Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d3747246 by Moritz Muehlenhoff at 2020-08-21T23:01:59+02:00
new nim, dolibarr, ros-actionlib issues
node-ajv, crispy-doom fixed in sid
shiro bugnum
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2020-24591 (The Management Console in certain WSO2 products allows XXE
attacks dur ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and
API Micro ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and
API Micro ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2020-24588
RESERVED
CVE-2020-24587
@@ -33,13 +33,13 @@ CVE-2020-24576
CVE-2020-24575
RESERVED
CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY 2.0.19
allows l ...)
- TODO: check
+ NOT-FOR-US: GOG Galaxy client
CVE-2020-24573
RESERVED
CVE-2020-24572
RESERVED
CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via
../ dir ...)
- TODO: check
+ NOT-FOR-US: NexusDB
CVE-2020-24570
RESERVED
CVE-2020-24569
@@ -47,7 +47,7 @@ CVE-2020-24569
CVE-2020-24568
RESERVED
CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly
2020-08- ...)
- TODO: check
+ NOT-FOR-US: voidtools
CVE-2020-24566
RESERVED
CVE-2020-24565
@@ -474,7 +474,7 @@ CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to
execute shell code via E
CVE-2020-24360
RESERVED
CVE-2020-24359 (HashiCorp vault-ssh-helper up to and including version 0.1.6
incorrect ...)
- TODO: check
+ NOT-FOR-US: vault-ssh-helper
CVE-2020-24358
RESERVED
CVE-2020-24357
@@ -1093,19 +1093,19 @@ CVE-2020-24059
CVE-2020-24058
RESERVED
CVE-2020-24057 (The management website of the Verint S5120FD Verint_FW_0_42
unit featu ...)
- TODO: check
+ NOT-FOR-US: Verint
CVE-2020-24056 (A hardcoded credentials vulnerability exists in Verint 5620PTZ
Verint_ ...)
- TODO: check
+ NOT-FOR-US: Verint
CVE-2020-24055 (Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23,
and V4320 ...)
- TODO: check
+ NOT-FOR-US: Verint
CVE-2020-24054 (The administration console of the Moog EXO Series EXVF5C-2 and
EXVP7C2 ...)
- TODO: check
+ NOT-FOR-US: Moog
CVE-2020-24053 (Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded
credenti ...)
- TODO: check
+ NOT-FOR-US: Moog
CVE-2020-24052 (Several XML External Entity (XXE) vulnerabilities in the Moog
EXO Seri ...)
- TODO: check
+ NOT-FOR-US: Moog
CVE-2020-24051 (The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the
ONVIF int ...)
- TODO: check
+ NOT-FOR-US: Moog
CVE-2020-24050
RESERVED
CVE-2020-24049
@@ -1335,9 +1335,9 @@ CVE-2020-23938 (***REJECTED***Out of bounds read
(CWE-125) in AnnLab V3 Lite 4.0
CVE-2020-23937
RESERVED
CVE-2020-23936 (PHPGurukul Vehicle Parking Management System 1.0 is vulnerable
to Auth ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Vehicle Parking Management System
CVE-2020-23935 (Kabir Alhasan Student Management System 1.0 is vulnerable to
Authentic ...)
- TODO: check
+ NOT-FOR-US: Kabir Alhasan Student Management System
CVE-2020-23934 (An issue was discovered in RiteCMS 2.2.1. An authenticated
user can di ...)
NOT-FOR-US: RiteCMS
CVE-2020-23933
@@ -7940,9 +7940,9 @@ CVE-2020-20636
CVE-2020-20635
RESERVED
CVE-2020-20634 (Elementor 2.9.5 and below WordPress plugin allows
authenticated users ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2020-20633 (ajax_policy_generator in
admin/modules/cli-policy-generator/classes/cl ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2020-20632
RESERVED
CVE-2020-20631
@@ -14270,7 +14270,7 @@ CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before
5.1.4 allows XSS in the core
- tinymce <unfixed>
NOTE:
https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not
properly valida ...)
- TODO: check
+ NOT-FOR-US: jpv
CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly
conside ...)
- libcrypt-perl-perl <itp> (bug #907353)
CVE-2020-17477
@@ -16762,13 +16762,13 @@ CVE-2020-16284
CVE-2020-16283
RESERVED
CVE-2020-16282 (In the default configuration of Rangee GmbH RangeeOS 8.0.4,
all compon ...)
- TODO: check
+ NOT-FOR-US: Rangee
CVE-2020-16281 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could
allow a loca ...)
- TODO: check
+ NOT-FOR-US: Rangee
CVE-2020-16280 (Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials
in plain ...)
- TODO: check
+ NOT-FOR-US: Rangee
CVE-2020-16279 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is
vulnerable to R ...)
- TODO: check
+ NOT-FOR-US: Rangee
CVE-2020-16278 (A cross-site scripting (XSS) vulnerability in the Permissions
componen ...)
