse Theia
CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject
to a dese ...)
NOT-FOR-US: Eclipse Memory Analyzer
CVE-2019-17634 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject
to a cros ...)
@@ -34436,7 +34436,7 @@ CVE-2019-16260
CVE-2019-16259
RESERVED
CVE-2019-16258 (The bootloader of the homee Brain Cube V2 through 2.23.0
allows attack ...)
- TODO: check
+ NOT-FOR-US: homee Brain Cube V2
CVE-2019-16257 (Some Motorola devices include the SIMalliance Toolbox Browser
(aka S@T ...)
NOT-FOR-US: SIMalliance Toolbox Browser
CVE-2019-16256 (Some Samsung devices include the SIMalliance Toolbox Browser
(aka S@T ...)
@@ -39771,9 +39771,9 @@ CVE-2019-14628
CVE-2019-14627
RESERVED
CVE-2019-14626 (Improper access control in PCIe function for the Intel®
FPGA Prog ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14625 (Improper access control in on-card storage for the Intel®
FPGA Pr ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14624
RESERVED
CVE-2019-14623
@@ -47600,17 +47600,17 @@ CVE-2019-12372 (Petraware pTransformer ADC before
2.1.7.22827 allows SQL Injecti
CVE-2019-12371
RESERVED
CVE-2019-12370 (The Spark application through 2.0.2 for Android allows XSS via
an even ...)
- TODO: check
+ NOT-FOR-US: some Android application
CVE-2019-12369 (The TypeApp application through 1.9.5.35 for Android allows
XSS via an ...)
- TODO: check
+ NOT-FOR-US: some Android application
CVE-2019-12368 (The Edison Mail application through 1.7.1 for Android allows
XSS via a ...)
- TODO: check
+ NOT-FOR-US: some Android application
CVE-2019-12367 (The BlueMail application through 1.9.5.36 for Android allows
XSS via a ...)
- TODO: check
+ NOT-FOR-US: some Android application
CVE-2019-12366 (The Nine application through 4.5.3a for Android allows XSS via
an even ...)
- TODO: check
+ NOT-FOR-US: some Android application
CVE-2019-12365 (The Newton application through 10.0.23 for Android allows XSS
via an e ...)
- TODO: check
+ NOT-FOR-US: some Android application
CVE-2019-12364
RESERVED
CVE-2019-12363 (An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin
through 2 ...)
@@ -48259,47 +48259,47 @@ CVE-2019-12134 (CSV Injection (aka Excel Macro
Injection or Formula Injection) e
CVE-2019-12133 (Multiple Zoho ManageEngine products suffer from local
privilege escala ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2019-12132 (An issue was discovered in ONAP SDNC before Dublin. By
executing sla/d ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12131 (An issue was detected in ONAP APPC through Dublin and SDC
through Dubl ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12130 (In ONAP CLI through Dublin, by accessing an applicable port
(30234, 30 ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12129 (In ONAP MSB through Dublin, by accessing an applicable port
(30234, 30 ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12128 (In ONAP SO through Dublin, by accessing an applicable port
(30234, 302 ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12127 (In ONAP OOM through Dublin, by accessing an applicable port
(30234, 30 ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12126 (In ONAP DCAE through Dublin, by accessing an applicable port
(30234, 3 ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12125 (In ONAP Logging through Dublin, by accessing an applicable
port (30234 ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12124 (An issue was discovered in ONAP APPC before Dublin. By using
an expose ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12123 (An issue was discovered in ONAP SDNC before Dublin. By
executing sla/p ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12122 (An issue was discovered in ONAP Portal through Dublin. By
executing a ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12121 (An issue was detected in ONAP Portal through Dublin. By
executing a pa ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12120 (An issue was discovered in ONAP VNFSDK through Dublin. By
accessing po ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12119 (An issue was discovered in ONAP SDC through Dublin. By
accessing port ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12118 (An issue was discovered in ONAP SDC through Dublin. By
accessing port ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12117 (An issue was discovered in ONAP SDC through Dublin. By
accessing port ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12116 (An issue was discovered in ONAP SDC through Dublin. By
accessing port ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12115 (An issue was discovered in ONAP SDC through Dublin. By
accessing port ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12114 (An issue was discovered in ONAP HOLMES before Dublin. By
accessing por ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12113 (An issue was discovered in ONAP SDNC before Dublin. By
executing sla/p ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12112 (An issue was discovered in ONAP SDNC before Dublin. By
executing sla/u ...)
- TODO: check
+ NOT-FOR-US: ONAP
CVE-2019-12111 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd
through 2.1 ex ...)
{DLA-1811-1}
- miniupnpd 2.1-6 (bug #930050)
=====================================
data/next-point-update.txt
=====================================
@@ -57,3 +57,5 @@ CVE-2020-8141
[buster] - node-dot 1.1.1-1+deb10u1
CVE-2020-5267
[buster] - rails 2:5.2.2.1+dfsg-1+deb10u1
+CVE-2020-8597
+ [buster] - lwip 2.0.3-3+deb10u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5111ed67fae751ce70fffca5af83de5e5e4aff3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5111ed67fae751ce70fffca5af83de5e5e4aff3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
