diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-08-04 09:22:56 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-08-04 09:22:56 +0200 |
commit | 87bfb6d48103c30ac9339d6b6ec431bef8c6f732 (patch) | |
tree | 2e17e91ed2daf598345d6781dc5b7eb37d492a91 /data | |
parent | 6f7f0a2fc48566be7d94d06d9a38ade2e8354b92 (diff) |
NFUs
golang postponed
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2015.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 21 |
2 files changed, 12 insertions, 11 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index a7bf7785ce..dc7561768c 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,5 +1,5 @@ CVE-2015-9549 (A reflected Cross-site Scripting (XSS) vulnerability exists in OcPorta ...) - TODO: check + NOT-FOR-US: OcPortal CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It allows a ...) NOT-FOR-US: Mattermost CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) and KK ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 14a42f66a9..aa60fd19b9 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -27,9 +27,9 @@ CVE-2020-16274 CVE-2020-16273 RESERVED CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is mis ...) - TODO: check + NOT-FOR-US: Kee Vault KeePassRPC CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...) - TODO: check + NOT-FOR-US: Kee Vault KeePassRPC CVE-2020-16270 RESERVED CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...) @@ -301,7 +301,7 @@ CVE-2020-16138 CVE-2020-16137 RESERVED CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permis ...) - TODO: check + NOT-FOR-US: tgstation-server CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buf ...) {DLA-2303-1} - libssh <unfixed> (bug #966560) @@ -1593,6 +1593,7 @@ CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in so - golang-1.15 1.15~rc1-1 - golang-1.14 1.14.6-1 - golang-1.11 <removed> + [buster] - golang-1.11 <postponed> (Minor issue, can be fixed along in next DSA) - golang-1.8 <removed> - golang-1.7 <removed> - golang <removed> @@ -5255,7 +5256,7 @@ CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template op - ruby-kramdown <unfixed> (bug #965305) NOTE: https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.2 ...) - TODO: check + NOT-FOR-US: scratch-vm different from src:scratch CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Libr ...) - libemf 1.0.13-1 (bug #963778) [buster] - libemf <no-dsa> (Minor issue) @@ -5614,7 +5615,7 @@ CVE-2020-13851 (Artica Pandora FMS 7.44 allows remote command execution via the CVE-2020-13850 (Artica Pandora FMS 7.44 has inadequate access controls on a web folder ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout value of 1. ...) - TODO: check + NOT-FOR-US: MQTT protocol flaw CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attac ...) {DLA-2238-1} - pupnp-1.8 <unfixed> (bug #962282) @@ -5685,7 +5686,7 @@ CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature ma CVE-2020-13821 RESERVED CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated reflected XS ...) - TODO: check + NOT-FOR-US: Extreme Management Center CVE-2020-13819 RESERVED CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when <cachestart> ...) @@ -8195,7 +8196,7 @@ CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer ov NOTE: --fuzz-seed in PoC not present until version 4.2.0 NOTE: Crash in CLI tool, no security impact CVE-2020-12739 (A vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could ...) - TODO: check + NOT-FOR-US: Fanuc i Series CNC CVE-2020-12738 RESERVED CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...) @@ -18294,9 +18295,9 @@ CVE-2020-8577 CVE-2020-8576 RESERVED CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows versions prio ...) - TODO: check + NOT-FOR-US: Active IQ Unified Manager CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship with th ...) - TODO: check + NOT-FOR-US: Active IQ Unified Manager CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers ...) NOT-FOR-US: NetApp CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...) @@ -19376,7 +19377,7 @@ CVE-2020-8110 CVE-2020-8109 RESERVED CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...) - TODO: check + NOT-FOR-US: Bitdefender CVE-2020-8107 RESERVED CVE-2020-8106 |