Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b8419814 by Salvatore Bonaccorso at 2020-12-28T21:15:09+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -697,7 +697,7 @@ CVE-2021-21235
CVE-2021-21234
RESERVED
CVE-2020-35627 (Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file
upload vul ...)
- TODO: check
+ NOT-FOR-US: Ultimate WooCommerce Gift Cards
CVE-2021-21233
RESERVED
CVE-2021-21232
@@ -7067,7 +7067,7 @@ CVE-2020-29247 (WonderCMS 3.1.3 is affected by cross-site
scripting (XSS) in the
CVE-2020-29246
RESERVED
CVE-2020-29245 (dhowden tag before 2020-11-19 allows "panic: runtime error:
slice boun ...)
- TODO: check
+ NOT-FOR-US: dhowden tag
CVE-2020-29244 (dhowden tag before 2020-11-19 allows "panic: runtime error:
slice boun ...)
NOT-FOR-US: dhowden tag
CVE-2020-29243 (dhowden tag before 2020-11-19 allows "panic: runtime error:
index out ...)
@@ -16449,7 +16449,7 @@ CVE-2020-26570 (The Oberthur smart card software driver
in OpenSC before 0.21.0-
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
NOTE:
https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e
(0.21.0-rc1)
CVE-2020-26569 (In EVPN VxLAN setups in Arista EOS, specific malformed packets
can lea ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2020-26568
RESERVED
CVE-2020-26567 (An issue was discovered on D-Link DSR-250N before 3.17B
devices. The C ...)
@@ -21574,7 +21574,7 @@ CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to
execute shell code via E
- snmptt 1.4.2-1
NOTE:
https://sourceforge.net/p/snmptt/git/ci/f6aef5223bc9ed8126268a273ac9f5c341af835a
CVE-2020-24360 (An issue with ARP packets in Arista’s EOS affecting the
7800R3, ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2020-24359 (HashiCorp vault-ssh-helper up to and including version 0.1.6
incorrect ...)
NOT-FOR-US: vault-ssh-helper
CVE-2020-24358
@@ -38992,7 +38992,7 @@ CVE-2020-15900 (A memory corruption issue was found in
Artifex Ghostscript 9.50
CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data
related to ...)
NOT-FOR-US: Grin
CVE-2020-15898 (In Arista EOS malformed packets can be incorrectly forwarded
across VL ...)
- TODO: check
+ NOT-FOR-US: Arista
CVE-2020-15897 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x
before 4.23. ...)
NOT-FOR-US: Arista EOS
CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link
DAP-1522 devic ...)
@@ -43541,7 +43541,7 @@ CVE-2020-14275
CVE-2020-14274
RESERVED
CVE-2020-14273 (HCL Domino v10 and v11 is susceptible to a Denial of Service
(DoS) vul ...)
- TODO: check
+ NOT-FOR-US: HCL Domino
CVE-2020-14272
RESERVED
CVE-2020-14271 (HCL iNotes v9, v10 and v11 is susceptible to a Stored
Cross-Site Scrip ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8419814e0a7c7cba53ef2d0012bccac9ae6c8b7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8419814e0a7c7cba53ef2d0012bccac9ae6c8b7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
