Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e6d15f9a by Salvatore Bonaccorso at 2020-08-28T07:12:11+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -668,7 +668,7 @@ CVE-2020-24392
CVE-2020-24391
RESERVED
CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape
the user ...)
- TODO: check
+ NOT-FOR-US: EyesOfNetwork (EON)
CVE-2020-24389
RESERVED
CVE-2020-24388
@@ -1089,7 +1089,7 @@ CVE-2020-24205
CVE-2020-24204
RESERVED
CVE-2020-24203 (Insecure File Permissions and Arbitrary File Upload in the
upload pic ...)
- TODO: check
+ NOT-FOR-US: Projects World Travel Management System
CVE-2020-24202 (File Upload component in Projects World House Rental v1.0
suffers from ...)
NOT-FOR-US: Projects World House Rental
CVE-2020-24201
@@ -1527,7 +1527,7 @@ CVE-2020-23986
CVE-2020-23985
RESERVED
CVE-2020-23984 (Online Hotel Booking System Pro PHP Version 1.3 has Persistent
Cross-s ...)
- TODO: check
+ NOT-FOR-US: Online Hotel Booking System Pro PHP
CVE-2020-23983 (Michael-design iChat Realtime PHP Live Support System 1.6 has
persiste ...)
NOT-FOR-US: Michael-design iChat Realtime PHP Live Support System
CVE-2020-23982 (DesignMasterEvents Conference management 1.0.0 has cross site
scriptin ...)
@@ -1547,7 +1547,7 @@ CVE-2020-23976 (Webexcels Ecommerce CMS 2.x, 2017, 2018,
2019, 2020 has SQL Inje
CVE-2020-23975 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross
site scr ...)
NOT-FOR-US: Webexcels Ecommerce CMS
CVE-2020-23974 (Create-Project Manager 1.07 has Multi Persistent Cross-site
Scripting ...)
- TODO: check
+ NOT-FOR-US: Create-Project Manager
CVE-2020-23973 (KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the
'team.php ...)
NOT-FOR-US: KandNconcepts Club CMS
CVE-2020-23972 (In Joomla Component GMapFP Version J3.5 and J3.5free, an
attacker can ...)
@@ -2177,7 +2177,7 @@ CVE-2020-23661
CVE-2020-23660 (webTareas v2.1 is affected by Cross Site Scripting (XSS) on
"Search." ...)
TODO: check
CVE-2020-23659 (WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS)
on the " ...)
- TODO: check
+ NOT-FOR-US: WebPort
CVE-2020-23658 (PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS)
via infus ...)
NOT-FOR-US: PHP-Fusion
CVE-2020-23657 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on
module "C ...)
@@ -2343,7 +2343,7 @@ CVE-2020-23578
CVE-2020-23577
RESERVED
CVE-2020-23576 (Laborator Neon dashboard v3 is affected by stored Cross Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: Laborator Neon dashboard
CVE-2020-23575
RESERVED
CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an
authenticated use ...)
@@ -20717,9 +20717,9 @@ CVE-2020-14731
CVE-2020-14730
RESERVED
CVE-2020-14729 (Vulnerability in SuiteCommerce Advanced (SCA) Sites component
of Oracl ...)
- TODO: check
+ NOT-FOR-US: Oracle NetSuite
CVE-2020-14728 (Vulnerability in the SuiteCommerce Advanced (SCA) component of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle NetSuite
CVE-2020-14727
RESERVED
CVE-2020-14726
@@ -23207,7 +23207,7 @@ CVE-2020-13865 (The Elementor Page Builder plugin
before 2.9.9 for WordPress suf
CVE-2020-13864 (The Elementor Page Builder plugin before 2.9.9 for WordPress
suffers f ...)
NOT-FOR-US: Elementor Page Builder plugin for WordPress
CVE-2020-13863 (The SAS portal of Mitel MiCollab before 9.1.3 could allow an
attacker ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2020-13862
RESERVED
CVE-2020-13861
@@ -23304,7 +23304,7 @@ CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js
allows ECDSA signature ma
[buster] - node-elliptic <no-dsa> (Minor issue)
NOTE: https://github.com/indutny/elliptic/issues/226
CVE-2020-13821 (An issue was discovered in HiveMQ Broker Control Center 4.3.2.
A craft ...)
- TODO: check
+ NOT-FOR-US: HiveMQ Broker Control Center
CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated
reflected XS ...)
NOT-FOR-US: Extreme Management Center
CVE-2020-13819 (Extreme EAC Appliance 8.4.1.24 allows unauthenticated
reflected XSS vi ...)
@@ -23534,7 +23534,7 @@ CVE-2020-13769
CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer
overflow via ...)
NOT-FOR-US: MiniShare
CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could
allow an u ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2020-13766
RESERVED
CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate
the rel ...)
@@ -23925,7 +23925,7 @@ CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP
through 2.0.11 allows an
CVE-2020-13618
RESERVED
CVE-2020-13617 (The Web UI component of Mitel MiVoice 6800 and 6900 series SIP
Phones ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0
lacks TLS ...)
NOT-FOR-US: pichi
CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname
verification ...)
@@ -24370,7 +24370,7 @@ CVE-2020-13412 (An issue was discovered in Aviatrix
Controller before 5.4.1204.
CVE-2020-13411
RESERVED
CVE-2020-13410 (An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js
does not ...)
- TODO: check
+ NOT-FOR-US: MoscaJS Aedes
CVE-2020-13409
RESERVED
CVE-2020-13408
@@ -25703,7 +25703,7 @@ CVE-2020-12857 (Caching of GATT characteristic values
(TempID) in COVIDSafe v1.0
CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17,
TraceTogether, ABTrac ...)
NOT-FOR-US: COVIDSafe
CVE-2020-12855 (A Host header injection vulnerability has been discovered in
SecZetta ...)
- TODO: check
+ NOT-FOR-US: SecZetta NEProfile
CVE-2020-12854 (A remote code execution vulnerability was identified in
SecZetta NEPro ...)
NOT-FOR-US: SecZetta NEProfile
CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either
upload or cr ...)
@@ -26729,7 +26729,7 @@ CVE-2020-12457 (An issue was discovered in wolfSSL
before 4.5.0. It mishandles t
NOTE:
https://github.com/wolfSSL/wolfssl/commit/df1b7f34f173cfc2968ce12e8fcd2fd8bcc61a59
(v4.5.0-stable)
NOTE: https://github.com/wolfSSL/wolfssl/pull/2927
CVE-2020-12456 (A remote code execution vulnerability in Mitel MiVoice Connect
Client ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2020-12455
RESERVED
CVE-2020-12454
@@ -29077,7 +29077,7 @@ CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an
unprivileged attacker to elevate p
CVE-2020-11798 (A Directory Traversal vulnerability in the web conference
component of ...)
NOT-FOR-US: Mitel
CVE-2020-11797 (An Authentication Bypass vulnerability in the Published Area
of the we ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password
authentication imp ...)
NOT-FOR-US: JetBrains Space
CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout
period was ...)
@@ -39919,7 +39919,7 @@ CVE-2020-7833
CVE-2020-7832
RESERVED
CVE-2020-7831 (A vulnerability in the web-based contract management service
interface ...)
- TODO: check
+ NOT-FOR-US: Inogard Ebiz4u
CVE-2020-7830
RESERVED
CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based
overflow vuln ...)
@@ -39933,7 +39933,7 @@ CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16
and earlier versions conta
CVE-2020-7825 (A vulnerability exists that could allow the execution of
operating sys ...)
NOT-FOR-US: MiPlatform
CVE-2020-7824 (A vulnerability in the web-based management interface of iPECS
could a ...)
- TODO: check
+ NOT-FOR-US: iPECS
CVE-2020-7823 (DaviewIndy has a Memory corruption vulnerability, triggered
when the u ...)
NOT-FOR-US: DaviewIndy
CVE-2020-7822 (DaviewIndy has a Heap-based overflow vulnerability, triggered
when the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d15f9af87b5fc9277e2bc7ef5e574ad4117266
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d15f9af87b5fc9277e2bc7ef5e574ad4117266
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
