Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
289220c2 by Salvatore Bonaccorso at 2020-10-20T22:38:14+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22926,7 +22926,7 @@ CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox
Exporter through 0.17.0 allow
CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and
prior. Th ...)
NOT-FOR-US: Philips
CVE-2020-16246 (The affected Reason S20 Ethernet Switch is vulnerable to
cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Reason S20 Ethernet Switch
CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product
is vulne ...)
NOT-FOR-US: Advantech
CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not
used for h ...)
@@ -23955,7 +23955,7 @@ CVE-2020-15824 (In JetBrains Kotlin from 1.4-M1 to
1.4-RC (as Kotlin 1.3.7x is n
CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in
the Wor ...)
NOT-FOR-US: JetBrains YouTrack
CVE-2020-15822 (In JetBrains YouTrack before 2020.2.10514, SSRF is possible
because UR ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without
permission is ...)
NOT-FOR-US: JetBrains YouTrack
CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser
could di ...)
@@ -25466,7 +25466,7 @@ CVE-2020-15265
CVE-2020-15264
RESERVED
CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not
properly e ...)
- TODO: check
+ NOT-FOR-US: Laravel Orchid Platform
CVE-2020-15262 (In webpack-subresource-integrity before version 1.5.1, all
dynamically ...)
TODO: check
CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an
unquoted ...)
@@ -47192,9 +47192,9 @@ CVE-2020-7372
CVE-2020-7371 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
TODO: check
CVE-2020-7370 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Danyil Vasilenko's Bolt Browser
CVE-2020-7369 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Yandex Browser
CVE-2020-7368
RESERVED
CVE-2020-7367
@@ -47204,9 +47204,9 @@ CVE-2020-7366
CVE-2020-7365
RESERVED
CVE-2020-7364 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
- TODO: check
+ NOT-FOR-US: UCWeb's UC Browser
CVE-2020-7363 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
- TODO: check
+ NOT-FOR-US: UCWeb's UC Browser
CVE-2020-7362
RESERVED
CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command
injecti ...)
@@ -50606,9 +50606,9 @@ CVE-2020-6087 (An exploitable denial of service
vulnerability exists in the ENIP
CVE-2020-6086 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
NOT-FOR-US: Allen-Bradley Flex IO
CVE-2020-6085 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
- TODO: check
+ NOT-FOR-US: Allen-Bradley Flex IO
CVE-2020-6084 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
- TODO: check
+ NOT-FOR-US: Allen-Bradley Flex IO
CVE-2020-6083 (An exploitable denial of service vulnerability exists in the
ENIP Requ ...)
NOT-FOR-US: Allen-Bradley Flex IO
CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the
ico_rea ...)
@@ -51573,7 +51573,7 @@ CVE-2020-5642 (Cross-site request forgery (CSRF)
vulnerability in Live Chat - Li
CVE-2020-5641
RESERVED
CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and
earlier ...)
- TODO: check
+ NOT-FOR-US: OneThird CMS
CVE-2020-5639
RESERVED
CVE-2020-5638
@@ -55586,11 +55586,11 @@ CVE-2020-3997
CVE-2020-3996
RESERVED
CVE-2020-3995 (In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before
ESXi650-20 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3994 (VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k)
contains a ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3993 (VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0)
contains a sec ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3992 (OpenSLP as used in VMware ESXi (7.0 before
ESXi_7.0.1-0.0.16850804, 6. ...)
TODO: check
CVE-2020-3991 (VMware Horizon Client for Windows (5.x before 5.5.0) contains a
denial ...)
@@ -55612,9 +55612,9 @@ CVE-2020-3984
CVE-2020-3983
RESERVED
CVE-2020-3982 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before
ESXi670-20 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3981 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before
ESXi670-20 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation
vulnerability due ...)
NOT-FOR-US: VMware
CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0)
installers lo ...)
@@ -98242,7 +98242,7 @@ CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open
Source BMS v1.1.1 and othe
CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a
deserializat ...)
NOT-FOR-US: Laravel Framework
CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password
storage. ...)
- TODO: check
+ NOT-FOR-US: DomainMOD
CVE-2019-9079
RESERVED
CVE-2019-9078 (zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify
parameter b ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/289220c27ddcb5c12ffe41cdb59674b7063435dc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/289220c27ddcb5c12ffe41cdb59674b7063435dc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
