Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d3e1216c by Moritz Muehlenhoff at 2020-06-18T22:29:22+02:00
NFUs
new lynis issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,55 +1,55 @@
CVE-2020-14446 (An issue was discovered in WSO2 Identity Server through 5.10.0
and WSO ...)
- TODO: check
+ NOT-FOR-US: WSO2 Identity Server
CVE-2020-14445 (An issue was discovered in WSO2 Identity Server through 5.9.0
and WSO2 ...)
- TODO: check
+ NOT-FOR-US: WSO2 Identity Server
CVE-2020-14444 (An issue was discovered in WSO2 Identity Server through 5.9.0
and WSO2 ...)
- TODO: check
+ NOT-FOR-US: WSO2 Identity Server
CVE-2020-14443 (A SQL injection vulnerability in accountancy/customer/card.php
in Doli ...)
- TODO: check
+ - dolibarr <removed>
CVE-2020-14442 (Certain NETGEAR devices are affected by command injection by
an unauth ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14441 (Certain NETGEAR devices are affected by command injection by
an unauth ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14440 (Certain NETGEAR devices are affected by command injection by
an unauth ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14439 (Certain NETGEAR devices are affected by command injection by
an unauth ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14438 (Certain NETGEAR devices are affected by command injection by
an unauth ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14437 (Certain NETGEAR devices are affected by command injection by
an unauth ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14436 (Certain NETGEAR devices are affected by command injection by
an unauth ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14435 (Certain NETGEAR devices are affected by command injection by
an unauth ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14434 (Certain NETGEAR devices are affected by command injection by
an authen ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14433 (Certain NETGEAR devices are affected by command injection by
an authen ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14432 (Certain NETGEAR devices are affected by CSRF. This affects
RBK752 befo ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14431 (Certain NETGEAR devices are affected by disclosure of
administrative c ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14430 (Certain NETGEAR devices are affected by disclosure of
administrative c ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14429 (Certain NETGEAR devices are affected by disclosure of
administrative c ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14428 (Certain NETGEAR devices are affected by disclosure of
administrative c ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14427 (Certain NETGEAR devices are affected by disclosure of
administrative c ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14426 (Certain NETGEAR devices are affected by disclosure of
administrative c ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2020-14425
RESERVED
CVE-2020-14424
RESERVED
CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret
in Core/ ...)
- TODO: check
+ NOT-FOR-US: Convos
CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes
hash valu ...)
TODO: check
CVE-2020-14421 (aaPanel through 6.6.6 allows remote authenticated users to
execute arb ...)
- TODO: check
+ NOT-FOR-US: aaPanel
CVE-2020-14420
RESERVED
CVE-2020-14419
@@ -79,7 +79,7 @@ CVE-2020-14410
CVE-2020-14409
RESERVED
CVE-2020-14408 (An issue was discovered in Agentejo Cockpit 0.10.2.
Insufficient sanit ...)
- TODO: check
+ NOT-FOR-US: Agentejo Cockpit
CVE-2020-14407
RESERVED
CVE-2020-14406
@@ -609,7 +609,7 @@ CVE-2020-14159 (By using an Automate API in ConnectWise
Automate before 2020.5.1
CVE-2020-14158
RESERVED
CVE-2020-14157 (The wireless-communication feature of the ABUS Secvest
FUBE50001 devic ...)
- TODO: check
+ NOT-FOR-US: ABUS
CVE-2020-14156 (user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid
before 2020 ...)
NOT-FOR-US: OpenBMC
CVE-2020-14155 (libpcre in PCRE before 8.44 allows an integer overflow via a
large num ...)
@@ -1268,7 +1268,8 @@ CVE-2020-13884 (Citrix Workspace App before 1912 on
Windows has Insecure Permiss
CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway
2.2.0, an ...)
NOT-FOR-US: WSO2 API Manager
CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because
of a TO ...)
- TODO: check
+ - lynis <unfixed> (unimportant)
+ NOTE: Neutralised by kernel hardening
CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+
shared se ...)
{DLA-2239-1}
- libpam-tacplus <unfixed> (low; bug #962830)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3e1216c3209b3d26bf7ffad1e522026a00fbdaa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3e1216c3209b3d26bf7ffad1e522026a00fbdaa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
