Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
538805eb by Salvatore Bonaccorso at 2020-09-17T22:19:22+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22,9 +22,9 @@ CVE-2020-25729 (ZoneMinder before 1.34.21 has XSS via the
connkey parameter to d
- zoneminder <unfixed>
NOTE:
https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413
CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a
broken algor ...)
- TODO: check
+ NOT-FOR-US: Reset Password add-on for Alfresco
CVE-2020-25727 (The Reset Password add-on before 1.2.0 for Alfresco suffers
from CMIS- ...)
- TODO: check
+ NOT-FOR-US: Reset Password add-on for Alfresco
CVE-2020-25726
RESERVED
CVE-2020-25725
@@ -500,9 +500,9 @@ CVE-2020-25492
CVE-2020-25491
RESERVED
CVE-2020-25490 (Lack of cryptographic signature verification in the Sqreen PHP
agent d ...)
- TODO: check
+ NOT-FOR-US: Sqreen
CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer)
before 0 ...)
- TODO: check
+ NOT-FOR-US: Sqreen
CVE-2020-25488
RESERVED
CVE-2020-25487
@@ -1092,9 +1092,9 @@ CVE-2020-25218
CVE-2020-25217
RESERVED
CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an
XSL Tran ...)
- TODO: check
+ NOT-FOR-US: yWorks yEd Desktop
CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML
or Grap ...)
- TODO: check
+ NOT-FOR-US: yWorks yEd Desktop
CVE-2020-25214
RESERVED
CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for
WordPress all ...)
@@ -3602,9 +3602,9 @@ CVE-2020-24048
CVE-2020-24047
RESERVED
CVE-2020-24046 (A sandbox escape issue was discovered in TitanHQ SpamTitan
Gateway 7.0 ...)
- TODO: check
+ NOT-FOR-US: TitanHQ
CVE-2020-24045 (A sandbox escape issue was discovered in TitanHQ SpamTitan
Gateway 7.0 ...)
- TODO: check
+ NOT-FOR-US: TitanHQ
CVE-2020-24044
RESERVED
CVE-2020-24043
@@ -27297,7 +27297,7 @@ CVE-2020-13170 (HashiCorp Consul and Consul Enterprise
did not appropriately enf
NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
NOTE: https://github.com/hashicorp/consul/pull/8068
CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds
Orion Platf ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2020-13168
RESERVED
CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code
execution ...)
@@ -31415,9 +31415,9 @@ CVE-2020-11806 (In MailStore Outlook Add-in (and Email
Archive Outlook Add-in) t
CVE-2020-11805
RESERVED
CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to
improper sanit ...)
- TODO: check
+ NOT-FOR-US: Titan SpamTitan
CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper
sanitization ...)
- TODO: check
+ NOT-FOR-US: Titan SpamTitan
CVE-2020-11802
RESERVED
CVE-2020-11801
@@ -31982,11 +31982,11 @@ CVE-2020-11702 (An issue was discovered in ProVide
(formerly zFTPServer) through
CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer)
through 13.1. ...)
NOT-FOR-US: ProVide (formerly zFTPServer)
CVE-2020-11700 (An issue was discovered in Titan SpamTitan 7.07. Improper
sanitization ...)
- TODO: check
+ NOT-FOR-US: Titan SpamTitan
CVE-2020-11699 (An issue was discovered in Titan SpamTitan 7.07. Improper
validation o ...)
- TODO: check
+ NOT-FOR-US: Titan SpamTitan
CVE-2020-11698 (An issue was discovered in Titan SpamTitan 7.07. Improper
input saniti ...)
- TODO: check
+ NOT-FOR-US: Titan SpamTitan
CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a
reflective XSS ...)
NOT-FOR-US: Combodo iTop
CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a
stored XS ...)
@@ -46656,15 +46656,15 @@ CVE-2020-6118 (SQL injection vulnerabilities exist in
the CheckDuplicateStudent.
CVE-2020-6117 (SQL injection vulnerabilities exist in the
CheckDuplicateStudent.php p ...)
NOT-FOR-US: OS4Ed openSIS
CVE-2020-6116 (An arbitrary code execution vulnerability exists in the
rendering func ...)
- TODO: check
+ NOT-FOR-US: Nitro Pro
CVE-2020-6115 (An exploitable vulnerability exists in the cross-reference
table repai ...)
- TODO: check
+ NOT-FOR-US: Nitro Pro
CVE-2020-6114 (An exploitable SQL injection vulnerability exists in the Admin
Reports ...)
NOT-FOR-US: Glacies IceHRM
CVE-2020-6113 (An exploitable vulnerability exists in the object stream
parsing funct ...)
- TODO: check
+ NOT-FOR-US: Nitro Pro
CVE-2020-6112 (An exploitable code execution vulnerability exists in the
JPEG2000 Str ...)
- TODO: check
+ NOT-FOR-US: Nitro Pro
CVE-2020-6111
RESERVED
CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in
the way ...)
@@ -64788,7 +64788,7 @@ CVE-2020-0404 (In uvc_scan_chain_forward of
uvc_driver.c, there is a possible li
[stretch] - linux 4.9.228-1
NOTE:
https://git.kernel.org/linus/68035c80e129c4cfec659aac4180354530b26527
CVE-2020-0403 (In the FPC TrustZone fingerprint App, there is a possible
invalid comm ...)
- TODO: check
+ NOT-FOR-US: FPC TrustZone fingerprint App
CVE-2020-0402
RESERVED
NOTE: Duplicate assignment for CVE-2019-19769 (Android security
informed)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/538805ebb7c6f4379cbb83ec5525bd878880ec0d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/538805ebb7c6f4379cbb83ec5525bd878880ec0d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
