Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
33263613 by Moritz Muehlenhoff at 2020-03-27T10:38:24+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2020-10994
RESERVED
CVE-2020-10993 (Osmand through 2.0.0 allow XXE because of
binary/BinaryMapIndexReader. ...)
- TODO: check
+ NOT-FOR-US: Osmand
CVE-2020-10992 (Azkaban through 3.84.0 allows XXE, related to
validator/XmlValidatorMa ...)
- TODO: check
+ NOT-FOR-US: Azkaban
CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows XXE because of
validation/RestXml ...)
- TODO: check
+ NOT-FOR-US: Mulesoft APIkit
CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28
because of the ...)
- TODO: check
+ NOT-FOR-US: Accenture Mercury
CVE-2020-10989
RESERVED
CVE-2020-10988
@@ -379,17 +379,17 @@ CVE-2020-10830 (An issue was discovered on Samsung mobile
devices with P(9.0) an
CVE-2020-10829 (An issue was discovered on Samsung mobile devices with O(8.0),
P(9.0), ...)
NOT-FOR-US: Samsung mobile devices
CVE-2020-10828 (A stack-based buffer overflow in cvmd on Draytek Vigor3900,
Vigor2960, ...)
- TODO: check
+ NOT-FOR-US: Draytek
CVE-2020-10827 (A stack-based buffer overflow in apmd on Draytek Vigor3900,
Vigor2960, ...)
- TODO: check
+ NOT-FOR-US: Draytek
CVE-2020-10826 (/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and
Vigor300B d ...)
- TODO: check
+ NOT-FOR-US: Draytek
CVE-2020-10825 (A stack-based buffer overflow in /cgi-bin/activate.cgi while
base64 de ...)
- TODO: check
+ NOT-FOR-US: Draytek
CVE-2020-10824 (A stack-based buffer overflow in /cgi-bin/activate.cgi through
ticket ...)
- TODO: check
+ NOT-FOR-US: Draytek
CVE-2020-10823 (A stack-based buffer overflow in /cgi-bin/activate.cgi through
var par ...)
- TODO: check
+ NOT-FOR-US: Draytek
CVE-2020-10822
RESERVED
CVE-2020-10821 (Nagios XI 5.6.11 allows XSS via the account/main.php theme
parameter. ...)
@@ -3473,7 +3473,7 @@ CVE-2020-9523
CVE-2020-9522
RESERVED
CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus
Service M ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe,
affecti ...)
NOT-FOR-US: Micro Focus Vibe
CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro
Focus Serv ...)
@@ -3588,9 +3588,9 @@ CVE-2020-9470 (An issue was discovered in Wing FTP Server
6.2.5 before February
CVE-2020-9469
RESERVED
CVE-2020-9468 (The Community plugin 2.9.e-beta for Piwigo allows users to set
image i ...)
- TODO: check
+ - piwigo <removed>
CVE-2020-9467 (Piwigo 2.10.1 has stored XSS via the file parameter in a
/ws.php reque ...)
- TODO: check
+ - piwigo <removed>
CVE-2020-9466 (The Export Users to CSV plugin through 1.4.2 for WordPress
allows CSV ...)
NOT-FOR-US: Export Users to CSV plugin for WordPress
CVE-2020-9465 (An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3
before ...)
@@ -4548,9 +4548,9 @@ CVE-2020-9068
CVE-2020-9067
RESERVED
CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than
10.0.1.169 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than
10.0.0.203( ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than
OxfordS-AN00A 1 ...)
NOT-FOR-US: Huawei
CVE-2020-9063
@@ -7149,7 +7149,7 @@ CVE-2020-7946
CVE-2020-7945
RESERVED
CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before
3.4.0, cha ...)
- TODO: check
+ NOT-FOR-US: Puppet Enterprise
CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and
debugging in ...)
- puppet <unfixed> (low)
[stretch] - puppet <no-dsa> (Minor issue)
@@ -8661,7 +8661,7 @@ CVE-2020-7262
CVE-2020-7261
RESERVED
CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee
Application ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7259
RESERVED
CVE-2020-7258 (Cross site scripting vulnerability in McAfee Network Security
Manageme ...)
