[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sun Nov 22 08:40:33 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd092d2b by Salvatore Bonaccorso at 2020-11-22T09:40:13+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -154,7 +154,7 @@ CVE-2020-28915 (A buffer over-read (at the framebuffer layer) in the fbcon code
[stretch] - linux 4.9.240-1
NOTE: https://git.kernel.org/linus/5af08640795b2b9a940c9266c0260455377ae262
CVE-2020-28914 (An improper file permissions vulnerability affects Kata Containers pri ...)
- TODO: check
+ NOT-FOR-US: Kata Containers
CVE-2020-28913
RESERVED
CVE-2020-28912
@@ -7702,7 +7702,7 @@ CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through
NOTE: https://www.phpmyadmin.net/security/PMASA-2020-5/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/19df63b0365621427697edc185ff7c9c5707c523
CVE-2020-26933 (Trusted Computing Group (TCG) Trusted Platform Module Library Family 2 ...)
- TODO: check
+ NOT-FOR-US: Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification
CVE-2020-26931 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
NOT-FOR-US: Netgear
CVE-2020-26930 (NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect conf ...)
@@ -9166,7 +9166,7 @@ CVE-2020-26238
CVE-2020-26237
RESERVED
CVE-2020-26236 (In ScratchVerifier before commit a603769, an attacker can hijack the v ...)
- TODO: check
+ NOT-FOR-US: ScratchVerifier
CVE-2020-26234
RESERVED
CVE-2020-26233
@@ -9184,7 +9184,7 @@ CVE-2020-26228
CVE-2020-26227
RESERVED
CVE-2020-26226 (In the npm package semantic-release before version 17.2.3, secrets tha ...)
- TODO: check
+ NOT-FOR-US: semantic-release nodejs module
CVE-2020-26225 (In PrestaShop Product Comments before version 4.2.0, an attacker could ...)
NOT-FOR-US: PrestaShop
CVE-2020-26224 (In PrestaShop before version 1.7.6.9 an attacker is able to list all t ...)
@@ -9737,9 +9737,9 @@ CVE-2020-25991
CVE-2020-25990 (WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' ...)
NOT-FOR-US: WebsiteBaker
CVE-2020-25989 (Privilege escalation via arbitrary file write in pritunl electron clie ...)
- TODO: check
+ NOT-FOR-US: pritunl-client
CVE-2020-25988 (UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2 ...)
- TODO: check
+ NOT-FOR-US: Genexis Platinum 4410 Router
CVE-2020-25987 (MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in ...)
NOT-FOR-US: MonoCMS Blog
CVE-2020-25986 (A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 ...)
@@ -11701,7 +11701,7 @@ CVE-2020-25191
CVE-2020-25190
RESERVED
CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer overflo ...)
- TODO: check
+ NOT-FOR-US: Paradox IP150
CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...)
NOT-FOR-US: LAquis SCADA
CVE-2020-25187
@@ -11709,7 +11709,7 @@ CVE-2020-25187
CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 2019-09-2 ...)
NOT-FOR-US: LeviStudioU Release
CVE-2020-25185 (The affected product is vulnerable to five post-authentication buffer ...)
- TODO: check
+ NOT-FOR-US: Paradox IP150
CVE-2020-25184
RESERVED
CVE-2020-25183
@@ -12704,7 +12704,7 @@ CVE-2020-24721 (An issue was discovered in the GAEN (aka Google/Apple Exposure N
CVE-2020-24720
RESERVED
CVE-2020-24719 (Exposed Erlang Cookie could lead to Remote Command Execution (RCE) att ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2020-24718 (bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE th ...)
NOT-FOR-US: bhyve
CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...)
@@ -18945,7 +18945,7 @@ CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php
CVE-2020-21666
RESERVED
CVE-2020-21665 (In fastadmin V1.0.0.20191212_beta, when a user with administrator righ ...)
- TODO: check
+ NOT-FOR-US: fastadmin
CVE-2020-21664
RESERVED
CVE-2020-21663
@@ -42361,7 +42361,7 @@ CVE-2020-11831 (OvoiceManager has system permission to write vulnerability repor
CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system command ...)
NOT-FOR-US: QualityProtect
CVE-2020-11829 (Dynamic loading of services in the backup and restore SDK leads to ele ...)
- TODO: check
+ NOT-FOR-US: com.coloros.codebook (oppo.com)
CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...)
NOT-FOR-US: ColorOS
CVE-2020-11827 (In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak fi ...)
@@ -50217,7 +50217,7 @@ CVE-2020-9051
CVE-2020-9050
RESERVED
CVE-2020-9049 (A vulnerability in specified versions of American Dynamics victor Web ...)
- TODO: check
+ NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls
CVE-2020-9048 (A vulnerability in victor Web Client versions up to and including v5.4 ...)
NOT-FOR-US: Johnson Controls
CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized ...)
@@ -53371,7 +53371,7 @@ CVE-2020-7844
CVE-2020-7843
RESERVED
CVE-2020-7842 (Improper Input validation vulnerability exists in Netis Korea D'live A ...)
- TODO: check
+ NOT-FOR-US: Netis Korea D'live AP
CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT XPLATFORM w ...)
NOT-FOR-US: TOBESOFT XPLATFORM
CVE-2020-7840
@@ -58482,7 +58482,7 @@ CVE-2020-5799
CVE-2020-5798
RESERVED
CVE-2020-5797 (UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180 ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2020-5796 (Improper preservation of permissions in Nagios XI 5.7.4 allows a local ...)
NOT-FOR-US: Nagios XI
CVE-2020-5795 (UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd092d2b004e693def1ee1f0061afe3de554aa0e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd092d2b004e693def1ee1f0061afe3de554aa0e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201122/e6ff4fb4/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list