Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: bd092d2b by Salvatore Bonaccorso at 2020-11-22T09:40:13+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -154,7 +154,7 @@ CVE-2020-28915 (A buffer over-read (at the framebuffer layer) in the fbcon code [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/5af08640795b2b9a940c9266c0260455377ae262 CVE-2020-28914 (An improper file permissions vulnerability affects Kata Containers pri ...) - TODO: check + NOT-FOR-US: Kata Containers CVE-2020-28913 RESERVED CVE-2020-28912 @@ -7702,7 +7702,7 @@ CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through NOTE: https://www.phpmyadmin.net/security/PMASA-2020-5/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/19df63b0365621427697edc185ff7c9c5707c523 CVE-2020-26933 (Trusted Computing Group (TCG) Trusted Platform Module Library Family 2 ...) - TODO: check + NOT-FOR-US: Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification CVE-2020-26931 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2020-26930 (NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect conf ...) @@ -9166,7 +9166,7 @@ CVE-2020-26238 CVE-2020-26237 RESERVED CVE-2020-26236 (In ScratchVerifier before commit a603769, an attacker can hijack the v ...) - TODO: check + NOT-FOR-US: ScratchVerifier CVE-2020-26234 RESERVED CVE-2020-26233 @@ -9184,7 +9184,7 @@ CVE-2020-26228 CVE-2020-26227 RESERVED CVE-2020-26226 (In the npm package semantic-release before version 17.2.3, secrets tha ...) - TODO: check + NOT-FOR-US: semantic-release nodejs module CVE-2020-26225 (In PrestaShop Product Comments before version 4.2.0, an attacker could ...) NOT-FOR-US: PrestaShop CVE-2020-26224 (In PrestaShop before version 1.7.6.9 an attacker is able to list all t ...) @@ -9737,9 +9737,9 @@ CVE-2020-25991 CVE-2020-25990 (WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' ...) NOT-FOR-US: WebsiteBaker CVE-2020-25989 (Privilege escalation via arbitrary file write in pritunl electron clie ...) - TODO: check + NOT-FOR-US: pritunl-client CVE-2020-25988 (UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2 ...) - TODO: check + NOT-FOR-US: Genexis Platinum 4410 Router CVE-2020-25987 (MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in ...) NOT-FOR-US: MonoCMS Blog CVE-2020-25986 (A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 ...) @@ -11701,7 +11701,7 @@ CVE-2020-25191 CVE-2020-25190 RESERVED CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer overflo ...) - TODO: check + NOT-FOR-US: Paradox IP150 CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...) NOT-FOR-US: LAquis SCADA CVE-2020-25187 @@ -11709,7 +11709,7 @@ CVE-2020-25187 CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 2019-09-2 ...) NOT-FOR-US: LeviStudioU Release CVE-2020-25185 (The affected product is vulnerable to five post-authentication buffer ...) - TODO: check + NOT-FOR-US: Paradox IP150 CVE-2020-25184 RESERVED CVE-2020-25183 @@ -12704,7 +12704,7 @@ CVE-2020-24721 (An issue was discovered in the GAEN (aka Google/Apple Exposure N CVE-2020-24720 RESERVED CVE-2020-24719 (Exposed Erlang Cookie could lead to Remote Command Execution (RCE) att ...) - TODO: check + NOT-FOR-US: Couchbase CVE-2020-24718 (bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE th ...) NOT-FOR-US: bhyve CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...) @@ -18945,7 +18945,7 @@ CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php CVE-2020-21666 RESERVED CVE-2020-21665 (In fastadmin V1.0.0.20191212_beta, when a user with administrator righ ...) - TODO: check + NOT-FOR-US: fastadmin CVE-2020-21664 RESERVED CVE-2020-21663 @@ -42361,7 +42361,7 @@ CVE-2020-11831 (OvoiceManager has system permission to write vulnerability repor CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system command ...) NOT-FOR-US: QualityProtect CVE-2020-11829 (Dynamic loading of services in the backup and restore SDK leads to ele ...) - TODO: check + NOT-FOR-US: com.coloros.codebook (oppo.com) CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...) NOT-FOR-US: ColorOS CVE-2020-11827 (In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak fi ...) @@ -50217,7 +50217,7 @@ CVE-2020-9051 CVE-2020-9050 RESERVED CVE-2020-9049 (A vulnerability in specified versions of American Dynamics victor Web ...) - TODO: check + NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls CVE-2020-9048 (A vulnerability in victor Web Client versions up to and including v5.4 ...) NOT-FOR-US: Johnson Controls CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized ...) @@ -53371,7 +53371,7 @@ CVE-2020-7844 CVE-2020-7843 RESERVED CVE-2020-7842 (Improper Input validation vulnerability exists in Netis Korea D'live A ...) - TODO: check + NOT-FOR-US: Netis Korea D'live AP CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT XPLATFORM w ...) NOT-FOR-US: TOBESOFT XPLATFORM CVE-2020-7840 @@ -58482,7 +58482,7 @@ CVE-2020-5799 CVE-2020-5798 RESERVED CVE-2020-5797 (UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180 ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2020-5796 (Improper preservation of permissions in Nagios XI 5.7.4 allows a local ...) NOT-FOR-US: Nagios XI CVE-2020-5795 (UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd092d2b004e693def1ee1f0061afe3de554aa0e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd092d2b004e693def1ee1f0061afe3de554aa0e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits