[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 10 20:54:05 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
99764f6b by Salvatore Bonaccorso at 2020-11-10T21:53:27+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,7 +57,7 @@ CVE-2020-28373 (upnpd on certain NETGEAR devices allows remote (LAN) attackers t
CVE-2020-28372
RESERVED
CVE-2020-28371 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...)
- TODO: check
+ NOT-FOR-US: ReadyTalk Avian
CVE-2020-28370
RESERVED
CVE-2020-28369
@@ -72,7 +72,7 @@ CVE-2020-28366
CVE-2020-28365
RESERVED
CVE-2020-28364 (A stored cross-site scripting (XSS) vulnerability affects the Web UI i ...)
- TODO: check
+ NOT-FOR-US: Locust
CVE-2020-28363
RESERVED
CVE-2020-28362
@@ -2213,7 +2213,7 @@ CVE-2020-28057
CVE-2020-28056
RESERVED
CVE-2020-28055 (A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 ...)
- TODO: check
+ NOT-FOR-US: TCL Android Smart TV series
CVE-2020-28054
RESERVED
CVE-2020-28053
@@ -2408,7 +2408,7 @@ CVE-2020-27984
CVE-2020-27983
RESERVED
CVE-2020-27982 (IceWarp 11.4.5.0 allows XSS via the language parameter. ...)
- TODO: check
+ NOT-FOR-US: IceWarp Webmail Server
CVE-2020-27981
REJECTED
CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WL ...)
@@ -2418,7 +2418,7 @@ CVE-2020-27979
CVE-2020-27978 (Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service ...)
NOT-FOR-US: Shibboleth Identify Provider (Debian only packages the SP)
CVE-2020-27977 (CapaSystems CapaInstaller before 6.0.101 does not properly assign, mod ...)
- TODO: check
+ NOT-FOR-US: CapaSystems CapaInstaller
CVE-2020-27976 (osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remot ...)
NOT-FOR-US: osCommerce Phoenix CE
CVE-2020-27975 (osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php ...)
@@ -4224,7 +4224,7 @@ CVE-2020-27405
CVE-2020-27404
RESERVED
CVE-2020-27403 (A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 ...)
- TODO: check
+ NOT-FOR-US: TCL Android Smart TV series
CVE-2020-27402 (The HK1 Box S905X3 TV Box contains a vulnerability that allows a local ...)
NOT-FOR-US: HK1 Box S905X3 TV Box
CVE-2020-27401
@@ -10870,7 +10870,7 @@ CVE-2020-24386
CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...)
NOT-FOR-US: FreeBSD and MidnightBSD
CVE-2020-24384 (A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GU ...)
- TODO: check
+ NOT-FOR-US: A10 Networks
CVE-2020-24383
RESERVED
CVE-2020-24382
@@ -10957,7 +10957,7 @@ CVE-2020-24355 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and p
CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...)
NOT-FOR-US: Zyxel
CVE-2020-24353 (Pega Platform before 8.4.0 has a XSS issue via stream rule parameters ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2020-24352 (An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory ...)
- qemu <unfixed> (unimportant; bug #968820)
[buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
@@ -13418,15 +13418,15 @@ CVE-2020-23142
CVE-2020-23141
RESERVED
CVE-2020-23140 (Microweber 1.1.18 is affected by insufficient session expiration. When ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2020-23139 (Microweber 1.1.18 is affected by broken authentication and session man ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2020-23138 (An unrestricted file upload vulnerability was discovered in the Microw ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2020-23137
RESERVED
CVE-2020-23136 (Microweber v1.1.18 is affected by no session expiry after log-out. ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2020-23135
RESERVED
CVE-2020-23134
@@ -29823,7 +29823,7 @@ CVE-2020-15299 (A reflected Cross-Site Scripting (XSS) Vulnerability in the King
CVE-2020-15298
RESERVED
CVE-2020-15297 (Insufficient validation in the Bitdefender Update Server and BEST Rela ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2020-15296
RESERVED
CVE-2020-15295
@@ -32902,9 +32902,9 @@ CVE-2020-14191
CVE-2020-14190
RESERVED
CVE-2020-14189 (The execute function in in the Atlassian gajira-comment GitHub Action ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-14188 (The preprocessArgs function in the Atlassian gajira-create GitHub Acti ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-14187
RESERVED
CVE-2020-14186
@@ -37294,7 +37294,7 @@ CVE-2020-12487
CVE-2020-12486
RESERVED
CVE-2020-12485 (The frame touch module does not make validity judgments on parameter l ...)
- TODO: check
+ NOT-FOR-US: Vivo
CVE-2020-12484
RESERVED
CVE-2020-12483
@@ -56708,7 +56708,7 @@ CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML
CVE-2020-5389 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...)
NOT-FOR-US: Dell
CVE-2020-5388 (Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5387 (Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Ex ...)
NOT-FOR-US: Dell
CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99764f6bfe28bff934ca1d0c2adb1fd50ece6c01
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99764f6bfe28bff934ca1d0c2adb1fd50ece6c01
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201110/01dc2a04/attachment.html>
More information about the debian-security-tracker-commits
mailing list