Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 95b2bfe8 by Salvatore Bonaccorso at 2020-12-17T21:46:53+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -153,7 +153,7 @@ CVE-2020-35478 CVE-2020-35477 RESERVED CVE-2020-35476 (A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 ...) - TODO: check + NOT-FOR-US: OpenTSDB CVE-2020-35475 RESERVED CVE-2020-35474 @@ -868,7 +868,7 @@ CVE-2020-35125 CVE-2020-35124 RESERVED CVE-2020-35123 (In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 ...) - TODO: check + NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-35122 (An issue was discovered in the Keysight Database Connector plugin befo ...) NOT-FOR-US: Keysight Database Connector plugin for Confluence CVE-2020-35121 (An issue was discovered in the Keysight Database Connector plugin befo ...) @@ -3242,7 +3242,7 @@ CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that acce CVE-2020-29437 RESERVED CVE-2020-29436 (Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with ...) - TODO: check + NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-29435 RESERVED CVE-2020-29434 @@ -4358,11 +4358,11 @@ CVE-2020-28933 CVE-2020-28932 RESERVED CVE-2020-28931 (Lack of an anti-CSRF token in the entire administrative interface in E ...) - TODO: check + NOT-FOR-US: EPSON CVE-2020-28930 (A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete us ...) - TODO: check + NOT-FOR-US: Epson CVE-2020-28929 (Unrestricted access to the log downloader functionality in EPSON EPS T ...) - TODO: check + NOT-FOR-US: Epson CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...) {DLA-2474-1} - musl <unfixed> (bug #975365) @@ -11561,7 +11561,7 @@ CVE-2020-27201 CVE-2020-27200 RESERVED CVE-2020-27199 (The Magic Home Pro application 1.5.1 for Android allows Authentication ...) - TODO: check + NOT-FOR-US: Magic Home Pro application for Android CVE-2020-27198 RESERVED CVE-2020-27197 (** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ O ...) @@ -16510,11 +16510,11 @@ CVE-2020-25098 CVE-2020-25097 RESERVED CVE-2020-25096 (LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Us ...) - TODO: check + NOT-FOR-US: LogRhythm Platform Manager (PM) CVE-2020-25095 (LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface i ...) - TODO: check + NOT-FOR-US: LogRhythm Platform Manager (PM) CVE-2020-25094 (LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit ...) - TODO: check + NOT-FOR-US: LogRhythm Platform Manager (PM) CVE-2020-25093 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.p ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25092 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts ...) @@ -16705,9 +16705,9 @@ CVE-2020-25013 (JetBrains ToolBox before version 1.18 is vulnerable to a Denial CVE-2020-25012 RESERVED CVE-2020-25011 (A sensitive information disclosure vulnerability in Kyland KPS2204 6 P ...) - TODO: check + NOT-FOR-US: Kyland CVE-2020-25010 (An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Man ...) - TODO: check + NOT-FOR-US: Kyland CVE-2020-25009 RESERVED CVE-2020-25008 @@ -26539,7 +26539,7 @@ CVE-2020-20186 CVE-2020-20185 RESERVED CVE-2020-20184 (GateOne allows remote attackers to execute arbitrary commands via shel ...) - TODO: check + NOT-FOR-US: GateOne CVE-2020-20183 (Insecure direct object reference vulnerability in Zyxel’s P1302- ...) NOT-FOR-US: Zyxel CVE-2020-20182 @@ -34964,11 +34964,11 @@ CVE-2020-16106 CVE-2020-16105 RESERVED CVE-2020-16104 (SQL Injection vulnerability in Enterprise Data Interface of Gallagher ...) - TODO: check + NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16103 (Type confusion in Gallagher Command Centre Server allows a remote atta ...) - TODO: check + NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16102 (Improper Authentication vulnerability in Gallagher Command Centre Serv ...) - TODO: check + NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16101 (It is possible for an unauthenticated remote DCOM websocket connection ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16100 (It is possible for an unauthenticated remote DCOM websocket connection ...) @@ -37181,11 +37181,11 @@ CVE-2020-15296 CVE-2020-15295 RESERVED CVE-2020-15294 (Compiler Optimization Removal or Modification of Security-critical Cod ...) - TODO: check + NOT-FOR-US: Bitdefender CVE-2020-15293 (Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, Int ...) - TODO: check + NOT-FOR-US: Bitdefender CVE-2020-15292 (Lack of validation on data read from guest memory in IntPeGetDirectory ...) - TODO: check + NOT-FOR-US: Bitdefender CVE-2020-15291 RESERVED CVE-2020-15290 @@ -40127,7 +40127,7 @@ CVE-2020-14256 CVE-2020-14255 RESERVED CVE-2020-14254 (TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v ...) - TODO: check + NOT-FOR-US: HCL BigFix Inventory CVE-2020-14253 RESERVED CVE-2020-14252 @@ -40139,7 +40139,7 @@ CVE-2020-14250 CVE-2020-14249 RESERVED CVE-2020-14248 (BigFix Inventory up to v10.0.2 does not set the secure flag for the se ...) - TODO: check + NOT-FOR-US: HCL BigFix Inventory CVE-2020-14247 RESERVED CVE-2020-14246 @@ -40147,7 +40147,7 @@ CVE-2020-14246 CVE-2020-14245 RESERVED CVE-2020-14244 (A vulnerability in the MIME message handling of the Domino server (ver ...) - TODO: check + NOT-FOR-US: HCL Domino server CVE-2020-14243 RESERVED CVE-2020-14242 @@ -54464,7 +54464,7 @@ CVE-2020-9303 CVE-2020-9302 RESERVED CVE-2020-9301 (Nolan Ray from Apple Information Security identified a security vulner ...) - TODO: check + NOT-FOR-US: Spinnaker CVE-2020-9300 (The Access Control issues include allowing a regular user to view a re ...) NOT-FOR-US: Netflix dispatch CVE-2020-9299 (There were XSS vulnerabilities discovered and reported in the Dispatch ...) @@ -58200,7 +58200,7 @@ CVE-2020-7839 CVE-2020-7838 RESERVED CVE-2020-7837 (An issue was discovered in ML Report Program. There is a stack-based b ...) - TODO: check + NOT-FOR-US: ML Report Program CVE-2020-7836 RESERVED CVE-2020-7835 @@ -63541,9 +63541,9 @@ CVE-2020-5685 CVE-2020-5684 RESERVED CVE-2020-5683 (Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v ...) - TODO: check + NOT-FOR-US: GROWI CVE-2020-5682 (Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Seri ...) - TODO: check + NOT-FOR-US: GROWI CVE-2020-5681 RESERVED CVE-2020-5680 (Improper input validation vulnerability in EC-CUBE versions from 3.0.5 ...) @@ -63577,7 +63577,7 @@ CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App fo CVE-2020-5666 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series ...) NOT-FOR-US: Mitsubishi Electric CVE-2020-5665 (Improper check or handling of exceptional conditions in MELSEC iQ-F se ...) - TODO: check + NOT-FOR-US: Mitsubishi Electric CVE-2020-5664 (Deserialization of untrusted data vulnerability in XooNIps 3.49 and ea ...) NOT-FOR-US: XooNIps CVE-2020-5663 (Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier ...) @@ -63629,7 +63629,7 @@ CVE-2020-5641 (Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmw CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and earlier ...) NOT-FOR-US: OneThird CMS CVE-2020-5639 (Directory traversal vulnerability in FileZen versions from V3.0.0 to V ...) - TODO: check + NOT-FOR-US: FileZen CVE-2020-5638 (Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Sma ...) NOT-FOR-US: desknet's NEO CVE-2020-5637 (Improper validation of integrity check value vulnerability in Aterm SA ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b2bfe84735550b75c1f74d1aa3361f8dfe6424 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b2bfe84735550b75c1f74d1aa3361f8dfe6424 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits