Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82c9e2d5 by Salvatore Bonaccorso at 2020-07-18T10:32:53+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2020-15816 (In Western Digital WD Discovery before 4.0.251.0, a malicious
applicat ...)
- TODO: check
+ NOT-FOR-US: Western Digital WD Discovery
CVE-2020-15815
RESERVED
CVE-2020-15814
@@ -756,7 +756,7 @@ CVE-2020-15499
CVE-2020-15498
RESERVED
CVE-2020-15497 (jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2
build-20200224104759 ...)
- TODO: check
+ NOT-FOR-US: Jalios JCMS
CVE-2020-15496
RESERVED
CVE-2020-15495
@@ -2890,7 +2890,7 @@ CVE-2020-14513
CVE-2020-14512
RESERVED
CVE-2020-14511 (Malicious operation of the crafted web browser cookie may
cause a stac ...)
- TODO: check
+ NOT-FOR-US: EDR routers
CVE-2020-14510
RESERVED
CVE-2020-14509
@@ -5063,7 +5063,7 @@ CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0,
has a heap-based buffer
CVE-2020-13789
RESERVED
CVE-2020-13788 (Harbor prior to 2.0.1 allows SSRF with this limitation: an
attacker wi ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2020-13787 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext
Transmission of ...)
NOT-FOR-US: D-Link
CVE-2020-13786 (D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. ...)
@@ -5957,7 +5957,7 @@ CVE-2020-13407
CVE-2020-13406
RESERVED
CVE-2020-13405 (userfiles/modules/users/controller/controller.php in
Microweber before ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2020-13404
RESERVED
CVE-2020-13403
@@ -7216,7 +7216,7 @@ CVE-2020-12856 (OpenTrace, as used in COVIDSafe through
v1.0.17, TraceTogether,
CVE-2020-12855
RESERVED
CVE-2020-12854 (A remote code execution vulnerability was identified in
SecZetta NEPro ...)
- TODO: check
+ NOT-FOR-US: SecZetta NEProfile
CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either
upload or cr ...)
NOT-FOR-US: Pydio Cells
CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an
administrator user ...)
@@ -7659,7 +7659,7 @@ CVE-2020-12686
CVE-2020-12685 (XSS in the admin help system admin/help.html and
admin/quicklinks.html ...)
NOT-FOR-US: Interchange
CVE-2020-12684 (XXE injection can occur in i-net Clear Reports 2019 19.0.287
(Designer ...)
- TODO: check
+ NOT-FOR-US: i-net Clear Reports
CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
NOT-FOR-US: Katyshop2
CVE-2020-12682
@@ -9366,7 +9366,7 @@ CVE-2020-12017 (GE Grid Solutions Reason RT Clocks,
RT430, RT431, and RT434, all
CVE-2020-12016 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix
EM2400 Vers ...)
NOT-FOR-US: Baxter
CVE-2020-12015 (A specially crafted communication packet sent to the affected
systems ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version
9.0.0. Inpu ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12013 (A specially crafted WCF client that interfaces to the may
allow the ex ...)
@@ -12009,13 +12009,13 @@ CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2
allows CRLF injection, as demons
CVE-2020-11440
RESERVED
CVE-2020-11439 (LibreHealth EMR v2.0.0 is affected by a Local File Inclusion
issue all ...)
- TODO: check
+ NOT-FOR-US: LibreHealth EMR
CVE-2020-11438 (LibreHealth EMR v2.0.0 is affected by systemic CSRF. ...)
- TODO: check
+ NOT-FOR-US: LibreHealth EMR
CVE-2020-11437 (LibreHealth EMR v2.0.0 is affected by SQL injection allowing
low-privi ...)
- TODO: check
+ NOT-FOR-US: LibreHealth EMR
CVE-2020-11436 (LibreHealth EMR v2.0.0 is vulnerable to XSS that results in
the abilit ...)
- TODO: check
+ NOT-FOR-US: LibreHealth EMR
CVE-2020-11435
RESERVED
CVE-2020-11434
@@ -14587,7 +14587,7 @@ CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2
and prior. A stack-based
CVE-2020-10606
RESERVED
CVE-2020-10605 (Grundfos CIM 500 before v06.16.00 responds to unauthenticated
requests ...)
- TODO: check
+ NOT-FOR-US: Grundfos CIM
CVE-2020-10604
RESERVED
CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly
sanitize use ...)
@@ -16671,7 +16671,7 @@ CVE-2020-9690
CVE-2020-9689
RESERVED
CVE-2020-9688 (Adobe Download Manager version 2.0.0.518 have a command
injection vuln ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9687
RESERVED
CVE-2020-9686
@@ -16683,7 +16683,7 @@ CVE-2020-9684
CVE-2020-9683
RESERVED
CVE-2020-9682 (Adobe Creative Cloud Desktop Application versions 5.1 and
earlier have ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9681
RESERVED
CVE-2020-9680
@@ -16701,15 +16701,15 @@ CVE-2020-9675
CVE-2020-9674
RESERVED
CVE-2020-9673 (Adobe ColdFusion 2016 update 15 and earlier versions, and
ColdFusion 2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9672 (Adobe ColdFusion 2016 update 15 and earlier versions, and
ColdFusion 2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9671 (Adobe Creative Cloud Desktop Application versions 5.1 and
earlier have ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9670 (Adobe Creative Cloud Desktop Application versions 5.1 and
earlier have ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9669 (Adobe Creative Cloud Desktop Application versions 5.1 and
earlier have ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9668
RESERVED
CVE-2020-9667
@@ -16747,15 +16747,15 @@ CVE-2020-9652 (Adobe Premiere Pro versions 14.2 and
earlier have an out-of-bound
CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a
cross-site sc ...)
NOT-FOR-US: Adobe
CVE-2020-9650 (Adobe Media Encoder versions 14.2 and earlier have an
out-of-bounds wr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9649 (Adobe Media Encoder versions 14.2 and earlier have an
out-of-bounds re ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a
cross-site sc ...)
NOT-FOR-US: Adobe
CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a
cross-site sc ...)
NOT-FOR-US: Adobe
CVE-2020-9646 (Adobe Media Encoder versions 14.2 and earlier have an
out-of-bounds wr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind
server- ...)
NOT-FOR-US: Adobe
CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a
cross-site sc ...)
@@ -17750,21 +17750,21 @@ CVE-2020-9261 (HUAWEI Mate 30 with versions earlier
than 10.1.0.150(C00E136R5P3)
CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier
than 1 ...)
NOT-FOR-US: HUAWEI
CVE-2020-9259 (Huawei Honor V30 smartphones with versions earlier than
10.1.0.212(C00 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than
10.1.0.135(C00E135R2P ...)
NOT-FOR-US: HUAWEI
CVE-2020-9257 (HUAWEI P30 Pro smartphones with versions earlier than
10.1.0.123(C432E ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9256 (Huawei Mate 30 Pro smartphones with versions earlier than
10.1.0.150(C ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9255 (Huawei Honor 10 smartphones with versions earlier than
10.0.0.178(C00E ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9254 (HUAWEI P30 Pro smartphones with versions earlier than
10.1.0.123(C432E ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9253
RESERVED
CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),
HUAWEI M ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9251
RESERVED
CVE-2020-9250
@@ -17814,7 +17814,7 @@ CVE-2020-9229
CVE-2020-9228
RESERVED
CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than
10.1.0.166 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11)
have an ...)
NOT-FOR-US: HUAWEI
CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions
management v ...)
@@ -18064,9 +18064,9 @@ CVE-2020-9104
CVE-2020-9103
RESERVED
CVE-2020-9102 (There is a information leak vulnerability in some Huawei
products, and ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products.
An una ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking
vulnerability. Th ...)
NOT-FOR-US: Huawei
CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600;
NIP6800; Se ...)
@@ -26242,7 +26242,7 @@ CVE-2020-5771
CVE-2020-5770
RESERVED
CVE-2020-5769 (Insufficient output sanitization in Teltonika firmware
TRB2_R_00.02.02 ...)
- TODO: check
+ NOT-FOR-US: Teltonika
CVE-2020-5768 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2020-5767 (Cross-site request forgery in Icegram Email Subscribers &
Newslett ...)
@@ -26262,13 +26262,13 @@ CVE-2020-5761
CVE-2020-5760
RESERVED
CVE-2020-5759 (Grandstream UCM6200 series firmware version 1.0.20.23 and below
is vul ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2020-5758 (Grandstream UCM6200 series firmware version 1.0.20.23 and below
is vul ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2020-5757 (Grandstream UCM6200 series firmware version 1.0.20.23 and below
is vul ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2020-5756 (Grandstream GWN7000 firmware version 1.0.9.4 and below allows
authenti ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2020-5755 (Webroot endpoint agents prior to version v9.0.28.48 did not
protect th ...)
NOT-FOR-US: Webroot
CVE-2020-5754 (Webroot endpoint agents prior to version v9.0.28.48 allows
remote atta ...)
@@ -28045,9 +28045,9 @@ CVE-2020-5133
CVE-2020-5132
RESERVED
CVE-2020-5131 (SonicWall NetExtender Windows client vulnerable to arbitrary
file writ ...)
- TODO: check
+ NOT-FOR-US: SonicWall NetExtender Windows client
CVE-2020-5130 (SonicOS SSLVPN LDAP login request allows remote attackers to
cause ext ...)
- TODO: check
+ NOT-FOR-US: SonicOS SSLVPN / SonicWall
CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server
allows a ...)
NOT-FOR-US: SonicWall
CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute
arbitrary ...)
@@ -30253,7 +30253,7 @@ CVE-2020-4106
CVE-2020-4105
RESERVED
CVE-2020-4104 (HCL BigFix WebUI is vulnerable to stored cross-site scripting
(XSS) wi ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-4103
RESERVED
CVE-2020-4102
@@ -30261,7 +30261,7 @@ CVE-2020-4102
CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request
Forgery. ...)
NOT-FOR-US: HCL Digital Experience
CVE-2020-4100 ("HCL Verse for Android was found to employ dynamic code
loading. This ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-4099
RESERVED
CVE-2020-4098
@@ -30271,7 +30271,7 @@ CVE-2020-4097
CVE-2020-4096
RESERVED
CVE-2020-4095 ("BigFix Platform is storing clear text credentials within the
system's ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-4094
RESERVED
CVE-2020-4093
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82c9e2d5b13dc2708ac5fa5172418f2a66e05450
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82c9e2d5b13dc2708ac5fa5172418f2a66e05450
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
