Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e58877cf by Moritz Muehlenhoff at 2021-02-17T18:55:32+01:00
NFUs
one SDL issue specific to SDL2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -50115,11 +50115,11 @@ CVE-2020-17536
CVE-2020-17535
REJECTED
CVE-2020-17534 (There exists a race condition between the deletion of the
temporary fi ...)
- TODO: check
+ NOT-FOR-US: netbeans-html4j
CVE-2020-17533 (Apache Accumulo versions 1.5.0 through 1.10.0 and version
2.0.0 do not ...)
NOT-FOR-US: Apache Accumulo
CVE-2020-17532 (When handler-router component is enabled in
servicecomb-java-chassis, ...)
- TODO: check
+ NOT-FOR-US: servicecomb-java-chassis
CVE-2020-17531 (A Java Serialization vulnerability was found in Apache
Tapestry 4. Apa ...)
NOT-FOR-US: Apache Tapestry
CVE-2020-17530 (Forced OGNL evaluation, when evaluated on raw user input in
tag attrib ...)
@@ -53112,7 +53112,7 @@ CVE-2020-16145 (Roundcube Webmail before 1.3.15 and
1.4.8 allows stored XSS in H
NOTE:
https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b
(1.3.15)
NOTE:
https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e
(1.2.12)
CVE-2020-16144 (When using an object storage like S3 as the file store, when a
user cr ...)
- TODO: check
+ - owncloud <removed>
CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to
DLL hijac ...)
- seafile-client <not-affected> (Windows-specific)
CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec
vehicles, the B ...)
@@ -56010,7 +56010,7 @@ CVE-2020-15099 (In TYPO3 CMS greater than or equal to
9.0.0 and less than 9.5.20
CVE-2020-15098 (In TYPO3 CMS greater than or equal to 9.0.0 and less than
9.5.20, and ...)
NOT-FOR-US: TYPO3
CVE-2020-15097 (loklak is an open-source server application which is able to
collect m ...)
- TODO: check
+ NOT-FOR-US: loklak
CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and
9.0.0-beta21, the ...)
- electron <itp> (bug #842420)
CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an
informati ...)
@@ -57887,11 +57887,10 @@ CVE-2020-14411
RESERVED
CVE-2020-14410 (SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based
buffer ...)
{DLA-2536-1}
- - libsdl1.2 <undetermined>
+ - libsdl1.2 <not-affected> (Only affects SDL2)
- libsdl2 2.0.14+dfsg2-2
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
- TODO: check libsdl1.2
CVE-2020-14409 (SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer
Overflow ...)
{DLA-2536-1}
- libsdl1.2 <undetermined>
@@ -60383,9 +60382,9 @@ CVE-2020-13584 (An exploitable use-after-free
vulnerability exists in WebKitGTK
- wpewebkit 2.30.3-1
NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
CVE-2020-13583 (A denial-of-service vulnerability exists in the HTTP Server
functional ...)
- TODO: check
+ NOT-FOR-US: Micrium
CVE-2020-13582 (A denial-of-service vulnerability exists in the HTTP Server
functional ...)
- TODO: check
+ NOT-FOR-US: Micrium
CVE-2020-13581 (In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021
(Revision 1 ...)
NOT-FOR-US: SoftMaker
CVE-2020-13580 (An exploitable heap-based buffer overflow vulnerability exists
in the ...)
@@ -60405,9 +60404,9 @@ CVE-2020-13574 (A denial-of-service vulnerability
exists in the WS-Security plug
CVE-2020-13573 (A denial-of-service vulnerability exists in the Ethernet/IP
server fun ...)
NOT-FOR-US: Rockwell Automation RSLinx Classic
CVE-2020-13572 (A heap overflow vulnerability exists in the way the GIF parser
decodes ...)
- TODO: check
+ NOT-FOR-US: Accusoft
CVE-2020-13571 (An out-of-bounds write vulnerability exists in the SGI RLE
decompressi ...)
- TODO: check
+ NOT-FOR-US: Accusoft
CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
NOT-FOR-US: Foxit
CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL
function ...)
@@ -60419,15 +60418,15 @@ CVE-2020-13567
CVE-2020-13566
RESERVED
CVE-2020-13565 (An open redirect vulnerability exists in the return_page
redirection f ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2020-13564 (A cross-site scripting vulnerability exists in the template
functional ...)
- TODO: check
+ NOT-FOR-US: phpGACL
CVE-2020-13563 (A cross-site scripting vulnerability exists in the template
functional ...)
