Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7788a5fb by Salvatore Bonaccorso at 2021-02-06T11:08:09+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -240,7 +240,7 @@ CVE-2021-26725 CVE-2021-26724 RESERVED CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. ...) - TODO: check + NOT-FOR-US: Jenzabar CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because ...) NOT-FOR-US: LinkedIn Oncall CVE-2021-26721 @@ -2422,7 +2422,7 @@ CVE-2021-3231 CVE-2021-3230 RESERVED CVE-2021-3229 (Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4. ...) - TODO: check + NOT-FOR-US: ASUSWRT ASUS RT-AX3000 firmware CVE-2021-3228 RESERVED CVE-2021-3227 @@ -10151,25 +10151,25 @@ CVE-2021-22309 CVE-2021-22308 RESERVED CVE-2021-22307 (There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22306 (There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22305 (There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22304 (There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22303 (There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1( ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22302 (There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22301 (Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22300 (There is an information leak vulnerability in eCNS280_TD versions V100 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22299 (There is a local privilege escalation vulnerability in some Huawei pro ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product. An att ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22297 RESERVED CVE-2021-22296 @@ -10179,9 +10179,9 @@ CVE-2021-22295 CVE-2021-22294 RESERVED CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of HTTP reque ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22292 (There is a denial of service (DoS) vulnerability in eCNS280 versions V ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-22291 RESERVED CVE-2021-22290 @@ -22882,7 +22882,7 @@ CVE-2021-1074 CVE-2021-1073 RESERVED CVE-2021-1072 (NVIDIA GeForce Experience, all versions prior to 3.21, contains a vuln ...) - TODO: check + NOT-FOR-US: NVIDIA GeForce Experience CVE-2021-1071 (NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1 ...) NOT-FOR-US: NVIDIA CVE-2021-1070 (NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and ...) @@ -46327,7 +46327,7 @@ CVE-2020-18726 CVE-2020-18725 RESERVED CVE-2020-18724 (Authenticated stored cross-site scripting (XSS) in the contact name fi ...) - TODO: check + NOT-FOR-US: MDaemon webmail CVE-2020-18723 (Stored cross-site scripting (XSS) in file attachment field in MDaemon ...) NOT-FOR-US: MDaemon webmail CVE-2020-18722 @@ -62690,7 +62690,7 @@ CVE-2020-12124 (A remote command-line injection vulnerability in the /cgi-bin/li CVE-2020-12123 (CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 ...) NOT-FOR-US: WAVLINK CVE-2020-12122 (In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc ...) - TODO: check + NOT-FOR-US: Max Secure Max Spyware Detector CVE-2020-12121 RESERVED CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote ...) @@ -64073,7 +64073,7 @@ CVE-2020-11838 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight CVE-2020-11837 RESERVED CVE-2020-11836 (OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions h ...) - TODO: check + NOT-FOR-US: OPPO Android Phone CVE-2020-11835 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_d ...) NOT-FOR-US: oppo CVE-2020-11834 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the ...) @@ -67303,9 +67303,9 @@ CVE-2020-10860 (An issue was discovered in Avast Antivirus before 20. An Arbitra CVE-2020-10859 (Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated ...) NOT-FOR-US: Zoho CVE-2020-10858 (Zulip Desktop before 5.0.0 allows attackers to perform recording via t ...) - TODO: check + NOT-FOR-US: Zulip Desktop CVE-2020-10857 (Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shel ...) - TODO: check + NOT-FOR-US: Zulip Desktop CVE-2020-10856 RESERVED CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. ...) @@ -68470,11 +68470,11 @@ CVE-2020-10556 CVE-2020-10555 RESERVED CVE-2020-10554 (An issue was discovered in Psyprax beforee 3.2.2. Passwords used to en ...) - TODO: check + NOT-FOR-US: Psyprax CVE-2020-10553 (An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA ...) - TODO: check + NOT-FOR-US: Psyprax CVE-2020-10552 (An issue was discovered in Psyprax before 3.2.2. The Firebird database ...) - TODO: check + NOT-FOR-US: Psyprax CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...) NOT-FOR-US: QQBrowser CVE-2020-10550 @@ -68505,11 +68505,11 @@ CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code e CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of ...) NOT-FOR-US: Untis WebUntis CVE-2020-10539 (An issue was discovered in Epikur before 20.1.1. The Epikur server con ...) - TODO: check + NOT-FOR-US: Epikur CVE-2020-10538 (An issue was discovered in Epikur before 20.1.1. It stores the secret ...) - TODO: check + NOT-FOR-US: Epikur CVE-2020-10537 (An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 serve ...) - TODO: check + NOT-FOR-US: Epikur CVE-2020-10536 RESERVED CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...) @@ -68859,7 +68859,7 @@ CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...) NOT-FOR-US: Technicolor CVE-2020-10375 (An issue was discovered in New Media Smarty before 9.10. Passwords are ...) - TODO: check + NOT-FOR-US: New Media Smarty CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-10373 @@ -69160,7 +69160,7 @@ CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created fi CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...) NOT-FOR-US: Froxlor CVE-2020-10234 (The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 1 ...) - TODO: check + NOT-FOR-US: IObit Advanced SystemCare CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...) - sleuthkit <unfixed> (unimportant) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829 @@ -71034,7 +71034,7 @@ CVE-2020-9455 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 f ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9453 (In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local ...) - TODO: check + NOT-FOR-US: Epson CVE-2020-9452 RESERVED CVE-2020-9451 @@ -71204,11 +71204,11 @@ CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9390 (SquaredUp allowed Stored XSS before version 4.6.0. A user was able to ...) - TODO: check + NOT-FOR-US: SquaredUp CVE-2020-9389 (A username enumeration issue was discovered in SquaredUp before versio ...) - TODO: check + NOT-FOR-US: SquaredUp CVE-2020-9388 (CSRF protection was not present in SquaredUp before version 4.6.0. A C ...) - TODO: check + NOT-FOR-US: SquaredUp CVE-2020-9387 (In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account detai ...) - mahara <removed> CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) @@ -72084,7 +72084,7 @@ CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parame CVE-2020-9015 (** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20 ...) NOT-FOR-US: Arista devices CVE-2020-9014 (In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows loca ...) - TODO: check + NOT-FOR-US: Epson CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...) NOT-FOR-US: Arvato Skillpipe CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People functi ...) @@ -72641,9 +72641,9 @@ CVE-2020-8809 (Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...) NOT-FOR-US: CORSAIR iCUE CVE-2020-8807 (In Electric Coin Company Zcashd before 2.1.1-1, the time offset betwee ...) - TODO: check + NOT-FOR-US: Electric Coin Company Zcashd CVE-2020-8806 (Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigge ...) - TODO: check + NOT-FOR-US: Electric Coin Company Zcashd CVE-2020-8805 RESERVED CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7788a5fb2a7ad4b657157000766dcb90006b7970 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7788a5fb2a7ad4b657157000766dcb90006b7970 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits