[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Thu, 16 Jul 2020 14:10:25 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a18a6fdd by Moritz Muehlenhoff at 2020-07-16T23:09:25+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2019-20915 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted 
input w ...)
-       TODO: check
+       - libredwg <itp> (bug #595191)
 CVE-2019-20914 (An issue was discovered in GNU LibreDWG through 0.9.3. There 
is a NULL ...)
-       TODO: check
+       - libredwg <itp> (bug #595191)
 CVE-2019-20913 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted 
input w ...)
-       TODO: check
+       - libredwg <itp> (bug #595191)
 CVE-2019-20912 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted 
input w ...)
-       TODO: check
+       - libredwg <itp> (bug #595191)
 CVE-2019-20911 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted 
input w ...)
-       TODO: check
+       - libredwg <itp> (bug #595191)
 CVE-2019-20910 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted 
input w ...)
-       TODO: check
+       - libredwg <itp> (bug #595191)
 CVE-2019-20909 (An issue was discovered in GNU LibreDWG through 0.9.3. There 
is a NULL ...)
-       TODO: check
+       - libredwg <itp> (bug #595191)
 CVE-2020-XXXX [XSA 329]
        - linux <unfixed>
        [buster] - linux <not-affected> (Only affects 5.5 and later)
@@ -1728,7 +1728,7 @@ CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site 
scripting (XSS) attack. Th
 CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) 
attack. The ap ...)
        NOT-FOR-US: NeDi
 CVE-2020-15027 (ConnectWise Automate through 2020.x has insufficient 
validation on cer ...)
-       TODO: check
+       NOT-FOR-US: ConnectWise
 CVE-2020-15026 (Bludit 3.12.0 allows admins to use a 
/plugin-backup-download?file=../  ...)
        NOT-FOR-US: Bludit
 CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 
allows remo ...)
@@ -1840,7 +1840,7 @@ CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and 
Crispy Doom 5.8.0 doesn't
        NOTE: 
https://github.com/chocolate-doom/chocolate-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1
        NOTE: 
https://github.com/fabiangreffrath/crispy-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1
 CVE-2020-14982 (A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and 
later be ...)
-       TODO: check
+       NOT-FOR-US: Kronos WebTA
 CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 
for iOS ha ...)
        NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS
 CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android 
has Miss ...)
@@ -2777,7 +2777,7 @@ CVE-2020-14550 (Vulnerability in the MySQL Client product 
of Oracle MySQL (compo
        - mariadb-10.3 <unfixed>
        - mariadb-10.1 <removed>
 CVE-2020-14549 (Vulnerability in the Primavera Portfolio Management product of 
Oracle  ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2020-14548 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
        NOT-FOR-US: Oracle
 CVE-2020-14547 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
@@ -2819,15 +2819,15 @@ CVE-2020-14533 (Vulnerability in the Oracle Commerce 
Platform product of Oracle
 CVE-2020-14532 (Vulnerability in the Oracle Commerce Platform product of 
Oracle Commer ...)
        NOT-FOR-US: Oracle
 CVE-2020-14531 (Vulnerability in the Siebel UI Framework product of Oracle 
Siebel CRM  ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2020-14530 (Vulnerability in the Oracle Security Service product of Oracle 
Fusion  ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2020-14529 (Vulnerability in the Primavera Portfolio Management product of 
Oracle  ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2020-14528 (Vulnerability in the Primavera Portfolio Management product of 
Oracle  ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of 
Oracle  ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2020-14526
        RESERVED
 CVE-2020-14525
@@ -4213,11 +4213,11 @@ CVE-2020-14068 (An issue was discovered in MK-AUTH 
19.01. The web login function
 CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does 
not consi ...)
        NOT-FOR-US: Navigate CMS
 CVE-2020-14066 (IceWarp Email Server 12.3.0.1 allows remote attackers to 
upload JavaSc ...)
-       TODO: check
+       NOT-FOR-US: IceWarp Email Server
 CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows remote attackers to 
upload files  ...)
