Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c0d09e13 by Salvatore Bonaccorso at 2020-06-24T22:18:42+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2020-15027
RESERVED
CVE-2020-15026 (Bludit 3.12.0 allows admins to use a
/plugin-backup-download?file=../ ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101
allows remo ...)
TODO: check
CVE-2020-15024
@@ -17,15 +17,15 @@ CVE-2020-15020
CVE-2020-15019
RESERVED
CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation. ...)
- TODO: check
+ NOT-FOR-US: playSMS
CVE-2020-15017
RESERVED
CVE-2020-15016
RESERVED
CVE-2020-15015 (The FileExplorer component in GleamTech FileUltimate 6.1.5.0
allows XS ...)
- TODO: check
+ NOT-FOR-US: FileExplorer component in GleamTech FileUltimate
CVE-2020-15014 (pramodmahato BlogCMS through 2019-12-31 has
admin/changepass.php CSRF. ...)
- TODO: check
+ NOT-FOR-US: BlogCMS
CVE-2020-15013
RESERVED
CVE-2020-15012
@@ -41,7 +41,7 @@ CVE-2020-15008
CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c
in id Tec ...)
TODO: check
CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG
document ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2020-15005
RESERVED
CVE-2020-15004
@@ -1129,7 +1129,7 @@ CVE-2020-14474
CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900,
Vigor2960, and ...)
TODO: check
CVE-2020-14472 (DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware
before 1.5.1 ...)
- TODO: check
+ NOT-FOR-US: DrayTek
CVE-2020-14471
RESERVED
CVE-2020-14470 (In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an
authent ...)
@@ -2266,9 +2266,9 @@ CVE-2020-14097
CVE-2020-14096
RESERVED
CVE-2020-14095 (In Xiaomi router R3600, ROM version<1.0.20, a connect
service suffe ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14094 (In Xiaomi router R3600, ROM version<1.0.20, the connection
service ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2019-20838 (libpcre in PCRE before 8.43 allows a subject buffer over-read
in JIT w ...)
- pcre3 <unfixed> (unimportant)
NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1740
(8.43)
@@ -2497,15 +2497,15 @@ CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has
weak permissions for /et
- python-rtslib-fb <unfixed>
NOTE: https://github.com/open-iscsi/rtslib-fb/pull/162
CVE-2020-14018 (An issue was discovered in Navigate CMS 2.9 r1433. There is a
stored X ...)
- TODO: check
+ NOT-FOR-US: Navigate CMS
CVE-2020-14017 (An issue was discovered in Navigate CMS 2.9 r1433. Sessions,
as well a ...)
- TODO: check
+ NOT-FOR-US: Navigate CMS
CVE-2020-14016 (An issue was discovered in Navigate CMS 2.9 r1433. The
forgot-password ...)
- TODO: check
+ NOT-FOR-US: Navigate CMS
CVE-2020-14015 (An issue was discovered in Navigate CMS 2.9 r1433. When
performing a p ...)
- TODO: check
+ NOT-FOR-US: Navigate CMS
CVE-2020-14014 (An issue was discovered in Navigate CMS 2.9 r1433. The query
parameter ...)
- TODO: check
+ NOT-FOR-US: Navigate CMS
CVE-2020-14013
RESERVED
CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a
Knowledgebase C ...)
@@ -2519,11 +2519,11 @@ CVE-2020-14009
CVE-2020-14008
RESERVED
CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion
Platform HF ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion
Platform HF ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2020-14005 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion
Platform HF ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The
prepare-dir ...)
- icinga2 <unfixed>
[jessie] - icinga2 <not-affected> (prepare-dirs script not shipped)
@@ -3822,9 +3822,9 @@ CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for
Craft CMS allows malicio
CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP
Whitelist ...)
NOT-FOR-US: Craft CMS plugin
CVE-2020-13484 (Bitrix24 through 20.0.975 allows SSRF via an intranet IP
address in th ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2020-13483 (The Web Application Firewall in Bitrix24 through 20.0.0 allows
XSS via ...)
- TODO: check
+ NOT-FOR-US: Bitrix24
CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an
insecure way ...)
NOT-FOR-US: EM-HTTP-Request
CVE-2020-13481
@@ -4367,7 +4367,7 @@ CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB
Connector/C before 3.1.8 doe
NOTE: Fixed by:
https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945
(v3.1.8)
NOTE: Introduced around:
https://github.com/mariadb-corporation/mariadb-connector-c/commit/b4efe73c9e725f97b3550371f8a78a10a20bf2fd
(v3.0-cc-server-integ-0)
CVE-2020-13248 (BooleBox Secure File Sharing Utility (potentially all
versions) allows ...)
- TODO: check
+ NOT-FOR-US: BooleBox Secure File Sharing Utility
CVE-2020-13247
RESERVED
CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker
can trigg ...)
@@ -7465,11 +7465,11 @@ CVE-2020-11963 (IQrouter through 3.3.1, when
unconfigured, has multiple remote c
CVE-2020-11962
RESERVED
CVE-2020-11961 (Xiaomi router R3600 ROM before 1.0.50 is affected by a
sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-11960 (Xiaomi router R3600 ROM before 1.0.50 is affected by a
vulnerability w ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-11959 (An unsafe configuration of nginx lead to information leak in
Xiaomi ro ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in
parse/sc ...)
- re2c <unfixed> (bug #963158)
[buster] - re2c <not-affected> (Vulnerability introduced later)
@@ -12632,7 +12632,7 @@ CVE-2020-10563 (An issue was discovered in DEVOME GRR
before 3.4.1c. frmcontactl
CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c.
admin_edit_room.p ...)
NOT-FOR-US: DEVOME GRR
CVE-2020-10561 (An issue was discovered on Xiaomi Mi Jia ink-jet printer <
3.4.6_01 ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-10560 (An issue was discovered in Open Source Social Network (OSSN)
through 5 ...)
NOT-FOR-US: Open Source Social Network (OSSN)
CVE-2020-10559
@@ -15013,7 +15013,7 @@ CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to
7.1.9, and 8.0.0 to 8.0.6 is
NOTE:
https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E
NOTE:
https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c
CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource
manager's mas ...)
- TODO: check
+ NOT-FOR-US: Apache Spark
CVE-2020-9479
RESERVED
CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the
holding of a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0d09e13330ec3463ec5232af964e122273f28df
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0d09e13330ec3463ec5232af964e122273f28df
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
