[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 23 06:55:38 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a134559 by Salvatore Bonaccorso at 2020-06-23T07:55:13+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2020-14983
CVE-2020-14982
RESERVED
CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...)
- TODO: check
+ NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS
CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...)
- TODO: check
+ NOT-FOR-US: Sophos Secure Email application for Android
CVE-2020-14979
RESERVED
CVE-2020-14978
@@ -19,21 +19,21 @@ CVE-2020-14975
CVE-2020-14974
RESERVED
CVE-2020-14973 (The loginForm within the general/login.php webpage in webTareas 2.0p8 ...)
- TODO: check
+ NOT-FOR-US: webTareas
CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Pisay Online E-Learning System
CVE-2020-14971
RESERVED
CVE-2020-14970
RESERVED
CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribu ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2020-14968 (An issue was discovered in the jsrsasign package before 8.0.17 for Nod ...)
- TODO: check
+ NOT-FOR-US: jsrsasign
CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18 for Nod ...)
- TODO: check
+ NOT-FOR-US: jsrsasign
CVE-2020-14966 (An issue was discovered in the jsrsasign package through 8.0.18 for No ...)
- TODO: check
+ NOT-FOR-US: jsrsasign
CVE-2020-14965
RESERVED
CVE-2020-14964
@@ -1048,7 +1048,7 @@ CVE-2020-14463
CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box. ...)
TODO: check
CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversa ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5. ...)
NOT-FOR-US: Mattermost
CVE-2020-14459 (An issue was discovered in Mattermost Server before 5.19.0. Attackers ...)
@@ -1904,11 +1904,11 @@ CVE-2020-14206
CVE-2020-14205
RESERVED
CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal ...)
- TODO: check
+ NOT-FOR-US: WebFOCUS Business Intelligence
CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request F ...)
- TODO: check
+ NOT-FOR-US: WebFOCUS Business Intelligence
CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrar ...)
- TODO: check
+ NOT-FOR-US: WebFOCUS Business Intelligence
CVE-2020-14201
RESERVED
CVE-2020-14200
@@ -2282,7 +2282,7 @@ CVE-2020-14051
CVE-2020-14050
RESERVED
CVE-2020-14049 (Viber for Windows up to 13.2.0.39 does not properly quote its custom U ...)
- TODO: check
+ NOT-FOR-US: Viber
CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remo ...)
NOT-FOR-US: Zoho
CVE-2020-14047
@@ -2661,9 +2661,9 @@ CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS vi
CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS. ...)
NOT-FOR-US: Bludit
CVE-2020-13888 (Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, use ...)
- TODO: check
+ NOT-FOR-US: Kordil EDMS
CVE-2020-13887 (documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Comma ...)
- TODO: check
+ NOT-FOR-US: Kordil EDMS
CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module befor ...)
- libcrypt-perl-perl <itp> (bug #907353)
NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14
@@ -3363,13 +3363,13 @@ CVE-2020-13642 (An issue was discovered in the SiteOrigin Page Builder plugin be
CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace plugin befor ...)
NOT-FOR-US: Real-Time Find and Replace plugin for WordPress
CVE-2020-13640 (A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlie ...)
- TODO: check
+ NOT-FOR-US: gVectors wpDiscuz plugin for WordPress
CVE-2020-13639
RESERVED
CVE-2020-13638
RESERVED
CVE-2020-13637 (An issue was discovered in the stashcat app through 3.9.2 for macOS, W ...)
- TODO: check
+ NOT-FOR-US: stashcat app
CVE-2020-13636
RESERVED
CVE-2020-13635
@@ -3709,7 +3709,7 @@ CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecu
CVE-2020-13481
RESERVED
CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ...)
- TODO: check
+ NOT-FOR-US: Verint Workforce Optimization (WFO)
CVE-2020-13479
RESERVED
CVE-2020-13478
@@ -3831,9 +3831,9 @@ CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function
NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11
NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user v ...)
- TODO: check
+ NOT-FOR-US: Victor CMS
CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: Multi-Scheduler plugin for WordPress
CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep ...)
NOT-FOR-US: TrackR
CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...)
@@ -4436,9 +4436,9 @@ CVE-2020-13161
CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...)
NOT-FOR-US: AnyDesk
CVE-2020-13159 (Artica Proxy before 4.30.000000 Community Edition allows OS command in ...)
- TODO: check
+ NOT-FOR-US: Artica Proxy
CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows Directory Tra ...)
- TODO: check
+ NOT-FOR-US: Artica Proxy
CVE-2020-13157
RESERVED
CVE-2020-13156
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a134559ed88c986a1924a231d2567b67fbf9b86
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a134559ed88c986a1924a231d2567b67fbf9b86
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200623/bed99d90/attachment.html>
More information about the debian-security-tracker-commits
mailing list