Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b4321748 by Moritz Muehlenhoff at 2020-10-16T13:49:26+02:00
NFUs
otrs n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2020-27177
RESERVED
CVE-2020-27176 (Mutation XSS exists in Mark Text through 0.16.2 that leads to
Remote C ...)
- TODO: check
+ NOT-FOR-US: Mark Text
CVE-2020-27175
RESERVED
CVE-2020-27174 (In Amazon AWS Firecracker before 0.21.3, and 0.22.x before
0.22.1, the ...)
- TODO: check
+ NOT-FOR-US: Firecracker
CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow
to unlimi ...)
- TODO: check
+ NOT-FOR-US: vm-superio
CVE-2020-27172
RESERVED
CVE-2020-27171
@@ -27,7 +27,7 @@ CVE-2020-27165
CVE-2020-27164
RESERVED
CVE-2020-27163 (phpRedisAdmin before 1.13.2 allows XSS via the login.php
username para ...)
- TODO: check
+ NOT-FOR-US: phpRedisAdmin
CVE-2020-27162
RESERVED
CVE-2020-27161
@@ -469,7 +469,7 @@ CVE-2020-26945 (MyBatis before 3.5.6 mishandles
deserialization of object stream
CVE-2020-26944
RESERVED
CVE-2020-26943 (An issue was discovered in OpenStack blazar-dashboard before
1.3.1, 2. ...)
- TODO: check
+ NOT-FOR-US: blazar-dashboard
CVE-2020-26942
RESERVED
CVE-2020-26941
@@ -1194,9 +1194,9 @@ CVE-2020-26586
CVE-2020-26585
RESERVED
CVE-2020-26584 (An issue was discovered in Sage DPW 2020_06_x before
2020_06_002. The ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2020-26583 (An issue was discovered in Sage DPW 2020_06_x before
2020_06_002. It a ...)
- TODO: check
+ NOT-FOR-US: Sage
CVE-2020-26582 (D-Link DAP-1360U before 3.0.1 devices allow remote
authenticated users ...)
NOT-FOR-US: D-Link
CVE-2020-26581
@@ -2774,9 +2774,9 @@ CVE-2020-25861
CVE-2020-25860
RESERVED
CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite
prior to ve ...)
- TODO: check
+ NOT-FOR-US: Qualcomm QCMAP
CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software
suite prior ...)
- TODO: check
+ NOT-FOR-US: Qualcomm QCMAP
CVE-2020-25857
RESERVED
CVE-2020-25856
@@ -28001,7 +28001,7 @@ CVE-2020-14187
CVE-2020-14186
RESERVED
CVE-2020-14185 (Affected versions of Jira Server allow remote unauthenticated
attacker ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-14184 (Affected versions of Atlassian Jira Server allow remote
attackers to i ...)
NOT-FOR-US: Atlassian
CVE-2020-14183 (Affected versions of Jira Server & Data Center allow a
remote atta ...)
@@ -32325,15 +32325,15 @@ CVE-2020-12506 (Improper Authentication vulnerability
in WAGO 750-8XX series wit
CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series
with FW v ...)
NOT-FOR-US: WAGO
CVE-2020-12504 (Improper Authorization vulnerability of Pepperl+Fuchs P+F
Comtrol Rock ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs
CVE-2020-12503 (Improper Authorization vulnerability of Pepperl+Fuchs P+F
Comtrol Rock ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs
CVE-2020-12502 (Improper Authorization vulnerability of Pepperl+Fuchs P+F
Comtrol Rock ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs
CVE-2020-12501 (Improper Authorization vulnerability of Pepperl+Fuchs P+F
Comtrol Rock ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs
CVE-2020-12500 (Improper Authorization vulnerability of Pepperl+Fuchs P+F
Comtrol Rock ...)
- TODO: check
+ NOT-FOR-US: Pepperl+Fuchs
CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and
earlier an im ...)
NOT-FOR-US: PHOENIX CONTACT PLCnext Engineer
CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx
Express versio ...)
@@ -35547,17 +35547,17 @@ CVE-2019-20637 (An issue was discovered in Varnish
Cache before 6.0.5 LTS, 6.1.x
NOTE: Introduced in
https://github.com/varnishcache/varnish-cache/commit/62932b422f311ed1224f14a216169bcdc1b77a2d
(5.0)
NOTE: Case #3 implies labels introduced in
https://github.com/varnishcache/varnish-cache/commit/34350d5e183ef4e04285729d1f63b784d1bc6454
(5.0)
CVE-2020-11646 (A log information disclosure vulnerability in B&R
GateManager 4260 ...)
- TODO: check
+ NOT-FOR-US: B&R GateManager
CVE-2020-11645 (A denial of service vulnerability in B&R GateManager 4260
and 9250 ...)
- TODO: check
+ NOT-FOR-US: B&R GateManager
CVE-2020-11644 (The information disclosure vulnerability present in B&R
GateManage ...)
- TODO: check
+ NOT-FOR-US: B&R GateManager
CVE-2020-11643 (An information disclosure vulnerability in B&R GateManager
4260 an ...)
- TODO: check
+ NOT-FOR-US: B&R GateManager
CVE-2020-11642 (The local file inclusion vulnerability present in B&R
SiteManager ...)
- TODO: check
+ NOT-FOR-US: B&R SiteManager
CVE-2020-11641 (A local file inclusion vulnerability in B&R SiteManager
versions & ...)
- TODO: check
+ NOT-FOR-US: B&R GateManager
CVE-2020-11640
RESERVED
CVE-2020-11639
@@ -35565,7 +35565,7 @@ CVE-2020-11639
CVE-2020-11638
RESERVED
CVE-2020-11637 (A memory leak in the TFTP service in B&R Automation
Runtime versio ...)
- TODO: check
+ NOT-FOR-US: B&R Automation Runtime
CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has
out-of-bo ...)
{DLA-2241-1}
- linux 5.4.13-1
@@ -44351,7 +44351,7 @@ CVE-2020-8351
CVE-2020-8350 (An authentication bypass vulnerability was reported in Lenovo
ThinkPad ...)
NOT-FOR-US: Lenovo
CVE-2020-8349 (An internal security review has identified an unauthenticated
remote c ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8348 (A DOM-based cross-site scripting (XSS) vulnerability was
reported in L ...)
NOT-FOR-US: Lenovo
CVE-2020-8347 (A reflective cross-site scripting (XSS) vulnerability was
reported in ...)
@@ -46296,7 +46296,7 @@ CVE-2020-7593 (A vulnerability has been identified in
LOGO! 8 BM (incl. SIPLUS v
CVE-2020-7592 (A vulnerability has been identified in SIMATIC HMI Basic Panels
1st Ge ...)
NOT-FOR-US: Siemens
CVE-2020-7591 (A vulnerability has been identified in SIPORT MP (All versions
< 3. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-7590 (A vulnerability has been identified in DCA Vantage Analyzer
(All versi ...)
NOT-FOR-US: DCA Vantage Analyzer
CVE-2020-7589 (A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS
variant ...)
@@ -46837,7 +46837,7 @@ CVE-2020-7336
CVE-2020-7335
RESERVED
CVE-2020-7334 (Improper privilege assignment vulnerability in the installer
McAfee Ap ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7333
RESERVED
CVE-2020-7332
@@ -46851,9 +46851,9 @@ CVE-2020-7329
CVE-2020-7328
RESERVED
CVE-2020-7327 (Improperly implemented security check in McAfee MVISION
Endpoint Detec ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7326 (Improperly implemented security check in McAfee Active Response
(MAR) ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7325 (Privilege Escalation vulnerability in McAfee MVISION Endpoint
prior to ...)
NOT-FOR-US: McAfee
CVE-2020-7324 (Improper Access Control vulnerability in McAfee MVISION
Endpoint prior ...)
@@ -51142,7 +51142,7 @@ CVE-2020-5644
CVE-2020-5643
RESERVED
CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat -
Live su ...)
- TODO: check
+ NOT-FOR-US: Live Chat
CVE-2020-5641
RESERVED
CVE-2020-5640
@@ -62111,7 +62111,8 @@ CVE-2020-1779
CVE-2020-1778
RESERVED
CVE-2020-1777 (Agent names that participates in a chat conversation are
revealed in c ...)
- TODO: check
+ - otrs <not-affected> (Only affects 7.x and 8.x)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-15/
CVE-2020-1776 (When an agent user is renamed or set to invalid the session
belonging ...)
- otrs2 6.0.29-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4321748536f6161317f96e2501429f31cf4d5e4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4321748536f6161317f96e2501429f31cf4d5e4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
