From 29e91addcc744a2510e01eb27edbaae37e2fb679 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 25 Nov 2020 19:33:57 +0100 Subject: new nomad issue NFUs more imagemagick triage --- data/CVE/list | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index aebf0a61f7..346e27b60f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2680,7 +2680,7 @@ CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5. CVE-2020-28361 (Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy So ...) TODO: check, this might be specific to Kamailio as used in the specified product CVE-2020-28360 (Insufficient RegEx in private-ip npm package v1.0.5 and below insuffic ...) - TODO: check + NOT-FOR-US: Node private-ip CVE-2020-28359 RESERVED CVE-2020-28358 @@ -2704,7 +2704,8 @@ CVE-2020-28350 (A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sok CVE-2020-28349 (** DISPUTED ** An inaccurate frame deduplication process in ChirpStack ...) NOT-FOR-US: ChirpStack Network Server CVE-2020-28348 (HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker ...) - TODO: check + - nomad + NOTE: https://github.com/hashicorp/nomad/issues/9303 CVE-2020-28347 (tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows rem ...) NOT-FOR-US: TP-Link CVE-2020-28346 @@ -5809,6 +5810,7 @@ CVE-2020-27751 CVE-2020-27750 RESERVED - imagemagick 8:6.9.11.24+dfsg-1 + [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1711 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a81ca9a1b46a96be83682af3389f0a6f3d0d389d NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c7038e710ad0204d6cb37a0229fc55f6f8a8662f @@ -10907,6 +10909,7 @@ CVE-2020-25667 CVE-2020-25666 RESERVED - imagemagick 8:6.9.11.24+dfsg-1 + [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1750 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94691f00839dbdf43edb1508af945ab19b388573 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/91ae12c57f3b9b23f2072462c27a8378b59f395e @@ -12156,7 +12159,7 @@ CVE-2020-25161 CVE-2020-25160 RESERVED CVE-2020-25159 (499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack- ...) - TODO: check + NOT-FOR-US: 499ES CVE-2020-25158 RESERVED CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection ...) @@ -53943,7 +53946,7 @@ CVE-2020-7779 CVE-2020-7778 RESERVED CVE-2020-7777 (This affects all versions of package jsen. If an attacker can control ...) - TODO: check + NOT-FOR-US: Node jsen CVE-2020-7776 RESERVED CVE-2020-7775 -- cgit v1.2.3