NOT-FOR-US: SAINT Security Suite
CVE-2020-16277 (An SQL injection vulnerability in the Analytics component of
SAINT Sec ...)
@@ -16852,15 +16852,15 @@ CVE-2020-16243
CVE-2020-16242
RESERVED
CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does
not restr ...)
- TODO: check
+ NOT-FOR-US: Philips SureSigns
CVE-2020-16240
RESERVED
CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor
claims to hav ...)
- TODO: check
+ NOT-FOR-US: Philips SureSigns
CVE-2020-16238
RESERVED
CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product
receives input ...)
- TODO: check
+ NOT-FOR-US: Philips SureSigns
CVE-2020-16236
RESERVED
CVE-2020-16235
@@ -18119,11 +18119,11 @@ CVE-2020-15696 (An issue was discovered in Joomla!
through 3.9.19. Lack of input
CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing
token che ...)
NOT-FOR-US: Joomla!
CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to
properly valida ...)
- TODO: check
+ - nim 1.2.6-1
CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to
a CR-LF ...)
- TODO: check
+ - nim 1.2.6-1
CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL
argumen ...)
- TODO: check
+ - nim 1.2.6-1
CVE-2020-15691
RESERVED
CVE-2020-15690
@@ -18383,7 +18383,7 @@ CVE-2020-15598
CVE-2020-15597 (SOPlanning 1.46.01 allows persistent XSS via the Project Name,
Statute ...)
NOT-FOR-US: SOPlanning
CVE-2020-15596 (The ALPS ALPINE touchpad driver before 8.2206.1717.634, as
used on var ...)
- TODO: check
+ NOT-FOR-US: ALPS ALPINE touchpad driver for Windows
CVE-2019-20906
RESERVED
CVE-2019-20905
@@ -18959,7 +18959,7 @@ CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver
does not properly restric
CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of
authenticatio ...)
NOT-FOR-US: Venki
CVE-2020-15366 (An issue was discovered in ajv.validate() in Ajv (aka Another
JSON Sch ...)
- - node-ajv <unfixed>
+ - node-ajv 6.12.4-1
NOTE: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in
parse_exif() in ...)
- libraw <not-affected> (Vulnerable code introduced in 0.20-Beta1)
@@ -19412,7 +19412,7 @@ CVE-2020-15154
CVE-2020-15153
RESERVED
CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to
Server-Side Req ...)
- TODO: check
+ NOT-FOR-US: Node ftp-srv
CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows
attackers to cir ...)
NOT-FOR-US: OpenMage
CVE-2020-15150
@@ -19422,7 +19422,7 @@ CVE-2020-15149 (NodeBB before version 1.14.3 has a bug
introduced in version 1.1
CVE-2020-15148
RESERVED
CVE-2020-15147 (Red Discord Bot before versions 3.3.12 and 3.4 has a Remote
Code Execu ...)
- TODO: check
+ NOT-FOR-US: Red Discord Bot
CVE-2020-15146 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2
and 1.6.4 ...)
NOT-FOR-US: SyliusResourceBundle
CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the
developer's ...)
@@ -19432,11 +19432,11 @@ CVE-2020-15144
CVE-2020-15143 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2
and 1.6.4 ...)
NOT-FOR-US: SyliusResourceBundle
CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients
generated with ...)
- TODO: check
+ NOT-FOR-US: openapi-python-client
CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path
travers ...)
- TODO: check
+ NOT-FOR-US: openapi-python-client
CVE-2020-15140 (In Red Discord Bot before version 3.3.11, a RCE exploit has
been disco ...)
- TODO: check
+ NOT-FOR-US: Red Discord Bot
CVE-2020-15139 (In MyBB before version 1.8.24, the custom MyCode (BBCode) for
the visu ...)
NOT-FOR-US: MyBB
CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing
preview of the ...)
@@ -19493,7 +19493,7 @@ CVE-2020-15121 (In radare2 before version 4.5.0,
malformed PDB file names in the
CVE-2020-15120 (In "I hate money" before version 4.1.5, an authenticated
member of one ...)
NOT-FOR-US: ihatemoney
CVE-2020-15119 (In auth0-lock versions before and including 11.25.1,
dangerouslySetInn ...)
- TODO: check
+ NOT-FOR-US: Node auth0-lock
CVE-2020-15118 (In Wagtail before versions 2.7.4 and 2.9.3, when a form page
type is m ...)
NOT-FOR-US: Wagtail
CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be
crashed by r ...)
@@ -19611,7 +19611,7 @@ CVE-2020-15072 (An issue was discovered in phpList
through 3.5.4. An error-based
CVE-2020-15071 (content/content.blueprintsevents.php in Symphony CMS 3.0.0
allows XSS ...)
NOT-FOR-US: Symphony CMS
CVE-2020-15070 (Zulip Server 2.x before 2.1.7 allows eval injection if a
privileged at ...)
- TODO: check
+ - zulip-server <itp> (bug #800052)
CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer
Overflow an ...)
NOT-FOR-US: Sophos
CVE-2020-15068
@@ -19810,7 +19810,7 @@ CVE-2020-14985
CVE-2020-14984
RESERVED
CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0
doesn't valid ...)
- - crispy-doom <unfixed> (bug #964564)
+ - crispy-doom 5.9.0-1 (bug #964564)
[buster] - crispy-doom <no-dsa> (Minor issue)
- chocolate-doom 3.0.1-1
[buster] - chocolate-doom <no-dsa> (Minor issue)
@@ -20827,7 +20827,7 @@ CVE-2020-14520 (The affected product is vulnerable to
an information leak, which
CVE-2020-14519
RESERVED
CVE-2020-14518 (Philips DreamMapper, Version 2.24 and prior. Information
written to lo ...)
- TODO: check
+ NOT-FOR-US: Philips DreamMapper
CVE-2020-14517
RESERVED
CVE-2020-14516
@@ -21895,7 +21895,7 @@ CVE-2018-21247 (An issue was discovered in LibVNCServer
before 0.9.13. There is
NOTE: https://github.com/LibVNC/libvncserver/issues/253
NOTE:
https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
CVE-2020-14215 (Zulip Server before 2.1.5 has Incorrect Access Control because
0198_pr ...)
- TODO: check
+ - zulip-server <itp> (bug #800052)
CVE-2020-14214 (Zammad before 3.3.1, when Domain Based Assignment is enabled,
relies o ...)
- zammad <itp> (bug #841355)
CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that
should only ...)
@@ -21927,7 +21927,7 @@ CVE-2020-14203 (WebFOCUS Business Intelligence 8.0
(SP6) allows a Cross-Site Req
CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via
arbitrar ...)
NOT-FOR-US: WebFOCUS Business Intelligence
CVE-2020-14201 (Dolibarr CRM before 11.0.5 allows privilege escalation. This
could all ...)
- TODO: check
+ - dolibarr <removed>
CVE-2020-14200
RESERVED
CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the
signing o ...)
@@ -21950,7 +21950,7 @@ CVE-2020-14195 (FasterXML jackson-databind 2.x before
2.9.10.5 mishandles the in
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-14194 (Zulip Server before 2.1.5 allows reverse tabnapping via a
topic header ...)
- TODO: check
+ - zulip-server <itp> (bug #800052)
CVE-2020-14193
RESERVED
CVE-2020-14192
@@ -22646,7 +22646,7 @@ CVE-2020-13934 (An h2c direct connection to Apache
Tomcat 10.0.0-M1 to 10.0.0-M6
NOTE:
https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e
(8.5.57)
NOTE:
https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399
(9.0.37)
CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a
specially crafte ...)
- - shiro <unfixed>
+ - shiro <unfixed> (bug #968753)
NOTE:
https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E
CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially
crafted MQTT p ...)
NOT-FOR-US: Apache ActiveMQ Artemis
@@ -22910,9 +22910,9 @@ CVE-2020-13828
CVE-2020-13827 (phpList before 3.5.4 allows XSS via /lists/admin/user.php and
/lists/a ...)
- phplist <itp> (bug #612288)
CVE-2020-13826 (A CSV injection (aka Excel Macro Injection or Formula
Injection) issue ...)
- TODO: check
+ NOT-FOR-US: i-doit
CVE-2020-13825 (A cross-site scripting (XSS) vulnerability in i-doit 1.14.2
allows rem ...)
- TODO: check
+ NOT-FOR-US: i-doit
CVE-2020-13824
RESERVED
CVE-2020-13823
@@ -25584,7 +25584,7 @@ CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2
1.6.0 has an integer over
CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and
Meridian ...)
NOT-FOR-US: OpenNMS
CVE-2020-12759 (Zulip Server before 2.1.5 allows reflected XSS via the Dropbox
webhook ...)
- TODO: check
+ - zulip-server <itp> (bug #800052)
CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when
configured wit ...)
- consul 1.7.4+dfsg1-1
[buster] - consul <not-affected> (Vulnerable code not present)
@@ -25977,9 +25977,9 @@ CVE-2020-12621
CVE-2020-12620 (Pi-hole 4.4 allows a user able to write to
/etc/pihole/dns-servers.con ...)
NOT-FOR-US: Pi-hole
CVE-2020-12619 (MailMate before 1.11 automatically imported S/MIME
certificates and th ...)
- TODO: check
+ NOT-FOR-US: MailMate
CVE-2020-12618 (eM Client before 7.2.33412.0 automatically imported S/MIME
certificate ...)
