[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 17 20:47:22 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
95b2bfe8 by Salvatore Bonaccorso at 2020-12-17T21:46:53+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -153,7 +153,7 @@ CVE-2020-35478
CVE-2020-35477
RESERVED
CVE-2020-35476 (A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 ...)
- TODO: check
+ NOT-FOR-US: OpenTSDB
CVE-2020-35475
RESERVED
CVE-2020-35474
@@ -868,7 +868,7 @@ CVE-2020-35125
CVE-2020-35124
RESERVED
CVE-2020-35123 (In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 ...)
- TODO: check
+ NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
CVE-2020-35122 (An issue was discovered in the Keysight Database Connector plugin befo ...)
NOT-FOR-US: Keysight Database Connector plugin for Confluence
CVE-2020-35121 (An issue was discovered in the Keysight Database Connector plugin befo ...)
@@ -3242,7 +3242,7 @@ CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that acce
CVE-2020-29437
RESERVED
CVE-2020-29436 (Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with ...)
- TODO: check
+ NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2020-29435
RESERVED
CVE-2020-29434
@@ -4358,11 +4358,11 @@ CVE-2020-28933
CVE-2020-28932
RESERVED
CVE-2020-28931 (Lack of an anti-CSRF token in the entire administrative interface in E ...)
- TODO: check
+ NOT-FOR-US: EPSON
CVE-2020-28930 (A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete us ...)
- TODO: check
+ NOT-FOR-US: Epson
CVE-2020-28929 (Unrestricted access to the log downloader functionality in EPSON EPS T ...)
- TODO: check
+ NOT-FOR-US: Epson
CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...)
{DLA-2474-1}
- musl <unfixed> (bug #975365)
@@ -11561,7 +11561,7 @@ CVE-2020-27201
CVE-2020-27200
RESERVED
CVE-2020-27199 (The Magic Home Pro application 1.5.1 for Android allows Authentication ...)
- TODO: check
+ NOT-FOR-US: Magic Home Pro application for Android
CVE-2020-27198
RESERVED
CVE-2020-27197 (** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ O ...)
@@ -16510,11 +16510,11 @@ CVE-2020-25098
CVE-2020-25097
RESERVED
CVE-2020-25096 (LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Us ...)
- TODO: check
+ NOT-FOR-US: LogRhythm Platform Manager (PM)
CVE-2020-25095 (LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface i ...)
- TODO: check
+ NOT-FOR-US: LogRhythm Platform Manager (PM)
CVE-2020-25094 (LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit ...)
- TODO: check
+ NOT-FOR-US: LogRhythm Platform Manager (PM)
CVE-2020-25093 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.p ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2020-25092 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts ...)
@@ -16705,9 +16705,9 @@ CVE-2020-25013 (JetBrains ToolBox before version 1.18 is vulnerable to a Denial
CVE-2020-25012
RESERVED
CVE-2020-25011 (A sensitive information disclosure vulnerability in Kyland KPS2204 6 P ...)
- TODO: check
+ NOT-FOR-US: Kyland
CVE-2020-25010 (An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Man ...)
- TODO: check
+ NOT-FOR-US: Kyland
CVE-2020-25009
RESERVED
CVE-2020-25008
@@ -26539,7 +26539,7 @@ CVE-2020-20186
CVE-2020-20185
RESERVED
CVE-2020-20184 (GateOne allows remote attackers to execute arbitrary commands via shel ...)
- TODO: check
+ NOT-FOR-US: GateOne
CVE-2020-20183 (Insecure direct object reference vulnerability in Zyxel’s P1302- ...)
NOT-FOR-US: Zyxel
CVE-2020-20182
@@ -34964,11 +34964,11 @@ CVE-2020-16106
CVE-2020-16105
RESERVED
CVE-2020-16104 (SQL Injection vulnerability in Enterprise Data Interface of Gallagher ...)
- TODO: check
+ NOT-FOR-US: Gallagher Command Centre Server
CVE-2020-16103 (Type confusion in Gallagher Command Centre Server allows a remote atta ...)
