Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
99764f6b by Salvatore Bonaccorso at 2020-11-10T21:53:27+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,7 +57,7 @@ CVE-2020-28373 (upnpd on certain NETGEAR devices allows
remote (LAN) attackers t
CVE-2020-28372
RESERVED
CVE-2020-28371 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in
ReadyTalk A ...)
- TODO: check
+ NOT-FOR-US: ReadyTalk Avian
CVE-2020-28370
RESERVED
CVE-2020-28369
@@ -72,7 +72,7 @@ CVE-2020-28366
CVE-2020-28365
RESERVED
CVE-2020-28364 (A stored cross-site scripting (XSS) vulnerability affects the
Web UI i ...)
- TODO: check
+ NOT-FOR-US: Locust
CVE-2020-28363
RESERVED
CVE-2020-28362
@@ -2213,7 +2213,7 @@ CVE-2020-28057
CVE-2020-28056
RESERVED
CVE-2020-28055 (A vulnerability in the TCL Android Smart TV series
V8-R851T02-LF1 V295 ...)
- TODO: check
+ NOT-FOR-US: TCL Android Smart TV series
CVE-2020-28054
RESERVED
CVE-2020-28053
@@ -2408,7 +2408,7 @@ CVE-2020-27984
CVE-2020-27983
RESERVED
CVE-2020-27982 (IceWarp 11.4.5.0 allows XSS via the language parameter. ...)
- TODO: check
+ NOT-FOR-US: IceWarp Webmail Server
CVE-2020-27981
REJECTED
CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS
in the WL ...)
@@ -2418,7 +2418,7 @@ CVE-2020-27979
CVE-2020-27978 (Shibboleth Identify Provider 3.x before 3.4.6 has a denial of
service ...)
NOT-FOR-US: Shibboleth Identify Provider (Debian only packages the SP)
CVE-2020-27977 (CapaSystems CapaInstaller before 6.0.101 does not properly
assign, mod ...)
- TODO: check
+ NOT-FOR-US: CapaSystems CapaInstaller
CVE-2020-27976 (osCommerce Phoenix CE before 1.0.5.4 allows OS command
injection remot ...)
NOT-FOR-US: osCommerce Phoenix CE
CVE-2020-27975 (osCommerce Phoenix CE before 1.0.5.4 allows
admin/define_language.php ...)
@@ -4224,7 +4224,7 @@ CVE-2020-27405
CVE-2020-27404
RESERVED
CVE-2020-27403 (A vulnerability in the TCL Android Smart TV series
V8-R851T02-LF1 V295 ...)
- TODO: check
+ NOT-FOR-US: TCL Android Smart TV series
CVE-2020-27402 (The HK1 Box S905X3 TV Box contains a vulnerability that allows
a local ...)
NOT-FOR-US: HK1 Box S905X3 TV Box
CVE-2020-27401
@@ -10870,7 +10870,7 @@ CVE-2020-24386
CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and
FreeBSD be ...)
NOT-FOR-US: FreeBSD and MidnightBSD
CVE-2020-24384 (A10 Networks ACOS and aGalaxy management Graphical User
Interfaces (GU ...)
- TODO: check
+ NOT-FOR-US: A10 Networks
CVE-2020-24383
RESERVED
CVE-2020-24382
@@ -10957,7 +10957,7 @@ CVE-2020-24355 (Zyxel VMG5313-B30B router on firmware
5.13(ABCJ.6)b3_1127, and p
CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and
possibl ...)
NOT-FOR-US: Zyxel
CVE-2020-24353 (Pega Platform before 8.4.0 has a XSS issue via stream rule
parameters ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2020-24352 (An issue was discovered in QEMU through 5.1.0. An
out-of-bounds memory ...)
- qemu <unfixed> (unimportant; bug #968820)
[buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA
device emulation added later)
@@ -13418,15 +13418,15 @@ CVE-2020-23142
CVE-2020-23141
RESERVED
CVE-2020-23140 (Microweber 1.1.18 is affected by insufficient session
expiration. When ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2020-23139 (Microweber 1.1.18 is affected by broken authentication and
session man ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2020-23138 (An unrestricted file upload vulnerability was discovered in
the Microw ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2020-23137
RESERVED
CVE-2020-23136 (Microweber v1.1.18 is affected by no session expiry after
log-out. ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2020-23135
RESERVED
CVE-2020-23134
@@ -29823,7 +29823,7 @@ CVE-2020-15299 (A reflected Cross-Site Scripting (XSS)
Vulnerability in the King
CVE-2020-15298
RESERVED
CVE-2020-15297 (Insufficient validation in the Bitdefender Update Server and
BEST Rela ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2020-15296
RESERVED
CVE-2020-15295
@@ -32902,9 +32902,9 @@ CVE-2020-14191
CVE-2020-14190
RESERVED
CVE-2020-14189 (The execute function in in the Atlassian gajira-comment GitHub
Action ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-14188 (The preprocessArgs function in the Atlassian gajira-create
GitHub Acti ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2020-14187
RESERVED
CVE-2020-14186
@@ -37294,7 +37294,7 @@ CVE-2020-12487
CVE-2020-12486
RESERVED
CVE-2020-12485 (The frame touch module does not make validity judgments on
parameter l ...)
- TODO: check
+ NOT-FOR-US: Vivo
CVE-2020-12484
RESERVED
CVE-2020-12483
@@ -56708,7 +56708,7 @@ CVE-2020-5390 (PySAML2 before 5.0.0 does not check that
the signature in a SAML
CVE-2020-5389 (Dell EMC OpenManage Integration for Microsoft System Center
(OMIMSSC) ...)
NOT-FOR-US: Dell
CVE-2020-5388 (Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0
contain an ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5387 (Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an
Improper Ex ...)
NOT-FOR-US: Dell
CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of
Resource ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99764f6bfe28bff934ca1d0c2adb1fd50ece6c01
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99764f6bfe28bff934ca1d0c2adb1fd50ece6c01
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
