Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c26f08db by Salvatore Bonaccorso at 2020-06-09T22:58:43+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3,11 +3,11 @@ CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated user CVE-2020-13979 RESERVED CVE-2020-13978 (** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has a ...) - TODO: check + NOT-FOR-US: Monstra CMS CVE-2020-13977 (Nagios 4.4.5 allows an attacker, who already has administrative access ...) TODO: check CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Di ...) - TODO: check + NOT-FOR-US: DD-WRT CVE-2020-13975 RESERVED CVE-2020-13974 (An issue was discovered in the Linux kernel through 5.7.1. drivers/tty ...) @@ -1917,7 +1917,7 @@ CVE-2020-13162 CVE-2020-13161 RESERVED CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...) - TODO: check + NOT-FOR-US: AnyDesk CVE-2020-13159 RESERVED CVE-2020-13158 @@ -7200,7 +7200,7 @@ CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c i CVE-2020-11493 RESERVED CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. ...) - TODO: check + NOT-FOR-US: Docker Desktop on Windows CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...) NOT-FOR-US: Zen Load Balancer CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...) @@ -12358,7 +12358,7 @@ CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary ...) - centreon-web <itp> (bug #913903) CVE-2020-9462 (An issue was discovered in all Athom Homey and Homey Pro devices up to ...) - TODO: check + NOT-FOR-US: Athom CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated us ...) NOT-FOR-US: Octech Oempro CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The ...) @@ -13242,7 +13242,7 @@ CVE-2020-9101 CVE-2020-9100 RESERVED CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...) NOT-FOR-US: Huawei CVE-2020-9097 @@ -13600,7 +13600,7 @@ CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat thro [stretch] - weechat <no-dsa> (Minor issue) NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link ...) - TODO: check + NOT-FOR-US: OpenSearch Web browser CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp ti ...) @@ -20440,9 +20440,9 @@ CVE-2020-6112 CVE-2020-6111 RESERVED CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way ...) - TODO: check + NOT-FOR-US: Zoom CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...) - TODO: check + NOT-FOR-US: Zoom CVE-2020-6108 RESERVED CVE-2020-6107 @@ -21547,7 +21547,7 @@ CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7 CVE-2020-5590 RESERVED CVE-2020-5589 (Multiple SONY Wireless Headphones have vulnerability that someone with ...) - TODO: check + NOT-FOR-US: SONY CVE-2020-5588 RESERVED CVE-2020-5587 @@ -25318,9 +25318,9 @@ CVE-2020-4043 CVE-2020-4042 RESERVED CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...) - TODO: check + NOT-FOR-US: Bolt CMS CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the preview ge ...) - TODO: check + NOT-FOR-US: Bolt CMS CVE-2020-4039 RESERVED CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...) @@ -32263,7 +32263,7 @@ CVE-2019-19414 (There is an integer overflow vulnerability in LDAP server of som CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of some Huaw ...) NOT-FOR-US: Huawei CVE-2019-19412 (Some Huawei smart phones have a Factory Reset Protection (FRP) bypass ...) - TODO: check + NOT-FOR-US: Huawei CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...) NOT-FOR-US: Huawei CVE-2019-19410 @@ -44048,9 +44048,9 @@ CVE-2019-16387 (** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to a direct prw CVE-2019-16386 (** DISPUTED ** PEGA Platform 7.x and 8.x is vulnerable to Information ...) NOT-FOR-US: PEGA Platform CVE-2019-16385 (Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting vi ...) - TODO: check + NOT-FOR-US: Cybele Thinfinity VirtualUI CVE-2019-16384 (Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that ca ...) - TODO: check + NOT-FOR-US: Cybele Thinfinity VirtualUI CVE-2019-16383 (MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2019-16382 (An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is ...) @@ -44906,7 +44906,7 @@ CVE-2019-16152 (A Denial of service (DoS) vulnerability in FortiClient for Linux CVE-2019-16151 RESERVED CVE-2019-16150 (Use of a hard-coded cryptographic key to encrypt security sensitive da ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2019-16149 RESERVED CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c26f08dbe36cf0f4c1c821778eaf2c35a9b528f6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c26f08dbe36cf0f4c1c821778eaf2c35a9b528f6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits