Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02392f65 by Moritz Muehlenhoff at 2020-11-16T18:35:54+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3935,7 +3935,7 @@ CVE-2020-28270 (Overview:Prototype pollution
vulnerability in ‘object-hier
CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1
through 1. ...)
NOT-FOR-US: Node field
CVE-2020-28268 (Prototype pollution vulnerability in 'controlled-merge'
versions 1.0.0 ...)
- TODO: check
+ NOT-FOR-US: Node controlled-merge
CVE-2020-28267 (Prototype pollution vulnerability in '@strikeentco/set'
version 1.0.0 ...)
NOT-FOR-US: Node strikeentco/set
CVE-2017-18926 (raptor_xml_writer_start_element_common in raptor_xml_writer.c
in Rapto ...)
@@ -6770,7 +6770,7 @@ CVE-2020-27219
CVE-2020-27218
RESERVED
CVE-2020-27217 (In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol
adapter does ...)
- TODO: check
+ NOT-FOR-US: Eclipse Hono
CVE-2020-27216 (In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930,
10.0.0.alpha1 thr ...)
- jetty9 9.4.33-1
[stretch] - jetty9 <no-dsa> (Minor issue)
@@ -8871,7 +8871,7 @@ CVE-2020-26224
CVE-2020-26223 (Spree is a complete open source e-commerce solution built with
Ruby on ...)
NOT-FOR-US: Spree
CVE-2020-26222 (Dependabot is a set of packages for automated dependency
management fo ...)
- TODO: check
+ NOT-FOR-US: Dependabot
CVE-2020-26221 (touchbase.ai before version 2.0 is vulnerable to Cross-Site
Scripting ...)
NOT-FOR-US: touchbase.ai
CVE-2020-26220 (toucbase.ai before version 2.0 leaks information by not
stripping exif ...)
@@ -18590,7 +18590,7 @@ CVE-2020-21669
CVE-2020-21668
RESERVED
CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file
app/admin/controller/Ajax.php the ' ...)
- TODO: check
+ NOT-FOR-US: fastadmin-tp6
CVE-2020-21666
RESERVED
CVE-2020-21665
@@ -29521,7 +29521,7 @@ CVE-2020-16275 (A cross-site scripting (XSS)
vulnerability in the Credential Man
CVE-2020-16274
RESERVED
CVE-2020-16273 (In Arm software implementing the Armv8-M processors (all
versions), th ...)
- TODO: check
+ NOT-FOR-US: Arm hardware issue
CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before
1.12.0 is mis ...)
NOT-FOR-US: Kee Vault KeePassRPC
CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before
1.12.0 genera ...)
@@ -40104,7 +40104,7 @@ CVE-2020-12309 (Insufficiently protected credentialsin
subsystem in some Intel(R
CVE-2020-12308 (Improper access control for the Intel(R) Computing Improvement
Program ...)
NOT-FOR-US: Intel
CVE-2020-12307 (Improper permissions in some Intel(R) High Definition Audio
drivers be ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-12306 (Incorrect default permissions in the Intel(R) RealSense(TM)
D400 Serie ...)
NOT-FOR-US: Intel
CVE-2020-12305
@@ -50576,7 +50576,7 @@ CVE-2020-8752 (Out-of-bounds write in IPv6 subsystem
for Intel(R) AMT, Intel(R)
CVE-2020-8751 (Insufficient control flow management in subsystem for Intel(R)
CSME ve ...)
NOT-FOR-US: Intel
CVE-2020-8750 (Use after free in Kernel Mode Driver for Intel(R) TXE versions
before ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2020-8749 (Out-of-bounds read in subsystem for Intel(R) AMT versions
before 11.8. ...)
NOT-FOR-US: Intel
CVE-2020-8748
@@ -50696,13 +50696,13 @@ CVE-2020-8694 (Insufficient access control in the
Linux kernel driver for some I
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
NOTE:
https://git.kernel.org/linus/949dd0104c496fa7c14991a23c03c62e44637e71
CVE-2020-8693 (Improper buffer restrictions in the firmware of the Intel(R)
Ethernet ...)