@@ -9332,7 +9332,7 @@ CVE-2020-7001 (In Moxa EDS-G516E Series firmware, Version
5.2 or lower, the affe
CVE-2020-7000
RESERVED
CVE-2020-6999 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some
of the p ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2020-6998
RESERVED
CVE-2020-6997 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower,
sensitive inf ...)
@@ -12547,9 +12547,9 @@ CVE-2020-5555 (Shihonkanri Plus GOOUT Ver1.5.8 and
Ver2.2.10 allows remote attac
CVE-2020-5554 (Directory traversal vulnerability in Shihonkanri Plus GOOUT
Ver1.5.8 a ...)
NOT-FOR-US: Shihonkanri Plus GOOUT
CVE-2020-5553 (mailform version 1.04 allows remote attackers to execute
arbitrary PHP ...)
- TODO: check
+ NOT-FOR-US: mailform
CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04
allows rem ...)
- TODO: check
+ NOT-FOR-US: mailform
CVE-2020-5551
RESERVED
CVE-2020-5550
@@ -13194,7 +13194,7 @@ CVE-2020-5283
CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a
vulnerability in ...)
NOT-FOR-US: Nick Chan Bot
CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify
configur ...)
- TODO: check
+ NOT-FOR-US: Perun
CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local
file i ...)
TODO: check
CVE-2020-5279
@@ -13239,7 +13239,7 @@ CVE-2020-5263
CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access
Token (P ...)
NOT-FOR-US: EasyBuild
CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package
Sustainsys.Sa ...)
- TODO: check
+ NOT-FOR-US: ASP.NET
CVE-2020-5260
RESERVED
CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method
is vulne ...)
@@ -15735,7 +15735,7 @@ CVE-2020-4278 (IBM Platform LSF 9.1 and 10.1, IBM
Spectrum LSF Suite 10.2, and I
CVE-2020-4277
RESERVED
CVE-2020-4276 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0
traditional is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4275
RESERVED
CVE-2020-4274
@@ -17076,7 +17076,7 @@ CVE-2020-3938 (SysJust Syuan-Gu-Da-Shih, versions
before 20191223, contain vulne
CVE-2020-3937 (SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before
20191223, a ...)
NOT-FOR-US: SysJust Syuan-Gu-Da-Shih
CVE-2020-3936 (UltraLog Express device management interface does not properly
filter ...)
- TODO: check
+ NOT-FOR-US: UltraLog Express
CVE-2020-3935 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance
Manage ...)
NOT-FOR-US: Secom Co. Dr.ID
CVE-2020-3934 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance
Manage ...)
@@ -17106,9 +17106,9 @@ CVE-2020-3923 (DVR firmware in TAT-76 and TAT-77 series
of products, provided by
CVE-2020-3922 (LisoMail, by ArmorX, allows SQL Injections, attackers can
access the d ...)
NOT-FOR-US: LisoMail
CVE-2020-3921 (UltraLog Express device management software stores user’s
inform ...)
- TODO: check
+ NOT-FOR-US: UltraLog Express
CVE-2020-3920 (UltraLog Express device management interface does not properly
perform ...)
- TODO: check
+ NOT-FOR-US: UltraLog Express
CVE-2019-19916 (In Midori Browser 0.5.11 (on Windows 10), Content Security
Policy (CSP ...)
NOT-FOR-US: Midori Browser
CVE-2019-19915 (The "301 Redirects - Easy Redirect Manager" plugin before 2.45
for Wor ...)
@@ -22761,7 +22761,7 @@ CVE-2020-1802
CVE-2020-1801
RESERVED
CVE-2020-1800 (HUAWEI smartphones P30 with versions earlier than
10.0.0.185(C00E85R1P ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1799
RESERVED
CVE-2020-1798
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33263613d7a30618bc4c0a7582cc0f8583cf4055
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33263613d7a30618bc4c0a7582cc0f8583cf4055
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
