Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5a41f9a8 by Moritz Muehlenhoff at 2020-07-14T11:16:07+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,7 +41,7 @@ CVE-2020-15691
CVE-2020-15690
RESERVED
CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI
support, ...)
- TODO: check
+ NOT-FOR-US: Appweb
CVE-2020-15688
RESERVED
CVE-2020-15687
@@ -1334,7 +1334,7 @@ CVE-2020-15107
CVE-2020-15106
RESERVED
CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the
user's passwo ...)
- TODO: check
+ NOT-FOR-US: Django Two-Factor Authentication
CVE-2020-15104
RESERVED
CVE-2020-15103
@@ -1363,7 +1363,7 @@ CVE-2020-15094
CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does
not pro ...)
TODO: check
CVE-2020-15092 (In TimelineJS before version 3.7.0, some user data renders as
HTML. An ...)
- TODO: check
+ NOT-FOR-US: TimelineJS
CVE-2020-15091 (TenderMint from version 0.33.0 and before version 0.33.6
allows block ...)
NOT-FOR-US: TenderMint
CVE-2020-15090
@@ -1447,7 +1447,7 @@ CVE-2020-15052
CVE-2020-15051
RESERVED
CVE-2020-15050 (An issue was discovered in the Video Extension in Suprema
BioStar 2 be ...)
- TODO: check
+ NOT-FOR-US: Suprema BioStar
CVE-2020-15049 (An issue was discovered in http/ContentLengthInterpreter.cc in
Squid b ...)
- squid 4.12-1
- squid3 <removed>
@@ -4315,10 +4315,10 @@ CVE-2020-13927
RESERVED
CVE-2020-13926
RESERVED
- NOT-FOR-US: Apache Kylin
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2020-13925
RESERVED
- NOT-FOR-US: Apache Kylin
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2020-13924
RESERVED
CVE-2020-13923
@@ -8084,7 +8084,8 @@ CVE-2020-12405 (When browsing a malicious page, a race
condition in our SharedWo
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12405
CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to
be passed ...)
- TODO: check
+ - firefox <not-affected> (Specific to iOS)
+ NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404
CVE-2020-12403
RESERVED
CVE-2020-12402 (During RSA key generation, bignum implementations used a
variation of ...)
@@ -10594,7 +10595,7 @@ CVE-2020-11751
CVE-2020-11750
RESERVED
CVE-2020-11749 (Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS
vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2020-11748
RESERVED
CVE-2020-11747
@@ -12860,13 +12861,13 @@ CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows
XXE because of validation/R
CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28
because of the ...)
NOT-FOR-US: Accenture Mercury
CVE-2020-10989 (An XSS issue in the /goform/WifiBasicSet endpoint of Tenda
AC15 AC1900 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2020-10988 (A hard-coded telnet credential in the tenda_login binary of
Tenda AC15 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2020-10987 (The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version
15.03.05 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda
AC15 AC190 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2020-10985
RESERVED
CVE-2020-10984
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a41f9a89d3ab2cd6e3db9ddafe655d646c91249
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a41f9a89d3ab2cd6e3db9ddafe655d646c91249
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
