Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a0e9e4ba by Moritz Muehlenhoff at 2020-10-22T16:38:56+02:00
ruby-omniauth-auth0 n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,9 +31,9 @@ CVE-2020-27623
CVE-2020-27622
RESERVED
CVE-2020-27621 (The FileImporter extension in MediaWiki through 1.35.0 was not
properl ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension
CVE-2020-27620 (The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS
because Me ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension
CVE-2020-27619 (In Python 3 through 3.9.0, the
Lib/test/multibytecodec_support.py CJK ...)
TODO: check
CVE-2020-27618
@@ -26068,9 +26068,9 @@ CVE-2020-15268
CVE-2020-15267
RESERVED
CVE-2020-15266 (In Tensorflow before version 2.4.0, when the `boxes` argument
of `tf.i ...)
- TODO: check
+ - tensorflow <itp> (bug #804612)
CVE-2020-15265 (In Tensorflow before version 2.4.0, an attacker can pass an
invalid `a ...)
- TODO: check
+ - tensorflow <itp> (bug #804612)
CVE-2020-15264 (The Boxstarter installer before version 2.13.0 configures
C:\ProgramDa ...)
NOT-FOR-US: Boxstarter
CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not
properly e ...)
@@ -26126,7 +26126,8 @@ CVE-2020-15242 (Next.js versions >=9.5.0 and
<9.5.4 are vulnerable to an O
CVE-2020-15241 (TYPO3 Fluid Engine (package `typo3fluid/fluid`) before
versions 2.0.5, ...)
NOT-FOR-US: TYPO3 Fluid Engine
CVE-2020-15240 (omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1
improper ...)
- TODO: check
+ - ruby-omniauth-auth0 <not-affected> (Introduced in 2.3.0)
+ NOTE:
https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm
CVE-2020-15239 (In xmpp-http-upload before version 0.4.0, when the GET method
is attac ...)
NOT-FOR-US: xmpp-http-upload
CVE-2020-15238
@@ -41095,11 +41096,11 @@ CVE-2020-10142
CVE-2020-10141
RESERVED
CVE-2020-10140 (Acronis True Image 2021 fails to properly set ACLs of the
C:\ProgramDa ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2020-10139 (Acronis True Image 2021 includes an OpenSSL component that
specifies a ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2020-10138 (Acronis Cyber Backup 12.5 and Cyber Protect 15 include an
OpenSSL comp ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2020-10137
RESERVED
CVE-2020-10136 (Multiple products that implement the IP Encapsulation within
IP standa ...)
@@ -43979,7 +43980,7 @@ CVE-2020-8931
CVE-2020-8930
RESERVED
CVE-2020-8929 (A mis-handling of invalid unicode characters in the Java
implementatio ...)
- TODO: check
+ NOT-FOR-US: Tink
CVE-2020-8928
RESERVED
CVE-2020-8927 (A buffer overflow exists in the Brotli library versions prior
to 1.0.8 ...)
@@ -52190,9 +52191,9 @@ CVE-2020-5653
CVE-2020-5652
RESERVED
CVE-2020-5651 (SQL injection vulnerability in Simple Download Monitor 3.8.8
and earli ...)
- TODO: check
+ NOT-FOR-US: Simple Download Monitor
CVE-2020-5650 (Cross-site scripting vulnerability in Simple Download Monitor
3.8.8 an ...)
- TODO: check
+ NOT-FOR-US: Simple Download Monitor
CVE-2020-5649
RESERVED
CVE-2020-5648
@@ -58810,7 +58811,7 @@ CVE-2020-3301 (Multiple vulnerabilities in Cisco
Firepower Management Center (FM
CVE-2020-3300
RESERVED
CVE-2020-3299 (Multiple Cisco products are affected by a vulnerability in the
Snort d ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF)
implementation ...)
NOT-FOR-US: Cisco
CVE-2020-3297 (A vulnerability in session management for the web-based
interface of C ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0e9e4ba660eefd7065c3d77eb18513eaa1793f6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0e9e4ba660eefd7065c3d77eb18513eaa1793f6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
