Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
543b3c6a by Salvatore Bonaccorso at 2020-11-24T10:21:36+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -180,7 +180,7 @@ CVE-2020-28928 [wcsnrtombs destination buffer overflow]
[buster] - musl <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4
CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User
Registration sectio ...)
- TODO: check
+ NOT-FOR-US: Magicpin
CVE-2020-28926
RESERVED
CVE-2020-28925
@@ -9258,7 +9258,7 @@ CVE-2020-26233
CVE-2020-26232
RESERVED
CVE-2020-26231 (October is a free, open-source, self-hosted CMS platform based
on the ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app
for Spa ...)
NOT-FOR-US: Radar COVID
CVE-2020-26229 (TYPO3 is an open source PHP based web content management
system. In TY ...)
@@ -13906,7 +13906,7 @@ CVE-2020-24229
CVE-2020-24228
RESERVED
CVE-2020-24227 (Playground Sessions v2.5.582 (and earlier) for Windows, stores
the use ...)
- TODO: check
+ NOT-FOR-US: Playground Sessions for Windows
CVE-2020-24226
RESERVED
CVE-2020-24225
@@ -30863,9 +30863,9 @@ CVE-2020-15931 (Netwrix Account Lockout Examiner before
5.1 allows remote attack
CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows
arbitrary cod ...)
NOT-FOR-US: Joplin desktop
CVE-2020-15929 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string
paramet ...)
- TODO: check
+ NOT-FOR-US: Ortus TestBox
CVE-2020-15928 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string
paramet ...)
- TODO: check
+ NOT-FOR-US: Ortus TestBox
CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior
allows ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can
send a spec ...)
@@ -32663,13 +32663,13 @@ CVE-2020-15250 (In JUnit4 from version 4.7 and before
4.13.1, the test rule Temp
NOTE:
https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
NOTE:
https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae
CVE-2020-15249 (October is a free, open-source, self-hosted CMS platform based
on the ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2020-15248 (October is a free, open-source, self-hosted CMS platform based
on the ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2020-15247 (October is a free, open-source, self-hosted CMS platform based
on the ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2020-15246 (October is a free, open-source, self-hosted CMS platform based
on the ...)
- TODO: check
+ NOT-FOR-US: October CMS
CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may
registe ...)
NOT-FOR-US: Sylius
CVE-2020-15244 (In Magento (rubygems openmage/magento-lts package) before
versions 19. ...)
@@ -58861,7 +58861,7 @@ CVE-2020-5676
CVE-2020-5675
RESERVED
CVE-2020-5674 (Untrusted search path vulnerability in the installers of
multiple SEIK ...)
- TODO: check
+ NOT-FOR-US: SEIKO EPSON products
CVE-2020-5673
RESERVED
CVE-2020-5672
@@ -58927,7 +58927,7 @@ CVE-2020-5643 (Improper input validation vulnerability
in Cybozu Garoon 5.0.0 to
CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat -
Live su ...)
NOT-FOR-US: Live Chat
CVE-2020-5641 (Cross-site request forgery (CSRF) vulnerability in GS108Ev3
firmware v ...)
- TODO: check
+ NOT-FOR-US: GS108Ev3 firmware
CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and
earlier ...)
NOT-FOR-US: OneThird CMS
CVE-2020-5639
@@ -62924,7 +62924,7 @@ CVE-2020-4008
CVE-2020-4007
RESERVED
CVE-2020-4006 (VMware Workspace One Access, Access Connector, Identity
Manager, and I ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-4005 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before
ESXi670-2020111 ...)
NOT-FOR-US: VMware
CVE-2020-4004 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before
ESXi670-2020111 ...)
@@ -137996,15 +137996,15 @@ CVE-2018-16725 (An issue is discovered in baijiacms
V4. XSS exists via the asset
CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection
exists via ...)
NOT-FOR-US: baijiacms
CVE-2018-16723 (In Jingyun Antivirus v2.4.2.39, the driver file
(ZySandbox.sys) allows ...)
- TODO: check
+ NOT-FOR-US: Jingyun Antivirus
CVE-2018-16722 (In Jingyun Antivirus v2.4.2.39, the driver file
(ZySandbox.sys) allows ...)
- TODO: check
+ NOT-FOR-US: Jingyun Antivirus
CVE-2018-16721 (In Jingyun Antivirus v2.4.2.39, the driver file
(ZySandbox.sys) allows ...)
- TODO: check
+ NOT-FOR-US: Jingyun Antivirus
CVE-2018-16720 (In Jingyun Antivirus v2.4.2.39, the driver file
(ZySandbox.sys) allows ...)
- TODO: check
+ NOT-FOR-US: Jingyun Antivirus
CVE-2018-16719 (In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys)
allows ...)
- TODO: check
+ NOT-FOR-US: Jingyun Antivirus
CVE-2018-16718 (An XSS vulnerability exists in wwwblast.c in the 2.0.7 through
2.2.26 ...)
NOT-FOR-US: NCBI ToolBox
CVE-2018-16717 (A heap-based buffer overflow exists in nph-viewgif.cgi in the
2.0.7 th ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543b3c6adad82062bc02600e0fc27ad8e062c0c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543b3c6adad82062bc02600e0fc27ad8e062c0c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
