Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9ab4df7b by Moritz Muehlenhoff at 2020-04-20T18:30:58+02:00 NFUs new ming issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -31,7 +31,7 @@ CVE-2020-11916 CVE-2020-11915 RESERVED CVE-2019-20786 (handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a chec ...) - TODO: check + NOT-FOR-US: Pion DTLS CVE-2020-11914 RESERVED CVE-2020-11913 @@ -71,9 +71,11 @@ CVE-2020-11897 CVE-2020-11896 RESERVED CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) i ...) - TODO: check + - ming <removed> + NOTE: https://github.com/libming/libming/issues/197 CVE-2020-11894 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) i ...) - TODO: check + - ming <removed> + NOTE: https://github.com/libming/libming/issues/196 CVE-2020-11893 RESERVED CVE-2020-11892 @@ -95,7 +97,7 @@ CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerabilit CVE-2020-11884 RESERVED CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...) - TODO: check + NOT-FOR-US: Divante vue-storefront-api CVE-2020-11882 RESERVED CVE-2020-11881 @@ -125,7 +127,7 @@ CVE-2020-11874 (An issue was discovered on LG mobile devices with Android OS 8.0 CVE-2020-11873 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication ...) - TODO: check + NOT-FOR-US: OpenTrace CVE-2020-11871 RESERVED CVE-2020-11870 @@ -257,7 +259,7 @@ CVE-2020-11828 CVE-2020-11827 RESERVED CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...) - TODO: check + NOT-FOR-US: Memono CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...) - dolibarr <removed> CVE-2020-11824 @@ -795,7 +797,7 @@ CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and CVE-2020-11711 RESERVED CVE-2020-11710 (An issue was discovered in docker-kong (for Kong) through 2.0.3. The a ...) - TODO: check + NOT-FOR-US: docker-kong CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...) TODO: check CVE-2020-11708 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) @@ -2607,13 +2609,13 @@ CVE-2020-11007 (In Shopizer before version 2.11.0, using API or Controller based CVE-2020-11006 RESERVED CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...) - TODO: check + NOT-FOR-US: WindowsHello CVE-2020-11004 RESERVED CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...) NOT-FOR-US: Oasis (not the same as src:oasis) CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...) - TODO: check + NOT-FOR-US: dropwizard-validation CVE-2020-11001 (In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XS ...) NOT-FOR-US: Wagtail CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps that re ...) @@ -2769,7 +2771,7 @@ CVE-2020-10949 CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) ...) NOT-FOR-US: Jon Hedley AlienForm2 CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...) - TODO: check + NOT-FOR-US: Sophos CVE-2020-10946 RESERVED CVE-2020-10945 @@ -3283,9 +3285,9 @@ CVE-2020-10816 CVE-2020-10815 RESERVED CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...) - TODO: check + NOT-FOR-US: Code::Blocks CVE-2020-10813 (A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to cr ...) - TODO: check + NOT-FOR-US: FTPDMIN CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) - hdf5 <undetermined> NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4 @@ -4331,7 +4333,7 @@ CVE-2020-10379 CVE-2020-10378 RESERVED CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client before ...) - TODO: check + NOT-FOR-US: Mitel CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...) NOT-FOR-US: Technicolor CVE-2020-10375 @@ -4689,7 +4691,7 @@ CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Th CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...) NOT-FOR-US: Responsive FileManager CVE-2020-10211 (A remote code execution vulnerability in UCB component of Mitel MiVoic ...) - TODO: check + NOT-FOR-US: Mitel CVE-2020-10210 RESERVED CVE-2020-10209 @@ -11848,19 +11850,19 @@ CVE-2020-7087 CVE-2020-7086 RESERVED CVE-2020-7085 (A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2020-7084 (A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versi ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2020-7083 (An intager overflow vulnerability in the Autodesk FBX-SDK versions 201 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2020-7082 (A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2020-7081 (A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2020-7080 (A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019. ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2020-7079 (An improper signature validation vulnerability in Autodesk Dynamo BIM ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2020-7078 RESERVED CVE-2020-7077 @@ -15051,7 +15053,7 @@ CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulner CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...) NOT-FOR-US: Grandstream CVE-2020-5737 (Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated re ...) - TODO: check + NOT-FOR-US: Tenable.Sc CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...) NOT-FOR-US: Amcrest CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer overflo ...) @@ -15059,17 +15061,17 @@ CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer ov CVE-2020-5734 (Classic buffer overflow in SolarWinds Dameware allows a remote, unauth ...) NOT-FOR-US: SolarWinds CVE-2020-5733 (In OpenMRS 2.9 and prior, the export functionality of the Data Exchang ...) - TODO: check + NOT-FOR-US: OpenMRS CVE-2020-5732 (In OpenMRS 2.9 and prior, he import functionality of the Data Exchange ...) - TODO: check + NOT-FOR-US: OpenMRS CVE-2020-5731 (In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page ...) - TODO: check + NOT-FOR-US: OpenMRS CVE-2020-5730 (In OpenMRS 2.9 and prior, the sessionLocation parameter for the login ...) - TODO: check + NOT-FOR-US: OpenMRS CVE-2020-5729 (In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitra ...) - TODO: check + NOT-FOR-US: OpenMRS CVE-2020-5728 (OpenMRS 2.9 and prior copies "Referrer" header values into an html ele ...) - TODO: check + NOT-FOR-US: OpenMRS CVE-2020-5727 RESERVED CVE-2020-5726 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) @@ -16022,7 +16024,7 @@ CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name fiel CVE-2020-5304 RESERVED CVE-2020-5303 (Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-o ...) - TODO: check + NOT-FOR-US: Tendermint CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...) NOT-FOR-US: MH-WikiBot CVE-2020-5301 [Fix source code disclosure on case-insensitive file systems. See SSPSA 202004-01.] @@ -20707,9 +20709,9 @@ CVE-2020-3655 CVE-2020-3654 RESERVED CVE-2020-3653 (Possible buffer over-read in windows wlan driver function due to lack ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2020-3652 (Possible buffer over-read issue in windows x86 wlan driver function wh ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2020-3651 (Active command timeout since WM status change cmd is not removed from ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3650 @@ -26054,7 +26056,7 @@ CVE-2020-1765 (An improper control of parameters allows the spoofing of the from NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6) NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5) CVE-2019-19394 (Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x bef ...) - TODO: check + NOT-FOR-US: CFEngine Enterprise CVE-2019-19393 RESERVED CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...) @@ -30720,11 +30722,11 @@ CVE-2019-18572 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle CVE-2019-18571 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Go ...) NOT-FOR-US: RSA CVE-2020-0600 (Improper buffer restrictions in firmware for some Intel(R) NUC may all ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-0599 RESERVED CVE-2020-0598 (Uncontrolled search path in the installer for the Intel(R) Binary Conf ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-0597 RESERVED CVE-2020-0596 @@ -30764,11 +30766,11 @@ CVE-2020-0580 CVE-2020-0579 RESERVED CVE-2020-0578 (Improper conditions check for Intel(R) Modular Server MFS2600KISPP Com ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-0577 (Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Com ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-0576 (Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-0575 RESERVED CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all ...) @@ -30795,7 +30797,7 @@ CVE-2020-0569 NOTE: Patch for 5.6.0 through 5.13.2: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404 NOTE: Patch for 5.0.0 through 5.5.1: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d CVE-2020-0568 (Race condition in the Intel(R) Driver and Support Assistant before ver ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before version ...) NOT-FOR-US: Intel graphics driver for Windows CVE-2020-0566 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ab4df7bc62bead1d4eaa2acc0c73379c02d395f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ab4df7bc62bead1d4eaa2acc0c73379c02d395f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits