[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 16 20:29:11 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4da36219 by Salvatore Bonaccorso at 2021-02-16T21:28:48+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -83,7 +83,7 @@ CVE-2021-27239
CVE-2021-27238
RESERVED
CVE-2021-27237 (The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) ...)
- TODO: check
+ NOT-FOR-US: BlackCat CMS
CVE-2021-27236 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfil ...)
NOT-FOR-US: Mutare Voice (EVM)
CVE-2021-27235 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...)
@@ -93,7 +93,7 @@ CVE-2021-27234 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8.
CVE-2021-27233 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...)
NOT-FOR-US: Mutare Voice (EVM)
CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.1 ...)
- TODO: check
+ NOT-FOR-US: Pelco Digital Sentry Server
CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting environment, s ...)
NOT-FOR-US: Hestia Control Panel
CVE-2021-27230
@@ -4012,7 +4012,7 @@ CVE-2021-25650
CVE-2021-25649
RESERVED
CVE-2021-25648 (Mobile application "Testes de Codigo" 11.4 and prior allows an attacke ...)
- TODO: check
+ NOT-FOR-US: Mobile application "Testes de Codigo"
CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...)
NOT-FOR-US: Mobile application "Testes de Codigo"
CVE-2021-25646 (Apache Druid includes the ability to execute user-provided JavaScript ...)
@@ -15332,33 +15332,33 @@ CVE-2020-35573 (srs2.c in PostSRSd before 1.10 allows remote attackers to cause
[buster] - postsrsd 1.5-2+deb10u1
NOTE: https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac (1.10)
CVE-2020-35570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35568 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35567 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35566 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35565 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35564 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35563 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35562
RESERVED
CVE-2020-35561 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35560 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35559 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35558 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35557 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT
CVE-2020-35556
RESERVED
CVE-2020-35555 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
@@ -15414,9 +15414,9 @@ CVE-2021-20989
CVE-2021-20988
RESERVED
CVE-2021-20987 (A denial of service and memory corruption vulnerability was found in H ...)
- TODO: check
+ NOT-FOR-US: Hilscher EtherNet/IP Core
CVE-2021-20986 (A Denial of Service vulnerability was found in Hilscher PROFINET IO De ...)
- TODO: check
+ NOT-FOR-US: Hilscher
CVE-2021-20985
RESERVED
CVE-2021-20984
@@ -21906,17 +21906,17 @@ CVE-2020-29029
CVE-2020-29028
RESERVED
CVE-2020-29027 (Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager ...)
- TODO: check
+ NOT-FOR-US: Secomea
CVE-2020-29026 (A directory traversal vulnerability exists in the file upload function ...)
NOT-FOR-US: GateManager
CVE-2020-29025 (A vulnerability in SiteManager-Embedded (SM-E) Web server which may al ...)
- TODO: check
+ NOT-FOR-US: Secomea
CVE-2020-29024 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Secomea
CVE-2020-29023 (Improper Encoding or Escaping of Output from CSV Report Generator of S ...)
- TODO: check
+ NOT-FOR-US: Secomea
CVE-2020-29022 (Failure to Sanitize host header value on output in the GateManager Web ...)
- TODO: check
+ NOT-FOR-US: Secomea
CVE-2020-29021 (A vulnerability in web UI input field of GateManager allows authentica ...)
NOT-FOR-US: GateManager
CVE-2020-29020
@@ -33620,7 +33620,7 @@ CVE-2020-25495 (A reflected Cross-site scripting (XSS) vulnerability in Xinuo (f
CVE-2020-25494 (Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute ...)
NOT-FOR-US: Xinuo SCO Openserver
CVE-2020-25493 (Oclean Mobile Application 2.1.2 communicates with an external website ...)
- TODO: check
+ NOT-FOR-US: Oclean Mobile Application
CVE-2020-25492
RESERVED
CVE-2020-25491
@@ -35089,7 +35089,7 @@ CVE-2020-24843
CVE-2020-24842 (PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can e ...)
NOT-FOR-US: PNPSCADA
CVE-2020-24841 (PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in ...)
- TODO: check
+ NOT-FOR-US: PNPSCADA
CVE-2020-24840
RESERVED
CVE-2020-24839
@@ -47533,13 +47533,13 @@ CVE-2020-18718
CVE-2020-18717 (SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execut ...)
NOT-FOR-US: ZZZCMS
CVE-2020-18716 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...)
- TODO: check
+ NOT-FOR-US: Rockoa
CVE-2020-18715
REJECTED
CVE-2020-18714 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...)
- TODO: check
+ NOT-FOR-US: Rockoa
CVE-2020-18713 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...)
- TODO: check
+ NOT-FOR-US: Rockoa
CVE-2020-18712
RESERVED
CVE-2020-18711
@@ -48535,7 +48535,7 @@ CVE-2020-18217
CVE-2020-18216
RESERVED
CVE-2020-18215 (Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.p ...)
- TODO: check
+ NOT-FOR-US: PHPSHE
CVE-2020-18214
RESERVED
CVE-2020-18213
@@ -50167,43 +50167,43 @@ CVE-2020-17437 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and o
NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
NOTE: Adressed upstream in 2.1.3 release
CVE-2020-17436 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17435 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17434 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17433 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17432 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17431 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17430 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17429 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17428 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17427 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17426 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17425 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17424 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17423 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17422 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17421 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17420 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17419 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17418 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2020-17417 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit Reader
CVE-2020-17416 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -51810,7 +51810,7 @@ CVE-2020-16631
CVE-2020-16630
RESERVED
CVE-2020-16629 (PhpOK 5.4.137 contains a SQL injection vulnerability that can inject a ...)
