Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e0cb97b9 by Salvatore Bonaccorso at 2020-12-16T21:23:47+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25,21 +25,21 @@ CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and
truncated datagrams,
CVE-2020-35470 (Envoy before 1.16.1 logs an incorrect downstream address
because it co ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-35469 (The Software AG Terracotta Server OSS Docker image 5.4.1
contains a bl ...)
- TODO: check
+ NOT-FOR-US: Software AG Terracotta Server OSS Docker image
CVE-2020-35468 (The Appbase streams Docker image 2.1.2 contains a blank
password for t ...)
- TODO: check
+ NOT-FOR-US: Appbase streams Docker image
CVE-2020-35467 (The Docker Docs Docker image through 2020-12-14 contains a
blank passw ...)
- TODO: check
+ NOT-FOR-US: Docker Docs Docker image
CVE-2020-35466 (The Blackfire Docker image through 2020-12-14 contains a blank
passwor ...)
- TODO: check
+ NOT-FOR-US: Blackfire Docker image
CVE-2020-35465 (The FullArmor HAPI File Share Mount Docker image through
2020-12-14 co ...)
- TODO: check
+ NOT-FOR-US: FullArmor HAPI File Share Mount Docker image
CVE-2020-35464 (Version 1.3.0 of the Weave Cloud Agent Docker image contains a
blank p ...)
- TODO: check
+ NOT-FOR-US: Weave Cloud Agent Docker image
CVE-2020-35463 (Version 1.0.0 of the Instana Dynamic APM Docker image contains
a blank ...)
- TODO: check
+ NOT-FOR-US: Instana Dynamic APM Docker image
CVE-2020-35462 (Version 3.16.0 of the CoScale agent Docker image contains a
blank pass ...)
- TODO: check
+ NOT-FOR-US: CoScale agent Docker image
CVE-2020-35461
RESERVED
CVE-2020-35460 (common/InputStreamHelper.java in Packwood MPXJ before 8.3.5
allows dir ...)
@@ -134,7 +134,7 @@ CVE-2020-35418
CVE-2020-35417
RESERVED
CVE-2020-35416 (Multiple cross-site scripting (XSS) vulnerabilities exist in
PHPJabber ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2020-35415
RESERVED
CVE-2020-35414
@@ -584,7 +584,7 @@ CVE-2020-35195
CVE-2020-35194
RESERVED
CVE-2020-35193 (The official sonarqube docker images before alpine (Alpine
specific) c ...)
- TODO: check
+ NOT-FOR-US: sonarqube docker images before alpine (Alpine specific)
CVE-2020-35192
RESERVED
CVE-2020-35191
@@ -705,7 +705,7 @@ CVE-2020-35135 (The ultimate-category-excluder plugin
before 1.2 for WordPress a
CVE-2020-35134
RESERVED
CVE-2020-35133 (irfanView 4.56 contains an error processing parsing files of
type .pcx ...)
- TODO: check
+ NOT-FOR-US: irfanView
CVE-2020-35132 (An XSS issue has been discovered in phpLDAPadmin before
1.2.6.2 that a ...)
- phpldapadmin <unfixed>
NOTE:
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474
@@ -731,9 +731,9 @@ CVE-2020-35124
CVE-2020-35123
RESERVED
CVE-2020-35122 (An issue was discovered in the Keysight Database Connector
plugin befo ...)
- TODO: check
+ NOT-FOR-US: Keysight Database Connector plugin for Confluence
CVE-2020-35121 (An issue was discovered in the Keysight Database Connector
plugin befo ...)
- TODO: check
+ NOT-FOR-US: Keysight Database Connector plugin for Confluence
CVE-2020-35120
RESERVED
CVE-2020-35119
@@ -2446,7 +2446,7 @@ CVE-2020-29609
CVE-2020-29608
RESERVED
CVE-2020-29607 (A file upload restriction bypass vulnerability in Pluck CMS
before 4.7 ...)
- TODO: check
+ NOT-FOR-US: Pluck CMS
CVE-2020-XXXX [RUSTSEC-2020-0080: miow: `miow` invalidly assumes the memory
layout of std::net::SocketAddr]
- rust-miow <unfixed> (bug #976871)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0080.html
@@ -8708,7 +8708,7 @@ CVE-2020-28074
CVE-2020-28073
RESERVED
CVE-2020-28072 (A Remote Code Execution vulnerability exists in DourceCodester
Alumni ...)
- TODO: check
+ NOT-FOR-US: DourceCodester Alumni Management System
CVE-2020-28071
RESERVED
CVE-2020-28070
@@ -13680,7 +13680,7 @@ CVE-2020-26200
CVE-2020-26199
RESERVED
CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00
contain a ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2020-26197
RESERVED
CVE-2020-26196
@@ -14697,11 +14697,11 @@ CVE-2020-25761 (Projectworlds Visitor Management
System in PHP 1.0 allows XSS. T
CVE-2020-25760 (Projectworlds Visitor Management System in PHP 1.0 allows SQL
Injectio ...)