- TODO: check
+ NOT-FOR-US: eM Client
CVE-2020-12617
RESERVED
CVE-2020-12616
@@ -33464,9 +33464,10 @@ CVE-2020-10292
CVE-2020-10291
RESERVED
CVE-2020-10290 (Universal Robots controller execute URCaps (zip files
containing Java- ...)
- TODO: check
+ NOT-FOR-US: Universal Robots controller
CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary
objects. Th ...)
- TODO: check
+ - ros-actionlib <unfixed> (bug #968830)
+ [buster] - ros-actionlib <no-dsa> (Minor issue)
CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain
access y ...)
NOT-FOR-US: ABB IRC5
CVE-2020-10287 (The IRC5 family with UAS service enabled comes by default with
credent ...)
@@ -33478,7 +33479,7 @@ CVE-2020-10285 (The authentication implementation on
the xArm controller has ver
CVE-2020-10284 (No authentication is required to control the robot inside the
network, ...)
NOT-FOR-US: xArm
CVE-2020-10283 (The Micro Air Vehicle Link (MAVLink) protocol presents
authentication ...)
- TODO: check
+ NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol
CVE-2020-10282 (The Micro Air Vehicle Link (MAVLink) protocol presents no
authenticati ...)
NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol
CVE-2020-10281 (This vulnerability applies to the Micro Air Vehicle Link
(MAVLink) pro ...)
@@ -36011,7 +36012,7 @@ CVE-2020-9248 (Huawei FusionComput 8.0.0 have an
improper authorization vulnerab
CVE-2020-9247
RESERVED
CVE-2020-9246 (FusionCompute 8.0.0 has an information leak vulnerability. A
module do ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9245 (HUAWEI P30 versions Versions earlier than
10.1.0.160(C00E160R2P11);HUA ...)
NOT-FOR-US: Huawei
CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than
10.1.0.160(C00E160R3P8); ...)
@@ -36295,7 +36296,7 @@ CVE-2020-9106
CVE-2020-9105
RESERVED
CVE-2020-9104 (HUAWEI P30 smartphones with Versions earlier than
10.1.0.123(C431E22R2 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a
logic er ...)
NOT-FOR-US: Huawei
CVE-2020-9102 (There is a information leak vulnerability in some Huawei
products, and ...)
@@ -36311,9 +36312,9 @@ CVE-2020-9098 (Huawei OceanStor 5310 product with
version of V500R007C60SPC100 h
CVE-2020-9097
RESERVED
CVE-2020-9096 (HUAWEI P30 Pro smartphones with Versions earlier than
10.1.0.160(C00E1 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9095 (HUAWEI P30 Pro smartphone with Versions earlier than
10.1.0.160(C00E16 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9094
RESERVED
CVE-2020-9093
@@ -39724,27 +39725,27 @@ CVE-2020-7712
CVE-2020-7711
RESERVED
CVE-2020-7710 (This affects all versions of package safe-eval. It is possible
for an ...)
- TODO: check
+ NOT-FOR-US: Node safe-eval
CVE-2020-7709
RESERVED
CVE-2020-7708 (The package irrelon-path before 4.7.0; the package
@irrelon/path befor ...)
- TODO: check
+ NOT-FOR-US: Node irrelon-path
CVE-2020-7707 (The package property-expr before 2.0.3 are vulnerable to
Prototype Pol ...)
- TODO: check
+ NOT-FOR-US: Node property-expr
CVE-2020-7706 (The package connie-lang before 0.1.1 are vulnerable to
Prototype Pollu ...)
- TODO: check
+ NOT-FOR-US: Node connie-lang
CVE-2020-7705
RESERVED
CVE-2020-7704 (The package linux-cmdline before 1.0.1 are vulnerable to
Prototype Pol ...)
- TODO: check
+ NOT-FOR-US: Node linux-cmdline
CVE-2020-7703 (All versions of package nis-utils are vulnerable to Prototype
Pollutio ...)
- TODO: check
+ NOT-FOR-US: Node nis-utils
CVE-2020-7702 (All versions of package templ8 are vulnerable to Prototype
Pollution v ...)
- TODO: check
+ NOT-FOR-US: templ8
CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype
Pollution ...)
- TODO: check
+ NOT-FOR-US: Node madlib-object-utils
CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via
parse_ ...)
- TODO: check
+ NOT-FOR-US: phpjs
CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If
the parse ...)
NOT-FOR-US: express-fileupload
CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The
input bei ...)
@@ -40283,9 +40284,10 @@ CVE-2020-7462
CVE-2020-7461
RESERVED
CVE-2020-7460 (In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8,
11.4-ST ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2020-7459 (In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8,
11.4-ST ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE:
https://www.freebsd.org/security/advisories/FreeBSD-SA-20:21.usb_net.asc
CVE-2020-7458 (In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before
r362281, and ...)
NOT-FOR-US: FreeBSD
CVE-2020-7457 (In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7,
11.4-ST ...)
@@ -40486,7 +40488,7 @@ CVE-2020-7362
CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command
injecti ...)
