Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
634f9bf8 by Moritz Muehlenhoff at 2020-05-05T20:53:18+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -58,7 +58,7 @@ CVE-2020-12638
CVE-2020-12637
RESERVED
CVE-2018-21233 (TensorFlow before 1.7.0 has an integer overflow that causes an
out-of- ...)
- TODO: check
+ - tensorflow <itp> (bug #804612)
CVE-2020-12636
RESERVED
CVE-2020-12635
@@ -74,13 +74,13 @@ CVE-2020-12631
CVE-2020-12630
RESERVED
CVE-2020-12629 (include/class.sla.php in osTicket before 1.14.2 allows XSS via
the SLA ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2020-12628
RESERVED
CVE-2020-12627 (Calibre-Web 0.6.6 allows authentication bypass because of the
'A0Zr98j ...)
TODO: check
CVE-2020-12624 (The League application before 2020-05-02 on Android sends a
bearer tok ...)
- TODO: check
+ NOT-FOR-US: Leage
CVE-2020-12623
RESERVED
CVE-2020-12622
@@ -3983,7 +3983,7 @@ CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09
allow remote attackers
CVE-2020-11444 (Sonatype Nexus Repository Manager 3.x up to and including
3.21.2 has I ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2020-11443 (The MSI installer in Zoom before 4.6.10 on Windows follows
Symbolic Li ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2020-11442
RESERVED
CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as
demonstrated ...)
@@ -5302,7 +5302,7 @@ CVE-2020-10878
CVE-2020-10877
RESERVED
CVE-2020-10876 (The OKLOK (3.1.1) mobile companion app for Fingerprint
Bluetooth Padlo ...)
- TODO: check
+ NOT-FOR-US: OKLOK
CVE-2020-10875 (Motorola FX9500 devices allow remote attackers to conduct
absolute pat ...)
NOT-FOR-US: Motorola devices
CVE-2020-10874 (Motorola FX9500 devices allow remote attackers to read
database files. ...)
@@ -6072,7 +6072,7 @@ CVE-2020-10674 (PerlSpeak through 2.01 allows attackers
to execute arbitrary OS
CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT
AUTHORITY\SYSTE ...)
NOT-FOR-US: Docker Desktop on Windows
CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created
in 2019 ...)
- TODO: check
+ NOT-FOR-US: VxWorks
CVE-2020-10663 (The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4
through 2.4.9 ...)
{DLA-2192-1 DLA-2190-1}
- ruby-json 2.3.0+dfsg-1
@@ -6165,7 +6165,7 @@ CVE-2020-10648 (Das U-Boot through 2020.01 allows
attackers to bypass verified b
NOTE:
https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html
CVE-2020-10647 (Wind River VxWorks tftp client library, as distributed in
VxWorks 6.9 ...)
- TODO: check
+ NOT-FOR-US: VxWorks
CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0
contains a h ...)
NOT-FOR-US: Fuji Electric V-Server Lite
CVE-2020-10645
@@ -6215,7 +6215,7 @@ CVE-2020-10624
CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low
privileges t ...)
NOT-FOR-US: WebAccess/NMS
CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected
product is vu ...)
- TODO: check
+ NOT-FOR-US: LCDS LAquis SCADA
CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and
executed on ...)
NOT-FOR-US: WebAccess/NMS
CVE-2020-10620
@@ -6223,7 +6223,7 @@ CVE-2020-10620
CVE-2020-10619 (An attacker could use a specially crafted URL to delete files
outside ...)
NOT-FOR-US: WebAccess/NMS
CVE-2020-10618 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected
product is vu ...)
- TODO: check
+ NOT-FOR-US: LCDS LAquis SCADA
CVE-2020-10617 (There are multiple ways an unauthenticated attacker could
perform SQL ...)
NOT-FOR-US: WebAccess/NMS
CVE-2020-10616
@@ -10410,11 +10410,11 @@ CVE-2020-8793 (OpenSMTPD before 6.6.4 allows local
users to read arbitrary files
NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/
NOTE: Neutralised by kernel hardening
CVE-2020-8792 (The OKLOK (3.1.1) mobile companion app for Fingerprint
Bluetooth Padlo ...)
- TODO: check
+ NOT-FOR-US: OKLOK
CVE-2020-8791 (The OKLOK (3.1.1) mobile companion app for Fingerprint
Bluetooth Padlo ...)
- TODO: check
+ NOT-FOR-US: OKLOK
CVE-2020-8790 (The OKLOK (3.1.1) mobile companion app for Fingerprint
Bluetooth Padlo ...)
- TODO: check
+ NOT-FOR-US: OKLOK
CVE-2020-8789
RESERVED
CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS
(and HT ...)
@@ -11797,7 +11797,7 @@ CVE-2020-8159
CVE-2020-8158
RESERVED
CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and
Cloud Ke ...)
- TODO: check
+ NOT-FOR-US: UniFi Cloud Key
CVE-2020-8156
RESERVED
CVE-2020-8155
@@ -18398,7 +18398,7 @@ CVE-2020-5345
CVE-2020-5344 (Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to
2.65.65.65, 2.70. ...)
NOT-FOR-US: EMC
CVE-2020-5343 (Dell Client platforms restored using a Dell OS recovery image
download ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5342 (Dell Digital Delivery versions prior to 3.5.2015 contain an
incorrect ...)
NOT-FOR-US: Dell
CVE-2020-5341
@@ -18410,19 +18410,19 @@ CVE-2020-5339 (RSA Authentication Manager versions
prior to 8.4 P10 contain a st
CVE-2020-5338
RESERVED
CVE-2020-5337 (RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL
redirect ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2020-5336 (RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL
injectio ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2020-5335 (RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a
cross-site r ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2020-5334 (RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a
Document Ob ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2020-5333 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an
authorizati ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2020-5332 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a
command inje ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2020-5331 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an
information ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2020-5330 (Dell EMC Networking X-Series firmware versions 3.0.1.2 and
older, Dell ...)
NOT-FOR-US: EMC
CVE-2020-5329
@@ -30725,7 +30725,7 @@ CVE-2020-1633 (Due to a new NDP proxy feature for EVPN
leaf nodes introduced in
CVE-2020-1632 (In a certain condition, receipt of a specific BGP UPDATE
message might ...)
NOT-FOR-US: Juniper
CVE-2020-1631 (A vulnerability in the HTTP/HTTPS service used by J-Web, Web
Authentic ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2020-1630 (A privilege escalation vulnerability in Juniper Networks Junos
OS devi ...)
NOT-FOR-US: Juniper
CVE-2020-1629 (A race condition vulnerability on Juniper Network Junos OS
devices may ...)
@@ -51132,7 +51132,7 @@ CVE-2019-13287 (In Xpdf 4.01.01, there is an
out-of-bounds read vulnerability in
CVE-2019-13286 (In Xpdf 4.01.01, there is a heap-based buffer over-read in the
functio ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13285 (CoSoSys Endpoint Protector 5.1.0.2 allows Host Header
Injection. ...)
- TODO: check
+ NOT-FOR-US: CoSoSys Endpoint Protector
CVE-2019-13284
RESERVED
CVE-2019-13283 (In Xpdf 4.01.01, a heap-based buffer over-read could be
triggered in s ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/634f9bf8e9c62b4bf28724ce8c928dd5ea7abe32
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/634f9bf8e9c62b4bf28724ce8c928dd5ea7abe32
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
