Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 52f07ea7 by Salvatore Bonaccorso at 2020-10-02T10:23:45+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5,9 +5,9 @@ CVE-2020-26526 CVE-2020-26525 RESERVED CVE-2020-26524 (CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. ...) - TODO: check + NOT-FOR-US: CodeLathe FileCloud CVE-2020-26523 (Froala Editor before 3.2.2 allows XSS via pasted content. ...) - TODO: check + NOT-FOR-US: Froala Editor CVE-2020-26522 RESERVED CVE-2020-26521 @@ -17,7 +17,7 @@ CVE-2020-26520 CVE-2020-26519 (fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during pixmap si ...) TODO: check CVE-2020-26518 (Artica Pandora FMS before 743 allows unauthenticated attackers to cond ...) - TODO: check + NOT-FOR-US: Artica Pandora FMS CVE-2020-26517 RESERVED CVE-2020-26516 @@ -22798,7 +22798,7 @@ CVE-2019-20904 CVE-2019-20903 (The hyperlinks functionality in atlaskit/editor-core in before version ...) TODO: check CVE-2019-20902 (Upgrading Crowd via XML Data Transfer can reactivate a disabled user f ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2019-20901 (The login.jsp resource in Jira before version 8.5.2, and from version ...) NOT-FOR-US: Atlassian CVE-2019-20900 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) @@ -26412,7 +26412,7 @@ CVE-2020-14225 CVE-2020-14224 RESERVED CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scri ...) - TODO: check + NOT-FOR-US: HCL Digital Experience CVE-2020-14222 RESERVED CVE-2020-14221 @@ -27184,7 +27184,7 @@ CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public NOTE: https://issues.apache.org/jira/browse/SOLR-14561 NOTE: https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2 CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and v ...) - TODO: check + NOT-FOR-US: Apache NiFi CVE-2020-13939 RESERVED CVE-2020-13938 @@ -29836,9 +29836,9 @@ CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolet CVE-2020-12871 RESERVED CVE-2020-12870 (RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username ...) - TODO: check + NOT-FOR-US: RainbowFish PacsOne Server CVE-2020-12869 (RainbowFish PacsOne Server 6.8.4 allows XSS. ...) - TODO: check + NOT-FOR-US: RainbowFish PacsOne Server CVE-2020-12868 RESERVED CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...) @@ -30306,7 +30306,7 @@ CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remot CVE-2020-12716 RESERVED CVE-2020-12715 (RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. ...) - TODO: check + NOT-FOR-US: RainbowFish PacsOne Server CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual Applia ...) NOT-FOR-US: CipherMail CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...) @@ -39987,7 +39987,7 @@ CVE-2020-9493 CVE-2020-9492 RESERVED CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by ...) - TODO: check + NOT-FOR-US: Apache NiFi CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted valu ...) {DSA-4757-1} - apache2 2.4.46-1 @@ -40012,9 +40012,9 @@ CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache L NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b (release-2.x) NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb (master) CVE-2020-9487 (In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time pass ...) - TODO: check + NOT-FOR-US: Apache NiFi CVE-2020-9486 (In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine p ...) - TODO: check + NOT-FOR-US: Apache NiFi CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and below. A sto ...) - airflow <itp> (bug #819700) CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...) @@ -43416,7 +43416,7 @@ CVE-2020-8111 CVE-2020-8110 RESERVED CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that results ...) - TODO: check + NOT-FOR-US: Bitdefender CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...) NOT-FOR-US: Bitdefender CVE-2020-8107 @@ -47007,7 +47007,7 @@ CVE-2020-6656 CVE-2020-6655 RESERVED CVE-2020-6654 (A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configu ...) - TODO: check + NOT-FOR-US: Eaton CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 & prior stores the user l ...) NOT-FOR-US: Eaton CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...) @@ -49272,17 +49272,17 @@ CVE-2020-5791 CVE-2020-5790 RESERVED CVE-2020-5789 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...) - TODO: check + NOT-FOR-US: Teltonika CVE-2020-5788 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...) - TODO: check + NOT-FOR-US: Teltonika CVE-2020-5787 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...) - TODO: check + NOT-FOR-US: Teltonika CVE-2020-5786 (Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 all ...) - TODO: check + NOT-FOR-US: Teltonika CVE-2020-5785 (Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04 ...) - TODO: check + NOT-FOR-US: Teltonika CVE-2020-5784 (Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 al ...) - TODO: check + NOT-FOR-US: Teltonika CVE-2020-5783 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does n ...) NOT-FOR-US: IgniteNet HeliOS GLinq CVE-2020-5782 (In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ...) @@ -50162,7 +50162,7 @@ CVE-2020-5389 CVE-2020-5388 RESERVED CVE-2020-5387 (Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Ex ...) - TODO: check + NOT-FOR-US: Dell CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource ...) NOT-FOR-US: EMC CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f07ea74552c76cbc7fb5d57be046c6882b9e22 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f07ea74552c76cbc7fb5d57be046c6882b9e22 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits