Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4c7a0729 by Salvatore Bonaccorso at 2020-06-30T06:53:58+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -93,31 +93,31 @@ CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1
has a hardcoded certi
CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded
Erlang cook ...)
NOT-FOR-US: Zyxel
CVE-2020-15324 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a
world-readable axess/ ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15323 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234
password ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15322 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the
wbboEZ4BN3ssxAfM ha ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15321 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel
password fo ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15320 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros
password for ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15319 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA
SSH key ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15318 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA
SSH key ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15317 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA
SSH key ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15316 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded
ECDSA SSH k ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15315 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA
SSH key ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15314 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA
SSH key ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15313 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded
ECDSA SSH k ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15312 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA
SSH key ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php
download para ...)
NOT-FOR-US: Stash
CVE-2020-15310
@@ -609,7 +609,7 @@ CVE-2020-15071
CVE-2020-15070
RESERVED
CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer
Overflow an ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2020-15068
RESERVED
CVE-2020-15067
@@ -667,7 +667,7 @@ CVE-2020-15045
CVE-2020-15044
RESERVED
CVE-2020-15043 (iBall WRB303N devices allow CSRF attacks, as demonstrated by
enabling ...)
- TODO: check
+ NOT-FOR-US: iBall WRB303N devices
CVE-2020-15042
RESERVED
CVE-2020-15041 (PHP-Fusion 9.03.60 allows XSS via the
administration/site_links.php Ad ...)
@@ -2289,11 +2289,11 @@ CVE-2020-14416 (In the Linux kernel before 5.4.16, a
race condition in tty->d
[jessie] - linux 3.16.84-1
NOTE:
https://git.kernel.org/linus/0ace17d56824165c7f4c68785d6b58971db954dd
CVE-2020-14414 (NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php
imprope ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-14413 (NeDi 1.9C is vulnerable to XSS because of an incorrect
implementation ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote Command Execution.
System-Snapshot.p ...)
- TODO: check
+ NOT-FOR-US: NeDi
CVE-2020-14411
RESERVED
CVE-2020-14410
@@ -3080,15 +3080,15 @@ CVE-2020-14074 (TRENDnet TEW-827DRU devices through
2.06B04 contain a stack-base
CVE-2020-14073 (XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted
map proper ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2020-14072 (An issue was discovered in MK-AUTH 19.01. It allows command
execution ...)
- TODO: check
+ NOT-FOR-US: MK-AUTH
CVE-2020-14071 (An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities
in admin ...)
- TODO: check
+ NOT-FOR-US: MK-AUTH
CVE-2020-14070 (An issue was discovered in MK-AUTH 19.01. There is
authentication bypa ...)
- TODO: check
+ NOT-FOR-US: MK-AUTH
CVE-2020-14069 (An issue was discovered in MK-AUTH 19.01. There are SQL
injection issu ...)
- TODO: check
+ NOT-FOR-US: MK-AUTH
CVE-2020-14068 (An issue was discovered in MK-AUTH 19.01. The web login
functionality ...)
- TODO: check
+ NOT-FOR-US: MK-AUTH
CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does
not consi ...)
NOT-FOR-US: Navigate CMS
CVE-2020-14066
@@ -3525,7 +3525,7 @@ CVE-2020-13898 (An issue was discovered in janus-gateway
(aka Janus WebRTC Serve
CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS. ...)
NOT-FOR-US: HESK
CVE-2020-13896 (The web interface of Maipu MP1800X-50 7.5.3.14(R) devices
allows remot ...)
- TODO: check
+ NOT-FOR-US: Maipu devices
CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961
allows ...)
NOT-FOR-US: DEXT5 Editor
CVE-2020-13893
@@ -4196,7 +4196,7 @@ CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0
can trigger a NULL poi
CVE-2020-13658
RESERVED
CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free
Antivirus ...)
- TODO: check
+ NOT-FOR-US: Avast
CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array
implementation ...)
NOT-FOR-US: Hobbes
CVE-2020-13655
@@ -6626,7 +6626,7 @@ CVE-2018-21233 (TensorFlow before 1.7.0 has an integer
overflow that causes an o
CVE-2020-12636
RESERVED
CVE-2020-12635 (XSS exists in the WebForms Pro M2 extension before 2.9.17 for
Magento ...)
- TODO: check
+ NOT-FOR-US: WebForms Pro M2 extension for Magento
CVE-2020-12634
RESERVED
CVE-2020-12633
@@ -8056,23 +8056,23 @@ CVE-2020-12049 (An issue was discovered in dbus >=
1.3.0 before 1.12.18. The
NOTE: Fixed by:
https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5
NOTE: Test:
https://gitlab.freedesktop.org/dbus/dbus/-/commit/8bc1381819e5a845331650bfa28dacf6d2ac1748
CVE-2020-12048 (Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The
Phoenix Hem ...)
- TODO: check
+ NOT-FOR-US: Phoenix Hemodialysis Delivery System
CVE-2020-12047 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and
v22D24), whe ...)
- TODO: check
+ NOT-FOR-US: Baxter Spectrum WBM
CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s
firmwar ...)
NOT-FOR-US: Opto 22 SoftPAC Project
CVE-2020-12045 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and
v22D24) when ...)
- TODO: check
+ NOT-FOR-US: Baxter Spectrum WBM
CVE-2020-12044
RESERVED
CVE-2020-12043 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and
v22D24) when ...)
- TODO: check
+ NOT-FOR-US: Baxter Spectrum WBM
CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified
within ...)
NOT-FOR-US: Opto 22 SoftPAC Project
CVE-2020-12041 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and
v22D24) teln ...)
- TODO: check
+ NOT-FOR-US: Baxter Spectrum WBM
CVE-2020-12040 (Sigma Spectrum Infusion System v's6.x (model 35700BAX) and
Baxter Spec ...)
- TODO: check
+ NOT-FOR-US: Sigma Spectrum Infusion System
CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion
System v' ...)
TODO: check
CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior
(FactoryTalk ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c7a0729b1f6ee1a2ba4146c6fe5cd01795022cd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c7a0729b1f6ee1a2ba4146c6fe5cd01795022cd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