NOT-FOR-US: EasyCorp ZenTao Pro application
CVE-2020-7360 (An Uncontrolled Search Path Element (CWE-427) vulnerability in
SmartCo ...)
- TODO: check
+ NOT-FOR-US: SmartControl
CVE-2020-7359
RESERVED
CVE-2020-7358
@@ -40502,7 +40504,7 @@ CVE-2020-7354 (Cross-site Scripting (XSS) vulnerability
in the 'host' field of a
CVE-2020-7353
RESERVED
CVE-2020-7352 (The GalaxyClientService component of GOG Galaxy runs with
elevated SYS ...)
- TODO: check
+ NOT-FOR-US: GOG Galaxy
CVE-2020-7351 (An OS Command Injection vulnerability in the
endpoint_devicemap.php co ...)
NOT-FOR-US: Fonality Trixbox Community Edition
CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from
an ins ...)
@@ -40586,27 +40588,27 @@ CVE-2020-7312
CVE-2020-7311
RESERVED
CVE-2020-7310 (Privilege Escalation vulnerability in the installer in McAfee
McAfee T ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7309
RESERVED
CVE-2020-7308
RESERVED
CVE-2020-7307 (Unprotected Storage of Credentials vulnerability in McAfee Data
Loss P ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7306 (Unprotected Storage of Credentials vulnerability in McAfee Data
Loss P ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7305 (Privilege escalation vulnerability in McAfee Data Loss
Prevention (DLP ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7304 (Cross site request forgery vulnerability in McAfee Data Loss
Preventio ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7303 (Cross Site scripting vulnerability in McAfee Data Loss
Prevention (DLP ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7302 (Unrestricted Upload of File with Dangerous Type in McAfee Data
Loss Pr ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7301 (Cross Site scripting vulnerability in McAfee Data Loss
Prevention (DLP ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7300 (Improper Authorization vulnerability in McAfee Data Loss
Prevention (D ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7299
RESERVED
CVE-2020-7298 (Unexpected behavior violation in McAfee Total Protection (MTP)
prior t ...)
@@ -40751,7 +40753,7 @@ CVE-2019-20385 (The CSV upload feature in
/supervisor/procesa_carga.php on Logar
CVE-2019-20384 (Gentoo Portage through 2.3.84 allows local users to place a
Trojan hor ...)
NOT-FOR-US: Portage
CVE-2019-20383 (ABBYY network license server in ABBYY FineReader 15 before
Release 4 ( ...)
- TODO: check
+ NOT-FOR-US: ABBYY
CVE-2019-20382 (QEMU 4.1.0 has a memory leak in zrle_compress_data in
ui/vnc-enc-zrle. ...)
{DSA-4665-1 DLA-2288-1}
- qemu 1:4.2-1
@@ -41325,7 +41327,7 @@ CVE-2020-7031
CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered
in the ...)
NOT-FOR-US: IP Office
CVE-2020-7029 (A Cross-Site Request Forgery (CSRF) vulnerability was
discovered in th ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2020-7028
RESERVED
CVE-2020-7027
@@ -41521,7 +41523,7 @@ CVE-2020-6934
CVE-2020-6933
RESERVED
CVE-2020-6932 (An information disclosure and remote code execution
vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: BlackBerry QNX Software Development Platform
CVE-2020-6931
RESERVED
CVE-2020-6930
@@ -42257,7 +42259,7 @@ CVE-2020-6655
CVE-2020-6654
RESERVED
CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 & prior stores the
user l ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's
Intelligent Po ...)
NOT-FOR-US: Eaton
CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager
(IPM) v ...)
@@ -44547,9 +44549,9 @@ CVE-2020-5777
CVE-2020-5776
RESERVED
CVE-2020-5775 (Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a
remote, ...)
- TODO: check
+ NOT-FOR-US: Canvas LMS
CVE-2020-5774 (Nessus versions 8.11.0 and earlier were found to maintain
sessions lon ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2020-5773 (Improper Access Control in Teltonika firmware
TRB2_R_00.02.04.01 allow ...)
NOT-FOR-US: Teltonika firmware
CVE-2020-5772 (Improper Input Validation in Teltonika firmware
TRB2_R_00.02.04.01 all ...)
@@ -44865,9 +44867,9 @@ CVE-2020-5618
CVE-2020-5617 (Privilege escalation vulnerability in SKYSEA Client View
Ver.12.200.12 ...)
NOT-FOR-US: SKYSEA Client View
CVE-2020-5616 ([Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01],
[Telop01], ...)
- TODO: check
+ NOT-FOR-US: Calendar01
CVE-2020-5615 (Cross-site request forgery (CSRF) vulnerability in [Calendar01]
free e ...)
- TODO: check
+ NOT-FOR-US: Calendar01
CVE-2020-5614 (Directory traversal vulnerability in KonaWiki 3.1.0 and earlier
allows ...)