- TODO: check
+ NOT-FOR-US: PhpOK
CVE-2020-16628
RESERVED
CVE-2020-16627
@@ -52794,7 +52794,7 @@ CVE-2020-16196
CVE-2020-16195
RESERVED
CVE-2020-16194 (An Insecure Direct Object Reference (IDOR) vulnerability was found in ...)
- TODO: check
+ NOT-FOR-US: Prestashop Opart devis
CVE-2020-16193 (osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.ph ...)
NOT-FOR-US: osTicket
CVE-2020-16192 (LimeSurvey 4.3.2 allows reflected XSS because application/controllers/ ...)
@@ -60164,7 +60164,7 @@ CVE-2020-13588
CVE-2020-13587
RESERVED
CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...)
- TODO: check
+ NOT-FOR-US: SoftMaker
CVE-2020-13585 (An out-of-bounds write vulnerability exists in the PSD Header processi ...)
TODO: check
CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...)
@@ -60179,11 +60179,11 @@ CVE-2020-13583 (A denial-of-service vulnerability exists in the HTTP Server func
CVE-2020-13582 (A denial-of-service vulnerability exists in the HTTP Server functional ...)
TODO: check
CVE-2020-13581 (In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1 ...)
- TODO: check
+ NOT-FOR-US: SoftMaker
CVE-2020-13580 (An exploitable heap-based buffer overflow vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: SoftMaker
CVE-2020-13579 (An exploitable integer overflow vulnerability exists in the PlanMaker ...)
- TODO: check
+ NOT-FOR-US: SoftMaker
CVE-2020-13578 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
TODO: check
CVE-2020-13577 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
@@ -60253,7 +60253,7 @@ CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document c
CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
CVE-2020-13546 (In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1 ...)
- TODO: check
+ NOT-FOR-US: SoftMaker
CVE-2020-13545 (An exploitable signed conversion vulnerability exists in the TextMaker ...)
NOT-FOR-US: SoftMaker
CVE-2020-13544 (An exploitable sign extension vulnerability exists in the TextMaker do ...)
@@ -61312,7 +61312,7 @@ CVE-2020-13119 (ismartgate PRO 1.5.9 is vulnerable to clickjacking. ...)
CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...)
NOT-FOR-US: Mikrotik-Router-Monitoring-System
CVE-2020-13117 (Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthent ...)
- TODO: check
+ NOT-FOR-US: Wavlink WN575A4 and WN579X3 devices
CVE-2020-13116 (OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an ...)
NOT-FOR-US: OpenText Carbonite Server Backup Portal
CVE-2020-13115
@@ -65056,7 +65056,7 @@ CVE-2020-11922
CVE-2020-11921
RESERVED
CVE-2020-11920 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...)
- TODO: check
+ NOT-FOR-US: Svakom Siime Eye
CVE-2020-11919
RESERVED
CVE-2020-11918
@@ -65066,7 +65066,7 @@ CVE-2020-11917
CVE-2020-11916
RESERVED
CVE-2020-11915 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...)
- TODO: check
+ NOT-FOR-US: Svakom Siime Eye
CVE-2019-20786 (handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a chec ...)
NOT-FOR-US: Pion DTLS
CVE-2020-11914 (The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. ...)
@@ -69109,7 +69109,7 @@ CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions
CVE-2020-10735
RESERVED
CVE-2020-10734 (A vulnerability was found in keycloak in the way that the OIDC logout ...)
- TODO: check
+ NOT-FOR-US: Keycloak
CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided ...)
- postgresql-12 <not-affected> (Windows-specific)
- postgresql-11 <not-affected> (Windows-specific)
@@ -72667,7 +72667,7 @@ CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 att
NOTE: https://github.com/libarchive/libarchive/pull/1326
NOTE: https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a
CVE-2020-9307 (Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a deni ...)
- TODO: check
+ NOT-FOR-US: Hirschmann OS2, RSP, and RSPE devices
CVE-2020-9306
RESERVED
CVE-2020-9305
@@ -74985,7 +74985,7 @@ CVE-2020-8357
CVE-2020-8356
RESERVED
CVE-2020-8355 (An internal product security audit of Lenovo XClarity Administrator (L ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8354 (A potential vulnerability in the SMI callback function used in the Var ...)
NOT-FOR-US: Lenovo
CVE-2020-8353 (Prior to August 10, 2020, some Lenovo Desktop and Workstation systems ...)
@@ -93306,7 +93306,7 @@ CVE-2020-1719
CVE-2020-1718 (A flaw was found in the reset credential flow in all Keycloak versions ...)
NOT-FOR-US: Keycloak
CVE-2020-1717 (A flaw was found in Keycloak 7.0.1. A logged in user can do an account ...)
- TODO: check
+ NOT-FOR-US: Keycloak
CVE-2020-1716
RESERVED
NOT-FOR-US: ceph-ansible
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4da36219423c50229c76b7794bfcb5649295ea57
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4da36219423c50229c76b7794bfcb5649295ea57
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210216/8f260bd1/attachment.html>
More information about the debian-security-tracker-commits
mailing list