[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 14 20:30:23 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3ca8748 by Salvatore Bonaccorso at 2020-12-14T21:29:37+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -139,7 +139,7 @@ CVE-2020-35384
CVE-2020-35383
RESERVED
CVE-2020-35382 (SQL Injection in Classbooking before 2.4.1 via the username field of a ...)
- TODO: check
+ NOT-FOR-US: Classbooking
CVE-2020-35381
RESERVED
CVE-2020-35380
@@ -147,7 +147,7 @@ CVE-2020-35380
CVE-2020-35379
RESERVED
CVE-2020-35378 (SQL Injection in the login page in Online Bus Ticket Reservation 1.0 a ...)
- TODO: check
+ NOT-FOR-US: Online Bus Ticket Reservation
CVE-2020-35377
RESERVED
CVE-2020-35376
@@ -227,7 +227,7 @@ CVE-2020-35340
CVE-2020-35339
RESERVED
CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless Multiple ...)
- TODO: check
+ NOT-FOR-US: Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server
CVE-2020-35337
RESERVED
CVE-2020-35336
@@ -720,7 +720,7 @@ CVE-2016-15001
CVE-2020-29670
RESERVED
CVE-2020-29669 (In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Gue ...)
- TODO: check
+ NOT-FOR-US: Macally WIFISD2-2A82 Media and Travel Router
CVE-2020-29668 (Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API ...)
- sympa 6.2.58~dfsg-2 (bug #976020)
NOTE: https://github.com/sympa-community/sympa/issues/1041
@@ -3444,7 +3444,7 @@ CVE-2020-29229
CVE-2020-29228
RESERVED
CVE-2020-29227 (An issue was discovered in Car Rental Management System 1.0. An unauth ...)
- TODO: check
+ NOT-FOR-US: Car Rental Management System
CVE-2020-29226
RESERVED
CVE-2020-29225
@@ -4268,13 +4268,13 @@ CVE-2020-28861
CVE-2020-28860
RESERVED
CVE-2020-28859 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
- TODO: check
+ NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
CVE-2020-28858 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
- TODO: check
+ NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
CVE-2020-28857 (OpenAsset Digital Asset Management (DAM) through 12.0.19, does not cor ...)
- TODO: check
+ NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
CVE-2020-28856 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
- TODO: check
+ NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
CVE-2020-28855
RESERVED
CVE-2020-28854
@@ -16019,7 +16019,7 @@ CVE-2020-25181 (WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffe
CVE-2020-25180
RESERVED
CVE-2020-25179 (GE Healthcare Imaging and Ultrasound Products may allow specific crede ...)
- TODO: check
+ NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
CVE-2020-25178
RESERVED
CVE-2020-25177 (WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer ove ...)
@@ -16027,7 +16027,7 @@ CVE-2020-25177 (WECON PLC Editor Versions 1.3.8 and prior has a stack-based buff
CVE-2020-25176
RESERVED
CVE-2020-25175 (GE Healthcare Imaging and Ultrasound Products may allow specific crede ...)
- TODO: check
+ NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
CVE-2020-25174 (A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3 ...)
NOT-FOR-US: B. Braun OnlineSuite Version AP
CVE-2020-25173
@@ -35633,7 +35633,7 @@ CVE-2020-15735
CVE-2020-15734
RESERVED
CVE-2020-15733 (An Origin Validation Error vulnerability in the SafePay component of B ...)
- TODO: check
+ NOT-FOR-US: Bitdefender Antivirus Plus
CVE-2020-15732
RESERVED
CVE-2020-15731 (An improper Input Validation vulnerability in the code handling file r ...)
@@ -39764,7 +39764,7 @@ CVE-2020-14270
CVE-2020-14269
RESERVED
CVE-2020-14268 (A vulnerability in the MIME message handling of the Notes client (vers ...)
- TODO: check
+ NOT-FOR-US: HCL Notes
CVE-2020-14267
RESERVED
CVE-2020-14266
@@ -41736,7 +41736,7 @@ CVE-2020-13558
CVE-2020-13557
RESERVED
CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP server ...)
- TODO: check
+ NOT-FOR-US: EIP Stack Group OpENer
CVE-2020-13555
RESERVED
CVE-2020-13554
@@ -41792,7 +41792,7 @@ CVE-2020-13532
CVE-2020-13531 (A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 pro ...)
NOT-FOR-US: Pixar OpenUSD
CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...)
- TODO: check
+ NOT-FOR-US: EIP Stack Group OpENer
CVE-2020-13529
RESERVED
CVE-2020-13528
@@ -55011,7 +55011,7 @@ CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library ver
CVE-2020-8909
RESERVED
CVE-2020-8908 (A temp directory creation vulnerability exist in Guava versions prior ...)
- TODO: check
+ NOT-FOR-US: Google Guava
CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
- google-compute-image-packages <unfixed>
NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
@@ -58503,23 +58503,23 @@ CVE-2020-7545 (A CWE-284:Improper Access Control vulnerability exists in EcoStru
CVE-2020-7544 (A CWE-269 Improper Privilege Management vulnerability exists in EcoStr ...)
NOT-FOR-US: EcoStruxure Operator Terminal Expert runtime
CVE-2020-7543 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7542 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7541 (A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7540 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7539 (A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnera ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7538 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: EcoStruxure Control Expert
CVE-2020-7537 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7536 (A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnera ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7535 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7534
RESERVED
CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web Server o ...)
@@ -58938,11 +58938,11 @@ CVE-2020-7341
CVE-2020-7340
RESERVED
CVE-2020-7339 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAf ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7338
RESERVED
CVE-2020-7337 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7336
RESERVED
CVE-2020-7335 (Privilege Escalation vulnerability in Microsoft Windows client McAfee ...)
@@ -63273,11 +63273,11 @@ CVE-2020-5639 (Directory traversal vulnerability in FileZen versions from V3.0.0
CVE-2020-5638 (Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Sma ...)
NOT-FOR-US: desknet's NEO
CVE-2020-5637 (Improper validation of integrity check value vulnerability in Aterm SA ...)
- TODO: check
+ NOT-FOR-US: Aterm SA3500G firmware
CVE-2020-5636 (Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker ...)
- TODO: check
+ NOT-FOR-US: Aterm SA3500G firmware
CVE-2020-5635 (Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker ...)
- TODO: check
+ NOT-FOR-US: Aterm SA3500G firmware
CVE-2020-5634 (ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC ...)
NOT-FOR-US: ELECOM LAN routers
CVE-2020-5633
@@ -71862,21 +71862,21 @@ CVE-2020-2500 (This improper access control vulnerability in Helpdesk allows att
CVE-2020-2499
RESERVED
CVE-2020-2498 (If exploited, this cross-site scripting vulnerability could allow remo ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2497 (If exploited, this cross-site scripting vulnerability could allow remo ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2496 (If exploited, this cross-site scripting vulnerability could allow remo ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2495 (If exploited, this cross-site scripting vulnerability could allow remo ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2494 (This cross-site scripting vulnerability in Music Station allows remote ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2493 (This cross-site scripting vulnerability in Multimedia Console allows r ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2492 (If exploited, the command injection vulnerability could allow remote a ...)
NOT-FOR-US: QNAP
CVE-2020-2491 (This cross-site scripting vulnerability in Photo Station allows remote ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2490 (If exploited, the command injection vulnerability could allow remote a ...)
NOT-FOR-US: QNAP
CVE-2019-19701
@@ -73036,7 +73036,7 @@ CVE-2020-2051
CVE-2020-2050 (An authentication bypass vulnerability exists in the GlobalProtect SSL ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2020-2049 (A local privilege escalation vulnerability exists in Palo Alto Network ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks Cortex XDR Agent
CVE-2020-2048 (An information exposure through log file vulnerability exists where th ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2020-2047
@@ -73094,7 +73094,7 @@ CVE-2020-2022 (An information exposure vulnerability exists in Palo Alto Network
CVE-2020-2021 (When Security Assertion Markup Language (SAML) authentication is enabl ...)
NOT-FOR-US: Palo Alto Networks
CVE-2020-2020 (An improper handling of exceptional conditions vulnerability in Cortex ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks Cortex XDR Agent
CVE-2020-2019
RESERVED
CVE-2020-2018 (An authentication bypass vulnerability in the Panorama context switchi ...)
@@ -115041,7 +115041,7 @@ CVE-2019-7200
CVE-2019-7199
RESERVED
CVE-2019-7198 (This command injection vulnerability allows attackers to execute arbit ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2019-7197 (A stored cross-site scripting (XSS) vulnerability has been reported to ...)
NOT-FOR-US: QNAP
CVE-2019-7196
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3ca8748f78321fb03e1f703da9de37611bcb5ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3ca8748f78321fb03e1f703da9de37611bcb5ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201214/a0279e28/attachment.html>
More information about the debian-security-tracker-commits
mailing list