[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Feb 11 09:40:33 GMT 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c157626e by Moritz Muehlenhoff at 2021-02-11T10:40:11+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7593,27 +7593,27 @@ CVE-2021-23885
CVE-2021-23884
RESERVED
CVE-2021-23883 (A Null Pointer Dereference vulnerability in McAfee Endpoint Security ( ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23882 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23881 (A stored cross site scripting vulnerability in ePO extension of McAfee ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23880 (Improper Access Control in attribute in McAfee Endpoint Security (ENS) ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23879
RESERVED
CVE-2021-23878 (Clear text storage of sensitive Information in memory vulnerability in ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23877
RESERVED
CVE-2021-23876 (Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23875
RESERVED
CVE-2021-23874 (Arbitrary Process Execution vulnerability in McAfee Total Protection ( ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23873 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-23872
RESERVED
CVE-2021-23871
@@ -11292,7 +11292,7 @@ CVE-2021-22135
CVE-2021-22134
RESERVED
CVE-2021-22133 (The Elastic APM agent for Go versions before 1.11.0 can leak sensitive ...)
- TODO: check
+ NOT-FOR-US: Elastic APM agent
CVE-2021-22132 (Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosu ...)
- elasticsearch <removed>
CVE-2021-22131
@@ -21985,9 +21985,9 @@ CVE-2020-28873
CVE-2020-28872
RESERVED
CVE-2020-28871 (Remote code execution in Monitorr v1.7.6m in upload.php allows an unau ...)
- TODO: check
+ NOT-FOR-US: Monitorr
CVE-2020-28870 (In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: InoERP
CVE-2020-28869
RESERVED
CVE-2020-28868
@@ -24146,11 +24146,11 @@ CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All
CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...)
NOT-FOR-US: Siemens
CVE-2020-28394 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-28393
RESERVED
CVE-2020-28392 (A vulnerability has been identified in SIMARIS configuration (All vers ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-28391 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Siemens
CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core (V8.2), ...)
@@ -24158,7 +24158,7 @@ CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core (
CVE-2020-28389
RESERVED
CVE-2020-28388 (A vulnerability has been identified in Nucleus NET (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-28387
RESERVED
CVE-2020-28386 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
@@ -27055,11 +27055,11 @@ CVE-2020-27859 (This vulnerability allows remote attackers to disclose sensitive
CVE-2020-27858 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: CA Arcserve
CVE-2020-27857 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-27856 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-27855 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-27854
RESERVED
CVE-2020-27853 (Wire before 2020-10-16 allows remote attackers to cause a denial of se ...)
@@ -28996,15 +28996,15 @@ CVE-2020-27263 (KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6
CVE-2020-27262 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7. ...)
NOT-FOR-US: Innokas Yhtyma Oy
CVE-2020-27261 (The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based ...)
- TODO: check
+ NOT-FOR-US: Omron CX-One
CVE-2020-27260 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7. ...)
NOT-FOR-US: Innokas Yhtyma Oy
CVE-2020-27259 (The Omron CX-One Version 4.60 and prior may allow an attacker to suppl ...)
- TODO: check
+ NOT-FOR-US: Omron CX-One
CVE-2020-27258 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...)
NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27257 (This vulnerability allows local attackers to execute arbitrary code du ...)
- TODO: check
+ NOT-FOR-US: Omron CX-One
CVE-2020-27256 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...)
NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
@@ -29018,7 +29018,7 @@ CVE-2020-27252 (Medtronic MyCareLink Smart 25000 all versions are vulnerable to
CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
NOT-FOR-US: FactoryTalk
CVE-2020-27250 (In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1 ...)
- TODO: check
+ NOT-FOR-US: SoftMaker
CVE-2020-27249 (A specially crafted document can cause the document parser to copy dat ...)
NOT-FOR-US: SoftMaker
CVE-2020-27248 (A specially crafted document can cause the document parser to copy dat ...)
@@ -29537,27 +29537,27 @@ CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro InterS
CVE-2020-27009
RESERVED
CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2020-27007 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2020-27006 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2020-27005 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2020-27004 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2020-27003 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2020-27002 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2020-27001 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2020-27000 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2020-26999 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2020-26998 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
- TODO: check
+ NOT-FOR-US: JT2Go
CVE-2020-26997
RESERVED
CVE-2020-26996 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...)
@@ -31816,9 +31816,9 @@ CVE-2020-26054
CVE-2020-26053
REJECTED
CVE-2020-26052 (Online Marriage Registration System 1.0 is affected by stored cross-si ...)
- TODO: check
+ NOT-FOR-US: Online Marriage Registration System
CVE-2020-26051 (College Management System Php 1.0 suffers from SQL injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: College Management System Php
CVE-2020-26050 (SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local pr ...)
NOT-FOR-US: SaferVPN for Windows
CVE-2020-26049 (Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is r ...)
@@ -33807,7 +33807,7 @@ CVE-2020-25247 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 1
CVE-2020-25246
RESERVED
CVE-2020-25245 (A vulnerability has been identified in DIGSI 4 (All versions < V4.9 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-25244
RESERVED
CVE-2020-25243
@@ -33821,9 +33821,9 @@ CVE-2020-25240
CVE-2020-25239
RESERVED
CVE-2020-25238 (A vulnerability has been identified in PCS neo (Administration Console ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-25237 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2020-25236
RESERVED
CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
@@ -33911,7 +33911,7 @@ CVE-2020-25210 (In JetBrains YouTrack before 2020.3.7955, an attacker could acce
CVE-2020-25209 (In JetBrains YouTrack before 2020.3.6638, improper access control for ...)
NOT-FOR-US: JetBrains
CVE-2020-25208 (In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-25207 (JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Exe ...)
NOT-FOR-US: JetBrains
CVE-2020-25206
@@ -35060,7 +35060,7 @@ CVE-2020-24687
CVE-2020-24686
RESERVED
CVE-2020-24685 (An unauthenticated specially crafted packet sent by an attacker over t ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2020-24684
RESERVED
CVE-2020-24683 (The affected versions of S+ Operations (version 2.1 SP1 and earlier) u ...)
@@ -35875,7 +35875,7 @@ CVE-2020-24337 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0.
CVE-2020-24336 (An issue was discovered in Contiki through 3.0 and Contiki-NG through ...)
NOT-FOR-US: Contiki
CVE-2020-24335 (An issue was discovered in uIP through 1.0, as used in Contiki and Con ...)
- TODO: check
+ NOT-FOR-US: Contiki
CVE-2020-24334 (The code that processes DNS responses in uIP through 1.0, as used in C ...)
NOT-FOR-US: uIP
CVE-2020-24333 (A vulnerability in Arista’s CloudVision Portal (CVP) prior to 20 ...)
@@ -37682,11 +37682,11 @@ CVE-2020-23451 (Spiceworks Version <= 7.5.00107 is affected by CSRF which can
CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed ...)
NOT-FOR-US: Spiceworks
CVE-2020-23449 (newbee-mall all versions are affected by incorrect access control to r ...)
- TODO: check
+ NOT-FOR-US: newbee-mall
CVE-2020-23448 (newbee-mall all versions are affected by incorrect access control to r ...)
- TODO: check
+ NOT-FOR-US: newbee-mall
CVE-2020-23447 (newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settl ...)
- TODO: check
+ NOT-FOR-US: newbee-mall
CVE-2020-23446 (Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenti ...)
NOT-FOR-US: Verint Workforce Optimization suite
CVE-2020-23445
@@ -38898,11 +38898,11 @@ CVE-2020-22843
CVE-2020-22842 (CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ...)
NOT-FOR-US: CMS Made Simple
CVE-2020-22841 (Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attac ...)
- TODO: check
+ NOT-FOR-US: b2evolution CMS
CVE-2020-22840 (Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 ...)
- TODO: check
+ NOT-FOR-US: b2evolution CMS
CVE-2020-22839 (Reflected cross-site scripting vulnerability (XSS) in the evoadm.php f ...)
- TODO: check
+ NOT-FOR-US: b2evolution CMS
CVE-2020-22838
RESERVED
CVE-2020-22837
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c157626ec93b32057827b49301a36eb93bbb76e0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c157626ec93b32057827b49301a36eb93bbb76e0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210211/21b9267d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list