NOT-FOR-US: Projectworlds Visitor Management System in PHP
CVE-2020-25759 (An issue was discovered on D-Link DSR-250 3.17 devices.
Certain functi ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2020-25758 (An issue was discovered on D-Link DSR-250 3.17 devices.
Insufficient v ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2020-25757 (A lack of input validation and access controls in Lua CGIs on
D-Link D ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the
mg_get_ht ...)
NOT-FOR-US: Cesanta Mongoose
NOTE: smplayer embeds a copy, which is unused in any released version
and disabled since 18.5.0~ds1-1
@@ -15187,17 +15187,17 @@ CVE-2020-25623 (Erlang/OTP 22.3.x before 22.3.4.6 and
23.x before 23.1 allows Di
[stretch] - erlang <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/erlang/otp/releases/tag/OTP-23.1
CVE-2020-25622 (An issue was discovered in SolarWinds N-Central 12.3.0.670.
The Advanc ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2020-25621 (An issue was discovered in SolarWinds N-Central 12.3.0.670.
The local ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2020-25620 (An issue was discovered in SolarWinds N-Central 12.3.0.670.
Hard-coded ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2020-25619 (An issue was discovered in SolarWinds N-Central 12.3.0.670.
The SSH co ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2020-25618 (An issue was discovered in SolarWinds N-Central 12.3.0.670.
The sudo c ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2020-25617 (An issue was discovered in SolarWinds N-Central 12.3.0.670.
The Advanc ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2020-25616
RESERVED
CVE-2020-25615
@@ -16168,7 +16168,7 @@ CVE-2020-25197
CVE-2020-25196
RESERVED
CVE-2020-25195 (The length of the input fields of Host Engineering H0-ECOM100,
H2-ECOM ...)
- TODO: check
+ NOT-FOR-US: Host Engineering
CVE-2020-25194
RESERVED
CVE-2020-25193
@@ -18837,7 +18837,7 @@ CVE-2020-23959
CVE-2020-23958
RESERVED
CVE-2020-23957 (Pega Platform through 8.4.x is affected by Cross Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2020-23956
RESERVED
CVE-2020-23955
@@ -64132,9 +64132,9 @@ CVE-2020-5362 (Dell Client Consumer and Commercial
platforms include an improper
CVE-2020-5361
RESERVED
CVE-2020-5360 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5359 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5358 (Dell Encryption versions prior to 10.7 and Dell Endpoint
Security Suit ...)
NOT-FOR-US: Dell Encryption
CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer
and Comme ...)
@@ -67476,7 +67476,7 @@ CVE-2020-4010
CVE-2020-4009
RESERVED
CVE-2020-4008 (The installer of the macOS Sensor for VMware Carbon Black Cloud
prior ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-4007
RESERVED
CVE-2020-4006 (VMware Workspace One Access, Access Connector, Identity
Manager, and I ...)
@@ -92437,21 +92437,21 @@ CVE-2019-14485
CVE-2019-14484
RESERVED
CVE-2019-14483 (AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure.
Every user ...)
- TODO: check
+ NOT-FOR-US: AdRem NetCrunch
CVE-2019-14482 (AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: AdRem NetCrunch
CVE-2019-14481 (AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery
(CSRF) vu ...)
- TODO: check
+ NOT-FOR-US: AdRem NetCrunch
CVE-2019-14480 (AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: AdRem NetCrunch
CVE-2019-14479 (AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In
the NetCr ...)
- TODO: check
+ NOT-FOR-US: AdRem NetCrunch
CVE-2019-14478 (AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting
(XSS) vu ...)
- TODO: check
+ NOT-FOR-US: AdRem NetCrunch
CVE-2019-14477 (AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage
since the ...)
- TODO: check
+ NOT-FOR-US: AdRem NetCrunch
CVE-2019-14476 (AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery
(SSRF) v ...)
- TODO: check
+ NOT-FOR-US: AdRem NetCrunch
CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and
prior use s ...)
NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input
Validation in ...)
@@ -143918,7 +143918,7 @@ CVE-2018-16245
CVE-2018-16244
RESERVED
CVE-2018-16243 (SolarWinds Database Performance Analyzer (DPA) 11.1.468 and
12.0.3074 ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2018-16242 (oBike relies on Hangzhou Luoping Smart Locker to lock
bicycles, which ...)
NOT-FOR-US: oBike
CVE-2018-16241
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0cb97b938832bf1b312617a454ec19cc2dc4b12
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0cb97b938832bf1b312617a454ec19cc2dc4b12
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
