[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 30 20:33:41 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5d104288 by Salvatore Bonaccorso at 2020-12-30T21:33:16+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4220,9 +4220,9 @@ CVE-2020-35243 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection
CVE-2020-35242 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
NOT-FOR-US: Flamingo (aka FlamingoIM)
CVE-2020-35241 (FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog ...)
- TODO: check
+ NOT-FOR-US: FlatPress
CVE-2020-35240 (FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Con ...)
- TODO: check
+ NOT-FOR-US: FluxBB
CVE-2020-35239
RESERVED
CVE-2020-35238
@@ -4358,7 +4358,7 @@ CVE-2020-35175 (Frappe Framework 12 and 13 does not properly validate the HTTP m
CVE-2020-35174
RESERVED
CVE-2020-35173 (The Amaze File Manager application before 3.4.2 for Android does not p ...)
- TODO: check
+ NOT-FOR-US: Amaze File Manager application for Android
CVE-2020-35172
RESERVED
CVE-2020-35171
@@ -6784,7 +6784,7 @@ CVE-2021-1627
CVE-2021-1626
RESERVED
CVE-2020-29477 (Invision Community 4.5.4 is affected by cross-site scripting (XSS) in ...)
- TODO: check
+ NOT-FOR-US: Invision Community
CVE-2020-29476
RESERVED
CVE-2020-29475 (nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in th ...)
@@ -6800,7 +6800,7 @@ CVE-2020-29471 (OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in th
CVE-2020-29470 (OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subj ...)
NOT-FOR-US: OpenCart
CVE-2020-29469 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu ...)
- TODO: check
+ NOT-FOR-US: WonderCMS
CVE-2020-29468
RESERVED
CVE-2020-29467
@@ -7325,17 +7325,17 @@ CVE-2020-29235
CVE-2020-29234
RESERVED
CVE-2020-29233 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page ...)
- TODO: check
+ NOT-FOR-US: WonderCMS
CVE-2020-29232
RESERVED
CVE-2020-29231 (EGavilanMedia User Registration and Login System With Admin Panel 1.0 ...)
- TODO: check
+ NOT-FOR-US: EGavilanMedia User Registration and Login System With Admin Panel
CVE-2020-29230 (EGavilanMedia User Registration and Login System With Admin Panel 1.0 ...)
- TODO: check
+ NOT-FOR-US: EGavilanMedia User Registration and Login System With Admin Panel
CVE-2020-29229
RESERVED
CVE-2020-29228 (EGavilanMedia User Registration and Login System With Admin Panel 1.0 ...)
- TODO: check
+ NOT-FOR-US: EGavilanMedia User Registration and Login System With Admin Panel
CVE-2020-29227 (An issue was discovered in Car Rental Management System 1.0. An unauth ...)
NOT-FOR-US: Car Rental Management System
CVE-2020-29226
@@ -8008,7 +8008,7 @@ CVE-2020-28926 (ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote co
NOTE: https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/
NOTE: https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a (v1_3_0)
CVE-2020-28925 (Bolt before 3.7.2 does not restrict filter options in a Request in the ...)
- TODO: check
+ NOT-FOR-US: Bolt CMS
CVE-2020-28924 (An issue was discovered in Rclone before 1.53.3. Due to the use of a w ...)
- rclone 1.53.3-1 (bug #975324)
[buster] - rclone <not-affected> (Vulnerable code introduced later)
@@ -8414,11 +8414,11 @@ CVE-2020-28738
CVE-2020-28737
RESERVED
CVE-2020-28736 (Plone before 5.2.3 allows XXE attacks via a feature that is protected ...)
- TODO: check
+ NOT-FOR-US: Plone
CVE-2020-28735 (Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (onl ...)
- TODO: check
+ NOT-FOR-US: Plone
CVE-2020-28734 (Plone before 5.2.3 allows XXE attacks via a feature that is explicitly ...)
- TODO: check
+ NOT-FOR-US: Plone
CVE-2020-28733
RESERVED
CVE-2020-28732
@@ -10349,7 +10349,7 @@ CVE-2020-28366 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection
NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
NOTE: https://github.com/golang/go/issues/42559
CVE-2020-28365 (** UNSUPPORTED WHEN ASSIGNED ** Sentrifugo 3.2 allows Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2020-28364 (A stored cross-site scripting (XSS) vulnerability affects the Web UI i ...)
NOT-FOR-US: Locust
CVE-2020-28363
@@ -13185,7 +13185,7 @@ CVE-2020-27850
CVE-2020-27849
RESERVED
CVE-2020-27848 (dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /ap ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2020-27847
RESERVED
NOT-FOR-US: github.com/dexidp/dex
@@ -66987,11 +66987,11 @@ CVE-2020-5813
CVE-2020-5812
RESERVED
CVE-2020-5811 (An authenticated path traversal vulnerability exists during package in ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2020-5810 (A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or curren ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2020-5809 (A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or curren ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2020-5808 (In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could po ...)
NOT-FOR-US: Tenable
CVE-2020-5807 (An unauthenticated remote attacker can send data to RsvcHost.exe liste ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d104288287a7d406e9595d438fa1a3fdf1134c7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d104288287a7d406e9595d438fa1a3fdf1134c7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201230/ff074726/attachment.html>
More information about the debian-security-tracker-commits
mailing list