[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 24 08:33:02 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
74d105a6 by Salvatore Bonaccorso at 2020-12-24T09:32:39+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2020-35678
RESERVED
CVE-2020-35677 (BigProf Online Invoicing System before 4.0 fails to adequately sanitiz ...)
- TODO: check
+ NOT-FOR-US: BigProf Online Invoicing System
CVE-2020-35676 (BigProf Online Invoicing System before 3.1 fails to correctly sanitize ...)
- TODO: check
+ NOT-FOR-US: BigProf Online Invoicing System
CVE-2020-35675 (BigProf Online Invoicing System before 3.0 offers a functionality that ...)
- TODO: check
+ NOT-FOR-US: BigProf Online Invoicing System
CVE-2020-35674 (BigProf Online Invoicing System before 2.9 suffers from an unauthentic ...)
- TODO: check
+ NOT-FOR-US: BigProf Online Invoicing System
CVE-2020-35673
RESERVED
CVE-2020-35672
@@ -29850,11 +29850,11 @@ CVE-2020-20143
CVE-2020-20142 (Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" compon ...)
TODO: check
CVE-2020-20141 (Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) compone ...)
- TODO: check
+ NOT-FOR-US: Flexmonster Pivot Table & Charts
CVE-2020-20140 (Cross Site Scripting (XSS) vulnerability in Remote Report component un ...)
- TODO: check
+ NOT-FOR-US: Flexmonster Pivot Table & Charts
CVE-2020-20139 (Cross Site Scripting (XSS) vulnerability in the Remote JSON component ...)
- TODO: check
+ NOT-FOR-US: Flexmonster Pivot Table & Charts
CVE-2020-20138 (Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow mo ...)
NOT-FOR-US: CMS Made Simple (CMSMS)
CVE-2020-20137
@@ -44142,9 +44142,9 @@ CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to use
CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery ( ...)
NOT-FOR-US: Shopware
CVE-2020-13969 (CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx ...)
- TODO: check
+ NOT-FOR-US: CRK Business Platform
CVE-2020-13968 (CRK Business Platform <= 2019.1 allows can inject SQL statements ag ...)
- TODO: check
+ NOT-FOR-US: CRK Business Platform
CVE-2020-13967
RESERVED
CVE-2020-13966
@@ -50943,11 +50943,11 @@ CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an unin
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/134
CVE-2020-11720 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)
- TODO: check
+ NOT-FOR-US: Programi Bilanc
CVE-2020-11719 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)
- TODO: check
+ NOT-FOR-US: Programi Bilanc
CVE-2020-11718 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)
- TODO: check
+ NOT-FOR-US: Programi Bilanc
CVE-2020-11717 (An issue was discovered in Programi 014 31.01.2020. It has multiple SQ ...)
NOT-FOR-US: Programi
CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices throu ...)
@@ -66785,13 +66785,13 @@ CVE-2020-5686
CVE-2020-5685
RESERVED
CVE-2020-5684 (iSM client versions from V5.1 prior to V12.1 running on NEC Storage Ma ...)
- TODO: check
+ NOT-FOR-US: iSM client
CVE-2020-5683 (Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v ...)
NOT-FOR-US: GROWI
CVE-2020-5682 (Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Seri ...)
NOT-FOR-US: GROWI
CVE-2020-5681 (Untrusted search path vulnerability in self-extracting files created b ...)
- TODO: check
+ NOT-FOR-US: EpsonNet SetupManager
CVE-2020-5680 (Improper input validation vulnerability in EC-CUBE versions from 3.0.5 ...)
NOT-FOR-US: EC-CUBE
CVE-2020-5679 (Improper restriction of rendered UI layers or frames in EC-CUBE versio ...)
@@ -75458,11 +75458,11 @@ CVE-2020-2507
CVE-2020-2506
RESERVED
CVE-2020-2505 (If exploited, this vulnerability could allow attackers to gain sensiti ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2504 (If exploited, this absolute path traversal vulnerability could allow a ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2503 (If exploited, this stored cross-site scripting vulnerability could all ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2502
RESERVED
CVE-2020-2501
@@ -75470,7 +75470,7 @@ CVE-2020-2501
CVE-2020-2500 (This improper access control vulnerability in Helpdesk allows attacker ...)
NOT-FOR-US: QNAP
CVE-2020-2499 (A hard-coded password vulnerability has been reported to affect earlie ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2498 (If exploited, this cross-site scripting vulnerability could allow remo ...)
NOT-FOR-US: QNAP
CVE-2020-2497 (If exploited, this cross-site scripting vulnerability could allow remo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d105a6343787ef5e6f000966cbd84ae7daf767
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d105a6343787ef5e6f000966cbd84ae7daf767
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201224/cbe3bc48/attachment.html>
More information about the debian-security-tracker-commits
mailing list