[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Jul 18 09:33:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
82c9e2d5 by Salvatore Bonaccorso at 2020-07-18T10:32:53+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2020-15816 (In Western Digital WD Discovery before 4.0.251.0, a malicious applicat ...)
- TODO: check
+ NOT-FOR-US: Western Digital WD Discovery
CVE-2020-15815
RESERVED
CVE-2020-15814
@@ -756,7 +756,7 @@ CVE-2020-15499
CVE-2020-15498
RESERVED
CVE-2020-15497 (jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 ...)
- TODO: check
+ NOT-FOR-US: Jalios JCMS
CVE-2020-15496
RESERVED
CVE-2020-15495
@@ -2890,7 +2890,7 @@ CVE-2020-14513
CVE-2020-14512
RESERVED
CVE-2020-14511 (Malicious operation of the crafted web browser cookie may cause a stac ...)
- TODO: check
+ NOT-FOR-US: EDR routers
CVE-2020-14510
RESERVED
CVE-2020-14509
@@ -5063,7 +5063,7 @@ CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer
CVE-2020-13789
RESERVED
CVE-2020-13788 (Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker wi ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2020-13787 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of ...)
NOT-FOR-US: D-Link
CVE-2020-13786 (D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. ...)
@@ -5957,7 +5957,7 @@ CVE-2020-13407
CVE-2020-13406
RESERVED
CVE-2020-13405 (userfiles/modules/users/controller/controller.php in Microweber before ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2020-13404
RESERVED
CVE-2020-13403
@@ -7216,7 +7216,7 @@ CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether,
CVE-2020-12855
RESERVED
CVE-2020-12854 (A remote code execution vulnerability was identified in SecZetta NEPro ...)
- TODO: check
+ NOT-FOR-US: SecZetta NEProfile
CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...)
NOT-FOR-US: Pydio Cells
CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator user ...)
@@ -7659,7 +7659,7 @@ CVE-2020-12686
CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...)
NOT-FOR-US: Interchange
CVE-2020-12684 (XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer ...)
- TODO: check
+ NOT-FOR-US: i-net Clear Reports
CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
NOT-FOR-US: Katyshop2
CVE-2020-12682
@@ -9366,7 +9366,7 @@ CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all
CVE-2020-12016 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...)
NOT-FOR-US: Baxter
CVE-2020-12015 (A specially crafted communication packet sent to the affected systems ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12013 (A specially crafted WCF client that interfaces to the may allow the ex ...)
@@ -12009,13 +12009,13 @@ CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demons
CVE-2020-11440
RESERVED
CVE-2020-11439 (LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue all ...)
- TODO: check
+ NOT-FOR-US: LibreHealth EMR
CVE-2020-11438 (LibreHealth EMR v2.0.0 is affected by systemic CSRF. ...)
- TODO: check
+ NOT-FOR-US: LibreHealth EMR
CVE-2020-11437 (LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privi ...)
- TODO: check
+ NOT-FOR-US: LibreHealth EMR
CVE-2020-11436 (LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the abilit ...)
- TODO: check
+ NOT-FOR-US: LibreHealth EMR
CVE-2020-11435
RESERVED
CVE-2020-11434
@@ -14587,7 +14587,7 @@ CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based
CVE-2020-10606
RESERVED
CVE-2020-10605 (Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests ...)
- TODO: check
+ NOT-FOR-US: Grundfos CIM
CVE-2020-10604
RESERVED
CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...)
@@ -16671,7 +16671,7 @@ CVE-2020-9690
CVE-2020-9689
RESERVED
CVE-2020-9688 (Adobe Download Manager version 2.0.0.518 have a command injection vuln ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9687
RESERVED
CVE-2020-9686
@@ -16683,7 +16683,7 @@ CVE-2020-9684
CVE-2020-9683
RESERVED
CVE-2020-9682 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9681
RESERVED
CVE-2020-9680
@@ -16701,15 +16701,15 @@ CVE-2020-9675
CVE-2020-9674
RESERVED
CVE-2020-9673 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9672 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9671 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9670 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9669 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9668
RESERVED
CVE-2020-9667
@@ -16747,15 +16747,15 @@ CVE-2020-9652 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bound
CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
NOT-FOR-US: Adobe
CVE-2020-9650 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9649 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds re ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
NOT-FOR-US: Adobe
CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
NOT-FOR-US: Adobe
CVE-2020-9646 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind server- ...)
NOT-FOR-US: Adobe
CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
@@ -17750,21 +17750,21 @@ CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3)
CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 1 ...)
NOT-FOR-US: HUAWEI
CVE-2020-9259 (Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P ...)
NOT-FOR-US: HUAWEI
CVE-2020-9257 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9256 (Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9255 (Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9254 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9253
RESERVED
CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI M ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9251
RESERVED
CVE-2020-9250
@@ -17814,7 +17814,7 @@ CVE-2020-9229
CVE-2020-9228
RESERVED
CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...)
NOT-FOR-US: HUAWEI
CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...)
@@ -18064,9 +18064,9 @@ CVE-2020-9104
CVE-2020-9103
RESERVED
CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Th ...)
NOT-FOR-US: Huawei
CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...)
@@ -26242,7 +26242,7 @@ CVE-2020-5771
CVE-2020-5770
RESERVED
CVE-2020-5769 (Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 ...)
- TODO: check
+ NOT-FOR-US: Teltonika
CVE-2020-5768 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2020-5767 (Cross-site request forgery in Icegram Email Subscribers & Newslett ...)
@@ -26262,13 +26262,13 @@ CVE-2020-5761
CVE-2020-5760
RESERVED
CVE-2020-5759 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2020-5758 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2020-5757 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2020-5756 (Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenti ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2020-5755 (Webroot endpoint agents prior to version v9.0.28.48 did not protect th ...)
NOT-FOR-US: Webroot
CVE-2020-5754 (Webroot endpoint agents prior to version v9.0.28.48 allows remote atta ...)
@@ -28045,9 +28045,9 @@ CVE-2020-5133
CVE-2020-5132
RESERVED
CVE-2020-5131 (SonicWall NetExtender Windows client vulnerable to arbitrary file writ ...)
- TODO: check
+ NOT-FOR-US: SonicWall NetExtender Windows client
CVE-2020-5130 (SonicOS SSLVPN LDAP login request allows remote attackers to cause ext ...)
- TODO: check
+ NOT-FOR-US: SonicOS SSLVPN / SonicWall
CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows a ...)
NOT-FOR-US: SonicWall
CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...)
@@ -30253,7 +30253,7 @@ CVE-2020-4106
CVE-2020-4105
RESERVED
CVE-2020-4104 (HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) wi ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-4103
RESERVED
CVE-2020-4102
@@ -30261,7 +30261,7 @@ CVE-2020-4102
CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...)
NOT-FOR-US: HCL Digital Experience
CVE-2020-4100 ("HCL Verse for Android was found to employ dynamic code loading. This ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-4099
RESERVED
CVE-2020-4098
@@ -30271,7 +30271,7 @@ CVE-2020-4097
CVE-2020-4096
RESERVED
CVE-2020-4095 ("BigFix Platform is storing clear text credentials within the system's ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-4094
RESERVED
CVE-2020-4093
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82c9e2d5b13dc2708ac5fa5172418f2a66e05450
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82c9e2d5b13dc2708ac5fa5172418f2a66e05450
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200718/8b2ec58c/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list