Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
29261d70 by Salvatore Bonaccorso at 2020-09-14T22:17:02+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27872,11 +27872,11 @@ CVE-2020-12791
CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS,
helpers/DynamicMet ...)
NOT-FOR-US: SEOmatic plugin for Craft CMS
CVE-2020-12789 (The Secure Monitor in Microchip Atmel ATSAMA5 products use a
hardcoded ...)
- TODO: check
+ NOT-FOR-US: Microchip Atmel ATSAMA5 products
CVE-2020-12788 (CMAC verification functionality in Microchip Atmel ATSAMA5
products is ...)
- TODO: check
+ NOT-FOR-US: Microchip Atmel ATSAMA5 products
CVE-2020-12787 (Microchip Atmel ATSAMA5 products in Secure Mode allow an
attacker to b ...)
- TODO: check
+ NOT-FOR-US: Microchip Atmel ATSAMA5 products
CVE-2020-12786
RESERVED
CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the
current ...)
@@ -39438,7 +39438,7 @@ CVE-2020-8819 (An issue was discovered in the CardGate
Payments plugin through 3
CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through
2.0.30 ...)
NOT-FOR-US: CardGate Payments plugin for Magento
CVE-2020-8817 (Dataiku DSS before 6.0.5 allows attackers write access to the
project ...)
- TODO: check
+ NOT-FOR-US: Dataiku
CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution
by priv ...)
NOT-FOR-US: Pi-hole
CVE-2020-8815 (Improper connection handling in the base connection handler in
IKTeam ...)
@@ -75396,9 +75396,9 @@ CVE-2019-14759
CVE-2019-14758
RESERVED
CVE-2019-14757 (An issue was discovered in KaiOS 2.5 and 2.5.1. The
pre-installed Cont ...)
- TODO: check
+ NOT-FOR-US: KaiOS
CVE-2019-14756 (An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The
pre-insta ...)
- TODO: check
+ NOT-FOR-US: KaiOS
CVE-2019-14755 (The profile photo upload feature in Leaf Admin 61.9.0212.10 f
allows U ...)
NOT-FOR-US: Leaf Admin
CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL
Injection via t ...)
@@ -108845,7 +108845,7 @@ CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in
extractXmlConfigFromInputStream in co
[stretch] - c3p0 0.9.1.2-9+deb9u1
NOTE:
https://github.com/swaldman/c3p0/commit/7dfdda63f42759a5ec9b63d725b7412f74adb3e1
CVE-2018-20432 (D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use
hardcoded ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-20431 (GNU Libextractor through 1.8 has a NULL Pointer Dereference
vulnerabil ...)
{DSA-4361-1 DLA-1616-1}
- libextractor 1:1.8-2 (bug #917213)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29261d7003848ce849d747d7e78cde4d2cfa58b6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29261d7003848ce849d747d7e78cde4d2cfa58b6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
