Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7fc5f091 by Moritz Mühlenhoff at 2020-10-14T22:36:40+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -273,7 +273,7 @@ CVE-2020-27015
CVE-2020-27014
RESERVED
CVE-2020-27013 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2020-27012
RESERVED
CVE-2020-27011
@@ -2796,7 +2796,8 @@ CVE-2020-25826 (PingID Integration for Windows Login
before 2.4.2 allows local u
CVE-2020-25825 (In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can
reveal sensit ...)
NOT-FOR-US: Octopus Deploy
CVE-2020-25824 (Telegram Desktop through 2.4.3 does not require passcode entry
upon pu ...)
- TODO: check
+ NOTE: Nonsense CVE allocation for Telegram desktop client, with an
desktop not protected
+ NOTE: by a screen lock anything can happen anyway
CVE-2020-25823
RESERVED
CVE-2020-25822
@@ -2920,9 +2921,9 @@ CVE-2020-25780
CVE-2020-25779 (Trend Micro Antivirus for Mac 2020 (Consumer) has a
vulnerability in w ...)
NOT-FOR-US: Trend Micro
CVE-2020-25778 (Trend Micro Antivirus for Mac 2020 (Consumer) has a
vulnerability in a ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2020-25777 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to
a speci ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2020-25776 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to
a symbo ...)
NOT-FOR-US: Trend Micro
CVE-2020-25775 (The Trend Micro Security 2020 (v16) consumer family of
products is vul ...)
@@ -4276,7 +4277,7 @@ CVE-2020-25190
CVE-2020-25189
RESERVED
CVE-2020-25188 (An attacker who convinces a valid user to open a specially
crafted pro ...)
- TODO: check
+ NOT-FOR-US: LAquis SCADA
CVE-2020-25187
RESERVED
CVE-2020-25186
@@ -5664,7 +5665,7 @@ CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1
allows XSS because tex
CVE-2020-24552 (Atop Technology industrial 3G/4G gateway contains Command
Injection vu ...)
NOT-FOR-US: Atop Technology industrial 3G/4G gateway
CVE-2020-24551 (IProom MMC+ Server login page does not validate specific
parameters pr ...)
- TODO: check
+ NOT-FOR-US: IProom MMC+ Server
CVE-2020-24550
RESERVED
CVE-2020-24549
@@ -6452,7 +6453,7 @@ CVE-2020-24190
CVE-2020-24189
RESERVED
CVE-2020-24188 (Cross-site scripting (XSS) vulnerability in the search
functionality i ...)
- TODO: check
+ NOT-FOR-US: United Planet Intrexx Professional
CVE-2020-24187
RESERVED
CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors
wpDiscuz ...)
@@ -25021,11 +25022,11 @@ CVE-2020-15255
CVE-2020-15254
RESERVED
CVE-2020-15253 (Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site
Scripting v ...)
- TODO: check
+ NOT-FOR-US: Grocy
CVE-2020-15252
RESERVED
CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before
version ...)
- TODO: check
+ NOT-FOR-US: Channelmgnt plug-in for Sopel
CVE-2020-15250 (In JUnit4 before version 4.13.1, the test rule TemporaryFolder
contain ...)
TODO: check
CVE-2020-15249
@@ -25072,7 +25073,7 @@ CVE-2020-15229 (Singularity (an open source container
platform) from version 3.1
- singularity-container <unfixed> (bug #972212)
NOTE:
https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9
CVE-2020-15228 (In the `@actions/core` npm module before version
1.2.6,`addPath` and ` ...)
- TODO: check
+ NOT-FOR-US: Node @actions/core
CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16,
3.0.6 ar ...)
- php-nette <removed>
[stretch] - php-nette <no-dsa> (low priority)
@@ -25082,7 +25083,7 @@ CVE-2020-15226 (In GLPI before version 9.5.2, there is
a SQL Injection in the AP
CVE-2020-15225
RESERVED
CVE-2020-15224 (In Open Enclave before version 0.12.0, an information
disclosure vulne ...)
- TODO: check
+ NOT-FOR-US: Open Enclave
CVE-2020-15223 (In ORY Fosite (the security first OAuth2 & OpenID Connect
framewor ...)
NOT-FOR-US: ORY Fosite
CVE-2020-15222 (In ORY Fosite (the security first OAuth2 & OpenID Connect
framewor ...)
@@ -45874,7 +45875,7 @@ CVE-2020-7745
CVE-2020-7744
RESERVED
CVE-2020-7743 (The package mathjs before 7.5.1 are vulnerable to Prototype
Pollution ...)
- TODO: check
+ NOT-FOR-US: Node mathjs
CVE-2020-7742 (This affects the package simpl-schema before 1.10.2. ...)
NOT-FOR-US: Node simpl-schema
CVE-2020-7741 (This affects the package hellojs before 1.18.6. The code get
the param ...)
@@ -45886,9 +45887,9 @@ CVE-2020-7739 (This affects all versions of package
phantomjs-seo. It is possibl
CVE-2020-7738 (All versions of package shiba are vulnerable to Arbitrary Code
Executi ...)
NOT-FOR-US: Node shiba
CVE-2020-7737 (All versions of package safetydance are vulnerable to Prototype
Pollut ...)
- TODO: check
+ NOT-FOR-US: Node safetydance
CVE-2020-7736 (The package bmoor before 0.8.12 are vulnerable to Prototype
Pollution ...)
- TODO: check
+ NOT-FOR-US: Node bmoor
CVE-2020-7735 (The package ng-packagr before 10.1.1 are vulnerable to Command
Injecti ...)
NOT-FOR-US: ng-packagr
CVE-2020-7734 (All versions of package cabot are vulnerable to Cross-site
Scripting ( ...)
@@ -45953,7 +45954,7 @@ CVE-2020-7711 (This affects all versions of package
github.com/russellhaering/go
CVE-2020-7710 (This affects all versions of package safe-eval. It is possible
for an ...)
NOT-FOR-US: Node safe-eval
CVE-2020-7709 (This affects the package json-pointer before 0.6.1. Multiple
reference ...)
- TODO: check
+ NOT-FOR-US: Node json-pointer
CVE-2020-7708 (The package irrelon-path before 4.7.0; the package
@irrelon/path befor ...)
NOT-FOR-US: Node irrelon-path
CVE-2020-7707 (The package property-expr before 2.0.3 are vulnerable to
Prototype Pol ...)
@@ -46781,7 +46782,7 @@ CVE-2020-7332
CVE-2020-7331
RESERVED
CVE-2020-7330 (Privilege Escalation vulnerability in McAfee Total Protection
(MTP) tr ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7329
RESERVED
CVE-2020-7328
@@ -46805,9 +46806,9 @@ CVE-2020-7320 (Protection Mechanism Failure
vulnerability in McAfee Endpoint Sec
CVE-2020-7319 (Improper Access Control vulnerability in McAfee Endpoint
Security (ENS ...)
NOT-FOR-US: McAfee
CVE-2020-7318 (Cross-Site Scripting vulnerability in McAfee ePolicy
Orchistrator (ePO ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7317 (Cross-Site Scripting vulnerability in McAfee ePolicy
Orchistrator (ePO ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7316 (Unquoted service path vulnerability in McAfee File and
Removable Media ...)
NOT-FOR-US: McAfee
CVE-2020-7315 (DLL Injection Vulnerability in McAfee Agent (MA) for Windows
prior to ...)
@@ -47773,7 +47774,7 @@ CVE-2020-6935
CVE-2020-6934
RESERVED
CVE-2020-6933 (An improper input validation vulnerability in the UEM Core of
BlackBer ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2020-6932 (An information disclosure and remote code execution
vulnerability in t ...)
NOT-FOR-US: BlackBerry QNX Software Development Platform
CVE-2020-6931
@@ -50106,15 +50107,15 @@ CVE-2020-6089 (An exploitable code execution
vulnerability exists in the ANI fil
CVE-2020-6088
RESERVED
CVE-2020-6087 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
- TODO: check
+ NOT-FOR-US: Allen-Bradley Flex IO
CVE-2020-6086 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
- TODO: check
+ NOT-FOR-US: Allen-Bradley Flex IO
CVE-2020-6085
RESERVED
CVE-2020-6084
RESERVED
CVE-2020-6083 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
- TODO: check
+ NOT-FOR-US: Allen-Bradley Flex IO
CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the
ico_rea ...)
NOT-FOR-US: Accusoft
CVE-2020-6081 (An exploitable code execution vulnerability exists in the
PLC_Task fun ...)
@@ -54261,7 +54262,7 @@ CVE-2020-4397 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1
transmits sensitive info
CVE-2020-4396 (IBM Jazz Foundation and IBM Engineering products are vulnerable
to cro ...)
NOT-FOR-US: IBM
CVE-2020-4395 (IBM Security Access Manager Appliance 9.0.7 does not invalidate
sessio ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4394
RESERVED
CVE-2020-4393
@@ -57290,7 +57291,7 @@ CVE-2020-3485 (A vulnerability in the role-based access
control (RBAC) functiona
CVE-2020-3484 (A vulnerability in the web-based management interface of Cisco
Vision ...)
NOT-FOR-US: Cisco
CVE-2020-3483 (Duo has identified and fixed an issue with the Duo Network
Gateway (DN ...)
- TODO: check
+ NOT-FOR-US: Duo
CVE-2020-3482
RESERVED
CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam
AntiVirus (C ...)
@@ -57405,7 +57406,7 @@ CVE-2020-3429 (A vulnerability in the WPA2 and WPA3
security implementation of C
CVE-2020-3428 (A vulnerability in the WLAN Local Profiling feature of Cisco
IOS XE Wi ...)
NOT-FOR-US: Cisco
CVE-2020-3427 (A privilege escalation vulnerability exists in the Duo
Authentication ...)
- TODO: check
+ NOT-FOR-US: Duo
CVE-2020-3426 (A vulnerability in the implementation of the Low Power, Wide
Area (LPW ...)
NOT-FOR-US: Cisco
CVE-2020-3425 (Multiple vulnerabilities in the web management framework of
Cisco IOS ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fc5f0915424860a5c52eb6bb87a7831ac9ac839
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fc5f0915424860a5c52eb6bb87a7831ac9ac839
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
