[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 28 06:12:43 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e6d15f9a by Salvatore Bonaccorso at 2020-08-28T07:12:11+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -668,7 +668,7 @@ CVE-2020-24392
CVE-2020-24391
RESERVED
CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...)
- TODO: check
+ NOT-FOR-US: EyesOfNetwork (EON)
CVE-2020-24389
RESERVED
CVE-2020-24388
@@ -1089,7 +1089,7 @@ CVE-2020-24205
CVE-2020-24204
RESERVED
CVE-2020-24203 (Insecure File Permissions and Arbitrary File Upload in the upload pic ...)
- TODO: check
+ NOT-FOR-US: Projects World Travel Management System
CVE-2020-24202 (File Upload component in Projects World House Rental v1.0 suffers from ...)
NOT-FOR-US: Projects World House Rental
CVE-2020-24201
@@ -1527,7 +1527,7 @@ CVE-2020-23986
CVE-2020-23985
RESERVED
CVE-2020-23984 (Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-s ...)
- TODO: check
+ NOT-FOR-US: Online Hotel Booking System Pro PHP
CVE-2020-23983 (Michael-design iChat Realtime PHP Live Support System 1.6 has persiste ...)
NOT-FOR-US: Michael-design iChat Realtime PHP Live Support System
CVE-2020-23982 (DesignMasterEvents Conference management 1.0.0 has cross site scriptin ...)
@@ -1547,7 +1547,7 @@ CVE-2020-23976 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Inje
CVE-2020-23975 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scr ...)
NOT-FOR-US: Webexcels Ecommerce CMS
CVE-2020-23974 (Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting ...)
- TODO: check
+ NOT-FOR-US: Create-Project Manager
CVE-2020-23973 (KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php ...)
NOT-FOR-US: KandNconcepts Club CMS
CVE-2020-23972 (In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can ...)
@@ -2177,7 +2177,7 @@ CVE-2020-23661
CVE-2020-23660 (webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." ...)
TODO: check
CVE-2020-23659 (WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the " ...)
- TODO: check
+ NOT-FOR-US: WebPort
CVE-2020-23658 (PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infus ...)
NOT-FOR-US: PHP-Fusion
CVE-2020-23657 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...)
@@ -2343,7 +2343,7 @@ CVE-2020-23578
CVE-2020-23577
RESERVED
CVE-2020-23576 (Laborator Neon dashboard v3 is affected by stored Cross Site Scripting ...)
- TODO: check
+ NOT-FOR-US: Laborator Neon dashboard
CVE-2020-23575
RESERVED
CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...)
@@ -20717,9 +20717,9 @@ CVE-2020-14731
CVE-2020-14730
RESERVED
CVE-2020-14729 (Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracl ...)
- TODO: check
+ NOT-FOR-US: Oracle NetSuite
CVE-2020-14728 (Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle NetSuite
CVE-2020-14727
RESERVED
CVE-2020-14726
@@ -23207,7 +23207,7 @@ CVE-2020-13865 (The Elementor Page Builder plugin before 2.9.9 for WordPress suf
CVE-2020-13864 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...)
NOT-FOR-US: Elementor Page Builder plugin for WordPress
CVE-2020-13863 (The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2020-13862
RESERVED
CVE-2020-13861
@@ -23304,7 +23304,7 @@ CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature ma
[buster] - node-elliptic <no-dsa> (Minor issue)
NOTE: https://github.com/indutny/elliptic/issues/226
CVE-2020-13821 (An issue was discovered in HiveMQ Broker Control Center 4.3.2. A craft ...)
- TODO: check
+ NOT-FOR-US: HiveMQ Broker Control Center
CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated reflected XS ...)
NOT-FOR-US: Extreme Management Center
CVE-2020-13819 (Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS vi ...)
@@ -23534,7 +23534,7 @@ CVE-2020-13769
CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via ...)
NOT-FOR-US: MiniShare
CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could allow an u ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2020-13766
RESERVED
CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the rel ...)
@@ -23925,7 +23925,7 @@ CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an
CVE-2020-13618
RESERVED
CVE-2020-13617 (The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...)
NOT-FOR-US: pichi
CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification ...)
@@ -24370,7 +24370,7 @@ CVE-2020-13412 (An issue was discovered in Aviatrix Controller before 5.4.1204.
CVE-2020-13411
RESERVED
CVE-2020-13410 (An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not ...)
- TODO: check
+ NOT-FOR-US: MoscaJS Aedes
CVE-2020-13409
RESERVED
CVE-2020-13408
@@ -25703,7 +25703,7 @@ CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe v1.0
CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTrac ...)
NOT-FOR-US: COVIDSafe
CVE-2020-12855 (A Host header injection vulnerability has been discovered in SecZetta ...)
- TODO: check
+ NOT-FOR-US: SecZetta NEProfile
CVE-2020-12854 (A remote code execution vulnerability was identified in SecZetta NEPro ...)
NOT-FOR-US: SecZetta NEProfile
CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...)
@@ -26729,7 +26729,7 @@ CVE-2020-12457 (An issue was discovered in wolfSSL before 4.5.0. It mishandles t
NOTE: https://github.com/wolfSSL/wolfssl/commit/df1b7f34f173cfc2968ce12e8fcd2fd8bcc61a59 (v4.5.0-stable)
NOTE: https://github.com/wolfSSL/wolfssl/pull/2927
CVE-2020-12456 (A remote code execution vulnerability in Mitel MiVoice Connect Client ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2020-12455
RESERVED
CVE-2020-12454
@@ -29077,7 +29077,7 @@ CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate p
CVE-2020-11798 (A Directory Traversal vulnerability in the web conference component of ...)
NOT-FOR-US: Mitel
CVE-2020-11797 (An Authentication Bypass vulnerability in the Published Area of the we ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...)
NOT-FOR-US: JetBrains Space
CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was ...)
@@ -39919,7 +39919,7 @@ CVE-2020-7833
CVE-2020-7832
RESERVED
CVE-2020-7831 (A vulnerability in the web-based contract management service interface ...)
- TODO: check
+ NOT-FOR-US: Inogard Ebiz4u
CVE-2020-7830
RESERVED
CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...)
@@ -39933,7 +39933,7 @@ CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions conta
CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...)
NOT-FOR-US: MiPlatform
CVE-2020-7824 (A vulnerability in the web-based management interface of iPECS could a ...)
- TODO: check
+ NOT-FOR-US: iPECS
CVE-2020-7823 (DaviewIndy has a Memory corruption vulnerability, triggered when the u ...)
NOT-FOR-US: DaviewIndy
CVE-2020-7822 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d15f9af87b5fc9277e2bc7ef5e574ad4117266
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d15f9af87b5fc9277e2bc7ef5e574ad4117266
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200828/76cebc21/attachment.html>
More information about the debian-security-tracker-commits
mailing list