NOT-FOR-US: KonaWiki
CVE-2020-5613 (Cross-site scripting vulnerability in KonaWiki 3.1.0 and
earlier allow ...)
@@ -45410,7 +45412,7 @@ CVE-2020-5387
CVE-2020-5386
RESERVED
CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint
Security Suit ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for
Microsoft Wi ...)
NOT-FOR-US: RSA MFA Agent
CVE-2020-5383
@@ -46523,11 +46525,11 @@ CVE-2019-20154 (An issue was discovered in Determine
(formerly Selectica) Contra
CVE-2019-20153 (An issue was discovered in Determine (formerly Selectica)
Contract Lif ...)
NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
CVE-2019-20152 (An XSS issue was discovered in TreasuryXpress 19191105. Due to
the lac ...)
- TODO: check
+ NOT-FOR-US: TreasuryXpress
CVE-2019-20151 (An XSS issue was discovered in TreasuryXpress 19191105. Due to
the lac ...)
- TODO: check
+ NOT-FOR-US: TreasuryXpress
CVE-2019-20150 (In TreasuryXpress 19191105, a logged-in user can discover
saved creden ...)
- TODO: check
+ NOT-FOR-US: TreasuryXpress
CVE-2020-5128
RESERVED
CVE-2020-5127
@@ -47411,9 +47413,9 @@ CVE-2020-4689
CVE-2020-4688
RESERVED
CVE-2020-4687 (IBM Content Navigator 3.0.7 and 3.0.8 could allow an
authenticated use ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4686 (IBM Spectrum Virtualize 8.3.1 could allow a remote user
authenticated ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4685
RESERVED
CVE-2020-4684
@@ -47479,7 +47481,7 @@ CVE-2020-4655
CVE-2020-4654
RESERVED
CVE-2020-4653 (IBM Planning Analytics 2.0 could allow a remote attacker to
conduct ph ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4652
RESERVED
CVE-2020-4651
@@ -47489,7 +47491,7 @@ CVE-2020-4650
CVE-2020-4649
RESERVED
CVE-2020-4648 (A vulnerability exsists in IBM Planning Analytics 2.0 whereby
avatars ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4647
RESERVED
CVE-2020-4646
@@ -47689,7 +47691,7 @@ CVE-2020-4550 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2
could allow a local attac
CVE-2020-4549 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to
execute ...)
NOT-FOR-US: IBM
CVE-2020-4548 (IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper
input ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4547
RESERVED
CVE-2020-4546
@@ -48023,7 +48025,7 @@ CVE-2020-4383
CVE-2020-4382
RESERVED
CVE-2020-4381 (IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through
5.3.6 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4380 (IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site
scripting. ...)
NOT-FOR-US: IBM
CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than
expected c ...)
@@ -48641,9 +48643,9 @@ CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and
before version 1.7.6.6, th
CVE-2020-4073
RESERVED
CVE-2020-4072 (In generator-jhipster-kotlin version 1.6.0 log entries are
created for ...)
- TODO: check
+ NOT-FOR-US: generator-jhipster-kotlin
CVE-2020-4071 (In django-basic-auth-ip-whitelist before 0.3.4, a potential
timing att ...)
- TODO: check
+ NOT-FOR-US: django-basic-auth-ip-whitelist
CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is
a cros ...)
TODO: check
CVE-2020-4069
@@ -48854,9 +48856,9 @@ CVE-2020-3978
CVE-2020-3977
RESERVED
CVE-2020-3976 (VMware ESXi and vCenter Server contain a partial denial of
service vul ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3975 (VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4
prior ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3974 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for
Mac (11. ...)
NOT-FOR-US: VMware
CVE-2020-3973 (The VeloCloud Orchestrator does not apply correct input
validation whi ...)
@@ -50321,7 +50323,7 @@ CVE-2020-3683
CVE-2020-3682
RESERVED
CVE-2020-3681 (Authenticated and encrypted payload MMEs can be forged and
remotely se ...)
- TODO: check
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3680 (A race condition can occur when using the fastrpc memory
mapping API. ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3679
@@ -50973,11 +50975,11 @@ CVE-2020-3504
CVE-2020-3503
RESERVED
CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex
Meetings ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3501 (Multiple vulnerabilities in the user interface of Cisco Webex
Meetings ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3500 (A vulnerability in the IPv6 implementation of Cisco StarOS
could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3499
RESERVED
CVE-2020-3498
@@ -51036,7 +51038,7 @@ CVE-2020-3474
CVE-2020-3473
RESERVED
CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings
could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3471
RESERVED
CVE-2020-3470
@@ -51052,9 +51054,9 @@ CVE-2020-3466
CVE-2020-3465
RESERVED
CVE-2020-3464 (A vulnerability in the web-based management interface of Cisco
UCS Dir ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3463 (A vulnerability in the web-based management interface of Cisco
Webex M ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3462 (A vulnerability in the web-based management interface of Cisco
Data Ce ...)
NOT-FOR-US: Cisco
CVE-2020-3461 (A vulnerability in the web-based management interface of Cisco
Data Ce ...)
@@ -51082,11 +51084,11 @@ CVE-2020-3451
CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco
Vision ...)
NOT-FOR-US: Cisco
CVE-2020-3449 (A vulnerability in the Border Gateway Protocol (BGP) additional
paths ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3448 (A vulnerability in an access control mechanism of Cisco Cyber
Vision C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3447 (A vulnerability in the CLI of Cisco AsyncOS for Cisco Email
Security A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3446
RESERVED
CVE-2020-3445
@@ -51110,11 +51112,11 @@ CVE-2020-3437 (A vulnerability in the web-based
management interface of Cisco SD
CVE-2020-3436
RESERVED
CVE-2020-3435 (A vulnerability in the interprocess communication (IPC) channel
of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3434 (A vulnerability in the interprocess communication (IPC) channel
of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3433 (A vulnerability in the interprocess communication (IPC) channel
of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3432
RESERVED
CVE-2020-3431
@@ -51154,11 +51156,11 @@ CVE-2020-3415
CVE-2020-3414
RESERVED
CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of
Cisco Web ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3412 (A vulnerability in the scheduled meeting template feature of
Cisco Web ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3411 (A vulnerability in Cisco DNA Center software could allow an
unauthenti ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3410
RESERVED
CVE-2020-3409
@@ -51254,7 +51256,7 @@ CVE-2020-3365
CVE-2020-3364 (A vulnerability in the access control list (ACL) functionality
of the ...)
NOT-FOR-US: Cisco
CVE-2020-3363 (A vulnerability in the IPv6 packet processing engine of Cisco
Small Bu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3362 (A vulnerability in the CLI of Cisco Network Services
Orchestrator (NSO ...)
NOT-FOR-US: Cisco
CVE-2020-3361 (A vulnerability in Cisco Webex Meetings and Cisco Webex
Meetings Serve ...)
@@ -51291,7 +51293,7 @@ CVE-2020-3348 (Multiple vulnerabilities in the
web-based management interface of
CVE-2020-3347 (A vulnerability in Cisco Webex Meetings Desktop App for Windows
could ...)
NOT-FOR-US: Cisco
CVE-2020-3346 (A vulnerability in the web UI of Cisco Unified Communications
Manager ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3345 (A vulnerability in certain web pages of Cisco Webex Meetings
and Cisco ...)
NOT-FOR-US: Cisco
CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector
Software an ...)
@@ -52182,7 +52184,7 @@ CVE-2020-2983 (Vulnerability in the Oracle Data Masking
and Subsetting product o
CVE-2020-2982 (Vulnerability in the Enterprise Manager Base Platform product
of Oracl ...)
NOT-FOR-US: Oracle
CVE-2020-2981 (Vulnerability in the Data Store component of Oracle Berkeley
DB. The s ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2980
RESERVED
CVE-2020-2979
@@ -53543,7 +53545,7 @@ CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows
attackers to trigger inf
CVE-2019-19644
RESERVED
CVE-2019-19643 (ise smart connect KNX Vaillant 1.2.839 contain a Denial of
Service. ...)
- TODO: check
+ NOT-FOR-US: ise smart connect KNX Vaillant
CVE-2019-19642 (On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and
BIOS 02 ...)
NOT-FOR-US: SuperMicro
CVE-2019-19641
@@ -54597,7 +54599,7 @@ CVE-2020-2037
CVE-2020-2036
RESERVED
CVE-2020-2035 (When SSL/TLS Forward Proxy Decryption mode has been configured
to decr ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2020-2034 (An OS Command Injection vulnerability in the PAN-OS
GlobalProtect port ...)
NOT-FOR-US: Palo Alto Networks
CVE-2020-2033 (When the pre-logon feature is enabled, a missing certification
validat ...)
@@ -60436,7 +60438,7 @@ CVE-2019-18621
CVE-2019-18620
RESERVED
CVE-2019-18619 (Incorrect parameter validation in the synaTee component of
Synaptics W ...)
- TODO: check
+ NOT-FOR-US: Synaptics
CVE-2019-18618 (Incorrect access control in the firmware of Synaptics VFS75xx
family f ...)
NOT-FOR-US: firmware of Synaptics VFS75xx family fingerprint sensors
CVE-2019-18617
@@ -64906,7 +64908,7 @@ CVE-2019-17353 (An issue discovered on D-Link DIR-615
devices with firmware vers
CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there
is a vul ...)
NOT-FOR-US: JFinal
CVE-2019-17339 (The VirtualRouter component of TIBCO Software Inc.'s TIBCO
Silver Fabr ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-17338 (The user interface component of TIBCO Software Inc.'s TIBCO
Patterns - ...)
