Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3cf21ebb by Moritz Muehlenhoff at 2020-09-02T12:33:27+02:00
new kleopatra issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2020-25072
CVE-2020-25071
RESERVED
CVE-2020-25070 (USVN (aka User-friendly SVN) before 1.0.10 allows CSRF,
related to the ...)
- TODO: check
+ NOT-FOR-US: User-friendly SVN
CVE-2020-25069 (USVN (aka User-friendly SVN) before 1.0.10 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: User-friendly SVN
CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain
sensitive i ...)
- plinth <unfixed>
[buster] - plinth <no-dsa> (Minor issue)
@@ -207,7 +207,9 @@ CVE-2020-24974
CVE-2020-24973
RESERVED
CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80)
for GnuPG ...)
- TODO: check
+ - kleopatra <unfixed>
+ NOTE:
https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b
+ NOTE: https://security.gentoo.org/glsa/202008-21
CVE-2020-24971
RESERVED
CVE-2020-24970
@@ -241,7 +243,7 @@ CVE-2020-24957
CVE-2020-24956
RESERVED
CVE-2020-24955 (SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable
to local ...)
- TODO: check
+ NOT-FOR-US: SUPERAntiSyware Professional
CVE-2020-24954
RESERVED
CVE-2020-24953
@@ -3331,7 +3333,7 @@ CVE-2020-23452
CVE-2020-23451
RESERVED
CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any
name typed ...)
- TODO: check
+ NOT-FOR-US: Spiceworks
CVE-2020-23449
RESERVED
CVE-2020-23448
@@ -15449,7 +15451,7 @@ CVE-2020-17407
CVE-2020-17406
RESERVED
CVE-2020-17405 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Senstar Symphony
CVE-2020-17404 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Foxit
CVE-2020-17403 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
@@ -17948,19 +17950,19 @@ CVE-2020-16212
CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
An out- ...)
NOT-FOR-US: Advantech WebAccess
CVE-2020-16210 (The affected product is vulnerable to reflected cross-site
scripting, ...)
- TODO: check
+ NOT-FOR-US: N-Tron
CVE-2020-16209
RESERVED
CVE-2020-16208 (The affected product is vulnerable to cross-site request
forgery, whic ...)
- TODO: check
+ NOT-FOR-US: N-Tron
CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
Multipl ...)
NOT-FOR-US: Advantech WebAccess
CVE-2020-16206 (The affected product is vulnerable to stored cross-site
scripting, whi ...)
- TODO: check
+ NOT-FOR-US: N-Tron
CVE-2020-16205 (Using a specially crafted URL command, a remote authenticated
user can ...)
NOT-FOR-US: G-Cam and G-Code
CVE-2020-16204 (The affected product is vulnerable due to an undocumented
interface fo ...)
- TODO: check
+ NOT-FOR-US: N-Tron
CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions
1.01.23 and ...)
NOT-FOR-US: Delta Industrial Automation
CVE-2020-16202
@@ -18615,7 +18617,7 @@ CVE-2020-15906
CVE-2020-15905
RESERVED
CVE-2020-15904 (A buffer overflow in the patching routine of bsdiff4 before
1.2.0 allo ...)
- TODO: check
+ NOT-FOR-US: bsdiff4 (different from src:bsdiff)
CVE-2020-15903
RESERVED
CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the
link url o ...)
@@ -20519,7 +20521,7 @@ CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3
are vulnerable to Server-Si
CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows
attackers to cir ...)
NOT-FOR-US: OpenMage
CVE-2020-15150 (There is a vulnerability in Paginator (Elixir/Hex package)
which makes ...)
- TODO: check
+ NOT-FOR-US: Paginator
CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version
1.12.2 in ...)
NOT-FOR-US: NodeBB
CVE-2020-15148
@@ -21939,7 +21941,7 @@ CVE-2020-14516
CVE-2020-14515
RESERVED
CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus
traffic ca ...)
- TODO: check
+ NOT-FOR-US: PLC
CVE-2020-14513
RESERVED
CVE-2020-14512 (GateManager versions prior to 9.2c, The affected product uses
a weak h ...)
@@ -24766,11 +24768,11 @@ CVE-2020-13596 (An issue was discovered in Django 2.2
before 2.2.13 and 3.0 befo
NOTE:
https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38
(3.0 branch)
NOTE:
https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815
(2.2. branch)
CVE-2020-13595 (The Bluetooth Low Energy (BLE) controller implementation in
Espressif ...)
- TODO: check
+ NOT-FOR-US: Espressif
CVE-2020-13594 (The Bluetooth Low Energy (BLE) controller implementation in
Espressif ...)
- TODO: check
+ NOT-FOR-US: Espressif
CVE-2020-13593 (The Bluetooth Low Energy Secure Manager Protocol (SMP)
implementation ...)
- TODO: check
+ NOT-FOR-US: Espressif
CVE-2020-13662 [Drupal SA 2020-003]
RESERVED
{DSA-4693-1 DLA-2250-1}
@@ -30661,9 +30663,9 @@ CVE-2020-11619 (FasterXML jackson-databind 2.x before
2.9.10.4 mishandles the in
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11618 (THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1
set-top b ...)
- TODO: check
+ NOT-FOR-US: THOMSON
CVE-2020-11617 (The RSS application on THOMSON THT741FTA 2.2.1 and Philips
DTR3502BFTA ...)
- TODO: check
+ NOT-FOR-US: THOMSON
CVE-2020-11616
RESERVED
CVE-2020-11615
@@ -39372,7 +39374,7 @@ CVE-2020-8343
CVE-2020-8342
RESERVED
CVE-2020-8341 (In Lenovo systems, SMM BIOS Write Protection is used to prevent
writes ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8340
RESERVED
CVE-2020-8339
@@ -39384,7 +39386,7 @@ CVE-2020-8337 (An unquoted search path vulnerability
was reported in versions pr
CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on
some Th ...)
NOT-FOR-US: Lenovo
CVE-2020-8335 (The BIOS tamper detection mechanism was not triggered in Lenovo
ThinkP ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo
ThinkP ...)
NOT-FOR-US: Lenovo
CVE-2020-8333
@@ -39975,7 +39977,7 @@ CVE-2020-8099 (A vulnerability in the improper handling
of junctions in Bitdefen
CVE-2020-8098
RESERVED
CVE-2020-8097 (An improper authentication vulnerability in Bitdefender
Endpoint Secur ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2020-8096 (Untrusted Search Path vulnerability in Bitdefender High-Level
Antimalw ...)
NOT-FOR-US: Bitdefender
CVE-2020-8095 (A vulnerability in the improper handling of junctions before
deletion ...)
@@ -41390,19 +41392,19 @@ CVE-2020-7529
CVE-2020-7528
RESERVED
CVE-2020-7527 (Incorrect Default Permission vulnerability exists in SoMove
(V2.8.1) a ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7526 (Improper Input Validation vulnerability exists in PowerChute
Business ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7525 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7524 (Out-of-bounds Write vulnerability exists in Modicon M218 Logic
Control ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7523 (Improper Privilege Management vulnerability exists in Schneider
Electr ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7522 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7521 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7520 (A CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
vulnera ...)
NOT-FOR-US: Schneider
CVE-2020-7519 (A CWE-521: Weak Password Requirements vulnerability exists in
Easergy ...)
@@ -42910,9 +42912,9 @@ CVE-2020-6876
CVE-2020-6875
RESERVED
CVE-2020-6874 (A ZTE product is impacted by the cryptographic issues
vulnerability. T ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2020-6873 (A ZTE product has a DoS vulnerability. Because the equipment
couldn ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2020-6872 (The server management software module of ZTE has a storage XSS
vulnera ...)
NOT-FOR-US: ZTE
CVE-2020-6871 (The server management software module of ZTE has an
authentication iss ...)
@@ -45008,9 +45010,9 @@ CVE-2020-6154
CVE-2020-6153
RESERVED
CVE-2020-6152 (A code execution vulnerability exists in the DICOM
parse_dicom_meta_in ...)
- TODO: check
+ NOT-FOR-US: Accusoft
CVE-2020-6151 (A memory corruption vulnerability exists in the TIFF
handle_COMPRESSIO ...)
- TODO: check
+ NOT-FOR-US: Accusoft
CVE-2020-6150
RESERVED
CVE-2020-6149
@@ -45846,9 +45848,9 @@ CVE-2020-5779
CVE-2020-5778
RESERVED
CVE-2020-5777 (MAGMI versions prior to 0.7.24 are vulnerable to a remote
authenticati ...)
- TODO: check
+ NOT-FOR-US: MAGMI
CVE-2020-5776 (Currently, all versions of MAGMI are vulnerable to CSRF due to
the lac ...)
- TODO: check
+ NOT-FOR-US: MAGMI
CVE-2020-5775 (Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a
remote, ...)
NOT-FOR-US: Canvas LMS
CVE-2020-5774 (Nessus versions 8.11.0 and earlier were found to maintain
sessions lon ...)
@@ -46156,7 +46158,7 @@ CVE-2020-5624 (SQL injection vulnerability in the
XooNIps 3.48 and earlier allow
CVE-2020-5623 (NITORI App for Android versions 6.0.4 and earlier and NITORI
App for i ...)
NOT-FOR-US: NITORI App for Android and iOS
CVE-2020-5622 (Shadankun Server Security Type (excluding normal blocking
method types ...)
- TODO: check
+ NOT-FOR-US: Shadankun Server Security Type
CVE-2020-5621 (Cross-site request forgery (CSRF) vulnerability in NETGEAR
switching h ...)
NOT-FOR-US: Netgear
CVE-2020-5620 (Cross-site scripting vulnerability in Exment prior to v3.6.0
allows re ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cf21ebb3ab3432734850815cd86be8602df339c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cf21ebb3ab3432734850815cd86be8602df339c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
