Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a112ef9 by Moritz Muehlenhoff at 2020-11-06T10:15:55+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,9 +31,9 @@ CVE-2020-28252
CVE-2020-28251
RESERVED
CVE-2020-28250 (Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a
remote user ...)
- TODO: check
+ NOT-FOR-US: Cellinx NVT Web Server
CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a
note. ...)
- TODO: check
+ NOT-FOR-US: Joplin
CVE-2020-28248
RESERVED
CVE-2020-28247
@@ -4928,7 +4928,7 @@ CVE-2020-26209
CVE-2020-26208
RESERVED
CVE-2020-26207 (DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to
arbitrary ...)
- TODO: check
+ NOT-FOR-US: DatabaseSchemaViewer
CVE-2020-26206
RESERVED
CVE-2020-26205 (Sal is a multi-tenanted reporting dashboard for Munki with the
ability ...)
@@ -8950,33 +8950,33 @@ CVE-2020-24441
CVE-2020-24440
RESERVED
CVE-2020-24439 (Acrobat Reader DC for macOS versions 2020.012.20048 (and
earlier), 202 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24438 (Acrobat Reader DC versions 2020.012.20048 (and earlier),
2020.001.3000 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24437 (Acrobat Reader DC versions 2020.012.20048 (and earlier),
2020.001.3000 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24436 (Acrobat Pro DC versions 2020.012.20048 (and earlier),
2020.001.30005 ( ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24435 (Acrobat Reader DC versions 2020.012.20048 (and earlier),
2020.001.3000 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24434 (Acrobat Reader DC versions 2020.012.20048 (and earlier),
2020.001.3000 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24433 (Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier),
2020.00 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24432 (Acrobat Reader DC versions 2020.012.20048 (and earlier),
2020.001.3000 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24431 (Acrobat Reader DC versions 2020.012.20048 (and earlier),
2020.001.3000 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24430 (Acrobat Reader DC versions 2020.012.20048 (and earlier),
2020.001.3000 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24429 (Acrobat Reader DC versions 2020.012.20048 (and earlier),
2020.001.3000 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24428 (Acrobat Reader DC versions 2020.012.20048 (and earlier),
2020.001.3000 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24427 (Acrobat Reader versions 2020.012.20048 (and earlier),
2020.001.30005 ( ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24426 (Acrobat Reader DC versions 2020.012.20048 (and earlier),
2020.001.3000 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24425 (Dreamweaver version 20.2 (and earlier) is affected by an
uncontrolled ...)
NOT-FOR-US: Adobe
CVE-2020-24424 (Adobe Premiere Pro version 14.4 (and earlier) is affected by
an uncont ...)
@@ -26274,13 +26274,13 @@ CVE-2020-15953 (LibEtPan through 1.9.4, as used in
MailCore 2 through 0.6.3 and
NOTE: https://github.com/dinhvh/libetpan/pull/387
NOTE: https://github.com/dinhvh/libetpan/pull/388
CVE-2020-15952 (Immuta v2.8.2 is affected by stored XSS that allows a
low-privileged u ...)
- TODO: check
+ NOT-FOR-US: Immuta
CVE-2020-15951 (Immuta v2.8.2 accepts user-supplied project names without
properly san ...)
- TODO: check
+ NOT-FOR-US: Immuta
CVE-2020-15950 (Immuta v2.8.2 is affected by improper session management: user
session ...)
- TODO: check
+ NOT-FOR-US: Immuta
CVE-2020-15949 (Immuta v2.8.2 is affected by one instance of insecure
permissions that ...)
- TODO: check
+ NOT-FOR-US: Immuta
CVE-2020-15948
RESERVED
CVE-2020-25573 (An issue was discovered in the linked-hash-map crate before
0.5.3 for ...)
@@ -32897,9 +32897,9 @@ CVE-2020-13539
CVE-2020-13538
RESERVED
CVE-2020-13537 (An exploitable local privilege elevation vulnerability exists
in the f ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2020-13536 (An exploitable local privilege elevation vulnerability exists
in the f ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-13535
RESERVED
CVE-2020-13534
@@ -49036,22 +49036,22 @@ CVE-2020-7765
CVE-2020-7764
RESERVED
CVE-2020-7763 (This affects the package phantom-html-to-pdf before 0.6.1. ...)
- TODO: check
+ NOT-FOR-US: Nodephantom-html-to-pdf
CVE-2020-7762 (This affects the package jsreport-chrome-pdf before 1.10.0. ...)
- TODO: check
+ NOT-FOR-US: Node jsreport-chrome-pdf
CVE-2020-7761 (This affects the package @absolunet/kafe before 3.2.10. It
allows caus ...)
- TODO: check
+ NOT-FOR-US: @absolunet/kafe
CVE-2020-7760 (This affects the package codemirror before 5.58.2; the package
org.apa ...)
- codemirror-js <unfixed>
[stretch] - codemirror-js <not-affected> (Vulnerable code added later)
NOTE: https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
NOTE:
https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
CVE-2020-7759 (The package pimcore/pimcore from 6.7.2 and before 6.8.3 are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2020-7758 (This affects all versions of package browserless-chrome. User
input fl ...)
- TODO: check
+ NOT-FOR-US: Node browserless-chrome
CVE-2020-7757 (This affects all versions of package droppy. It is possible to
travers ...)
- TODO: check
+ NOT-FOR-US: droppy
CVE-2020-7756
RESERVED
CVE-2020-7755 (All versions of package dat.gui are vulnerable to Regular
Expression D ...)
@@ -50294,7 +50294,7 @@ CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable
to an remote code execut
CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is
resolved i ...)
NOT-FOR-US: LinuxKI
CVE-2020-7207 (A local elevation of privilege using physical access security
vulnerab ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7206 (HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and
earlier) has ...)
NOT-FOR-US: HP nagios plugin for iLO
CVE-2020-7205 (A potential security vulnerability has been identified in HPE
Intellig ...)
@@ -51093,7 +51093,7 @@ CVE-2020-6879
CVE-2020-6878
RESERVED
CVE-2020-6877 (A ZTE product is impacted by an information leak vulnerability.
An att ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2020-6876 (A ZTE product is impacted by an XSS vulnerability. The
vulnerability i ...)
NOT-FOR-US: ZTE
CVE-2020-6875 (A ZTE product is impacted by the improper access control
vulnerability ...)
@@ -53506,7 +53506,7 @@ CVE-2020-6017
CVE-2020-6016
RESERVED
CVE-2020-6015 (Check Point Endpoint Security for Windows before E84.10 can
reach deni ...)
- TODO: check
+ NOT-FOR-US: Check Point Endpoint Security Client
CVE-2020-6014 (Check Point Endpoint Security Client for Windows, with Anti-Bot
or Thr ...)
NOT-FOR-US: Check Point Endpoint Security Client
CVE-2020-6013 (ZoneAlarm Firewall and Antivirus products before version
15.8.109.1843 ...)
@@ -53683,7 +53683,7 @@ CVE-2020-5946 (In BIG-IP Advanced WAF and FPS versions
16.0.0-16.0.0.1, 15.1.0-1
CVE-2020-5945 (In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and
14.1.0-14.1.2 ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5944 (In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS
Overview pag ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2020-5943 (In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a
BIG-IP objec ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5942 (In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5,
14.1.0-14.1.2 ...)
@@ -53985,7 +53985,7 @@ CVE-2020-5795
CVE-2020-5794
RESERVED
CVE-2020-5793 (A vulnerability in Nessus versions 8.9.0 through 8.12.0 for
Windows &a ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2020-5792 (Improper neutralization of argument delimiters in a command in
Nagios ...)
NOT-FOR-US: Nagios XI
CVE-2020-5791 (Improper neutralization of special elements used in an OS
command in N ...)
@@ -54237,7 +54237,7 @@ CVE-2020-5669
CVE-2020-5668
RESERVED
CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App
for iOS ...)
- TODO: check
+ NOT-FOR-US: Studyplus
CVE-2020-5666
RESERVED
CVE-2020-5665
@@ -54273,19 +54273,19 @@ CVE-2020-5651 (SQL injection vulnerability in Simple
Download Monitor 3.8.8 and
CVE-2020-5650 (Cross-site scripting vulnerability in Simple Download Monitor
3.8.8 an ...)
NOT-FOR-US: Simple Download Monitor
CVE-2020-5649 (Resource management error vulnerability in TCP/IP function
included in ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2020-5648 (Improper neutralization of argument delimiters in a command
('Argument ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2020-5647 (Improper access control vulnerability in TCP/IP function
included in t ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2020-5646 (NULL pointer dereferences vulnerability in TCP/IP function
included in ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2020-5645 (Session fixation vulnerability in TCP/IP function included in
the firm ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2020-5644 (Buffer overflow vulnerability in TCP/IP function included in
the firmw ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2020-5643 (Improper input validation vulnerability in Cybozu Garoon 5.0.0
to 5.0. ...)
- TODO: check
+ NOT-FOR-US: Cybozu Garoon
CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat -
Live su ...)
NOT-FOR-US: Live Chat
CVE-2020-5641
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a112ef9583ca29bb88609c9fbe07a97c9ccf40b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a112ef9583ca29bb88609c9fbe07a97c9ccf40b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
