Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a0157427 by Salvatore Bonaccorso at 2020-09-03T22:21:07+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2020-25124 (The Admin CP in vBulletin 5.6.3 allows XSS via an
admincp/attachment.p ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2020-25123 (The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title
to Smili ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2020-25122 (The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to
User Ran ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2020-25121 (The Admin CP in vBulletin 5.6.3 allows XSS via the Paid
Subscription E ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2020-25120 (The Admin CP in vBulletin 5.6.3 allows XSS via the
admincp/search.php? ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2020-25119 (The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a
Child Help ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2020-25118 (The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options
Setting ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2020-25117 (The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member
Title t ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2020-25116 (The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement
Title t ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2020-25115 (The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation
Title or ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2020-25114
RESERVED
CVE-2020-25113
@@ -117,7 +117,7 @@ CVE-2020-25073 (FreedomBox through 20.13 allows remote
attackers to obtain sensi
[buster] - plinth <no-dsa> (Minor issue)
NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935
CVE-2020-25068 (Setelsa Conacwin v3.7.1.2 is vulnerable to a local file
inclusion vuln ...)
- TODO: check
+ NOT-FOR-US: Setelsa Conacwin
CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command
injecti ...)
NOT-FOR-US: Netgear
CVE-2020-25066
@@ -169,7 +169,7 @@ CVE-2020-25044 (Kaspersky Virus Removal Tool (KVRT) prior
to 15.0.23.0 was vulne
CVE-2020-25043 (The installer of Kaspersky VPN Secure Connection prior to 5.0
was vuln ...)
NOT-FOR-US: Kaspersky
CVE-2020-25042 (An arbitrary file upload issue exists in Mara CMS 7.5. In
order to exp ...)
- TODO: check
+ NOT-FOR-US: Mara CMS
CVE-2020-25041
RESERVED
CVE-2020-25040
@@ -359,9 +359,9 @@ CVE-2020-24951
CVE-2020-24950
RESERVED
CVE-2020-24949 (Privilege escalation in PHP-Fusion 9.03.50
downloads/downloads.php all ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2020-24948 (The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin
2.7.6 doe ...)
- TODO: check
+ NOT-FOR-US: Autoptimize Wordpress Plugin
CVE-2020-24947
RESERVED
CVE-2020-24946
@@ -1965,7 +1965,7 @@ CVE-2020-24195
CVE-2020-24194
RESERVED
CVE-2020-24193 (A SQL injection vulnerability in login in Sourcecodetester
Daily Track ...)
- TODO: check
+ NOT-FOR-US: Sourcecodetester Daily Tracker System
CVE-2020-24192
RESERVED
CVE-2020-24191
@@ -2027,13 +2027,13 @@ CVE-2020-24164
CVE-2020-24163
RESERVED
CVE-2020-24162 (The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from
Tencent App ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Tencent app
CVE-2020-24161 (Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL
hijacki ...)
- TODO: check
+ NOT-FOR-US: Guangzhou NetEase Mail Master
CVE-2020-24160 (Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL
hijacking vu ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Tencent TIM Windows client
CVE-2020-24159 (NetEase Youdao Dictionary has a DLL hijacking vulnerability,
which can ...)
- TODO: check
+ NOT-FOR-US: NetEase Youdao Dictionary
CVE-2020-24158 (360 Speed Browser 12.0.1247.0 has a DLL hijacking
vulnerability, which ...)
TODO: check
CVE-2020-24157
@@ -23861,7 +23861,7 @@ CVE-2020-13974 (** DISPUTED ** An issue was discovered
in the Linux kernel throu
CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who
controls ...)
NOT-FOR-US: OWASP json-sanitizer
CVE-2020-13972 (Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their
own dom ...)
- TODO: check
+ NOT-FOR-US: Enghouse Web Chat
CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to
use the M ...)
NOT-FOR-US: Shopware
CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request
Forgery ( ...)
@@ -28794,7 +28794,7 @@ CVE-2020-12059 (An issue was discovered in Ceph through
13.2.9. A POST request w
CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing
a tilema ...)
NOTE: Duplicate of CVE-2019-10877
CVE-2020-12058 (Several XSS vulnerabilities in osCommerce CE Phoenix before
1.0.6.0 al ...)
- TODO: check
+ NOT-FOR-US: osCommerce CE Phoenix
CVE-2020-12057
RESERVED
CVE-2020-12056
@@ -37440,7 +37440,7 @@ CVE-2020-9237 (Huawei smartphone Taurus-AL00B with
versions earlier than 10.1.0.
CVE-2020-9236
RESERVED
CVE-2020-9235 (Huawei smartphones HONOR 20 PRO Versions earlier than
10.1.0.230(C432E ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9234
RESERVED
CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication
vulnerability. ...)
@@ -37512,7 +37512,7 @@ CVE-2020-9201
CVE-2020-9200
RESERVED
CVE-2020-9199 (B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00
have a ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9198
RESERVED
CVE-2020-9197
@@ -37744,7 +37744,7 @@ CVE-2020-9085
CVE-2020-9084
RESERVED
CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than
10.1.0.163(C00E ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9082
RESERVED
CVE-2020-9081
@@ -46902,7 +46902,7 @@ CVE-2020-5388
CVE-2020-5387
RESERVED
CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of
Resource ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint
Security Suit ...)
NOT-FOR-US: Dell
CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for
Microsoft Wi ...)
@@ -46936,7 +46936,7 @@ CVE-2020-5371 (Dell EMC Isilon OneFS versions 8.2.2 and
earlier and Dell EMC Pow
CVE-2020-5370
RESERVED
CVE-2020-5369 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC
PowerSca ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2020-5368 (Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an
improper authe ...)
NOT-FOR-US: EMC
CVE-2020-5367 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17,
Dell EMC U ...)
@@ -49003,7 +49003,7 @@ CVE-2020-4640
CVE-2020-4639
RESERVED
CVE-2020-4638 (IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is
vulner ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4637
RESERVED
CVE-2020-4636
@@ -49605,7 +49605,7 @@ CVE-2020-4339
CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive
informat ...)
NOT-FOR-US: IBM
CVE-2020-4337 (IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an
attacker ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4336
RESERVED
CVE-2020-4335
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0157427343be24f029a67ad0f164d5dec969f9f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0157427343be24f029a67ad0f164d5dec969f9f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
