[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 23 20:22:34 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a59dd15c by Salvatore Bonaccorso at 2020-12-23T21:21:53+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -791,7 +791,7 @@ CVE-2020-35600
CVE-2020-35599
RESERVED
CVE-2020-35598 (ACS Advanced Comment System 1.0 is affected by Directory Traversal via ...)
- TODO: check
+ NOT-FOR-US: ACS Advanced Comment System
CVE-2020-35597
RESERVED
CVE-2020-35596
@@ -813,13 +813,13 @@ CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for WordP
CVE-2020-35588
RESERVED
CVE-2020-35587 (** DISPUTED ** In Solstice Pod before 3.0.3, the firmware can easily b ...)
- TODO: check
+ NOT-FOR-US: Solstice Pod
CVE-2020-35586 (In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password ...)
- TODO: check
+ NOT-FOR-US: Solstice Pod
CVE-2020-35585 (In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enume ...)
- TODO: check
+ NOT-FOR-US: Solstice Pod
CVE-2020-35584 (In Solstice Pod before 3.0.3, the web services allow users to connect ...)
- TODO: check
+ NOT-FOR-US: Solstice Pod
CVE-2020-35583
RESERVED
CVE-2020-35582
@@ -3499,7 +3499,7 @@ CVE-2020-35372
CVE-2020-35371
RESERVED
CVE-2020-35370 (A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticate ...)
- TODO: check
+ NOT-FOR-US: Raysync
CVE-2020-35369
RESERVED
CVE-2020-35368
@@ -3735,7 +3735,7 @@ CVE-2020-35254
CVE-2020-35253
RESERVED
CVE-2020-35252 (Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter ...)
- TODO: check
+ NOT-FOR-US: User Registration & Login System
CVE-2020-35251
RESERVED
CVE-2020-35250
@@ -5896,11 +5896,11 @@ CVE-2020-29554
CVE-2020-29553
RESERVED
CVE-2020-29552 (An issue was discovered in URVE Build 24.03.2020. By using the _intern ...)
- TODO: check
+ NOT-FOR-US: URVE
CVE-2020-29551 (An issue was discovered in URVE Build 24.03.2020. Using the _internal/ ...)
- TODO: check
+ NOT-FOR-US: URVE
CVE-2020-29550 (An issue was discovered in URVE Build 24.03.2020. The password of an i ...)
- TODO: check
+ NOT-FOR-US: URVE
CVE-2020-29549
RESERVED
CVE-2020-29548
@@ -12002,15 +12002,15 @@ CVE-2020-28076
CVE-2020-28075
RESERVED
CVE-2020-28074 (SourceCodester Online Health Care System 1.0 is affected by SQL Inject ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Online Health Care System
CVE-2020-28073 (SourceCodester Library Management System 1.0 is affected by SQL Inject ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Library Management System
CVE-2020-28072 (A Remote Code Execution vulnerability exists in DourceCodester Alumni ...)
NOT-FOR-US: DourceCodester Alumni Management System
CVE-2020-28071 (SourceCodester Alumni Management System 1.0 is affected by cross-site ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Alumni Management System
CVE-2020-28070 (SourceCodester Alumni Management System 1.0 is affected by SQL injecti ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Alumni Management System
CVE-2020-28069
RESERVED
CVE-2020-28068
@@ -14329,7 +14329,7 @@ CVE-2020-27399
CVE-2020-27398
RESERVED
CVE-2020-27397 (Marital - Online Matrimonial Project In PHP version 1.0 suffers from a ...)
- TODO: check
+ NOT-FOR-US: Marital - Online Matrimonial Project
CVE-2020-27396
RESERVED
CVE-2020-27395
@@ -19500,23 +19500,23 @@ CVE-2019-20916 (The pip package before 19.2 for Python allows Directory Traversa
CVE-2020-25199 (A heap-based buffer overflow vulnerability exists within the WECON Lev ...)
NOT-FOR-US: WECON LeviStudioU
CVE-2020-25198 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
- TODO: check
+ NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
CVE-2020-25197
RESERVED
CVE-2020-25196 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
- TODO: check
+ NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
CVE-2020-25195 (The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM ...)
NOT-FOR-US: Host Engineering
CVE-2020-25194 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
- TODO: check
+ NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
CVE-2020-25193
RESERVED
CVE-2020-25192 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
- TODO: check
+ NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
CVE-2020-25191 (Incorrect permissions are set by default for an API entry-point of a s ...)
NOT-FOR-US: National Instruments Corp. (NI)
CVE-2020-25190 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
- TODO: check
+ NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer overflo ...)
NOT-FOR-US: Paradox IP150
CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...)
@@ -19590,7 +19590,7 @@ CVE-2020-25155 (The affected product transmits unencrypted sensitive information
CVE-2020-25154
RESERVED
CVE-2020-25153 (The built-in web service for MOXA NPort IAW5000A-I/O firmware version ...)
- TODO: check
+ NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
CVE-2020-25152
RESERVED
CVE-2020-25151 (The affected product does not properly validate input, which may allow ...)
@@ -69552,7 +69552,7 @@ CVE-2020-4644 (IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a
CVE-2020-4643 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
CVE-2020-4642 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4641
RESERVED
CVE-2020-4640
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a59dd15c9eaed6016083fee5dc2d04a06a1b2837
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a59dd15c9eaed6016083fee5dc2d04a06a1b2837
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201223/c32f1768/attachment.html>
More information about the debian-security-tracker-commits
mailing list