[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 24 20:31:04 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0865909c by Salvatore Bonaccorso at 2020-11-24T21:29:43+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -89,7 +89,7 @@ CVE-2020-29008
CVE-2020-29007
RESERVED
CVE-2020-29006 (MISP before 2.4.135 lacks an ACL check, related to app/Controller/Gala ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2020-29005
RESERVED
CVE-2020-29004
@@ -113,7 +113,7 @@ CVE-2020-28996
CVE-2020-28995
RESERVED
CVE-2020-28994 (A SQL injection vulnerability was discovered in Karenderia Multiple Re ...)
- TODO: check
+ NOT-FOR-US: Karenderia Multiple Restaurant System
CVE-2020-28993
RESERVED
CVE-2020-28992
@@ -694,7 +694,7 @@ CVE-2020-28728
CVE-2020-28727
RESERVED
CVE-2020-28726 (Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter ...)
- TODO: check
+ NOT-FOR-US: SeedDMS
CVE-2020-28725
RESERVED
CVE-2020-28724 (Open redirect vulnerability in werkzeug before 0.11.6 via a double sla ...)
@@ -4176,15 +4176,15 @@ CVE-2021-0301
CVE-2020-28335
RESERVED
CVE-2020-28334 (Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 ...)
- TODO: check
+ NOT-FOR-US: Barco wePresent WiPG-1600W devices
CVE-2020-28333 (Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affect ...)
- TODO: check
+ NOT-FOR-US: Barco wePresent WiPG-1600W devices
CVE-2020-28332 (Barco wePresent WiPG-1600W devices download code without an Integrity ...)
- TODO: check
+ NOT-FOR-US: Barco wePresent WiPG-1600W devices
CVE-2020-28331 (Barco wePresent WiPG-1600W devices have Improper Access Control. Affec ...)
- TODO: check
+ NOT-FOR-US: Barco wePresent WiPG-1600W devices
CVE-2020-28330 (Barco wePresent WiPG-1600W devices have Unprotected Transport of Crede ...)
- TODO: check
+ NOT-FOR-US: Barco wePresent WiPG-1600W devices
CVE-2020-28329
RESERVED
CVE-2020-28328 (SuiteCRM before 7.11.17 is vulnerable to remote code execution via the ...)
@@ -11217,13 +11217,13 @@ CVE-2020-25477
CVE-2020-25476
RESERVED
CVE-2020-25475 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: SimplePHPscripts News Script PHP Pro
CVE-2020-25474 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site S ...)
- TODO: check
+ NOT-FOR-US: SimplePHPscripts News Script PHP Pro
CVE-2020-25473 (SimplePHPscripts News Script PHP Pro 2.3 does not properly set the Htt ...)
- TODO: check
+ NOT-FOR-US: SimplePHPscripts News Script PHP Pro
CVE-2020-25472 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site R ...)
- TODO: check
+ NOT-FOR-US: SimplePHPscripts News Script PHP Pro
CVE-2020-25471
RESERVED
CVE-2020-25470 (AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability i ...)
@@ -12680,7 +12680,7 @@ CVE-2020-24817
CVE-2020-24816
RESERVED
CVE-2020-24815 (A Server-Side Request Forgery (SSRF) affecting the PDF generation in M ...)
- TODO: check
+ NOT-FOR-US: MicroStrategy
CVE-2020-24814
RESERVED
CVE-2020-24813
@@ -37371,7 +37371,7 @@ CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service
CVE-2020-13621
RESERVED
CVE-2020-13620 (Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF ...)
- TODO: check
+ NOT-FOR-US: Fastweb FASTGate GPON FGA2130FWB devices
CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attack ...)
NOT-FOR-US: Locutus PHP
CVE-2020-13618
@@ -53301,7 +53301,7 @@ CVE-2020-7928 (A user authorized to perform database queries may trigger a read
- mongodb <removed>
NOTE: https://jira.mongodb.org/browse/SERVER-49404
CVE-2020-7927 (Specially crafted API calls may allow an authenticated user who holds ...)
- TODO: check
+ NOT-FOR-US: MongoDB Ops Manager
CVE-2020-7926 (A user authorized to perform database queries may cause denial of serv ...)
- mongodb <removed>
NOTE: https://jira.mongodb.org/browse/SERVER-50170
@@ -54616,7 +54616,7 @@ CVE-2020-7380
CVE-2020-7379
RESERVED
CVE-2020-7378 (CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an ...)
- TODO: check
+ NOT-FOR-US: CRIXP OpenCRX
CVE-2020-7377 (The Metasploit Framework module "auxiliary/admin/http/telpho10_credent ...)
NOT-FOR-US: Metasploit Framework module
CVE-2020-7376 (The Metasploit Framework module "post/osx/gather/enum_osx module" is a ...)
@@ -63017,13 +63017,13 @@ CVE-2020-4005 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-20
CVE-2020-4004 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...)
NOT-FOR-US: VMware
CVE-2020-4003 (VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-4002 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-4001 (The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-4000 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3999
RESERVED
CVE-2020-3998 (VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an inf ...)
@@ -63054,9 +63054,9 @@ CVE-2020-3987 (VMware Workstation (15.x) and Horizon Client for Windows (5.x bef
CVE-2020-3986 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
NOT-FOR-US: VMware
CVE-2020-3985 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3984 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3983
RESERVED
CVE-2020-3982 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0865909cfc8fa2c58cfaf11bfbd3e2947f7817ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0865909cfc8fa2c58cfaf11bfbd3e2947f7817ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201124/2fa1e5c9/attachment.html>
More information about the debian-security-tracker-commits
mailing list