Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7788a5fb by Salvatore Bonaccorso at 2021-02-06T11:08:09+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -240,7 +240,7 @@ CVE-2021-26725
CVE-2021-26724
RESERVED
CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows
/ics?tool=search&query= XSS. ...)
- TODO: check
+ NOT-FOR-US: Jenzabar
CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query
because ...)
NOT-FOR-US: LinkedIn Oncall
CVE-2021-26721
@@ -2422,7 +2422,7 @@ CVE-2021-3231
CVE-2021-3230
RESERVED
CVE-2021-3229 (Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions
3.0.0.4. ...)
- TODO: check
+ NOT-FOR-US: ASUSWRT ASUS RT-AX3000 firmware
CVE-2021-3228
RESERVED
CVE-2021-3227
@@ -10151,25 +10151,25 @@ CVE-2021-22309
CVE-2021-22308
RESERVED
CVE-2021-22307 (There is a weak algorithm vulnerability in Mate
3010.0.0.203(C00E201R7 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22306 (There is an out-of-bound read vulnerability in Mate 30
10.0.0.182(C00E ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22305 (There is a buffer overflow vulnerability in Mate 30
10.1.0.126(C00E125 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22304 (There is a use after free vulnerability in Taurus-AL00A
10.0.0.1(C00E1 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22303 (There is a pointer double free vulnerability in Taurus-AL00A
10.0.0.1( ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22302 (There is an out-of-bound read vulnerability in Taurus-AL00A
10.0.0.1(C ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22301 (Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22300 (There is an information leak vulnerability in eCNS280_TD
versions V100 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22299 (There is a local privilege escalation vulnerability in some
Huawei pro ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP
Product. An att ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22297
RESERVED
CVE-2021-22296
@@ -10179,9 +10179,9 @@ CVE-2021-22295
CVE-2021-22294
RESERVED
CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of
HTTP reque ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22292 (There is a denial of service (DoS) vulnerability in eCNS280
versions V ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-22291
RESERVED
CVE-2021-22290
@@ -22882,7 +22882,7 @@ CVE-2021-1074
CVE-2021-1073
RESERVED
CVE-2021-1072 (NVIDIA GeForce Experience, all versions prior to 3.21, contains
a vuln ...)
- TODO: check
+ NOT-FOR-US: NVIDIA GeForce Experience
CVE-2021-1071 (NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier
NX, TX1 ...)
NOT-FOR-US: NVIDIA
CVE-2021-1070 (NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2,
Nano and ...)
@@ -46327,7 +46327,7 @@ CVE-2020-18726
CVE-2020-18725
RESERVED
CVE-2020-18724 (Authenticated stored cross-site scripting (XSS) in the contact
name fi ...)
- TODO: check
+ NOT-FOR-US: MDaemon webmail
CVE-2020-18723 (Stored cross-site scripting (XSS) in file attachment field in
MDaemon ...)
NOT-FOR-US: MDaemon webmail
CVE-2020-18722
@@ -62690,7 +62690,7 @@ CVE-2020-12124 (A remote command-line injection
vulnerability in the /cgi-bin/li
CVE-2020-12123 (CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK
WN530H4 ...)
NOT-FOR-US: WAVLINK
CVE-2020-12122 (In Max Secure Max Spyware Detector 1.0.0.044, the driver file
(MaxProc ...)
- TODO: check
+ NOT-FOR-US: Max Secure Max Spyware Detector
CVE-2020-12121
RESERVED
CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7
allows remote ...)
@@ -64073,7 +64073,7 @@ CVE-2020-11838 (Cross Site Scripting (XSS)
vulnerability in Micro Focus ArcSight
CVE-2020-11837
RESERVED
CVE-2020-11836 (OPPO Android Phone with MTK chipset and Android 8.1/9/10/11
versions h ...)
- TODO: check
+ NOT-FOR-US: OPPO Android Phone
CVE-2020-11835 (In
/SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_d ...)
NOT-FOR-US: oppo
CVE-2020-11834 (In
/SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the ...)
@@ -67303,9 +67303,9 @@ CVE-2020-10860 (An issue was discovered in Avast
Antivirus before 20. An Arbitra
CVE-2020-10859 (Zoho ManageEngine Desktop Central before 10.0.484 allows
authenticated ...)
NOT-FOR-US: Zoho
CVE-2020-10858 (Zulip Desktop before 5.0.0 allows attackers to perform
recording via t ...)
- TODO: check
+ NOT-FOR-US: Zulip Desktop
CVE-2020-10857 (Zulip Desktop before 5.0.0 improperly uses shell.openExternal
and shel ...)
- TODO: check
+ NOT-FOR-US: Zulip Desktop
CVE-2020-10856
RESERVED
CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. ...)
@@ -68470,11 +68470,11 @@ CVE-2020-10556
CVE-2020-10555
RESERVED
CVE-2020-10554 (An issue was discovered in Psyprax beforee 3.2.2. Passwords
used to en ...)
- TODO: check
+ NOT-FOR-US: Psyprax
CVE-2020-10553 (An issue was discovered in Psyprax before 3.2.2. The file
%PROGRAMDATA ...)
- TODO: check
+ NOT-FOR-US: Psyprax
CVE-2020-10552 (An issue was discovered in Psyprax before 3.2.2. The Firebird
database ...)
- TODO: check
+ NOT-FOR-US: Psyprax
CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service
TsService.ex ...)
NOT-FOR-US: QQBrowser
CVE-2020-10550
@@ -68505,11 +68505,11 @@ CVE-2020-10541 (Zoho ManageEngine OpManager before
12.4.179 allows remote code e
CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain
combinations of ...)
NOT-FOR-US: Untis WebUntis
CVE-2020-10539 (An issue was discovered in Epikur before 20.1.1. The Epikur
server con ...)
- TODO: check
+ NOT-FOR-US: Epikur
CVE-2020-10538 (An issue was discovered in Epikur before 20.1.1. It stores the
secret ...)
- TODO: check
+ NOT-FOR-US: Epikur
CVE-2020-10537 (An issue was discovered in Epikur before 20.1.1. A Glassfish
4.1 serve ...)
- TODO: check
+ NOT-FOR-US: Epikur
CVE-2020-10536
RESERVED
CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for
MediaWiki throug ...)
@@ -68859,7 +68859,7 @@ CVE-2020-10377 (A weak encryption vulnerability in
Mitel MiVoice Connect Client
CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote
attackers to ...)
NOT-FOR-US: Technicolor
CVE-2020-10375 (An issue was discovered in New Media Smarty before 9.10.
Passwords are ...)
- TODO: check
+ NOT-FOR-US: New Media Smarty
CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50
to PRTG ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2020-10373
@@ -69160,7 +69160,7 @@ CVE-2020-10236 (An issue was discovered in Froxlor
before 0.10.14. It created fi
CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote
attackers wi ...)
NOT-FOR-US: Froxlor
CVE-2020-10234 (The AscRegistryFilter.sys kernel driver in IObit Advanced
SystemCare 1 ...)
- TODO: check
+ NOT-FOR-US: IObit Advanced SystemCare
CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is
a heap- ...)
- sleuthkit <unfixed> (unimportant)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829
@@ -71034,7 +71034,7 @@ CVE-2020-9455 (The RegistrationMagic plugin through
4.6.0.3 for WordPress allows
CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through
4.6.0.3 f ...)
NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-9453 (In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows
local ...)
- TODO: check
+ NOT-FOR-US: Epson
CVE-2020-9452
RESERVED
CVE-2020-9451
@@ -71204,11 +71204,11 @@ CVE-2020-9393 (An issue was discovered in the
pricing-table-by-supsystic plugin
CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic
plugin befor ...)
NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
CVE-2020-9390 (SquaredUp allowed Stored XSS before version 4.6.0. A user was
able to ...)
- TODO: check
+ NOT-FOR-US: SquaredUp
CVE-2020-9389 (A username enumeration issue was discovered in SquaredUp before
versio ...)
- TODO: check
+ NOT-FOR-US: SquaredUp
CVE-2020-9388 (CSRF protection was not present in SquaredUp before version
4.6.0. A C ...)
- TODO: check
+ NOT-FOR-US: SquaredUp
CVE-2020-9387 (In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3,
account detai ...)
- mahara <removed>
CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10
before ...)
@@ -72084,7 +72084,7 @@ CVE-2020-9016 (Dolibarr 11.0 allows XSS via the
joinfiles, topic, or code parame
CVE-2020-9015 (** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M,
DCS-7050CX3-32S-R 4.20 ...)
NOT-FOR-US: Arista devices
CVE-2020-9014 (In Epson iProjection v2.30, the driver file (EMP_NSAU.sys)
allows loca ...)
- TODO: check
+ NOT-FOR-US: Epson
CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print
restric ...)
NOT-FOR-US: Arvato Skillpipe
CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People
functi ...)
@@ -72641,9 +72641,9 @@ CVE-2020-8809 (Gurux GXDLMS Director prior to
8.5.1905.1301 downloads updates to
CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in
CORSAIR ...)
NOT-FOR-US: CORSAIR iCUE
CVE-2020-8807 (In Electric Coin Company Zcashd before 2.1.1-1, the time offset
betwee ...)
- TODO: check
+ NOT-FOR-US: Electric Coin Company Zcashd
CVE-2020-8806 (Electric Coin Company Zcashd before 2.1.1-1 allows attackers to
trigge ...)
- TODO: check
+ NOT-FOR-US: Electric Coin Company Zcashd
CVE-2020-8805
RESERVED
CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API,
the Em ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7788a5fb2a7ad4b657157000766dcb90006b7970
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7788a5fb2a7ad4b657157000766dcb90006b7970
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