- TODO: check
+ NOT-FOR-US: Gallagher Command Centre Server
CVE-2020-16102 (Improper Authentication vulnerability in Gallagher Command Centre Serv ...)
- TODO: check
+ NOT-FOR-US: Gallagher Command Centre Server
CVE-2020-16101 (It is possible for an unauthenticated remote DCOM websocket connection ...)
NOT-FOR-US: Gallagher Command Centre Server
CVE-2020-16100 (It is possible for an unauthenticated remote DCOM websocket connection ...)
@@ -37181,11 +37181,11 @@ CVE-2020-15296
CVE-2020-15295
RESERVED
CVE-2020-15294 (Compiler Optimization Removal or Modification of Security-critical Cod ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2020-15293 (Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, Int ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2020-15292 (Lack of validation on data read from guest memory in IntPeGetDirectory ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2020-15291
RESERVED
CVE-2020-15290
@@ -40127,7 +40127,7 @@ CVE-2020-14256
CVE-2020-14255
RESERVED
CVE-2020-14254 (TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v ...)
- TODO: check
+ NOT-FOR-US: HCL BigFix Inventory
CVE-2020-14253
RESERVED
CVE-2020-14252
@@ -40139,7 +40139,7 @@ CVE-2020-14250
CVE-2020-14249
RESERVED
CVE-2020-14248 (BigFix Inventory up to v10.0.2 does not set the secure flag for the se ...)
- TODO: check
+ NOT-FOR-US: HCL BigFix Inventory
CVE-2020-14247
RESERVED
CVE-2020-14246
@@ -40147,7 +40147,7 @@ CVE-2020-14246
CVE-2020-14245
RESERVED
CVE-2020-14244 (A vulnerability in the MIME message handling of the Domino server (ver ...)
- TODO: check
+ NOT-FOR-US: HCL Domino server
CVE-2020-14243
RESERVED
CVE-2020-14242
@@ -54464,7 +54464,7 @@ CVE-2020-9303
CVE-2020-9302
RESERVED
CVE-2020-9301 (Nolan Ray from Apple Information Security identified a security vulner ...)
- TODO: check
+ NOT-FOR-US: Spinnaker
CVE-2020-9300 (The Access Control issues include allowing a regular user to view a re ...)
NOT-FOR-US: Netflix dispatch
CVE-2020-9299 (There were XSS vulnerabilities discovered and reported in the Dispatch ...)
@@ -58200,7 +58200,7 @@ CVE-2020-7839
CVE-2020-7838
RESERVED
CVE-2020-7837 (An issue was discovered in ML Report Program. There is a stack-based b ...)
- TODO: check
+ NOT-FOR-US: ML Report Program
CVE-2020-7836
RESERVED
CVE-2020-7835
@@ -63541,9 +63541,9 @@ CVE-2020-5685
CVE-2020-5684
RESERVED
CVE-2020-5683 (Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2020-5682 (Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Seri ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2020-5681
RESERVED
CVE-2020-5680 (Improper input validation vulnerability in EC-CUBE versions from 3.0.5 ...)
@@ -63577,7 +63577,7 @@ CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App fo
CVE-2020-5666 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series ...)
NOT-FOR-US: Mitsubishi Electric
CVE-2020-5665 (Improper check or handling of exceptional conditions in MELSEC iQ-F se ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi Electric
CVE-2020-5664 (Deserialization of untrusted data vulnerability in XooNIps 3.49 and ea ...)
NOT-FOR-US: XooNIps
CVE-2020-5663 (Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier ...)
@@ -63629,7 +63629,7 @@ CVE-2020-5641 (Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmw
CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and earlier ...)
NOT-FOR-US: OneThird CMS
CVE-2020-5639 (Directory traversal vulnerability in FileZen versions from V3.0.0 to V ...)
- TODO: check
+ NOT-FOR-US: FileZen
CVE-2020-5638 (Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Sma ...)
NOT-FOR-US: desknet's NEO
CVE-2020-5637 (Improper validation of integrity check value vulnerability in Aterm SA ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b2bfe84735550b75c1f74d1aa3361f8dfe6424
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b2bfe84735550b75c1f74d1aa3361f8dfe6424
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201217/3512aae1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list