Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 610553fc by Salvatore Bonaccorso at 2020-04-27T23:03:37+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -24,9 +24,9 @@ CVE-2020-12276 CVE-2020-12275 RESERVED CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url param ...) - TODO: check + NOT-FOR-US: TestLink CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...) - TODO: check + NOT-FOR-US: TestLink CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...) TODO: check CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...) @@ -44,7 +44,7 @@ CVE-2020-12267 (setMarkdown in Qt before 5.14.2 has a use-after-free related to CVE-2019-20790 (OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, ...) TODO: check CVE-2020-12266 (An issue was discovered on WAVLINK WL-WN579G3 M79X3.V5030.180719, WL-W ...) - TODO: check + NOT-FOR-US: WAVLINK CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...) TODO: check CVE-2020-12264 @@ -303,7 +303,7 @@ CVE-2020-12140 CVE-2020-12139 RESERVED CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact ...) - TODO: check + NOT-FOR-US: AMD ATI atillk64.sys specific issue CVE-2020-12136 RESERVED CVE-2020-12135 (bson before 0.8 incorrectly uses int rather than size_t for many varia ...) @@ -337,7 +337,7 @@ CVE-2020-12122 CVE-2020-12121 RESERVED CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2020-12119 RESERVED CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2.0 all ...) @@ -734,7 +734,7 @@ CVE-2020-11943 CVE-2020-11942 RESERVED CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...) - TODO: check + NOT-FOR-US: Open-AudIT CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...) TODO: check CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...) @@ -1624,9 +1624,9 @@ CVE-2020-11824 CVE-2020-11823 (In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored ...) - dolibarr <removed> CVE-2020-11822 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the appli ...) - TODO: check + NOT-FOR-US: Rukovoditel CVE-2020-11821 (In Rukovoditel 2.5.2, users' passwords and usernames are stored in a c ...) - TODO: check + NOT-FOR-US: Rukovoditel CVE-2020-11820 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file lo ...) @@ -1634,7 +1634,7 @@ CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php f CVE-2020-11818 (In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF at ...) NOT-FOR-US: Rukovoditel CVE-2020-11817 (In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the s ...) - TODO: check + NOT-FOR-US: Rukovoditel CVE-2020-11816 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11815 (In Rukovoditel 2.5.2, attackers can upload arbitrary file to the serve ...) @@ -3125,7 +3125,7 @@ CVE-2020-11422 CVE-2020-11421 RESERVED CVE-2020-11420 (UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker ...) - TODO: check + NOT-FOR-US: UPS Adapter CS141 CVE-2020-11419 RESERVED CVE-2020-11418 @@ -3135,7 +3135,7 @@ CVE-2020-11417 CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats. ...) NOT-FOR-US: JetBrains Space CVE-2020-11415 (An issue was discovered in Sonatype Nexus Repository Manager 2.x befor ...) - TODO: check + NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...) NOT-FOR-US: Progress Telerik UI CVE-2020-11413 @@ -8215,7 +8215,7 @@ CVE-2020-9296 CVE-2020-9295 RESERVED CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...) - TODO: check + NOT-FOR-US: FortiMail Fortiguard CVE-2020-9293 RESERVED CVE-2020-9292 @@ -8707,7 +8707,7 @@ CVE-2020-9074 CVE-2020-9073 RESERVED CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9071 RESERVED CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...) @@ -8715,7 +8715,7 @@ CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0 CVE-2020-9069 RESERVED CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...) NOT-FOR-US: Huawei CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169 ...) @@ -27111,7 +27111,7 @@ CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1880 (Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-1879 (There is an improper integrity checking vulnerability on some huawei p ...) NOT-FOR-US: Huawei CVE-2020-1878 (Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D ...) @@ -27181,7 +27181,7 @@ CVE-2020-1847 CVE-2020-1846 RESERVED CVE-2020-1845 (Huawei PCManager product with versions earlier than 10.0.5.53 have a l ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-1844 (PCManager with versions earlier than 10.0.5.51 have a privilege escala ...) NOT-FOR-US: Huawei CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...) @@ -27257,13 +27257,13 @@ CVE-2020-1809 CVE-2020-1808 RESERVED CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-1806 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-1805 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-1804 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-1803 (Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C63 ...) NOT-FOR-US: Huawei CVE-2020-1802 (There is an insufficient integrity validation vulnerability in several ...) @@ -33301,7 +33301,7 @@ CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420 NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c CVE-2019-18223 (ZOOM International Call Recording 6.3.1 suffers from multiple authenti ...) - TODO: check + NOT-FOR-US: ZOOM International Call Recording CVE-2019-18222 (The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 a ...) - mbedtls 2.16.4-1 NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/610553fc7d1a203eb8b7dcc55bdfc233451198b3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/610553fc7d1a203eb8b7dcc55bdfc233451198b3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits