Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
09c66b6a by Moritz Muehlenhoff at 2022-07-20T09:54:56+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -32,9 +32,9 @@ CVE-2022-2469 (GNU SASL libgsasl server-side
read-out-of-bounds with malicious a
NOTE: Reproducing issue:
https://lists.gnu.org/archive/html/help-gsasl/2022-07/msg00002.html
NOTE: Fixed by:
https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1f872d7576371232330bcc30
(v2.0.1)
CVE-2022-2468 (A vulnerability was found in SourceCodester Garage Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Garage Management
CVE-2022-2467 (A vulnerability has been found in SourceCodester Garage
Management Sys ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Garage Management
CVE-2016-15004
RESERVED
CVE-2022-35735
@@ -864,7 +864,7 @@ CVE-2022-35914
CVE-2022-35913
RESERVED
CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before
4.1.1, 5.x b ...)
- TODO: check
+ - grails <itp> (bug #473213)
CVE-2022-35911
RESERVED
CVE-2022-35910
@@ -1367,7 +1367,7 @@ CVE-2022-27170
CVE-2022-2395
RESERVED
CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive
parameters wh ...)
- TODO: check
+ NOT-FOR-US: Puppet Bolt
CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1
build 202108 ...)
NOT-FOR-US: Oxygen XML WebHelp
CVE-2022-35713
@@ -2097,7 +2097,7 @@ CVE-2022-35407
CVE-2022-35406 (A URL disclosure issue was discovered in Burp Suite before
2022.6. If ...)
- burpsuite <itp> (bug #832943)
CVE-2022-35405 (Zoho ManageEngine Password Manager Pro before 12101 and PAM360
before ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2022-35404 (ManageEngine Password Manager Pro 12100 and prior and
OPManager 126100 ...)
NOT-FOR-US: ManageEngine Password Manager Pro
CVE-2022-35403 (Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk
Plus MSP ...)
@@ -4824,9 +4824,9 @@ CVE-2022-34364
CVE-2022-34363
RESERVED
CVE-2022-2193 (Insecure Direct Object Reference vulnerability in HYPR Server
before v ...)
- TODO: check
+ NOT-FOR-US: HYPR
CVE-2022-2192 (Forced Browsing vulnerability in HYPR Server version 6.10 to
6.15.1 al ...)
- TODO: check
+ NOT-FOR-US: HYPR
CVE-2022-2191 (In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru
11.0.9 v ...)
TODO: check, claims to affect only 10.x and 11.x series, check for
jetty9
CVE-2022-34362
@@ -5698,9 +5698,9 @@ CVE-2022-34026
CVE-2022-34025
RESERVED
CVE-2022-34024 (Barangay Management System v1.0 was discovered to contain an
arbitrary ...)
- TODO: check
+ NOT-FOR-US: Barangay Management System
CVE-2022-34023 (Barangay Management System v1.0 was discovered to contain a
SQL inject ...)
- TODO: check
+ NOT-FOR-US: Barangay Management System
CVE-2022-34022
RESERVED
CVE-2022-34021
@@ -5744,7 +5744,7 @@ CVE-2022-34003
CVE-2022-34002
RESERVED
CVE-2022-34001 (Unit4 ERP through 7.9 allows XXE via
ExecuteServerProcessAsynchronousl ...)
- TODO: check
+ NOT-FOR-US: Unit4
CVE-2022-34000 (libjxl 0.6.1 has an assertion failure in
LowMemoryRenderPipeline::Init ...)
- jpeg-xl <unfixed> (bug #1013265)
NOTE: https://github.com/libjxl/libjxl/issues/1477
@@ -9516,7 +9516,7 @@ CVE-2022-32456
CVE-2022-30707 (Violation of secure design principles exists in the
communication of C ...)
NOT-FOR-US: CAMS for HIS
CVE-2022-30532 (In affected versions of Octopus Deploy, there is no logging of
changes ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be
customi ...)
NOT-FOR-US: Octopus Server
CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
...)
@@ -10162,7 +10162,7 @@ CVE-2022-29512 (Exposure of sensitive information to an
unauthorized actor issue
CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to
reflected C ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1984 (This issue affects: HYPR Windows WFA versions prior to 7.2;
Unsafe Des ...)
- TODO: check
+ NOT-FOR-US: HYPR
CVE-2022-1983 (Incorrect authorization in GitLab EE affecting all versions
from 10.7 ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-1982 (Uncontrolled resource consumption in Mattermost version 6.6.0
and earl ...)
@@ -12256,29 +12256,29 @@ CVE-2022-31584 (The stonethree/s3label repository
through 2019-08-14 on GitHub a
CVE-2022-31583 (The sravaniboinepelli/AutomatedQuizEval repository through
2020-04-27 ...)
NOT-FOR-US: sravaniboinepelli/AutomatedQuizEval
CVE-2022-31582 (The shaolo1/VideoServer repository through 2019-09-21 on
GitHub allows ...)
- TODO: check
+ NOT-FOR-US: shaolo1/VideoServer
CVE-2022-31581 (The scorelab/OpenMF repository before 2022-05-03 on GitHub
allows abso ...)
- TODO: check
+ NOT-FOR-US: scorelab/OpenMF
CVE-2022-31580 (The sanojtharindu/caretakerr-api repository through 2021-05-17
on GitH ...)
- TODO: check
+ NOT-FOR-US: sanojtharindu/caretakerr-api
CVE-2022-31579 (The ralphjzhang/iasset repository through 2022-05-04 on GitHub
allows ...)
- TODO: check
+ NOT-FOR-US: ralphjzhang/iasset
CVE-2022-31578 (The piaoyunsoft/bt_lnmp repository through 2019-10-10 on
GitHub allows ...)
- TODO: check
+ NOT-FOR-US: piaoyunsoft/bt_lnmp
CVE-2022-31577 (The longmaoteamtf/audio_aligner_app repository through
2020-01-10 on G ...)
- TODO: check
+ NOT-FOR-US: longmaoteamtf/audio_aligner_app
CVE-2022-31576 (The heidi-luong1109/shackerpanel repository through 2021-05-25
on GitH ...)
- TODO: check
+ NOT-FOR-US: heidi-luong1109/shackerpanel
CVE-2022-31575 (The duducosmos/livro_python repository through 2018-06-06 on
GitHub al ...)
- TODO: check
+ NOT-FOR-US: duducosmos/livro_python
CVE-2022-31574 (The deepaliupadhyay/RealEstate repository through 2018-11-30
on GitHub ...)
- TODO: check
+ NOT-FOR-US: deepaliupadhyay/RealEstate
CVE-2022-31573 (The chainer/chainerrl-visualizer repository through 0.1.1 on
GitHub al ...)
- TODO: check
+ NOT-FOR-US: chainer/chainerrl-visualizer
CVE-2022-31572 (The ceee-vip/cockybook repository through 2015-04-16 on GitHub
allows ...)
- TODO: check
+ NOT-FOR-US: ceee-vip/cockybook
CVE-2022-31571 (The akashtalole/python-flask-restful-api repository through
2019-09-16 ...)
- TODO: check
+ NOT-FOR-US: akashtalole/python-flask-restful-api
CVE-2022-31570 (The adriankoczuruek/ceneo-web-scrapper repository through
2021-03-15 o ...)
TODO: check
CVE-2022-31569
@@ -80885,7 +80885,7 @@ CVE-2021-32506 (Absolute Path Traversal vulnerability
in GetImage in QSAN Storag
CVE-2021-32505
REJECTED
CVE-2021-32504 (Unauthenticated users can access sensitive web URLs through
GET reques ...)
- TODO: check
+ NOT-FOR-US: SICK FTMg flow sensors
CVE-2021-32503 (Unauthenticated users can access sensitive web URLs through
GET reques ...)
NOT-FOR-US: SICK FTMg flow sensors
CVE-2021-32502
@@ -88269,7 +88269,7 @@ CVE-2021-29801 (IBM AIX 7.1, 7.2, and VIOS 3.1 could
allow a non-privileged loca
CVE-2021-29800 (IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service
Management 1.1 ...)
NOT-FOR-US: IBM
CVE-2021-29799 (IBM Engineering Requirements Quality Assistant On-Premises
(All versio ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29798 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.1.1.0 i ...)
NOT-FOR-US: IBM
CVE-2021-29797
@@ -88287,11 +88287,11 @@ CVE-2021-29792 (IBM Event Streams 10.0, 10.1, 10.2,
and 10.3 could allow a user
CVE-2021-29791
RESERVED
CVE-2021-29790 (IBM Engineering Requirements Quality Assistant On-Premises
(All versio ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29789
RESERVED
CVE-2021-29788 (IBM Engineering Requirements Quality Assistant On-Premises
(All versio ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29787
RESERVED
CVE-2021-29786 (IBM Jazz Team Server products stores user credentials in clear
text wh ...)
@@ -89597,7 +89597,7 @@ CVE-2021-29283
CVE-2021-29282
RESERVED
CVE-2021-29281 (File upload vulnerability in GFI Mail Archiver versions up to
and incl ...)
- TODO: check
+ NOT-FOR-US: GFI Mail Archiver
CVE-2021-29280 (In TP-Link Wireless N Router WR840N an ARP poisoning attack
can cause ...)
NOT-FOR-US: TP-Link
CVE-2021-29279 (There is a integer overflow in function
filter_core/filter_props.c:gf_ ...)
@@ -96640,7 +96640,7 @@ CVE-2021-26410
CVE-2021-26409
RESERVED
CVE-2021-26408 (Insufficient validation of elliptic curve points in SEV-legacy
firmwar ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26407
RESERVED
CVE-2021-26406
@@ -96661,7 +96661,7 @@ CVE-2021-26401 (LFENCE/JMP (mitigation V2-2) may not
sufficiently mitigate CVE-2
NOTE:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
NOTE: https://xenbits.xen.org/xsa/advisory-398.html
CVE-2021-26400 (AMD processors may speculatively re-order load instructions
which can ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26399
RESERVED
CVE-2021-26398
@@ -96681,23 +96681,23 @@ CVE-2021-26392
CVE-2021-26391
RESERVED
CVE-2021-26390 (A malicious or compromised UApp or ABL may coerce the
bootloader into ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26389
RESERVED
CVE-2021-26388 (Improper validation of the BIOS directory may allow for
searches to re ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26387
RESERVED
CVE-2021-26386 (A malicious or compromised UApp or ABL may be used by an
attacker to i ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26385
RESERVED
CVE-2021-26384 (A malformed SMI (System Management Interface) command may
allow an att ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26383
RESERVED
CVE-2021-26382 (An attacker with root account privileges can load any
legitimately sig ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26381
RESERVED
CVE-2021-26380
@@ -96705,41 +96705,41 @@ CVE-2021-26380
CVE-2021-26379
RESERVED
CVE-2021-26378 (Insufficient bound checks in the System Management Unit (SMU)
may resu ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26377
RESERVED
CVE-2021-26376 (Insufficient checks in System Management Unit (SMU)
FeatureConfig may ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26375 (Insufficient General Purpose IO (GPIO) bounds check in System
Manageme ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26374
RESERVED
CVE-2021-26373 (Insufficient bound checks in the System Management Unit (SMU)
may resu ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26372 (Insufficient bound checks related to PCIE in the System
Management Uni ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26371
RESERVED
CVE-2021-26370 (Improper validation of destination address in
SVC_LOAD_FW_IMAGE_BY_INS ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26369 (A malicious or compromised UApp or ABL may be used by an
attacker to s ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26368 (Insufficient check of the process type in Trusted OS (TOS) may
allow a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26367
RESERVED
CVE-2021-26366 (An attacker, who gained elevated privileges via some other
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26365
RESERVED
CVE-2021-26364 (Insufficient bounds checking in an SMU mailbox register could
allow an ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26363 (A malicious or compromised UApp or ABL could potentially
change the va ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26362 (A malicious or compromised UApp or ABL may be used by an
attacker to i ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26361 (A malicious or compromised User Application (UApp) or AGESA
Boot Loade ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26360
RESERVED
CVE-2021-26359
@@ -96755,19 +96755,19 @@ CVE-2021-26355
CVE-2021-26354
RESERVED
CVE-2021-26353 (Due to a mishandled error, it is possible to leave the DRTM
UApp in a ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26352 (Insufficient bound checks in System Management Unit (SMU) PCIe
Hot Plu ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26351 (Insufficient DRAM address validation in System Management Unit
(SMU) m ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26350 (A TOCTOU race condition in SMU may allow for the caller to
obtain and ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26349 (Failure to assign a new report ID to an imported guest may
potentially ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26348 (Failure to flush the Translation Lookaside Buffer (TLB) of the
I/O mem ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26347 (TOCTOU (time-of-check to time-of-use) issue in the System
Management U ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26346
RESERVED
CVE-2021-26345
@@ -96777,7 +96777,7 @@ CVE-2021-26344
CVE-2021-26343
RESERVED
CVE-2021-26342 (In SEV guest VMs, the CPU may fail to flush the Translation
Lookaside ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26341 (Some AMD CPUs may transiently execute beyond unconditional
direct bran ...)
NOTE:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026
NOTE:
https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
@@ -96786,7 +96786,7 @@ CVE-2021-26341 (Some AMD CPUs may transiently execute
beyond unconditional direc
CVE-2021-26340 (A malicious hypervisor in conjunction with an unprivileged
attacker pr ...)
NOT-FOR-US: AMD
CVE-2021-26339 (A bug in AMD CPU’s core logic may allow for an attacker,
using s ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may
allow for ...)
NOT-FOR-US: AMD
CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit
(SMU) m ...)
@@ -96800,7 +96800,7 @@ CVE-2021-26334 (The AMDPowerProfiler.sys driver of AMD
μProf tool may allow
CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform
Securit ...)
NOT-FOR-US: AMD
CVE-2021-26332 (Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW
could res ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26331 (AMD System Management Unit (SMU) contains a potential issue
where a ma ...)
NOT-FOR-US: AMD
CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based
overflow ...)
@@ -96816,7 +96816,7 @@ CVE-2021-26326 (Failure to validate VM_HSAVE_PA during
SNP_INIT may result in a
CVE-2021-26325 (Insufficient input validation in the SNP_GUEST_REQUEST command
may lea ...)
NOT-FOR-US: AMD
CVE-2021-26324 (A bug with the SEV-ES TMR may lead to a potential loss of
memory integ ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26323 (Failure to validate SEV Commands while SNP is active may
result in a p ...)
NOT-FOR-US: AMD
CVE-2021-26322 (Persistent platform private key may not be protected with a
random IV ...)
@@ -96831,7 +96831,7 @@ CVE-2021-26318 (A timing and power-based side channel
attack leveraging the x86
NOTE:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017
TODO: check details and if mitigation in microcode/kernel exists
CVE-2021-26317 (Failure to verify the protocol in SMM may allow an attacker to
control ...)
- TODO: check
+ NOT-FOR-US: AMD
CVE-2021-26316
RESERVED
CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads,
authent ...)
@@ -101097,7 +101097,7 @@ CVE-2021-24657 (The Limit Login Attempts WordPress
plugin before 4.0.50 does not
CVE-2021-24656 (The Simple Social Media Share Buttons WordPress plugin before
3.2.4 do ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24655 (The WP User Manager WordPress plugin before 2.6.3 does not
ensure that ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not
properly ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly
sanitis ...)
@@ -106974,7 +106974,7 @@ CVE-2021-22133 (The Elastic APM agent for Go versions
before 1.11.0 can leak sen
CVE-2021-22132 (Elasticsearch versions 7.7.0 to 7.10.1 contain an information
disclosu ...)
- elasticsearch <removed>
CVE-2021-22131 (A improper validation of certificate with host mismatch in
Fortinet Fo ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2021-22130 (A stack-based buffer overflow vulnerability in FortiProxy
physical app ...)
NOT-FOR-US: FortiProxy (FortiGuard)
CVE-2021-22129 (Multiple instances of incorrect calculation of buffer size in
the Webm ...)
@@ -114738,7 +114738,7 @@ CVE-2020-35263 (EgavilanMedia User Registration &
Login System 1.0 is affect
CVE-2020-35262 (Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400
can be e ...)
NOT-FOR-US: Digisol
CVE-2020-35261 (Cross Site Scripting (XSS) vulnerability in sourcecodester
Multi Resta ...)
- TODO: check
+ NOT-FOR-US: Sourcecodegester
CVE-2020-35260
RESERVED
CVE-2020-35259
@@ -114928,17 +114928,17 @@ CVE-2020-35171
CVE-2020-35170 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9,
Dell EMC Un ...)
NOT-FOR-US: Dell EMC Unisphere for PowerMax
CVE-2020-35169 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-35168 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-35167 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-35166 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-35165
RESERVED
CVE-2020-35164 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-35163 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
TODO: check
CVE-2020-35162
@@ -117193,13 +117193,13 @@ CVE-2020-29509 (The encoding/xml package in Go (all
versions) does not correctly
NOTE:
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
NOTE:
https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg
CVE-2020-29508 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-29507 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and
Dell BSA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-29506 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-29505 (Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and
Dell BSA ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-29504
RESERVED
CVE-2020-29503 (Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a
file per ...)
@@ -135225,11 +135225,11 @@ CVE-2020-23565 (Irfanview v4.53 allows attackers to
execute arbitrary code via a
CVE-2020-23564
RESERVED
CVE-2020-23563 (IrfanView 4.54 allows a user-mode write access violation
starting at F ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2020-23562 (IrfanView 4.54 allows a user-mode write access violation
starting at F ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2020-23561 (IrfanView 4.54 allows a user-mode write access violation
starting at F ...)
- TODO: check
+ NOT-FOR-US: Irfanview
CVE-2020-23560
RESERVED
CVE-2020-23559
@@ -138677,7 +138677,7 @@ CVE-2020-21969
CVE-2020-21968
RESERVED
CVE-2020-21967 (File upload vulnerability in the Catalog feature in Prestashop
1.7.6.7 ...)
- TODO: check
+ NOT-FOR-US: Prestashop
CVE-2020-21966
RESERVED
CVE-2020-21965
@@ -156763,7 +156763,7 @@ CVE-2020-14129
CVE-2020-14128
RESERVED
CVE-2020-14127 (A denial of service vulnerability exists in some Xiaomi models
of phon ...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2020-14126
RESERVED
CVE-2020-14125 (A denial of service vulnerability exists in some Xiaomi models
of phon ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09c66b6aa3b4165203afd37dff9a875bdd53e5cd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09c66b6aa3b4165203afd37dff9a875bdd53e5cd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
