Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
77e47aee by Moritz Muehlenhoff at 2020-09-04T11:08:35+02:00
NFUs
libetpan no-dsa
new xpdf issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -85,13 +85,13 @@ CVE-2020-25107
CVE-2020-25106
RESERVED
CVE-2020-25105 (eramba c2.8.1 and Enterprise before e2.19.3 has a weak
password recove ...)
- TODO: check
+ NOT-FOR-US: eramba
CVE-2020-25104 (eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a
crafted f ...)
- TODO: check
+ NOT-FOR-US: eramba
CVE-2020-25103
RESERVED
CVE-2020-25102 (silverstripe-advancedreports (aka the Advanced Reports module
for Silv ...)
- TODO: check
+ NOT-FOR-US: silverstripe-advancedreports
CVE-2020-25101
RESERVED
CVE-2020-25125 (GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array
overflow, le ...)
@@ -259,11 +259,11 @@ CVE-2020-25025 (The l10nmgr (aka Localization Manager)
extension before 7.4.0, 8
CVE-2020-25024
RESERVED
CVE-2020-25023 (An issue was discovered in Noise-Java through 2020-08-27.
AESGCMOnCtrC ...)
- TODO: check
+ NOT-FOR-US: Noise-Java
CVE-2020-25022 (An issue was discovered in Noise-Java through 2020-08-27.
AESGCMFallba ...)
- TODO: check
+ NOT-FOR-US: Noise-Java
CVE-2020-25021 (An issue was discovered in Noise-Java through 2020-08-27.
ChaChaPolyCi ...)
- TODO: check
+ NOT-FOR-US: Noise-Java
CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the
GanttProjectRe ...)
NOT-FOR-US: MPXJ
CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0
calls the E ...)
@@ -291,11 +291,11 @@ CVE-2020-25008
CVE-2020-25007
RESERVED
CVE-2020-25006 (Heybbs v1.2 has a SQL injection vulnerability in login.php
file via th ...)
- TODO: check
+ NOT-FOR-US: Heybbs
CVE-2020-25005 (Heybbs v1.2 has a SQL injection vulnerability in msg.php file
via the ...)
- TODO: check
+ NOT-FOR-US: Heybbs
CVE-2020-25004 (Heybbs v1.2 has a SQL injection vulnerability in user.php file
via the ...)
- TODO: check
+ NOT-FOR-US: Heybbs
CVE-2020-25003
RESERVED
CVE-2020-25002
@@ -305,12 +305,13 @@ CVE-2020-25001
CVE-2020-25000
RESERVED
CVE-2020-24999 (There is an invalid memory access in the function fprintf
located in E ...)
- TODO: check
+ - xpdf <undetermined>
CVE-2020-24998
RESERVED
CVE-2020-24997
RESERVED
CVE-2020-24996 (There is an invalid memory access in the function
TextString::~TextStr ...)
+ - xpdf <undetermined>
TODO: check
CVE-2020-24995
RESERVED
@@ -423,9 +424,9 @@ CVE-2020-24943
CVE-2020-24942
RESERVED
CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x
before 7.24. ...)
- TODO: check
+ NOT-FOR-US: Laravel
CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x
before 7.23. ...)
- TODO: check
+ NOT-FOR-US: Laravel
CVE-2020-24939
RESERVED
CVE-2020-24938
@@ -553,7 +554,7 @@ CVE-2020-24878
CVE-2020-24877
RESERVED
CVE-2020-24876 (Use of a hard-coded cryptographic key in Pancake versions <
4.13.29 ...)
- TODO: check
+ NOT-FOR-US: Pancake
CVE-2020-24875
RESERVED
CVE-2020-24874
@@ -579,7 +580,7 @@ CVE-2020-24865
CVE-2020-24864
RESERVED
CVE-2020-24863 (A memory corruption vulnerability was found in the kernel
function ker ...)
