Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 543b3c6a by Salvatore Bonaccorso at 2020-11-24T10:21:36+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -180,7 +180,7 @@ CVE-2020-28928 [wcsnrtombs destination buffer overflow] [buster] - musl <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4 CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User Registration sectio ...) - TODO: check + NOT-FOR-US: Magicpin CVE-2020-28926 RESERVED CVE-2020-28925 @@ -9258,7 +9258,7 @@ CVE-2020-26233 CVE-2020-26232 RESERVED CVE-2020-26231 (October is a free, open-source, self-hosted CMS platform based on the ...) - TODO: check + NOT-FOR-US: October CMS CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app for Spa ...) NOT-FOR-US: Radar COVID CVE-2020-26229 (TYPO3 is an open source PHP based web content management system. In TY ...) @@ -13906,7 +13906,7 @@ CVE-2020-24229 CVE-2020-24228 RESERVED CVE-2020-24227 (Playground Sessions v2.5.582 (and earlier) for Windows, stores the use ...) - TODO: check + NOT-FOR-US: Playground Sessions for Windows CVE-2020-24226 RESERVED CVE-2020-24225 @@ -30863,9 +30863,9 @@ CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attack CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary cod ...) NOT-FOR-US: Joplin desktop CVE-2020-15929 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...) - TODO: check + NOT-FOR-US: Ortus TestBox CVE-2020-15928 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...) - TODO: check + NOT-FOR-US: Ortus TestBox CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...) @@ -32663,13 +32663,13 @@ CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule Temp NOTE: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp NOTE: https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae CVE-2020-15249 (October is a free, open-source, self-hosted CMS platform based on the ...) - TODO: check + NOT-FOR-US: October CMS CVE-2020-15248 (October is a free, open-source, self-hosted CMS platform based on the ...) - TODO: check + NOT-FOR-US: October CMS CVE-2020-15247 (October is a free, open-source, self-hosted CMS platform based on the ...) - TODO: check + NOT-FOR-US: October CMS CVE-2020-15246 (October is a free, open-source, self-hosted CMS platform based on the ...) - TODO: check + NOT-FOR-US: October CMS CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...) NOT-FOR-US: Sylius CVE-2020-15244 (In Magento (rubygems openmage/magento-lts package) before versions 19. ...) @@ -58861,7 +58861,7 @@ CVE-2020-5676 CVE-2020-5675 RESERVED CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...) - TODO: check + NOT-FOR-US: SEIKO EPSON products CVE-2020-5673 RESERVED CVE-2020-5672 @@ -58927,7 +58927,7 @@ CVE-2020-5643 (Improper input validation vulnerability in Cybozu Garoon 5.0.0 to CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Live su ...) NOT-FOR-US: Live Chat CVE-2020-5641 (Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware v ...) - TODO: check + NOT-FOR-US: GS108Ev3 firmware CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and earlier ...) NOT-FOR-US: OneThird CMS CVE-2020-5639 @@ -62924,7 +62924,7 @@ CVE-2020-4008 CVE-2020-4007 RESERVED CVE-2020-4006 (VMware Workspace One Access, Access Connector, Identity Manager, and I ...) - TODO: check + NOT-FOR-US: VMware CVE-2020-4005 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...) NOT-FOR-US: VMware CVE-2020-4004 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...) @@ -137996,15 +137996,15 @@ CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the asset CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...) NOT-FOR-US: baijiacms CVE-2018-16723 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...) - TODO: check + NOT-FOR-US: Jingyun Antivirus CVE-2018-16722 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...) - TODO: check + NOT-FOR-US: Jingyun Antivirus CVE-2018-16721 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...) - TODO: check + NOT-FOR-US: Jingyun Antivirus CVE-2018-16720 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...) - TODO: check + NOT-FOR-US: Jingyun Antivirus CVE-2018-16719 (In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows ...) - TODO: check + NOT-FOR-US: Jingyun Antivirus CVE-2018-16718 (An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 ...) NOT-FOR-US: NCBI ToolBox CVE-2018-16717 (A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543b3c6adad82062bc02600e0fc27ad8e062c0c7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543b3c6adad82062bc02600e0fc27ad8e062c0c7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits