[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso Tue, 17 Nov 2020 00:32:47 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
94218458 by Salvatore Bonaccorso at 2020-11-17T09:32:05+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -411,7 +411,7 @@ CVE-2020-28695
 CVE-2020-28694
        RESERVED
 CVE-2020-28693 (An unrestricted file upload issue in HorizontCMS 1.0.0-beta 
allows an  ...)
-       TODO: check
+       NOT-FOR-US: HorizontCMS
 CVE-2020-28692 (In Gila CMS 1.16.0, an attacker can upload a shell to tmp 
directy and  ...)
        NOT-FOR-US: Gila CMS
 CVE-2020-28691
@@ -6847,7 +6847,7 @@ CVE-2020-27195 (HashiCorp Nomad and Nomad Enterprise 
version 0.9.0 up to 0.12.5
 CVE-2020-27193 (A cross-site scripting (XSS) vulnerability in the Color Dialog 
plugin  ...)
        NOT-FOR-US: CKEditor plugin
 CVE-2020-27192 (BinaryNights ForkLift 3.4 was compiled with the 
com.apple.security.cs. ...)
-       TODO: check
+       NOT-FOR-US: BinaryNights ForkLift
 CVE-2020-27191 (LionWiki before 3.2.12 allows an unauthenticated user to read 
files as ...)
        NOT-FOR-US: LionWiki
 CVE-2020-27194 (An issue was discovered in the Linux kernel before 5.8.15. 
scalar32_mi ...)
@@ -6989,9 +6989,9 @@ CVE-2020-27133
 CVE-2020-27132
        RESERVED
 CVE-2020-27131 (Multiple vulnerabilities in the Java deserialization function 
that is  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-27130 (A vulnerability in Cisco Security Manager could allow an 
unauthenticat ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-27129 (A vulnerability in the remote management feature of Cisco 
SD-WAN vMana ...)
        NOT-FOR-US: Cisco
 CVE-2020-27128 (A vulnerability in the application data endpoints of Cisco 
SD-WAN vMan ...)
@@ -7001,7 +7001,7 @@ CVE-2020-27127
 CVE-2020-27126
        RESERVED
 CVE-2020-27125 (A vulnerability in Cisco Security Manager could allow an 
unauthenticat ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-27124
        RESERVED
 CVE-2020-27123 (A vulnerability in the interprocess communication (IPC) 
channel of Cis ...)
@@ -8885,9 +8885,9 @@ CVE-2020-26227
 CVE-2020-26226
        RESERVED
 CVE-2020-26225 (In PrestaShop Product Comments before version 4.2.0, an 
attacker could ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop
 CVE-2020-26224 (In PrestaShop before version 1.7.6.9 an attacker is able to 
list all t ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop
 CVE-2020-26223 (Spree is a complete open source e-commerce solution built with 
Ruby on ...)
        NOT-FOR-US: Spree
 CVE-2020-26222 (Dependabot is a set of packages for automated dependency 
management fo ...)
@@ -31945,7 +31945,7 @@ CVE-2020-15351 (IDrive before 6.7.3.19 on Windows 
installs by default to %PROGRA
 CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The 
decoding ...)
        NOT-FOR-US: RIOT RIOT-OS
 CVE-2020-15349 (BinaryNights ForkLift 3.x before 3.4 has a local privilege 
escalation  ...)
-       TODO: check
+       NOT-FOR-US: BinaryNights ForkLift
 CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of 
live/CPEManag ...)
        NOT-FOR-US: Zyxel
 CVE-2020-15347 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the 
q6xV4aW8bQ4cfD-b pa ...)
@@ -36378,15 +36378,15 @@ CVE-2020-13775 (ZNC 1.8.0 up to 1.8.1-rc1 allows 
authenticated users to trigger
 CVE-2020-13774 (An unrestricted file-upload issue in EditLaunchPadDialog.aspx 
in Ivant ...)
        NOT-FOR-US: Ivanti
 CVE-2020-13773 (Ivanti Endpoint Manager through 2020.1.1 allows XSS via 
/LDMS/frm_spli ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2020-13772 (In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 
2020.1.1, a ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2020-13771 (Various components in Ivanti Endpoint Manager through 2020.1.1 
rely on ...)
        NOT-FOR-US: Ivanti
 CVE-2020-13770 (Several services are accessing named pipes in Ivanti Endpoint 
Manager  ...)
        NOT-FOR-US: Ivanti
 CVE-2020-13769 (LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 
allows S ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer 
overflow via  ...)
        NOT-FOR-US: MiniShare
 CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could 
allow an u ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/942184583d8ad77df88cdc5a030dbc17621b0dfa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/942184583d8ad77df88cdc5a030dbc17621b0dfa
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Reply via email to