- TODO: check
+ NOT-FOR-US: phpGACL
CVE-2020-13562 (A cross-site scripting vulnerability exists in the template
functional ...)
- TODO: check
+ NOT-FOR-US: phpGACL
CVE-2020-13561 (An out-of-bounds write vulnerability exists in the TIFF parser
of Accu ...)
- TODO: check
+ NOT-FOR-US: Accusoft
CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine
of Foxi ...)
NOT-FOR-US: Foxit
CVE-2020-13559 (A denial-of-service vulnerability exists in the
traffic-logging functi ...)
@@ -60633,11 +60632,11 @@ CVE-2020-13464 (The flash memory readout protection
in China Key Systems & I
CVE-2020-13463 (The flash memory readout protection in Apex Microelectronics
APM32F103 ...)
NOT-FOR-US: Apex Microelectronics APM32F103 devices
CVE-2020-13462 (Insecure Direct Object Reference (IDOR) exists in Tufin
SecureChange, ...)
- TODO: check
+ NOT-FOR-US: Tufin
CVE-2020-13461 (Username enumeration in present in Tufin SecureTrack. It's
affecting a ...)
- TODO: check
+ NOT-FOR-US: Tufin
CVE-2020-13460 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
were presen ...)
- TODO: check
+ NOT-FOR-US: Tufin
CVE-2020-13459 (An issue was discovered in the Image Resizer plugin before
2.0.9 for C ...)
NOT-FOR-US: Image Resizer plugin for Craft CMS
CVE-2020-13458 (An issue was discovered in the Image Resizer plugin before
2.0.9 for C ...)
@@ -60653,13 +60652,13 @@ CVE-2020-13454
CVE-2020-13453
RESERVED
CVE-2020-13452 (In Gotenberg through 6.2.1, insecure permissions for tini
(writable by ...)
- TODO: check
+ NOT-FOR-US: Gotenberg
CVE-2020-13451 (An incomplete-cleanup vulnerability in the Office rendering
engine of ...)
- TODO: check
+ NOT-FOR-US: Gotenberg
CVE-2020-13450 (A directory traversal vulnerability in file upload function of
Gotenbe ...)
- TODO: check
+ NOT-FOR-US: Gotenberg
CVE-2020-13449 (A directory traversal vulnerability in the Markdown engine of
Gotenber ...)
- TODO: check
+ NOT-FOR-US: Gotenberg
CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition
through 2.1.8 ...)
NOT-FOR-US: QuickBox
CVE-2020-13447
@@ -60755,11 +60754,11 @@ CVE-2020-13411
CVE-2020-13410 (An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js
does not ...)
NOT-FOR-US: MoscaJS Aedes
CVE-2020-13409 (Tufin SecureTrack < R20-2 GA contains reflected + stored
XSS (as in ...)
- TODO: check
+ NOT-FOR-US: Tufin
CVE-2020-13408 (Tufin SecureTrack < R20-2 GA contains reflected + stored
XSS (as in ...)
- TODO: check
+ NOT-FOR-US: Tufin
CVE-2020-13407 (Tufin SecureTrack < R20-2 GA contains reflected + stored
XSS (as in ...)
- TODO: check
+ NOT-FOR-US: Tufin
CVE-2020-13406
RESERVED
CVE-2020-13405 (userfiles/modules/users/controller/controller.php in
Microweber before ...)
@@ -61342,9 +61341,9 @@ CVE-2020-13188
CVE-2020-13187
REJECTED
CVE-2020-13186 (An Anti CSRF mechanism was discovered missing in the Teradici
Cloud Ac ...)
- TODO: check
+ NOT-FOR-US: Teradici
CVE-2020-13185 (Certain web application pages in the authenticated section of
the Tera ...)
- TODO: check
+ NOT-FOR-US: Teradici
CVE-2020-13184
RESERVED
CVE-2020-13183 (Reflected Cross Site Scripting in Teradici PCoIP Management
Console pr ...)
@@ -64454,7 +64453,7 @@ CVE-2020-11996 (A specially crafted sequence of HTTP/2
requests sent to Apache T
NOTE:
https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976
(9.0.36)
NOTE:
https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552
(8.5.56)
CVE-2020-11995 (A deserialization vulnerability existed in dubbo 2.7.5 and its
earlier ...)
- TODO: check
+ NOT-FOR-US: Apache Dubbo
CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure
on Camel ...)
NOT-FOR-US: Apache Camel
CVE-2020-11993 (Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug
was enab ...)
@@ -66344,7 +66343,7 @@ CVE-2019-20636 (In the Linux kernel before 5.4.12,
drivers/input/input.c has out
CVE-2020-11636
RESERVED
CVE-2020-11635 (The Zscaler Client Connector prior to 3.1.0 did not
sufficiently valid ...)
- TODO: check
+ NOT-FOR-US: Zscaler Client Connector
CVE-2020-11634
RESERVED
CVE-2020-11633
@@ -71086,7 +71085,7 @@ CVE-2020-10050 (A vulnerability has been identified in
SIMATIC RTLS Locating Man
CVE-2020-10049 (A vulnerability has been identified in SIMATIC RTLS Locating
Manager ( ...)
NOT-FOR-US: Siemens
CVE-2020-10048 (A vulnerability has been identified in SIMATIC PCS 7 (All
versions), S ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-10047
RESERVED
CVE-2020-10046
@@ -73120,7 +73119,7 @@ CVE-2020-9211
CVE-2020-9210
RESERVED
CVE-2020-9209 (There is a privilege escalation vulnerability in SMC2.0
product. Some ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9208 (There is an information leak vulnerability in iManager NetEco
6000 ver ...)
NOT-FOR-US: Huawei
CVE-2020-9207 (There is an improper authentication vulnerability in some
verisons of ...)
@@ -73128,7 +73127,7 @@ CVE-2020-9207 (There is an improper authentication
vulnerability in some verison
CVE-2020-9206
RESERVED
CVE-2020-9205 (There has a CSV injection vulnerability in ManageOne 8.0.1. An
attacke ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9204
RESERVED
CVE-2020-9203 (There is a resource management errors vulnerability in Huawei
P30. Loc ...)
@@ -73302,7 +73301,7 @@ CVE-2020-9120 (CloudEngine 1800V versions
V100R019C10SPC500 has a resource manag
CVE-2020-9119 (There is a privilege escalation vulnerability on some Huawei
smart pho ...)
NOT-FOR-US: Huawei
CVE-2020-9118 (There is an insufficient integrity check vulnerability in
Huawei Sound ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9117 (HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and
SydneyM ...)
NOT-FOR-US: Huawei
CVE-2020-9116 (Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command
injection ...)
@@ -74632,13 +74631,13 @@ CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection
via the user parameter to c
CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a
com.egurkha.EgLogi ...)
NOT-FOR-US: eG Manager
CVE-2020-8590 (Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are
susceptib ...)
- TODO: check
+ NOT-FOR-US: Clustered Data ONTAP
CVE-2020-8589 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are
susceptib ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2020-8588 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are
susceptib ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2020-8587 (OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4
prior to ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2020-8586
RESERVED
CVE-2020-8585 (OnCommand Unified Manager Core Package versions prior to 5.2.5
may dis ...)
@@ -74656,7 +74655,7 @@ CVE-2020-8580 (SANtricity OS Controller Software
versions 11.30 and higher are s
CVE-2020-8579 (Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible
to a v ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2020-8578 (Clustered Data ONTAP versions prior to 9.3P20 are susceptible
to a vul ...)
- TODO: check
+ NOT-FOR-US: Clustered Data ONTAP
CVE-2020-8577 (SANtricity OS Controller Software versions 11.50.1 and higher
are susc ...)
NOT-FOR-US: SANtricity OS Controller Software
CVE-2020-8576 (Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9
and 9.7 a ...)
@@ -75322,9 +75321,9 @@ CVE-2020-8296
CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to
perform a de ...)
- nextcloud-server <itp> (bug #941708)
CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2,
19.0.5, 1 ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2,
19.0.5, ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self
cross-site scr ...)
NOT-FOR-US: Rocket.Chat
CVE-2020-8291
@@ -75362,9 +75361,9 @@ CVE-2020-8283 (An authorised user on a Windows host
running Citrix Universal Pri
CVE-2020-8282 (A security issue was found in EdgePower 24V/54V firmware v1.7.0
and ea ...)
NOT-FOR-US: EdgePower 24V/54V firmware
CVE-2020-8281 (A missing file type check in Nextcloud Contacts 3.3.0 allows a
malicio ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Contacts
CVE-2020-8280 (A missing file type check in Nextcloud Contacts 3.4.0 allows a
malicio ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Contacts
CVE-2020-8279 (Missing validation of server certificates for out-going
connections in ...)
NOT-FOR-US: Nextcloud Social app
CVE-2020-8278 (Improper access control in Nextcloud Social app version 0.3.1
allowed ...)
@@ -75863,7 +75862,7 @@ CVE-2020-8103 (A vulnerability in the improper handling
of symbolic links in Bit
CVE-2020-8102 (Improper Input Validation vulnerability in the Safepay browser
compone ...)
NOT-FOR-US: Safepay
CVE-2020-8101 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0
module as ...)
NOT-FOR-US: Bitdefender
CVE-2020-8099 (A vulnerability in the improper handling of junctions in
Bitdefender A ...)
@@ -76042,9 +76041,9 @@ CVE-2020-8032
CVE-2020-8031 (A Improper Neutralization of Input During Web Page Generation
('Cross- ...)
TODO: check
CVE-2020-8030 (A Insecure Temporary File vulnerability in skuba of SUSE CaaS
Platform ...)
- TODO: check
+ NOT-FOR-US: SuSE CaaS
CVE-2020-8029 (A Incorrect Permission Assignment for Critical Resource
vulnerability ...)
- TODO: check
+ NOT-FOR-US: SuSE CaaS
CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of
salt o ...)
NOT-FOR-US: Salt configuration in SUSE Server Manager
CVE-2020-8027 (A Insecure Temporary File vulnerability in openldap2 of SUSE
Linux Ent ...)
@@ -79504,7 +79503,7 @@ CVE-2020-6651 (Improper Input Validation in Eaton's
Intelligent Power Manager (I
CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by
‘Eval In ...)
NOT-FOR-US: UPS companion software
CVE-2020-6649 (An insufficient session expiration vulnerability in FortiNet's
FortiIs ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2020-6648 (A cleartext storage of sensitive information vulnerability in
FortiOS ...)
NOT-FOR-US: Fortiguard FortiOS
CVE-2020-6647 (An improper neutralization of input vulnerability in the
dashboard of ...)
@@ -81169,7 +81168,7 @@ CVE-2020-6090 (An exploitable code execution
vulnerability exists in the Web-Bas
CVE-2020-6089 (An exploitable code execution vulnerability exists in the ANI
file for ...)
NOT-FOR-US: Leadtools
CVE-2020-6088 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
- TODO: check
+ NOT-FOR-US: Allen-Bradley Flex IO
CVE-2020-6087 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
NOT-FOR-US: Allen-Bradley Flex IO
CVE-2020-6086 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
@@ -81805,7 +81804,7 @@ CVE-2020-5814
CVE-2020-5813
RESERVED
CVE-2020-5812 (Nessus AMI versions 8.12.0 and earlier were found to either not
valida ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2020-5811 (An authenticated path traversal vulnerability exists during
package in ...)
NOT-FOR-US: Umbraco CMS
CVE-2020-5810 (A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or
curren ...)
@@ -81819,7 +81818,7 @@ CVE-2020-5807 (An unauthenticated remote attacker can
send data to RsvcHost.exe
CVE-2020-5806 (An attacker-controlled memory allocation size can be passed to
the C++ ...)
NOT-FOR-US: FactoryTalk
CVE-2020-5805 (In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are
stored ...)
- TODO: check
+ NOT-FOR-US: Marvell QConvergeConsole GUI
CVE-2020-5804 (Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a
path trav ...)
NOT-FOR-US: Marvell QConvergeConsole GUI
CVE-2020-5803 (Relative Path Traversal in Marvell QConvergeConsole GUI
5.5.0.74 allow ...)
@@ -82177,7 +82176,7 @@ CVE-2020-5628 (UNIQLO App for Android versions 7.3.3
and earlier allows remote a
CVE-2020-5627 (Yodobashi App for Android versions 1.8.7 and earlier allows
remote att ...)
NOT-FOR-US: Yodobashi App for Android
CVE-2020-5626 (Logstorage version 8.0.0 and earlier, and ELC Analytics version
3.0.0 ...)
- TODO: check
+ NOT-FOR-US: Logstorage
CVE-2020-5625 (Cross-site scripting vulnerability in XooNIps 3.48 and earlier
allows ...)
NOT-FOR-US: XooNIps
CVE-2020-5624 (SQL injection vulnerability in the XooNIps 3.48 and earlier
allows rem ...)
@@ -87666,7 +87665,7 @@ CVE-2020-3689
CVE-2020-3688 (Possible buffer overflow while parsing mp4 clip with corrupted
sample ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3687 (Local privilege escalation in admin services in Windows
environment ca ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2020-3686 (Possible memory out of bound issue during music playback when
an incor ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3685 (Pointer variable which is freed is not cleared can result in
memory co ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e58877cf0efb034ed7356e091e4af583484df810
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e58877cf0efb034ed7356e091e4af583484df810
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
