[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Wed, 21 Oct 2020 06:15:42 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9d1cee3d by Moritz Muehlenhoff at 2020-10-21T15:14:56+02:00
NFUs
veyon n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5279,7 +5279,7 @@ CVE-2020-25159
 CVE-2020-25158
        RESERVED
 CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL 
injection ...)
-       TODO: check
+       NOT-FOR-US: R-SeeNet
 CVE-2020-25156
        RESERVED
 CVE-2020-25155
@@ -6119,7 +6119,7 @@ CVE-2020-24767
 CVE-2020-24766
        RESERVED
 CVE-2020-24765 (InterMind iMind Server through 3.13.65 allows remote 
unauthenticated a ...)
-       TODO: check
+       NOT-FOR-US: InterMind iMind Server
 CVE-2020-24764
        RESERVED
 CVE-2020-24763
@@ -6881,21 +6881,21 @@ CVE-2020-24418
 CVE-2020-24417
        RESERVED
 CVE-2020-24416 (Marketo Sales Insight plugin version 1.4355 (and earlier) is 
affected  ...)
-       TODO: check
+       NOT-FOR-US: Marketo Sales Insight plugin
 CVE-2020-24415 (Adobe Illustrator version 24.1.2 (and earlier) is affected by 
a memory ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-24414 (Adobe Illustrator version 24.1.2 (and earlier) is affected by 
a memory ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-24413 (Adobe Illustrator version 24.1.2 (and earlier) is affected by 
a memory ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-24412 (Adobe Illustrator version 24.1.2 (and earlier) is affected by 
a memory ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-24411 (Adobe Illustrator version 24.2 (and earlier) is affected by an 
out-of- ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-24410 (Adobe Illustrator version 24.2 (and earlier) is affected by an 
out-of- ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-24409 (Adobe Illustrator version 24.2 (and earlier) is affected by an 
out-of- ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-24408 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected 
by a per ...)
        NOT-FOR-US: Magento
 CVE-2020-24407
@@ -6940,9 +6940,9 @@ CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does 
not properly escape th
 CVE-2020-24389
        RESERVED
 CVE-2020-24388 (An issue was discovered in the _send_secure_msg() function of 
yubihsm- ...)
-       TODO: check
+       NOT-FOR-US: yubihsm-shell
 CVE-2020-24387 (An issue was discovered in the yh_create_session() function of 
yubihsm ...)
-       TODO: check
+       NOT-FOR-US: yubihsm-shell
 CVE-2020-24386
        RESERVED
 CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and 
FreeBSD be ...)
@@ -6969,7 +6969,7 @@ CVE-2020-24377 (A DNS rebinding vulnerability in the 
Freebox OS web interface in
 CVE-2020-24376 (A DNS rebinding vulnerability in the UPnP IGD implementations 
in Freeb ...)
        NOT-FOR-US: Freebox
 CVE-2020-24375 (A DNS rebinding vulnerability in the UPnP MediaServer 
implementation i ...)
-       TODO: check
+       NOT-FOR-US: Freebox
 CVE-2020-24374 (A DNS rebinding vulnerability in Freebox HD before 1.5.29. ...)
        NOT-FOR-US: Freebox
 CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in 
Freebox ...)
@@ -23606,13 +23606,13 @@ CVE-2020-16163 (** DISPUTED ** An issue was 
discovered in RIPE NCC RPKI Validato
 CVE-2020-16162 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI 
Validator 3.x  ...)
        NOT-FOR-US: RIPE NCC RPKI Validator
 CVE-2020-16161 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in 
GPMF_Sca ...)
-       TODO: check
+       NOT-FOR-US: GoPro
 CVE-2020-16160 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in 
GPMF_Dec ...)
-       TODO: check
+       NOT-FOR-US: GoPro
 CVE-2020-16159 (GoPro gpmf-parser 1.5 has a heap out-of-bounds read and 
segfault in GP ...)
-       TODO: check
+       NOT-FOR-US: GoPro
 CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: GoPro
 CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 
2.1.7 vi ...)
        NOT-FOR-US: Nagios Log Server
 CVE-2020-16156
@@ -24207,7 +24207,7 @@ CVE-2020-15933
 CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during 
updates, c ...)
        NOT-FOR-US: Overwolf
 CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: Netwrix Account Lockout Examiner
 CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows 
arbitrary cod ...)
        NOT-FOR-US: Joplin desktop
 CVE-2020-15929
@@ -25961,7 +25961,7 @@ CVE-2020-15271
 CVE-2020-15270
        RESERVED
 CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired 
user tokens ...)
-       TODO: check
+       NOT-FOR-US: Spree
 CVE-2020-15268
        RESERVED
 CVE-2020-15267
@@ -25971,13 +25971,14 @@ CVE-2020-15266
 CVE-2020-15265
        RESERVED
 CVE-2020-15264 (The Boxstarter installer before version 2.13.0 configures 
C:\ProgramDa ...)
-       TODO: check
+       NOT-FOR-US: Boxstarter
 CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not 
properly e ...)
        NOT-FOR-US: Laravel Orchid Platform
 CVE-2020-15262 (In webpack-subresource-integrity before version 1.5.1, all 
dynamically ...)
-       TODO: check
+       NOT-FOR-US: Node webpack-subresource-integrity
 CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an 
unquoted ...)
-       TODO: check
+       - veyon <not-affected> (Windows-specific)
+       NOTE: 
https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp
 CVE-2020-15260
        RESERVED
 CVE-2020-15259
@@ -26013,7 +26014,7 @@ CVE-2020-15247
 CVE-2020-15246
        RESERVED
 CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may 
registe ...)
-       TODO: check
+       NOT-FOR-US: Sylius
 CVE-2020-15244
        RESERVED
 CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi 
Authentication a ...)
@@ -42766,7 +42767,7 @@ CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the 
WireGuard dissector could crash.
 CVE-2020-9418 (An untrusted search path vulnerability in the installer of 
PDFescape D ...)
        NOT-FOR-US: PDFescape
 CVE-2020-9417 (The Transaction Insight reporting component of TIBCO Software 
Inc.'s T ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2020-9416 (The Spotfire client component of TIBCO Software Inc.'s TIBCO 
Spotfire  ...)
        NOT-FOR-US: TIBCO
 CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO 
Software Inc.' ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1cee3d2a40b4ae2bac56d97331ead52ae12810

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d1cee3d2a40b4ae2bac56d97331ead52ae12810
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to