diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-07-01 17:45:27 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-07-01 17:45:27 +0200 |
commit | 43bf8aae6ab147f31eec0ae6cadb12ff6dc26d8f (patch) | |
tree | e42fed734519b99d6cc1474421986997e84389be /data | |
parent | 6743805119465b4bc756cc0dba10231703a1e983 (diff) |
NFUs
libmediainfo no-dsa
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 40 |
1 files changed, 21 insertions, 19 deletions
diff --git a/data/CVE/list b/data/CVE/list index 7576b980d2..053b71d1a6 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,5 +1,5 @@ CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...) - TODO: check + NOT-FOR-US: Persian VIP Download Script CVE-2020-15467 RESERVED CVE-2020-15466 @@ -145,7 +145,9 @@ CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility ...) TODO: check CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based b ...) - - libmediainfo <unfixed> + - libmediainfo <unfixed> (low) + [buster] - libmediainfo <no-dsa> (Minor issue) + [stretch] - libmediainfo <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/mediainfo/bugs/1127/ CVE-2020-15394 RESERVED @@ -341,7 +343,7 @@ CVE-2020-15309 CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...) NOT-FOR-US: Support Incident Tracker CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS ( ...) - TODO: check + NOT-FOR-US: Nozomi Guardian CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...) - openexr <unfixed> [jessie] - openexr <no-dsa> (Minor issue) @@ -787,11 +789,11 @@ CVE-2020-15089 CVE-2020-15088 RESERVED CVE-2020-15087 (In Presto before version 337, authenticated users can bypass authoriza ...) - TODO: check + NOT-FOR-US: Presto query engine, different from src:presto CVE-2020-15086 RESERVED CVE-2020-15085 (In Saleor Storefront before version 2.10.3, request data used to authe ...) - TODO: check + NOT-FOR-US: Saleor Storefront CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3, the algor ...) TODO: check CVE-2020-15083 @@ -1077,9 +1079,9 @@ CVE-2020-14959 (Multiple XSS vulnerabilities in the Easy Testimonials plugin bef CVE-2020-14958 (In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not ...) NOT-FOR-US: Go Git Service CVE-2020-14957 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...) - TODO: check + NOT-FOR-US: Windows cleaning assistant CVE-2020-14956 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...) - TODO: check + NOT-FOR-US: Windows cleaning assistant CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows l ...) NOT-FOR-US: Jiangmin Antivirus CVE-2020-14953 @@ -2059,7 +2061,7 @@ CVE-2020-14484 CVE-2020-14483 RESERVED CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...) - TODO: check + NOT-FOR-US: Delta Industrial Automation DOPSoft CVE-2020-14481 RESERVED CVE-2020-14480 @@ -2076,7 +2078,7 @@ CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr - dolibarr <removed> NOTE: https://github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08 CVE-2020-14474 (The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on ke ...) - TODO: check + NOT-FOR-US: Cellebrite CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...) NOT-FOR-US: DrayTek CVE-2020-14472 (DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1 ...) @@ -3059,17 +3061,17 @@ CVE-2020-14171 CVE-2020-14170 RESERVED CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data Center be ...) - TODO: check + NOT-FOR-US: Atlasstian CVE-2020-14168 (The email client in Jira Server and Data Center before version 7.13.16 ...) - TODO: check + NOT-FOR-US: Atlasstian CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data Center befo ...) - TODO: check + NOT-FOR-US: Atlasstian CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service Desk Server ...) - TODO: check + NOT-FOR-US: Atlasstian CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server and Dat ...) - TODO: check + NOT-FOR-US: Atlasstian CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center before vers ...) - TODO: check + NOT-FOR-US: Atlasstian CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in ...) NOT-FOR-US: JerryScript CVE-2020-14162 @@ -4909,7 +4911,7 @@ CVE-2020-13445 (In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pa CVE-2020-13444 (Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 9 ...) NOT-FOR-US: Liferay CVE-2020-13443 (ExpressionEngine before 5.3.2 allows remote attackers to upload and ex ...) - TODO: check + NOT-FOR-US: ExpressionEngine CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 t ...) NOT-FOR-US: DEXT5 CVE-2020-13441 @@ -5725,7 +5727,7 @@ CVE-2020-13097 CVE-2020-13096 RESERVED CVE-2020-13095 (Little Snitch version 4.5.1 and older changed ownership of a directory ...) - TODO: check + NOT-FOR-US: Little Snitch CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...) - dolibarr <removed> CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...) @@ -16284,9 +16286,9 @@ CVE-2020-9416 CVE-2020-9415 RESERVED CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) NOT-FOR-US: TIBCO CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) |