Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b3e7ea53 by Salvatore Bonaccorso at 2021-05-25T21:19:09+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17214,7 +17214,7 @@ CVE-2021-3322
CVE-2021-3321
RESERVED
CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions
>= v2 ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2021-3319
RESERVED
CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the
editori ...)
@@ -21827,7 +21827,7 @@ CVE-2021-24299 (The ReDi Restaurant Reservation
WordPress plugin before 21.0426
CVE-2021-24298 (The method and share GET parameters of the Giveaway pages were
not san ...)
TODO: check
CVE-2021-24297 (The Goto WordPress theme before 2.1 did not properly sanitize
the form ...)
- TODO: check
+ NOT-FOR-US: Goto WordPress theme
CVE-2021-24296 (The WP Customer Reviews WordPress plugin before 3.5.6 did not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind
SQL Inj ...)
@@ -38091,29 +38091,29 @@ CVE-2020-28912 (With MariaDB running on Windows, when
local clients connect to t
NOTE: https://jira.mariadb.org/browse/MDEV-24040
NOTE: https://github.com/MariaDB/server/commit/3829b408d6
CVE-2020-28911 (Incorrect Access Control in Nagios Fusion 4.1.8 and earlier
allows low ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28910 (Creation of a Temporary Directory with Insecure Permissions in
Nagios ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-28909 (Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier
allows f ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28908 (Command Injection in Nagios Fusion 4.1.8 and earlier allows
for Privil ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28907 (Incorrect SSL certificate validation in Nagios Fusion 4.1.8
and earlie ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28906 (Incorrect File Permissions in Nagios XI 5.7.5 and earlier and
Nagios F ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2020-28905 (Improper Input Validation in Nagios Fusion 4.1.8 and earlier
allows an ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28904 (Execution with Unnecessary Privileges in Nagios Fusion 4.1.8
and earli ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28903 (Improper input validation in Nagios Fusion 4.1.8 and earlier
allows a ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28902 (Command Injection in Nagios Fusion 4.1.8 and earlier allows
Privilege ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28901 (Command Injection in Nagios Fusion 4.1.8 and earlier allows
for Privil ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28900 (Insufficient Verification of Data Authenticity in Nagios
Fusion 4.1.8 ...)
- TODO: check
+ NOT-FOR-US: Nagios Fusion
CVE-2020-28899 (The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0
devices does ...)
NOT-FOR-US: ZyXEL
CVE-2020-28898 (In QED ResourceXpress through 4.9k, a large numeric or
alphanumeric va ...)
@@ -59324,7 +59324,7 @@ CVE-2020-20909
CVE-2020-20908
RESERVED
CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification
vulnerability. Att ...)
- TODO: check
+ NOT-FOR-US: MetInfo
CVE-2020-20906
RESERVED
CVE-2020-20905
@@ -76356,17 +76356,17 @@ CVE-2020-13605
CVE-2020-13604
REJECTED
CVE-2020-13603 (Integer Overflow in memory allocating functions. Zephyr
versions >= ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-13602 (Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr
versions > ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-13601 (Possible read out of bounds in dns read. Zephyr versions >=
1.14.2, ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-13600 (Malformed SPI in response for eswifi can corrupt kernel
memory. Zephyr ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-13599 (Security problem with settings and littlefs. Zephyr versions
>= 1.1 ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-13598 (FS: Buffer Overflow when enabling Long File Names in FAT_FS
and callin ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico
Enterprise (v ...)
NOT-FOR-US: Calico
CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0
before 3.0 ...)
@@ -87089,23 +87089,23 @@ CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1
allows Denial of Service. It was
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-10072 (Improper Handling of Insufficient Permissions or Privileges in
zephyr. ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of
the len ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can
result i ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10069 (Zephyr Bluetooth unchecked packet data results in denial of
service. Z ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate
and back- ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10067 (A malicious userspace application can cause a integer overflow
and byp ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10066 (Incorrect Error Handling in Bluetooth HCI core. Zephyr
versions >= ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10065 (Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions
>= v ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10064 (Improper Input Frame Validation in ieee802154 Processing.
Zephyr versi ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP
packets to ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length
decoder c ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3e7ea532cef5f24defeb6b2337d90c14f0030b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3e7ea532cef5f24defeb6b2337d90c14f0030b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