-       TODO: check
+       NOT-FOR-US: IceWarp Email Server
 CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for 
user ac ...)
-       TODO: check
+       NOT-FOR-US: IceWarp Email Server
 CVE-2020-14063
        RESERVED
 CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the 
interact ...)
@@ -17557,11 +17557,11 @@ CVE-2020-9313
 CVE-2020-9312
        RESERVED
 CVE-2020-9311 (In SilverStripe through 4.5, malicious users with a valid 
Silverstripe ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe
 CVE-2020-9310
        REJECTED
 CVE-2020-9309 (Silverstripe CMS through 4.5 can be susceptible to script 
execution fr ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe
 CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 
attempts ...)
        - libarchive 3.4.0-2 (bug #951759)
        [buster] - libarchive <not-affected> (rar5 support added in 3.4.0)
@@ -18381,7 +18381,7 @@ CVE-2020-8960 (Western Digital mycloud.com before Web 
Version 2.2.0-134 allows X
 CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 
3.0.2.0 all ...)
        NOT-FOR-US: Western Digital
 CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and 
V2804R ...)
-       TODO: check
+       NOT-FOR-US: Guangzhou
 CVE-2020-8957
        RESERVED
 CVE-2020-8956
@@ -22332,7 +22332,7 @@ CVE-2020-7294
 CVE-2020-7293
        RESERVED
 CVE-2020-7292 (Inappropriate Encoding for output context in McAfee Web Gateway 
(MWG)  ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response 
(MAR) for ...)
        NOT-FOR-US: McAfee
 CVE-2020-7290 (Privilege Escalation vulnerability in McAfee Active Response 
(MAR) for ...)
@@ -25318,9 +25318,9 @@ CVE-2020-6167 (A flaw in the WordPress plugin, Minimal 
Coming Soon &amp; Mainten
 CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; 
Maintenance  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2020-6165 (SilverStripe 4.5.0 allows attackers to read certain records 
that shoul ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe
 CVE-2020-6164 (In SilverStripe through 4.5.0, a specific URL path configured 
by defau ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe
 CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS 
because  ...)
        NOT-FOR-US: WikibaseMediaInfo MediaWiki extension
 CVE-2020-6162 (An issue was discovered in Bftpd 5.3. Under certain 
circumstances, an  ...)
@@ -26215,7 +26215,7 @@ CVE-2020-5767
 CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2020-5765 (Nessus 8.10.0 and earlier were found to contain a Stored XSS 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Nessus
 CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable 
to a d ...)
        NOT-FOR-US: MX Player Android App
 CVE-2020-5763
@@ -29502,7 +29502,7 @@ CVE-2020-4464
 CVE-2020-4463
        RESERVED
 CVE-2020-4462 (IBM Sterling External Authentication Server 6.0.1, 6.0.0, 
2.4.3.2, and ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2020-4461 (IBM Security Access Manager Appliance 9.0.7.1 could allow an 
authentic ...)
        NOT-FOR-US: IBM
 CVE-2020-4460
@@ -29794,7 +29794,7 @@ CVE-2020-4318
 CVE-2020-4317
        RESERVED
 CVE-2020-4316 (IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the 
secure  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2020-4315
        RESERVED
 CVE-2020-4314
@@ -37926,7 +37926,7 @@ CVE-2019-19328 (ui/editor/tooltip/Rdf.js in Wikibase 
Wikidata Query Service GUI
 CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 
0.3.6-S ...)
        NOT-FOR-US: Wikibase Wikidata Query Service GUI
 CVE-2019-19326 (Silverstripe CMS sites through 4.4.4 which have opted into 
HTTP Cache  ...)
-       TODO: check
+       NOT-FOR-US: SilverStripe
 CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 
allows  ...)
        NOT-FOR-US: SilverStripe
 CVE-2019-19324 (Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported 
algorithms ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a18a6fdd1d8ba0514fd9b5ab7b5ba336ce0e71bb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a18a6fdd1d8ba0514fd9b5ab7b5ba336ce0e71bb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to