Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d093a20b by Salvatore Bonaccorso at 2020-06-13T06:38:20+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -3166,7 +3166,7 @@ CVE-2020-12727 CVE-2020-12726 RESERVED CVE-2020-12725 (Havoc Research discovered an authenticated Server-Side Request Forgery ...) - TODO: check + NOT-FOR-US: Redash CVE-2020-12724 RESERVED CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...) @@ -3195,7 +3195,7 @@ CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...) NOT-FOR-US: CipherMail CVE-2020-12712 (A vulnerability based on insecure user/password encryption in the JOE ...) - TODO: check + NOT-FOR-US: SOS JobScheduler CVE-2020-12711 RESERVED CVE-2020-12710 @@ -4904,7 +4904,7 @@ CVE-2020-12025 CVE-2020-12024 RESERVED CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, Intel ...) - TODO: check + NOT-FOR-US: Philips CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An i ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12021 @@ -4942,7 +4942,7 @@ CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0 CVE-2020-12005 RESERVED CVE-2020-12004 (The affected product lacks proper authentication required to query the ...) - TODO: check + NOT-FOR-US: Inductive Automation Ignition CVE-2020-12003 RESERVED CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) @@ -4950,7 +4950,7 @@ CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0 CVE-2020-12001 RESERVED CVE-2020-12000 (The affected product is vulnerable to the handling of serialized data. ...) - TODO: check + NOT-FOR-US: Inductive Automation Ignition CVE-2020-11999 RESERVED CVE-2020-11998 @@ -6833,9 +6833,9 @@ CVE-2020-11616 CVE-2020-11615 RESERVED CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as w ...) - TODO: check + NOT-FOR-US: Mids' Reborn Hero Designer CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...) - TODO: check + NOT-FOR-US: Mids' Reborn Hero Designer CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...) - netty 1:4.1.48-1 [jessie] - netty <ignored> (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API) @@ -9964,7 +9964,7 @@ CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contai CVE-2020-10645 RESERVED CVE-2020-10644 (The affected product lacks proper validation of user-supplied data, wh ...) - TODO: check + NOT-FOR-US: Inductive Automation Ignition CVE-2020-10643 RESERVED CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...) @@ -12144,23 +12144,23 @@ CVE-2020-9653 CVE-2020-9652 RESERVED CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9650 RESERVED CVE-2020-9649 RESERVED CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9646 RESERVED CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind server- ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9643 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9642 RESERVED CVE-2020-9641 @@ -12174,11 +12174,11 @@ CVE-2020-9638 CVE-2020-9637 RESERVED CVE-2020-9636 (Adobe Framemaker versions 2019.0.5 and below have a memory corruption ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9635 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9634 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9633 (Adobe Flash Player versions 32.0.0.371 and earlier, 32.0.0.371 and ear ...) NOT-FOR-US: Adobe CVE-2020-9632 @@ -15269,19 +15269,19 @@ CVE-2020-8339 CVE-2020-8338 RESERVED CVE-2020-8337 (An unquoted search path vulnerability was reported in versions prior t ...) - TODO: check + NOT-FOR-US: Synaptics Smart Audio UWP app CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on some Th ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2020-8335 RESERVED CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2020-8333 RESERVED CVE-2020-8332 RESERVED CVE-2020-8331 (A potential vulnerability in the BIOS configuration of some ThinkSyste ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...) NOT-FOR-US: Lenovo CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...) @@ -15297,13 +15297,13 @@ CVE-2020-8325 CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem for Leno ...) NOT-FOR-US: Lenovo CVE-2020-8323 (A potential vulnerability in the SMI callback function used in the Leg ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2020-8322 (A potential vulnerability in the SMI callback function used in the Leg ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2020-8321 (A potential vulnerability in the SMI callback function used in the Sys ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2020-8320 (An internal shell was included in BIOS image in some ThinkPad models t ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo System Int ...) NOT-FOR-US: Lenovo CVE-2020-8318 (A privilege escalation vulnerability was reported in the LenovoSystemU ...) @@ -17713,9 +17713,9 @@ CVE-2020-7282 CVE-2020-7281 RESERVED CVE-2020-7280 (Privilege Escalation vulnerability during daily DAT updates when using ...) - TODO: check + NOT-FOR-US: McAfee CVE-2020-7279 (DLL Search Order Hijacking Vulnerability in the installer component of ...) - TODO: check + NOT-FOR-US: McAfee CVE-2020-7278 (Exploiting incorrectly configured access control security levels vulne ...) NOT-FOR-US: McAfee CVE-2020-7277 (Protection mechanism failure in all processes in McAfee Endpoint Secur ...) @@ -20715,7 +20715,7 @@ CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nit CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in the ESPON ...) NOT-FOR-US: EPSON CVE-2020-6090 (An exploitable code execution vulnerability exists in the Web-Based Ma ...) - TODO: check + NOT-FOR-US: WAGO CVE-2020-6089 RESERVED CVE-2020-6088 @@ -21765,9 +21765,9 @@ CVE-2020-5595 CVE-2020-5594 RESERVED CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP cod ...) - TODO: check + NOT-FOR-US: Zenphoto CVE-2020-5592 (Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 ...) - TODO: check + NOT-FOR-US: Zenphoto CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to ...) NOT-FOR-US: XACK DNS CVE-2020-5590 @@ -22310,9 +22310,9 @@ CVE-2020-5365 (Dell EMC Isilon versions 8.2.2 and earlier contain a remotesuppor CVE-2020-5364 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vul ...) NOT-FOR-US: EMC CVE-2020-5363 (Select Dell Client Consumer and Commercial platforms include an issue ...) - TODO: check + NOT-FOR-US: Dell CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an improper auth ...) - TODO: check + NOT-FOR-US: Dell CVE-2020-5361 RESERVED CVE-2020-5360 @@ -25124,7 +25124,7 @@ CVE-2020-4253 (IBM Content Navigator 3.0CD does not invalidate session after log CVE-2020-4252 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...) NOT-FOR-US: IBM CVE-2020-4251 (IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site sc ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4250 RESERVED CVE-2020-4249 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...) @@ -25424,7 +25424,7 @@ CVE-2020-4103 CVE-2020-4102 RESERVED CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...) - TODO: check + NOT-FOR-US: HCL Digital Experience CVE-2020-4100 RESERVED CVE-2020-4099 @@ -25526,11 +25526,11 @@ CVE-2020-4052 CVE-2020-4051 RESERVED CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...) - TODO: check + NOT-FOR-US: SSB-DB CVE-2020-4044 RESERVED CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserializati ...) - TODO: check + NOT-FOR-US: phpMussel CVE-2020-4042 RESERVED CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...) @@ -26417,11 +26417,11 @@ CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, whic CVE-2020-3931 RESERVED CVE-2020-3930 (GeoVision Door Access Control device family improperly stores and cont ...) - TODO: check + NOT-FOR-US: GeoVision Door Access Control CVE-2020-3929 (GeoVision Door Access Control device family employs shared cryptograph ...) - TODO: check + NOT-FOR-US: GeoVision Door Access Control CVE-2020-3928 (GeoVision Door Access Control device family is hardcoded with a root p ...) - TODO: check + NOT-FOR-US: GeoVision Door Access Control CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d093a20be8e0ad6b6d16e242871eb1634e4d7ad1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d093a20be8e0ad6b6d16e242871eb1634e4d7ad1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits