Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 77e47aee by Moritz Muehlenhoff at 2020-09-04T11:08:35+02:00 NFUs libetpan no-dsa new xpdf issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -85,13 +85,13 @@ CVE-2020-25107 CVE-2020-25106 RESERVED CVE-2020-25105 (eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recove ...) - TODO: check + NOT-FOR-US: eramba CVE-2020-25104 (eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted f ...) - TODO: check + NOT-FOR-US: eramba CVE-2020-25103 RESERVED CVE-2020-25102 (silverstripe-advancedreports (aka the Advanced Reports module for Silv ...) - TODO: check + NOT-FOR-US: silverstripe-advancedreports CVE-2020-25101 RESERVED CVE-2020-25125 (GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, le ...) @@ -259,11 +259,11 @@ CVE-2020-25025 (The l10nmgr (aka Localization Manager) extension before 7.4.0, 8 CVE-2020-25024 RESERVED CVE-2020-25023 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrC ...) - TODO: check + NOT-FOR-US: Noise-Java CVE-2020-25022 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallba ...) - TODO: check + NOT-FOR-US: Noise-Java CVE-2020-25021 (An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCi ...) - TODO: check + NOT-FOR-US: Noise-Java CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectRe ...) NOT-FOR-US: MPXJ CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...) @@ -291,11 +291,11 @@ CVE-2020-25008 CVE-2020-25007 RESERVED CVE-2020-25006 (Heybbs v1.2 has a SQL injection vulnerability in login.php file via th ...) - TODO: check + NOT-FOR-US: Heybbs CVE-2020-25005 (Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ...) - TODO: check + NOT-FOR-US: Heybbs CVE-2020-25004 (Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ...) - TODO: check + NOT-FOR-US: Heybbs CVE-2020-25003 RESERVED CVE-2020-25002 @@ -305,12 +305,13 @@ CVE-2020-25001 CVE-2020-25000 RESERVED CVE-2020-24999 (There is an invalid memory access in the function fprintf located in E ...) - TODO: check + - xpdf <undetermined> CVE-2020-24998 RESERVED CVE-2020-24997 RESERVED CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...) + - xpdf <undetermined> TODO: check CVE-2020-24995 RESERVED @@ -423,9 +424,9 @@ CVE-2020-24943 CVE-2020-24942 RESERVED CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24. ...) - TODO: check + NOT-FOR-US: Laravel CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...) - TODO: check + NOT-FOR-US: Laravel CVE-2020-24939 RESERVED CVE-2020-24938 @@ -553,7 +554,7 @@ CVE-2020-24878 CVE-2020-24877 RESERVED CVE-2020-24876 (Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 ...) - TODO: check + NOT-FOR-US: Pancake CVE-2020-24875 RESERVED CVE-2020-24874 @@ -579,7 +580,7 @@ CVE-2020-24865 CVE-2020-24864 RESERVED CVE-2020-24863 (A memory corruption vulnerability was found in the kernel function ker ...) - TODO: check + NOT-FOR-US: FreeBSD and MidnightBSD CVE-2020-24862 RESERVED CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20 for R ...) @@ -1579,7 +1580,7 @@ CVE-2020-24387 CVE-2020-24386 RESERVED CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...) - TODO: check + NOT-FOR-US: FreeBSD and MidnightBSD CVE-2020-24384 RESERVED CVE-2020-24383 @@ -2083,7 +2084,7 @@ CVE-2020-24160 (Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijack CVE-2020-24159 (NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can ...) NOT-FOR-US: NetEase Youdao Dictionary CVE-2020-24158 (360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which ...) - TODO: check + NOT-FOR-US: 360 Speed Browser CVE-2020-24157 RESERVED CVE-2020-24156 @@ -2772,13 +2773,13 @@ CVE-2020-23816 CVE-2020-23815 RESERVED CVE-2020-23814 (Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 ...) - TODO: check + NOT-FOR-US: xxl-job CVE-2020-23813 RESERVED CVE-2020-23812 RESERVED CVE-2020-23811 (xxl-job 2.2.0 allows Information Disclosure of username, model, and pa ...) - TODO: check + NOT-FOR-US: xxl-job CVE-2020-23810 RESERVED CVE-2020-23809 @@ -18672,6 +18673,7 @@ CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 commu CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other ...) {DLA-2329-1} - libetpan <unfixed> (bug #966647) + [buster] - libetpan <no-dsa> (Minor issue) NOTE: https://github.com/dinhvh/libetpan/issues/386 NOTE: https://github.com/dinhvh/libetpan/pull/387 NOTE: https://github.com/dinhvh/libetpan/pull/388 @@ -28405,9 +28407,9 @@ CVE-2020-12250 CVE-2020-12249 RESERVED CVE-2020-12248 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) - TODO: check + NOT-FOR-US: Foxit CVE-2020-12247 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) - TODO: check + NOT-FOR-US: Foxit CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other & ...) NOT-FOR-US: Beeline Smart Box CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...) @@ -31280,7 +31282,7 @@ CVE-2020-11581 (An issue was discovered in Pulse Secure Pulse Connect Secure (PC CVE-2020-11580 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11579 (An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. instal ...) - TODO: check + NOT-FOR-US: Chadha PHPKB CVE-2020-11578 RESERVED CVE-2020-11577 @@ -31498,7 +31500,7 @@ CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c i [buster] - linux 4.19.118-1 NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpaletho...@suse.com/ CVE-2020-11493 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) - TODO: check + NOT-FOR-US: Foxit CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. ...) NOT-FOR-US: Docker Desktop on Windows CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...) @@ -39071,7 +39073,7 @@ CVE-2020-8578 CVE-2020-8577 RESERVED CVE-2020-8576 (Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 a ...) - TODO: check + NOT-FOR-US: ONTAP CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows versions prio ...) NOT-FOR-US: Active IQ Unified Manager CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship with th ...) @@ -40985,7 +40987,7 @@ CVE-2020-7832 CVE-2020-7831 (A vulnerability in the web-based contract management service interface ...) NOT-FOR-US: Inogard Ebiz4u CVE-2020-7830 (RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability tha ...) - TODO: check + NOT-FOR-US: RAONWIZ CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...) NOT-FOR-US: DaviewIndy CVE-2020-7828 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...) @@ -45270,61 +45272,61 @@ CVE-2020-6146 CVE-2020-6145 (An SQL injection vulnerability exists in the frappe.desk.reportview.ge ...) NOT-FOR-US: ERPNext CVE-2020-6144 (A remote code execution vulnerability exists in the install functional ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6143 (A remote code execution vulnerability exists in the install functional ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6142 (A remote code execution vulnerability exists in the Modules.php functi ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6141 (An exploitable SQL injection vulnerability exists in the login functio ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6140 (SQL injection vulnerability exists in the password reset functionality ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6139 (SQL injection vulnerability exists in the password reset functionality ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6138 (SQL injection vulnerability exists in the password reset functionality ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6137 (SQL injection vulnerability exists in the password reset functionality ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6136 (An exploitable SQL injection vulnerability exists in the DownloadWindo ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6135 (An exploitable SQL injection vulnerability exists in the Validator.php ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6134 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6133 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6132 (SQL injection vulnerability exists in the ID parameters of OS4Ed openS ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6131 (SQL injection vulnerabilities exist in the course_period_id parameters ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6130 (SQL injection vulnerabilities exist in the course_period_id parameters ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6129 (SQL injection vulnerabilities exist in the course_period_id parameters ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6128 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6127 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6126 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6125 (An exploitable SQL injection vulnerability exists in the GetSchool.php ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6124 (An exploitable sql injection vulnerability exists in the email paramet ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6123 (An exploitable sql injection vulnerability exists in the email paramet ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6122 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6121 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6120 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6119 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6118 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6117 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) - TODO: check + NOT-FOR-US: OS4Ed openSIS CVE-2020-6116 RESERVED CVE-2020-6115 @@ -46088,9 +46090,9 @@ CVE-2020-5781 CVE-2020-5780 RESERVED CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates t ...) - TODO: check + NOT-FOR-US: Trading Technologies Messaging CVE-2020-5778 (A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) du ...) - TODO: check + NOT-FOR-US: Trading Technologies Messaging CVE-2020-5777 (MAGMI versions prior to 0.7.24 are vulnerable to a remote authenticati ...) NOT-FOR-US: MAGMI CVE-2020-5776 (Currently, all versions of MAGMI are vulnerable to CSRF due to the lac ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e47aee3d446ec9eb71ec33af0bf3560444a495 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77e47aee3d446ec9eb71ec33af0bf3560444a495 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits