Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c0d09e13 by Salvatore Bonaccorso at 2020-06-24T22:18:42+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,7 +1,7 @@ CVE-2020-15027 RESERVED CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ ...) - TODO: check + NOT-FOR-US: Bludit CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ...) TODO: check CVE-2020-15024 @@ -17,15 +17,15 @@ CVE-2020-15020 CVE-2020-15019 RESERVED CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation. ...) - TODO: check + NOT-FOR-US: playSMS CVE-2020-15017 RESERVED CVE-2020-15016 RESERVED CVE-2020-15015 (The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XS ...) - TODO: check + NOT-FOR-US: FileExplorer component in GleamTech FileUltimate CVE-2020-15014 (pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. ...) - TODO: check + NOT-FOR-US: BlogCMS CVE-2020-15013 RESERVED CVE-2020-15012 @@ -41,7 +41,7 @@ CVE-2020-15008 CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...) TODO: check CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document ...) - TODO: check + NOT-FOR-US: Bludit CVE-2020-15005 RESERVED CVE-2020-15004 @@ -1129,7 +1129,7 @@ CVE-2020-14474 CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...) TODO: check CVE-2020-14472 (DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1 ...) - TODO: check + NOT-FOR-US: DrayTek CVE-2020-14471 RESERVED CVE-2020-14470 (In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authent ...) @@ -2266,9 +2266,9 @@ CVE-2020-14097 CVE-2020-14096 RESERVED CVE-2020-14095 (In Xiaomi router R3600, ROM version<1.0.20, a connect service suffe ...) - TODO: check + NOT-FOR-US: Xiaomi CVE-2020-14094 (In Xiaomi router R3600, ROM version<1.0.20, the connection service ...) - TODO: check + NOT-FOR-US: Xiaomi CVE-2019-20838 (libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT w ...) - pcre3 <unfixed> (unimportant) NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1740 (8.43) @@ -2497,15 +2497,15 @@ CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /et - python-rtslib-fb <unfixed> NOTE: https://github.com/open-iscsi/rtslib-fb/pull/162 CVE-2020-14018 (An issue was discovered in Navigate CMS 2.9 r1433. There is a stored X ...) - TODO: check + NOT-FOR-US: Navigate CMS CVE-2020-14017 (An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well a ...) - TODO: check + NOT-FOR-US: Navigate CMS CVE-2020-14016 (An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password ...) - TODO: check + NOT-FOR-US: Navigate CMS CVE-2020-14015 (An issue was discovered in Navigate CMS 2.9 r1433. When performing a p ...) - TODO: check + NOT-FOR-US: Navigate CMS CVE-2020-14014 (An issue was discovered in Navigate CMS 2.9 r1433. The query parameter ...) - TODO: check + NOT-FOR-US: Navigate CMS CVE-2020-14013 RESERVED CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase C ...) @@ -2519,11 +2519,11 @@ CVE-2020-14009 CVE-2020-14008 RESERVED CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) - TODO: check + NOT-FOR-US: Solarwinds CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) - TODO: check + NOT-FOR-US: Solarwinds CVE-2020-14005 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) - TODO: check + NOT-FOR-US: Solarwinds CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dir ...) - icinga2 <unfixed> [jessie] - icinga2 <not-affected> (prepare-dirs script not shipped) @@ -3822,9 +3822,9 @@ CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows malicio CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist ...) NOT-FOR-US: Craft CMS plugin CVE-2020-13484 (Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in th ...) - TODO: check + NOT-FOR-US: Bitrix24 CVE-2020-13483 (The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via ...) - TODO: check + NOT-FOR-US: Bitrix24 CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way ...) NOT-FOR-US: EM-HTTP-Request CVE-2020-13481 @@ -4367,7 +4367,7 @@ CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 doe NOTE: Fixed by: https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 (v3.1.8) NOTE: Introduced around: https://github.com/mariadb-corporation/mariadb-connector-c/commit/b4efe73c9e725f97b3550371f8a78a10a20bf2fd (v3.0-cc-server-integ-0) CVE-2020-13248 (BooleBox Secure File Sharing Utility (potentially all versions) allows ...) - TODO: check + NOT-FOR-US: BooleBox Secure File Sharing Utility CVE-2020-13247 RESERVED CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...) @@ -7465,11 +7465,11 @@ CVE-2020-11963 (IQrouter through 3.3.1, when unconfigured, has multiple remote c CVE-2020-11962 RESERVED CVE-2020-11961 (Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive infor ...) - TODO: check + NOT-FOR-US: Xiaomi CVE-2020-11960 (Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability w ...) - TODO: check + NOT-FOR-US: Xiaomi CVE-2020-11959 (An unsafe configuration of nginx lead to information leak in Xiaomi ro ...) - TODO: check + NOT-FOR-US: Xiaomi CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/sc ...) - re2c <unfixed> (bug #963158) [buster] - re2c <not-affected> (Vulnerability introduced later) @@ -12632,7 +12632,7 @@ CVE-2020-10563 (An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactl CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.p ...) NOT-FOR-US: DEVOME GRR CVE-2020-10561 (An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_01 ...) - TODO: check + NOT-FOR-US: Xiaomi CVE-2020-10560 (An issue was discovered in Open Source Social Network (OSSN) through 5 ...) NOT-FOR-US: Open Source Social Network (OSSN) CVE-2020-10559 @@ -15013,7 +15013,7 @@ CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...) - TODO: check + NOT-FOR-US: Apache Spark CVE-2020-9479 RESERVED CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0d09e13330ec3463ec5232af964e122273f28df -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0d09e13330ec3463ec5232af964e122273f28df You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits