[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 19 08:32:38 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d030c3d7 by Salvatore Bonaccorso at 2020-12-19T09:32:13+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16022,7 +16022,7 @@ CVE-2020-26253 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6
CVE-2020-26252
RESERVED
CVE-2020-26251 (Open Zaak is a modern, open-source data- and services-layer to enable ...)
- TODO: check
+ NOT-FOR-US: Open Zaak
CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthent ...)
NOT-FOR-US: JupyterHub login mechanism
CVE-2020-26249 (Red Discord Bot Dashboard is an easy-to-use interactive web dashboard ...)
@@ -17943,9 +17943,9 @@ CVE-2020-25497
CVE-2020-25496
RESERVED
CVE-2020-25495 (A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerl ...)
- TODO: check
+ NOT-FOR-US: Xinuo SCO Openserver
CVE-2020-25494 (Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Xinuo SCO Openserver
CVE-2020-25493
RESERVED
CVE-2020-25492
@@ -28629,11 +28629,11 @@ CVE-2020-20302
CVE-2020-20301
RESERVED
CVE-2020-20300 (SQL injection vulnerability in the wp_where function in WeiPHP 5.0. ...)
- TODO: check
+ NOT-FOR-US: WeiPHP
CVE-2020-20299 (WeiPHP 5.0 does not properly restrict access to pages, related to usin ...)
- TODO: check
+ NOT-FOR-US: WeiPHP
CVE-2020-20298 (Eval injection vulnerability in the parserCommom method in the ParserT ...)
- TODO: check
+ NOT-FOR-US: zzzphp
CVE-2020-20297
RESERVED
CVE-2020-20296
@@ -28659,7 +28659,7 @@ CVE-2020-20287
CVE-2020-20286
RESERVED
CVE-2020-20285 (There is a XSS in the user login page in zzcms 2019. Users can inject ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2020-20284
RESERVED
CVE-2020-20283
@@ -42418,7 +42418,7 @@ CVE-2020-14273
CVE-2020-14272
RESERVED
CVE-2020-14271 (HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scrip ...)
- TODO: check
+ NOT-FOR-US: HCL iNotes
CVE-2020-14270
RESERVED
CVE-2020-14269
@@ -42496,7 +42496,7 @@ CVE-2020-14234 (HCL Domino is susceptible to a Denial of Service vulnerability d
CVE-2020-14233
RESERVED
CVE-2020-14232 (A vulnerability in the input parameter handling of HCL Notes v9 could ...)
- TODO: check
+ NOT-FOR-US: HCL Notes
CVE-2020-14231
RESERVED
CVE-2020-14230 (HCL Domino is susceptible to a Denial of Service vulnerability caused ...)
@@ -42512,7 +42512,7 @@ CVE-2020-14226
CVE-2020-14225
RESERVED
CVE-2020-14224 (A vulnerability in the MIME message handling of the HCL Notes v9 clien ...)
- TODO: check
+ NOT-FOR-US: HCL Notes
CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scri ...)
NOT-FOR-US: HCL Digital Experience
CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scri ...)
@@ -44442,7 +44442,7 @@ CVE-2020-13537 (An exploitable local privilege elevation vulnerability exists in
CVE-2020-13536 (An exploitable local privilege elevation vulnerability exists in the f ...)
NOT-FOR-US: Microsoft
CVE-2020-13535 (A privilege escalation vulnerability exists in Kepware LinkMaster 3.0. ...)
- TODO: check
+ NOT-FOR-US: Kepware LinkMaster
CVE-2020-13534
RESERVED
CVE-2020-13533
@@ -44456,9 +44456,9 @@ CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP serv
CVE-2020-13529
RESERVED
CVE-2020-13528 (An information disclosure vulnerability exists in the Web Manager and ...)
- TODO: check
+ NOT-FOR-US: Lantronix
CVE-2020-13527 (An authentication bypass vulnerability exists in the Web Manager funct ...)
- TODO: check
+ NOT-FOR-US: Lantronix
CVE-2020-13526 (SQL injection vulnerability exists in the handling of sort parameters ...)
NOT-FOR-US: ProcessMaker
CVE-2020-13525 (The sort parameter in the download page /sysworkflow/en/neoclassic/rep ...)
@@ -44474,27 +44474,27 @@ CVE-2020-13521
CVE-2020-13520 (An out of bounds memory corruption vulnerability exists in the way Pix ...)
NOT-FOR-US: Pixar OpenUSD
CVE-2020-13519 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...)
- TODO: check
+ NOT-FOR-US: NZXT CAM
CVE-2020-13518 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
- TODO: check
+ NOT-FOR-US: NZXT CAM
CVE-2020-13517 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
- TODO: check
+ NOT-FOR-US: NZXT CAM
CVE-2020-13516 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
- TODO: check
+ NOT-FOR-US: NZXT CAM
CVE-2020-13515 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...)
- TODO: check
+ NOT-FOR-US: NZXT CAM
CVE-2020-13514 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...)
- TODO: check
+ NOT-FOR-US: NZXT CAM
CVE-2020-13513 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...)
- TODO: check
+ NOT-FOR-US: NZXT CAM
CVE-2020-13512 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...)
- TODO: check
+ NOT-FOR-US: NZXT CAM
CVE-2020-13511 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
- TODO: check
+ NOT-FOR-US: NZXT CAM
CVE-2020-13510 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
- TODO: check
+ NOT-FOR-US: NZXT CAM
CVE-2020-13509 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
- TODO: check
+ NOT-FOR-US: NZXT CAM
CVE-2020-13508
REJECTED
CVE-2020-13507
@@ -46953,19 +46953,19 @@ CVE-2020-12525
CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause the Phoeni ...)
NOT-FOR-US: Phoenix Contact HMIs BTP
CVE-2020-12523 (On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact mGuard Devices
CVE-2020-12522 (The reported vulnerability allows an attacker who has network access t ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2020-12521 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact PLCnext Control Devices
CVE-2020-12520
RESERVED
CVE-2020-12519 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact PLCnext Control Devices
CVE-2020-12518 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact PLCnext Control Devices
CVE-2020-12517 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...)
- TODO: check
+ NOT-FOR-US: Phoenix Contact PLCnext Control Devices
CVE-2020-12516 (Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88 ...)
NOT-FOR-US: WAGO
CVE-2020-12515
@@ -60522,7 +60522,7 @@ CVE-2020-7840
CVE-2020-7839
RESERVED
CVE-2020-7838 (A arbitrary code execution vulnerability exists in the way that the St ...)
- TODO: check
+ NOT-FOR-US: Smilegate STOVE Client
CVE-2020-7837 (An issue was discovered in ML Report Program. There is a stack-based b ...)
NOT-FOR-US: ML Report Program
CVE-2020-7836
@@ -61953,13 +61953,13 @@ CVE-2020-7205 (A potential security vulnerability has been identified in HPE Int
CVE-2020-7204
RESERVED
CVE-2020-7203 (A potential security vulnerability has been identified in HPE iLO Ampl ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7202
RESERVED
CVE-2020-7201 (A potential security vulnerability has been identified in the HPE Stor ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7200 (A potential security vulnerability has been identified in HPE Systems ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7199 (A security vulnerability has been identified in the HPE Edgeline Infra ...)
NOT-FOR-US: HPE
CVE-2020-7198 (There is a remote escalation of privilege possible for a malicious use ...)
@@ -65625,7 +65625,7 @@ CVE-2020-5805
CVE-2020-5804
RESERVED
CVE-2020-5803 (Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allow ...)
- TODO: check
+ NOT-FOR-US: Marvell QConvergeConsole GUI
CVE-2020-5802
RESERVED
CVE-2020-5801
@@ -69772,7 +69772,7 @@ CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site s
CVE-2020-4081
RESERVED
CVE-2020-4080 (HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-4079
RESERVED
CVE-2020-4078
@@ -87148,11 +87148,11 @@ CVE-2019-16959
CVE-2019-16958 (Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 1 ...)
NOT-FOR-US: SolarWinds Web Help Desk
CVE-2019-16957 (SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2019-16956
RESERVED
CVE-2019-16955 (SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG documen ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2019-16954
RESERVED
CVE-2019-16953
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d030c3d7dcc1a23b313f8ae548c194d33bd59f1a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d030c3d7dcc1a23b313f8ae548c194d33bd59f1a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201219/5f9031c1/attachment.html>
More information about the debian-security-tracker-commits
mailing list