- TODO: check
+ NOT-FOR-US: FreeBSD and MidnightBSD
CVE-2020-24862
RESERVED
CVE-2020-25016 (A safety violation was discovered in the rgb crate before
0.8.20 for R ...)
@@ -1579,7 +1580,7 @@ CVE-2020-24387
CVE-2020-24386
RESERVED
CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and
FreeBSD be ...)
- TODO: check
+ NOT-FOR-US: FreeBSD and MidnightBSD
CVE-2020-24384
RESERVED
CVE-2020-24383
@@ -2083,7 +2084,7 @@ CVE-2020-24160 (Shenzhen Tencent TIM Windows client
3.0.0.21315 has a DLL hijack
CVE-2020-24159 (NetEase Youdao Dictionary has a DLL hijacking vulnerability,
which can ...)
NOT-FOR-US: NetEase Youdao Dictionary
CVE-2020-24158 (360 Speed Browser 12.0.1247.0 has a DLL hijacking
vulnerability, which ...)
- TODO: check
+ NOT-FOR-US: 360 Speed Browser
CVE-2020-24157
RESERVED
CVE-2020-24156
@@ -2772,13 +2773,13 @@ CVE-2020-23816
CVE-2020-23815
RESERVED
CVE-2020-23814 (Multiple cross-site scripting (XSS) vulnerabilities in xxl-job
v2.2.0 ...)
- TODO: check
+ NOT-FOR-US: xxl-job
CVE-2020-23813
RESERVED
CVE-2020-23812
RESERVED
CVE-2020-23811 (xxl-job 2.2.0 allows Information Disclosure of username,
model, and pa ...)
- TODO: check
+ NOT-FOR-US: xxl-job
CVE-2020-23810
RESERVED
CVE-2020-23809
@@ -18672,6 +18673,7 @@ CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages
in unencrypted POP3 commu
CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3
and other ...)
{DLA-2329-1}
- libetpan <unfixed> (bug #966647)
+ [buster] - libetpan <no-dsa> (Minor issue)
NOTE: https://github.com/dinhvh/libetpan/issues/386
NOTE: https://github.com/dinhvh/libetpan/pull/387
NOTE: https://github.com/dinhvh/libetpan/pull/388
@@ -28405,9 +28407,9 @@ CVE-2020-12250
CVE-2020-12249
RESERVED
CVE-2020-12248 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF
before 9. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-12247 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF
before 9. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings >
Other & ...)
NOT-FOR-US: Beeline Smart Box
CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title
or cellLi ...)
@@ -31280,7 +31282,7 @@ CVE-2020-11581 (An issue was discovered in Pulse Secure
Pulse Connect Secure (PC
CVE-2020-11580 (An issue was discovered in Pulse Secure Pulse Connect Secure
(PCS) thr ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2020-11579 (An issue was discovered in Chadha PHPKB 9.0 Enterprise
Edition. instal ...)
- TODO: check
+ NOT-FOR-US: Chadha PHPKB
CVE-2020-11578
RESERVED
CVE-2020-11577
@@ -31498,7 +31500,7 @@ CVE-2020-11494 (An issue was discovered in slc_bump in
drivers/net/can/slcan.c i
[buster] - linux 4.19.118-1
NOTE:
https://lore.kernel.org/netdev/[email protected]/
CVE-2020-11493 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF
before 9. ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on
Windows. ...)
NOT-FOR-US: Docker Desktop on Windows
CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote
authenticat ...)
@@ -39071,7 +39073,7 @@ CVE-2020-8578
CVE-2020-8577
RESERVED
CVE-2020-8576 (Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9
and 9.7 a ...)
- TODO: check
+ NOT-FOR-US: ONTAP
CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows
versions prio ...)
NOT-FOR-US: Active IQ Unified Manager
CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship
with th ...)
@@ -40985,7 +40987,7 @@ CVE-2020-7832
CVE-2020-7831 (A vulnerability in the web-based contract management service
interface ...)
NOT-FOR-US: Inogard Ebiz4u
CVE-2020-7830 (RAONWIZ v2018.0.2.50 and earlier versions contains a
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: RAONWIZ
CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based
overflow vuln ...)
NOT-FOR-US: DaviewIndy
CVE-2020-7828 (DaviewIndy 8.98.4 and earlier version contain Heap-based
overflow vuln ...)
@@ -45270,61 +45272,61 @@ CVE-2020-6146
CVE-2020-6145 (An SQL injection vulnerability exists in the
frappe.desk.reportview.ge ...)
NOT-FOR-US: ERPNext
CVE-2020-6144 (A remote code execution vulnerability exists in the install
functional ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6143 (A remote code execution vulnerability exists in the install
functional ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6142 (A remote code execution vulnerability exists in the Modules.php
functi ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6141 (An exploitable SQL injection vulnerability exists in the login
functio ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6140 (SQL injection vulnerability exists in the password reset
functionality ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6139 (SQL injection vulnerability exists in the password reset
functionality ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6138 (SQL injection vulnerability exists in the password reset
functionality ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6137 (SQL injection vulnerability exists in the password reset
functionality ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6136 (An exploitable SQL injection vulnerability exists in the
DownloadWindo ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6135 (An exploitable SQL injection vulnerability exists in the
Validator.php ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6134 (SQL injection vulnerabilities exist in the ID parameters of
OS4Ed open ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6133 (SQL injection vulnerabilities exist in the ID parameters of
OS4Ed open ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6132 (SQL injection vulnerability exists in the ID parameters of
OS4Ed openS ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6131 (SQL injection vulnerabilities exist in the course_period_id
parameters ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6130 (SQL injection vulnerabilities exist in the course_period_id
parameters ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6129 (SQL injection vulnerabilities exist in the course_period_id
parameters ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6128 (SQL injection vulnerability exists in the CoursePeriodModal.php
page o ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6127 (SQL injection vulnerability exists in the CoursePeriodModal.php
page o ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6126 (SQL injection vulnerability exists in the CoursePeriodModal.php
page o ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6125 (An exploitable SQL injection vulnerability exists in the
GetSchool.php ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6124 (An exploitable sql injection vulnerability exists in the email
paramet ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6123 (An exploitable sql injection vulnerability exists in the email
paramet ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6122 (SQL injection vulnerability exists in the
CheckDuplicateStudent.php pa ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6121 (SQL injection vulnerabilities exist in the
CheckDuplicateStudent.php p ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6120 (SQL injection vulnerability exists in the
CheckDuplicateStudent.php pa ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6119 (SQL injection vulnerabilities exist in the
CheckDuplicateStudent.php p ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6118 (SQL injection vulnerabilities exist in the
CheckDuplicateStudent.php p ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6117 (SQL injection vulnerabilities exist in the
CheckDuplicateStudent.php p ...)
- TODO: check
+ NOT-FOR-US: OS4Ed openSIS
CVE-2020-6116
RESERVED
CVE-2020-6115
@@ -46088,9 +46090,9 @@ CVE-2020-5781
CVE-2020-5780
RESERVED
CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe)
relates t ...)
- TODO: check
+ NOT-FOR-US: Trading Technologies Messaging
CVE-2020-5778 (A flaw exists in Trading Technologies Messaging 7.1.28.3
(ttmd.exe) du ...)
- TODO: check
+ NOT-FOR-US: Trading Technologies Messaging
CVE-2020-5777 (MAGMI versions prior to 0.7.24 are vulnerable to a remote
authenticati ...)
NOT-FOR-US: MAGMI
CVE-2020-5776 (Currently, all versions of MAGMI are vulnerable to CSRF due to
the lac ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e47aee3d446ec9eb71ec33af0bf3560444a495
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e47aee3d446ec9eb71ec33af0bf3560444a495
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
