Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e84e610 by Salvatore Bonaccorso at 2020-07-01T22:25:26+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2020-15480
CVE-2020-15479
RESERVED
CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of
sensiti ...)
- TODO: check
+ NOT-FOR-US: Journal theme for OpenCart
CVE-2020-15477
RESERVED
CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a
heap-based bu ...)
@@ -53,7 +53,7 @@ CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is
vulnerable to a heap
CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to
a heap-b ...)
TODO: check
CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in
jfif_dec ...)
- TODO: check
+ NOT-FOR-US: ffjpeg
CVE-2020-15469
RESERVED
CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the
cart_edit ...)
@@ -3435,11 +3435,11 @@ CVE-2020-14058 (An issue was discovered in Squid before
4.12 and 5.x before 5.0.
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57
NOTE: Squid in Debian builds without OpenSSL support
CVE-2020-14057 (Monsta FTP 2.10.1 or below allows external control of paths
used in fi ...)
- TODO: check
+ NOT-FOR-US: Monsta FTP
CVE-2020-14056 (Monsta FTP 2.10.1 or below is prone to a server-side request
forgery v ...)
- TODO: check
+ NOT-FOR-US: Monsta FTP
CVE-2020-14055 (Monsta FTP 2.10.1 or below is prone to a stored cross-site
scripting v ...)
- TODO: check
+ NOT-FOR-US: Monsta FTP
CVE-2020-14054 (SOKKIA GNR5 Vanguard WEB version 1.2 (build:
91f2b2c3a04d203d79862f87e ...)
NOT-FOR-US: SOKKIA GNR5 Vanguard WEB
CVE-2020-14053
@@ -5129,13 +5129,13 @@ CVE-2020-13385
CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload
and exec ...)
NOT-FOR-US: Monstra CMS
CVE-2020-13383 (openSIS through 7.4 allows Directory Traversal. ...)
- TODO: check
+ NOT-FOR-US: openSIS
CVE-2020-13382 (openSIS through 7.4 has Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: openSIS
CVE-2020-13381 (openSIS through 7.4 allows SQL Injection. ...)
- TODO: check
+ NOT-FOR-US: openSIS
CVE-2020-13380 (openSIS before 7.4 allows SQL Injection. ...)
- TODO: check
+ NOT-FOR-US: openSIS
CVE-2020-13379 (The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF
Incorrec ...)
- grafana <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/4
@@ -7209,9 +7209,9 @@ CVE-2020-12500
CVE-2020-12499
RESERVED
CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx
Express versio ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC
Worx Expres ...)
- TODO: check
+ NOT-FOR-US: Phoenix
CVE-2020-12496
RESERVED
CVE-2020-12495
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e84e610a76683b2485ff2712dfdf6f5fa252209
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e84e610a76683b2485ff2712dfdf6f5fa252209
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
