Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
40566127 by Salvatore Bonaccorso at 2020-12-12T09:19:13+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2020-35177
CVE-2020-35176 (In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a
partial a ...)
TODO: check
CVE-2020-35175 (Frappe Framework 12 and 13 does not properly validate the HTTP
method ...)
- TODO: check
+ NOT-FOR-US: Frappe Framework
CVE-2020-35174
RESERVED
CVE-2020-35173
@@ -111,9 +111,9 @@ CVE-2020-35129
CVE-2020-35128
RESERVED
CVE-2020-35127 (Ignite Realtime Openfire 4.6.0 has
plugins/bookmarks/create-bookmark.j ...)
- TODO: check
+ NOT-FOR-US: Ignite Realtime Openfire
CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to
conduct ...)
- TODO: check
+ NOT-FOR-US: Typesetter CMS
CVE-2020-35125
RESERVED
CVE-2020-35124
@@ -1207,7 +1207,7 @@ CVE-2020-29656 (An information disclosure vulnerability
exists in RT-AC88U Downl
CVE-2020-29655 (An injection vulnerability exists in RT-AC88U Download Master
before 3 ...)
NOT-FOR-US: RT-AC88U Download Master
CVE-2020-29654 (Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking
that lea ...)
- TODO: check
+ NOT-FOR-US: Western Digital Dashboard
CVE-2020-29653
RESERVED
CVE-2020-29652
@@ -1901,7 +1901,7 @@ CVE-2020-29576 (The official eggdrop Docker images before
1.8.4rc2 contain a bla
CVE-2020-29575 (The official elixir Docker images before 1.8.0-alpine (Alpine
specific ...)
NOT-FOR-US: elixir Docker images
CVE-2020-29574 (An SQL injection vulnerability in the WebAdmin of Cyberoam OS
through ...)
- TODO: check
+ NOT-FOR-US: WebAdmin of Cyberoam OS
CVE-2020-29573 (sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or
libc6) befo ...)
- glibc <unfixed>
[stretch] - glibc <no-dsa> (Minor issue)
@@ -1932,7 +1932,7 @@ CVE-2020-29565 (An issue was discovered in OpenStack
Horizon before 15.3.2, 16.x
CVE-2020-29564 (The official Consul Docker images 0.7.1 through 1.4.2 contain
a blank ...)
NOT-FOR-US: Consul Docker images
CVE-2020-29563 (An issue was discovered on Western Digital My Cloud OS 5
devices befor ...)
- TODO: check
+ NOT-FOR-US: Western Digital My Cloud OS
CVE-2020-29562 (The iconv function in the GNU C Library (aka glibc or libc6)
2.30 to 2 ...)
- glibc <unfixed> (bug #976391)
[stretch] - glibc <no-dsa> (Minor issue)
@@ -2381,7 +2381,7 @@ CVE-2020-29457
CVE-2020-29456 (Multiple cross-site scripting (XSS) vulnerabilities in
Papermerge befo ...)
NOT-FOR-US: Papermerge
CVE-2020-29455 (A cross-Site Scripting (XSS) vulnerability in this.showInvalid
and thi ...)
- TODO: check
+ NOT-FOR-US: SmartyStreets liveAddressPlugin.js
CVE-2020-29454 (Editors/LogViewerController.cs in Umbraco through 8.9.1 allows
a user ...)
NOT-FOR-US: Umbraco CMS
CVE-2020-29453
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40566127265bd58ff8f6d8a97a76a9b09c82f767
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40566127265bd58ff8f6d8a97a76a9b09c82f767
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
