Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ea1ea263 by Salvatore Bonaccorso at 2021-01-23T11:33:03+01:00
Reference upstream commit for CVE-2019-18192
- - - - -
3b003b9f by Salvatore Bonaccorso at 2021-01-23T11:33:48+01:00
Update status for CVE-2019-18192
- - - - -
bd6520f4 by Salvatore Bonaccorso at 2021-01-23T11:40:46+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11405,7 +11405,7 @@ CVE-2021-21262
CVE-2021-21260 (Online Invoicing System (OIS) is open source software which is
a lean ...)
NOT-FOR-US: Online Invoicing System (OIS)
CVE-2021-21259 (HedgeDoc is open source software which lets you create
real-time colla ...)
- TODO: check
+ NOT-FOR-US: HedgeDoc
CVE-2021-21258
RESERVED
CVE-2021-21257
@@ -30382,7 +30382,7 @@ CVE-2020-25387
CVE-2020-25386
RESERVED
CVE-2020-25385 (Nagios Log Server 2.1.7 contains a cross-site scripting (XSS)
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2020-25384
RESERVED
CVE-2020-25383
@@ -33797,7 +33797,7 @@ CVE-2020-23828 (A File Upload vulnerability in
SourceCodester Online Course Regi
CVE-2020-23827
RESERVED
CVE-2020-23826 (The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to
remote co ...)
- TODO: check
+ NOT-FOR-US: Yale WIPC-303W camera
CVE-2020-23825
RESERVED
CVE-2020-23824 (ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site
Request Forger ...)
@@ -34925,7 +34925,7 @@ CVE-2020-23264
CVE-2020-23263
RESERVED
CVE-2020-23262 (An issue was discovered in ming-soft MCMS v5.0, where a
malicious user ...)
- TODO: check
+ NOT-FOR-US: ming-soft MCMS
CVE-2020-23261
RESERVED
CVE-2020-23260
@@ -35125,11 +35125,11 @@ CVE-2020-23164
CVE-2020-23163
RESERVED
CVE-2020-23162 (Sensitive information disclosure and weak encryption in
Pyrescom Termo ...)
- TODO: check
+ NOT-FOR-US: Pyrescom Termod4 time management devices
CVE-2020-23161 (Local file inclusion in Pyrescom Termod4 time management
devices befor ...)
- TODO: check
+ NOT-FOR-US: Pyrescom Termod4 time management devices
CVE-2020-23160 (Remote code execution in Pyrescom Termod4 time management
devices befo ...)
- TODO: check
+ NOT-FOR-US: Pyrescom Termod4 time management devices
CVE-2020-23159
RESERVED
CVE-2020-23158
@@ -35421,7 +35421,7 @@ CVE-2020-23016
CVE-2020-23015
RESERVED
CVE-2020-23014 (APfell 1.4 is vulnerable to authenticated reflected cross-site
scripti ...)
- TODO: check
+ NOT-FOR-US: APfell
CVE-2020-23013
RESERVED
CVE-2020-23012
@@ -59268,7 +59268,7 @@ CVE-2020-12527
CVE-2020-12526
RESERVED
CVE-2020-12525 (M&M Software fdtCONTAINER Component in versions below
3.5.20304.x ...)
- TODO: check
+ NOT-FOR-US: M&M Software fdtCONTAINER Component
CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause
the Phoeni ...)
NOT-FOR-US: Phoenix Contact HMIs BTP
CVE-2020-12523 (On Phoenix Contact mGuard Devices versions before 8.8.3 LAN
ports get ...)
@@ -59290,13 +59290,13 @@ CVE-2020-12516 (Older firmware versions (FW1 up to
FW10) of the WAGO PLC family
CVE-2020-12515
RESERVED
CVE-2020-12514 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and
below is pr ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
CVE-2020-12513 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and
below is pr ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
CVE-2020-12512 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and
below is pr ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
CVE-2020-12511 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and
below is pr ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software
in all v ...)
NOT-FOR-US: Beckhoff
CVE-2020-12509
@@ -96425,8 +96425,9 @@ CVE-2020-0002 (In ih264d_init_decoder of ih264d_api.c,
there is a possible out o
CVE-2020-0001 (In getProcessRecordLocked of ActivityManagerService.java
isolated apps ...)
NOT-FOR-US: Android
CVE-2019-18192 (GNU Guix 1.0.1 allows local users to gain access to an
arbitrary user' ...)
- - guix 1.2.0-3
+ - guix <not-affected> (Fixed before initial upload to Debian)
NOTE: https://issues.guix.gnu.org/issue/37744
+ NOTE:
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=81c580c8664bfeeb767e2c47ea343004e88223c7
(v1.1.0rc1)
CVE-2019-18191 (A privilege escalation vulnerability in the Trend Micro Deep
Security ...)
NOT-FOR-US: Trend Micro
CVE-2019-18190 (Trend Micro Security (Consumer) 2020 (v16.x) is affected by a
vulnerab ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/238a7f0b321b3344ed251b513488d819f385976d...bd6520f4c90ec38c659d5f32a31c3c0cc7ac76d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/238a7f0b321b3344ed251b513488d819f385976d...bd6520f4c90ec38c659d5f32a31c3c0cc7ac76d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