NOT-FOR-US: TIBCO
CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
@@ -67511,7 +67513,7 @@ CVE-2019-16391 (SPIP before 3.1.11 and 3.2 before 3.2.5
allows authenticated vis
NOTE:
https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79
NOTE:
https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66
CVE-2019-16374 (Pega Platform 8.2.1 allows LDAP injection because a username
can conta ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2019-16373
RESERVED
CVE-2019-16372
@@ -67957,7 +67959,7 @@ CVE-2019-16246 (Intesync Solismed 3.3sp1 allows Local
File Inclusion (LFI), a di
CVE-2019-16245 (OMERO before 5.6.1 makes the details of each user available to
all use ...)
NOT-FOR-US: OMERO
CVE-2019-16244 (OMERO.server before 5.6.1 allows attackers to bypass the
security filt ...)
- TODO: check
+ NOT-FOR-US: OMERO
CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an
undocument ...)
NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an
engineerin ...)
@@ -82359,37 +82361,37 @@ CVE-2019-11864
CVE-2019-11863
RESERVED
CVE-2019-11862 (The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows
traffic pr ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2019-11861
RESERVED
CVE-2019-11860
RESERVED
CVE-2019-11859 (A buffer overflow exists in the SMS handler API of ALEOS
before 4.13.0 ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2019-11858 (Multiple buffer overflow vulnerabilities exist in the
AceManager Web A ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2019-11857 (Lack of input sanitization in AceManager of ALEOS before
4.12.0, 4.9.5 ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2019-11856 (A nonce reuse vulnerability exists in the ACEView service of
ALEOS bef ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2019-11855 (An RPC server is enabled by default on the gateway's LAN of
ALEOS befo ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2019-11854
RESERVED
CVE-2019-11853 (Several potential command injections vulnerabilities exist in
the AT c ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2019-11852 (An out-of-bounds reads vulnerability exists in the ACEView
Service of ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2019-11851
RESERVED
CVE-2019-11850 (A stack overflow vulnerabiltity exist in the AT command
interface of A ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2019-11849 (A stack overflow vulnerabiltity exists in the AT command APIs
of ALEOS ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2019-11848 (An API abuse vulnerability exists in the AT command API of
ALEOS befor ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2019-11847 (An improper privilege management vulnerabitlity exists in
ALEOS before ...)
- TODO: check
+ NOT-FOR-US: ALEOS
CVE-2018-20837 (include/admin/Menu/Ajax.php in Typesetter 5.1 has
index.php/Admin/Menu ...)
NOT-FOR-US: Typesetter CMS
CVE-2019-11846 (/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1
allows XS ...)
@@ -95776,7 +95778,7 @@ CVE-2019-7412 (The PS PHPCaptcha WP plugin before
v1.2.0 for WordPress mishandle
CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop
Launcher ...)
NOT-FOR-US: MyThemeShop Launcher plugin for WordPress
CVE-2019-7410 (There is stored cross site scripting (XSS) in Galileo CMS
v0.042. Remo ...)
- TODO: check
+ NOT-FOR-US: Galileo CMS
CVE-2019-7409 (Multiple cross-site scripting (XSS) vulnerabilities in
ProfileDesign C ...)
NOT-FOR-US: ProfileDesign CMS
CVE-2019-7408
@@ -98734,7 +98736,7 @@ CVE-2018-20705
CVE-2018-20704
RESERVED
CVE-2019-6258 (D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and
older allow ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-6257 (A Server Side Request Forgery (SSRF) vulnerability in elFinder
before ...)
NOT-FOR-US: elFinder
CVE-2019-6256 (A Denial of Service issue was discovered in the LIVE555
Streaming Medi ...)
@@ -100605,7 +100607,7 @@ CVE-2019-5593 (Improper permission or value checking
in the CLI console may allo
CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE,
GOLDENDOODLE, ...)
NOT-FOR-US: Fortinet
CVE-2019-5591 (A Default Configuration vulnerability in FortiOS may allow an
unauthen ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet
FortiWeb ...)
NOT-FOR-US: Fortinet
CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online
Installer (W ...)
@@ -254366,9 +254368,9 @@ CVE-2014-9754 (The hardware VPN client in Viprinet
MultichannelVPN Router 300 ve
CVE-2015-8075
REJECTED
CVE-2015-8033 (In Textpattern 4.5.7, the password-reset feature does not
securely tet ...)
- TODO: check
+ NOT-FOR-US: Textpattern
CVE-2015-8032 (In Textpattern 4.5.7, an unprivileged author can change an
article's m ...)
- TODO: check
+ NOT-FOR-US: Textpattern
CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not
properly d ...)
{DSA-3430-1}
- libxml2 2.9.3+dfsg1-1 (bug #803942)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3747246b54b81e6360ff53c1ac616126604d238
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3747246b54b81e6360ff53c1ac616126604d238
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