- TODO: check
+ NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for
Windows)
CVE-2020-8692 (Insufficient access control in the firmware of the Intel(R)
Ethernet 7 ...)
- TODO: check
+ NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for
Windows)
CVE-2020-8691 (A logic issue in the firmware of the Intel(R) Ethernet 700
Series Cont ...)
- TODO: check
+ NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for
Windows)
CVE-2020-8690 (Protection mechanism failure in Intel(R) Ethernet 700 Series
Controlle ...)
- TODO: check
+ NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for
Windows)
CVE-2020-8689 (Improper buffer restrictions in the Intel(R) Wireless for Open
Source ...)
- iwd 1.5-1
[buster] - iwd <no-dsa> (Minor issue)
@@ -51755,7 +51755,7 @@ CVE-2020-8261 (A vulnerability in the Pulse Connect
Secure / Pulse Policy Secure
CVE-2020-8260 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin
web inter ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2020-8259 (Insufficient protection of the server-side encryption keys in
Nextclou ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2020-8258
RESERVED
CVE-2020-8257
@@ -52075,7 +52075,7 @@ CVE-2020-8154 (An Insecure direct object reference
vulnerability in Nextcloud Se
CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to
delete hi ...)
NOT-FOR-US: Nextcloud Groupfolders app
CVE-2020-8152 (Insufficient protection of the server-side encryption keys in
Nextclou ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2020-8151 (There is a possible information disclosure issue in Active
Resource &l ...)
- rails <not-affected> (Vulnerable code splitted out upstream before
initial upload to Debian)
NOTE: ActiveResource was extracted to a separate gem in starting in the
4.0 rails
@@ -53096,7 +53096,7 @@ CVE-2020-7774
CVE-2020-7773
RESERVED
CVE-2020-7772 (This affects the package doc-path before 2.1.2. ...)
- TODO: check
+ NOT-FOR-US: Node doc-path
CVE-2020-7771
RESERVED
CVE-2020-7770 (This affects the package json8 before 1.0.3. The function adds
in the ...)
@@ -58326,17 +58326,17 @@ CVE-2020-5666 (Uncontrolled resource consumption
vulnerability in MELSEC iQ-R Se
CVE-2020-5665
RESERVED
CVE-2020-5664 (Deserialization of untrusted data vulnerability in XooNIps 3.49
and ea ...)
- TODO: check
+ NOT-FOR-US: XooNIps
CVE-2020-5663 (Stored cross-site scripting vulnerability in XooNIps 3.49 and
earlier ...)
- TODO: check
+ NOT-FOR-US: XooNIps
CVE-2020-5662 (Reflected cross-site scripting vulnerability in XooNIps 3.49
and earli ...)
- TODO: check
+ NOT-FOR-US: XooNIps
CVE-2020-5661
RESERVED
CVE-2020-5660
RESERVED
CVE-2020-5659 (SQL injection vulnerability in the XooNIps 3.49 and earlier
allows rem ...)
- TODO: check
+ NOT-FOR-US: XooNIps
CVE-2020-5658 (Resource Management Errors vulnerability in TCP/IP function
included i ...)
NOT-FOR-US: Mitsubishi
CVE-2020-5657 (Improper neutralization of argument delimiters in a command
('Argument ...)
@@ -66973,11 +66973,11 @@ CVE-2020-2494
CVE-2020-2493
RESERVED
CVE-2020-2492 (If exploited, the command injection vulnerability could allow
remote a ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2491
RESERVED
CVE-2020-2490 (If exploited, the command injection vulnerability could allow
remote a ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2019-19701
RESERVED
CVE-2019-19700
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02392f6585bca6eda793bd7ec567823c5cc1f0bb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02392f6585bca6eda793bd7ec567823c5cc1f0bb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
