Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: bb662229 by Moritz Muehlenhoff at 2020-04-27T16:55:07+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,9 +1,9 @@ CVE-2020-12272 RESERVED CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...) - TODO: check + NOT-FOR-US: SFOS CVE-2020-12270 (React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alpha ...) - TODO: check + NOT-FOR-US: Bluezone CVE-2020-12269 RESERVED CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 h ...) @@ -39,7 +39,7 @@ CVE-2020-12255 CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escal ...) NOT-FOR-US: Avira Antivirus CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or a ...) - TODO: check + NOT-FOR-US: Croogo CVE-2020-12253 RESERVED CVE-2020-12252 @@ -290,7 +290,7 @@ CVE-2020-12130 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder para ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal rela ...) - TODO: check + NOT-FOR-US: DONG JOO CHO File Transfer iFamily CVE-2020-12127 RESERVED CVE-2020-12126 @@ -416,7 +416,7 @@ CVE-2020-12073 (The responsive-add-ons plugin before 2.2.7 for WordPress has inc CVE-2020-12072 RESERVED CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post content. ...) - TODO: check + NOT-FOR-US: Anchor CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for Wordpress suff ...) NOT-FOR-US: Advanced Woo Search plugin for WordPress CVE-2020-12069 @@ -709,7 +709,7 @@ CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...) TODO: check CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2020-11937 RESERVED CVE-2020-11936 @@ -1631,7 +1631,7 @@ CVE-2020-11808 CVE-2020-11807 RESERVED CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...) - TODO: check + NOT-FOR-US: MailStore Outlook Add-in CVE-2020-11805 RESERVED CVE-2020-11804 @@ -1653,9 +1653,9 @@ CVE-2020-11798 CVE-2020-11797 RESERVED CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...) - TODO: check + NOT-FOR-US: JetBrains Space CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was ...) - TODO: check + NOT-FOR-US: JetBrains Space CVE-2020-11794 RESERVED CVE-2020-11793 (A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKi ...) @@ -2165,23 +2165,23 @@ CVE-2020-11695 CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarizatio ...) - pycharm <itp> (bug #742394) CVE-2020-11693 (JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2020-11692 (In JetBrains YouTrack before 2020.1.659, DB export was accessible to r ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAut ...) - TODO: check + NOT-FOR-US: JetBrains Hub CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server could be ...) TODO: check CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without appropriate perm ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state is kept a ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2020-11687 (In JetBrains TeamCity before 2019.2.2, password values were shown in a ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2020-11686 (In JetBrains TeamCity before 2019.1.4, a project administrator was abl ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2020-11685 (In JetBrains GoLand before 2019.3.2, the plugin repository was accesse ...) - TODO: check + NOT-FOR-US: JetBrains GoLand CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) and KK ...) NOT-FOR-US: Samsung mobile devices CVE-2015-9546 (An issue was discovered on Samsung mobile devices with KK(4.4) and lat ...) @@ -3078,7 +3078,7 @@ CVE-2020-11418 CVE-2020-11417 RESERVED CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats. ...) - TODO: check + NOT-FOR-US: JetBrains Space CVE-2020-11415 RESERVED CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...) @@ -3954,7 +3954,7 @@ CVE-2020-11006 CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...) NOT-FOR-US: WindowsHello CVE-2020-11004 (SQL Injection was discovered in Admidio before version 3.3.13. The mai ...) - TODO: check + NOT-FOR-US: Admidio CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...) NOT-FOR-US: Oasis (not the same as src:oasis) CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...) @@ -9142,7 +9142,7 @@ CVE-2020-8869 CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Quest Foglight Evolve CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...) - TODO: check + NOT-FOR-US: OPC Foundation UA .NET Standard CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...) {DLA-2162-1} - php-horde-form <unfixed> (bug #955020) @@ -9256,7 +9256,7 @@ CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-146 NOTE: state on context switch"). But there is need to apply as well the prerequistite NOTE: d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load"). CVE-2020-8831 (Apport creates a world writable lock file with root ownership in the w ...) - TODO: check + NOT-FOR-US: Apport CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 ...) NOT-FOR-US: Prismview CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB parameters ove ...) @@ -9343,9 +9343,9 @@ CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFiel CVE-2020-8799 RESERVED CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to cha ...) - TODO: check + NOT-FOR-US: Juplink CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to ...) - TODO: check + NOT-FOR-US: Juplink CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a gro ...) @@ -12001,9 +12001,9 @@ CVE-2020-7645 CVE-2020-7644 RESERVED CVE-2020-7643 (paypal-adaptive through 0.4.2 manipulation of JavaScript objects resul ...) - TODO: check + NOT-FOR-US: Node paypal-adaptive CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious JavaScript. The ...) - TODO: check + NOT-FOR-US: Node lazysizes CVE-2020-7641 RESERVED CVE-2020-7640 @@ -12325,13 +12325,13 @@ CVE-2020-7492 CVE-2020-7491 RESERVED CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...) - TODO: check + NOT-FOR-US: Schneider CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...) - TODO: check + NOT-FOR-US: Schneider CVE-2020-7488 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...) - TODO: check + NOT-FOR-US: Schneider CVE-2020-7487 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...) - TODO: check + NOT-FOR-US: Schneider CVE-2020-7486 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TC ...) NOT-FOR-US: Schneider Electric CVE-2020-7485 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in th ...) @@ -12628,7 +12628,7 @@ CVE-2020-7352 CVE-2020-7351 RESERVED CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from an ins ...) - TODO: check + NOT-FOR-US: Rapid7 Metasploit Framework CVE-2020-7349 RESERVED CVE-2020-7348 @@ -13116,13 +13116,13 @@ CVE-2020-7136 CVE-2020-7135 RESERVED CVE-2020-7134 (A remote access to sensitive data vulnerability was discovered in HPE ...) - TODO: check + NOT-FOR-US: HPE CVE-2020-7133 (A unauthorized remote access vulnerability was discovered in HPE IOT + ...) - TODO: check + NOT-FOR-US: HPE CVE-2020-7132 (A potential security vulnerability has been identified in HPE Onboard ...) - TODO: check + NOT-FOR-US: HPE CVE-2020-7131 (This document describes a security vulnerability in Blade Maintenance ...) - TODO: check + NOT-FOR-US: HPE CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote information discl ...) NOT-FOR-US: HPE CVE-2020-7129 @@ -13348,7 +13348,7 @@ CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version send CVE-2020-7056 RESERVED CVE-2020-7055 (An issue was discovered in Elementor 2.7.4. Arbitrary file upload is p ...) - TODO: check + NOT-FOR-US: Elementor CVE-2020-7054 (MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in li ...) NOT-FOR-US: libIEC61850 CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm t ...) @@ -16164,19 +16164,19 @@ CVE-2020-5872 CVE-2020-5871 RESERVED CVE-2020-5870 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanis ...) - TODO: check + NOT-FOR-US: F5 CVE-2020-5869 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not s ...) - TODO: check + NOT-FOR-US: F5 CVE-2020-5868 (In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discover ...) - TODO: check + NOT-FOR-US: F5 CVE-2020-5867 (In versions prior to 3.3.0, the NGINX Controller Agent installer scrip ...) - TODO: check + NOT-FOR-US: NGINX Controller CVE-2020-5866 (In versions of NGINX Controller prior to 3.3.0, the helper.sh script, ...) - TODO: check + NOT-FOR-US: NGINX Controller CVE-2020-5865 (In versions prior to 3.3.0, the NGINX Controller is configured to comm ...) - TODO: check + NOT-FOR-US: NGINX Controller CVE-2020-5864 (In versions of NGINX Controller prior to 3.2.0, communication between ...) - TODO: check + NOT-FOR-US: NGINX Controller CVE-2020-5863 (In NGINX Controller versions prior to 3.2.0, an unauthenticated attack ...) NOT-FOR-US: NGINX Controller CVE-2020-5862 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under ...) @@ -16424,7 +16424,7 @@ CVE-2020-5742 CVE-2020-5741 RESERVED CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows allows a loc ...) - TODO: check + NOT-FOR-US: Plex Media Server CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...) NOT-FOR-US: Grandstream CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...) @@ -16762,7 +16762,7 @@ CVE-2020-5573 CVE-2020-5572 RESERVED CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...) - TODO: check + NOT-FOR-US: SHARP AQUOS CVE-2020-5570 RESERVED CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password tool (for ...) @@ -20398,7 +20398,7 @@ CVE-2020-4087 CVE-2020-4086 RESERVED CVE-2020-4085 ("HCL Connections is vulnerable to possible information leakage and cou ...) - TODO: check + NOT-FOR-US: HCL Connections CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scri ...) NOT-FOR-US: HCL Connections CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...) @@ -26707,6 +26707,7 @@ CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse NOTE: https://www.openwall.com/lists/oss-security/2020/03/13/1 CVE-2020-1952 RESERVED + NOT-FOR-US: Apache IoTDB CVE-2020-1951 (A carefully crafted or corrupt PSD file can cause an infinite loop in ...) {DLA-2161-1} - tika <unfixed> (bug #954302) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb6622298bb155bded2e925af6d4b9ddc87b3ad2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb6622298bb155bded2e925af6d4b9ddc87b3ad2 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits