Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c1f8b668 by Salvatore Bonaccorso at 2020-11-20T09:32:38+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33,9 +33,9 @@ CVE-2020-28956
CVE-2020-28955
RESERVED
CVE-2020-28954 (web/controllers/ApiController.groovy in BigBlueButton before
2.2.29 la ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-28953 (In BigBlueButton before 2.2.29, a user can vote more than once
in a si ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-28952
RESERVED
CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may
encounter ...)
@@ -102,7 +102,7 @@ CVE-2020-28926
CVE-2020-28925
RESERVED
CVE-2020-28924 (An issue was discovered in Rclone before 1.53.3. Due to the
use of a w ...)
- TODO: check
+ NOT-FOR-US: Rclone
CVE-2020-28923
RESERVED
CVE-2020-28922
@@ -116,7 +116,7 @@ CVE-2020-28919
CVE-2020-28918
RESERVED
CVE-2020-28917 (An issue was discovered in the view_statistics (aka View
frontend stat ...)
- TODO: check
+ NOT-FOR-US: TYPO3 extension
CVE-2020-28916
RESERVED
CVE-2020-28915 (A buffer over-read (at the framebuffer layer) in the fbcon
code in the ...)
@@ -2455,7 +2455,7 @@ CVE-2020-28352
CVE-2020-28351 (The conferencing component on Mitel ShoreTel 19.46.1802.0
devices coul ...)
NOT-FOR-US: Mitel
CVE-2020-28350 (A Cross Site Scripting (XSS) vulnerability exists in OPAC in
Sokrates ...)
- TODO: check
+ NOT-FOR-US: SOWA SowaSQL
CVE-2020-28349 (** DISPUTED ** An inaccurate frame deduplication process in
ChirpStack ...)
NOT-FOR-US: ChirpStack Network Server
CVE-2020-28348
@@ -4254,9 +4254,9 @@ CVE-2020-28212 (A CWE-307: Improper Restriction of
Excessive Authentication Atte
CVE-2020-28211 (A CWE-863: Incorrect Authorization vulnerability exists in PLC
Simulat ...)
TODO: check
CVE-2020-28210 (A CWE-79 Improper Neutralization of Input During Web Page
Generation ( ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Building Operation WebStation
CVE-2020-28209 (A CWE-428 Windows Unquoted Search Path vulnerability exists in
EcoStru ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Building Operation Enterprise Server installer
CVE-2020-28208
RESERVED
CVE-2020-28207
@@ -9169,7 +9169,7 @@ CVE-2020-26217 (XStream before version 1.4.14 is
vulnerable to Remote Code Execu
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
NOTE:
https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a
CVE-2020-26216 (TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4,
2.5.11 ...)
- TODO: check
+ NOT-FOR-US: TYPO3 Fluid
CVE-2020-26215 (Jupyter Notebook before version 6.1.5 has an Open redirect
vulnerabili ...)
- jupyter-notebook <unfixed>
NOTE:
https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh
@@ -9480,7 +9480,7 @@ CVE-2016-11086 (lib/oauth/consumer.rb in the oauth-ruby
gem through 0.5.4 for Ru
- ruby-oauth <unfixed> (bug #970932)
NOTE: https://github.com/oauth-xx/oauth-ruby/issues/137
CVE-2020-26097 (** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET
Technology ...)
- TODO: check
+ NOT-FOR-US: PLANET Technology Corp NVR-915 and NVR-1615
CVE-2020-26096
RESERVED
CVE-2020-26095
@@ -16781,7 +16781,7 @@ CVE-2020-22725
CVE-2020-22724
RESERVED
CVE-2020-22723 (A cross-site scripting (XSS) vulnerability in Beijing
Liangjing Zhiche ...)
- TODO: check
+ NOT-FOR-US: Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop
CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local
privilege ...)
NOT-FOR-US: Rapid Software LLC Rapid SCADA
CVE-2020-22721 (A File Upload Vulnerability in PNotes - Andrey Gruber
PNotes.NET v3.8. ...)
@@ -39850,7 +39850,7 @@ CVE-2020-12512
CVE-2020-12511
RESERVED
CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software
in all v ...)
- TODO: check
+ NOT-FOR-US: Beckhoff
CVE-2020-12509
RESERVED
CVE-2020-12508
@@ -39878,9 +39878,9 @@ CVE-2020-12498 (mwe file parsing in Phoenix Contact PC
Worx and PC Worx Express
CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC
Worx Expres ...)
NOT-FOR-US: Phoenix
CVE-2020-12496 (Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35,
ORSG35) and ...)
- TODO: check
+ NOT-FOR-US: Endress+Hauser
CVE-2020-12495 (Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35,
ORSG35) with ...)
- TODO: check
+ NOT-FOR-US: Endress+Hauser
CVE-2020-12494 (Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x
is prov ...)
NOT-FOR-US: Beckhoff
CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series
with vers ...)
@@ -42307,9 +42307,9 @@ CVE-2020-11833
CVE-2020-11832
RESERVED
CVE-2020-11831 (OvoiceManager has system permission to write vulnerability
reports for ...)
- TODO: check
+ NOT-FOR-US: OvoiceManager
CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system
command ...)
- TODO: check
+ NOT-FOR-US: QualityProtect
CVE-2020-11829 (Dynamic loading of services in the backup and restore SDK
leads to ele ...)
TODO: check
CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP
framewor ...)
@@ -53929,23 +53929,23 @@ CVE-2020-7575 (A vulnerability has been identified in
Climatix POL908 (BACnet/IP
CVE-2020-7574 (A vulnerability has been identified in Climatix POL908
(BACnet/IP modu ...)
NOT-FOR-US: Climatix
CVE-2020-7573 (A CWE-284 Improper Access Control vulnerability exists in
EcoStruxure ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Building Operation WebReports
CVE-2020-7572 (A CWE-611 Improper Restriction of XML External Entity Reference
vulner ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Building Operation WebReports
CVE-2020-7571 (A CWE-79 Multiple Improper Neutralization of Input During Web
Page Gen ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Building Operation WebReports
CVE-2020-7570 (A CWE-79 Improper Neutralization of Input During Web Page
Generation ( ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Building Operation WebReports
CVE-2020-7569 (A CWE-434 Unrestricted Upload of File with Dangerous Type
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: EcoStruxure Building Operation WebReports
CVE-2020-7568 (A CWE-200: Exposure of Sensitive Information to an Unauthorized
Actor ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7567 (A CWE-311: Missing Encryption of Sensitive Data vulnerability
exists i ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7566 (A CWE-334: Small Space of Random Values vulnerability exists in
Modico ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7565 (A CWE-326: Inadequate Encryption Strength vulnerability exists
in Modi ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7564 (A CWE-120: Buffer Copy without Checking Size of Input ('Classic
Buffer ...)
NOT-FOR-US: Modicon
CVE-2020-7563 (A CWE-787: Out-of-bounds Write vulnerability exists in the Web
Server ...)
@@ -53953,29 +53953,29 @@ CVE-2020-7563 (A CWE-787: Out-of-bounds Write
vulnerability exists in the Web Se
CVE-2020-7562 (A CWE-125: Out-of-Bounds Read vulnerability exists in the Web
Server o ...)
NOT-FOR-US: Modicon
CVE-2020-7561 (A CWE-284: Improper Access Control vulnerability exists in
Easergy T30 ...)
- TODO: check
+ NOT-FOR-US: Easergy
CVE-2020-7560
RESERVED
CVE-2020-7559 (A CWE-120: Buffer Copy without Checking Size of Input ('Classic
Buffer ...)
TODO: check
CVE-2020-7558 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS
Definition ...)
- TODO: check
+ NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7557 (A CWE-125 Out-of-bounds Read vulnerability exists in IGSS
Definition ( ...)
- TODO: check
+ NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7556 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS
Definition ...)
- TODO: check
+ NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7555 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS
Definition ...)
- TODO: check
+ NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7554 (A CWE-119 Improper Restriction of Operations within the Bounds
of a Me ...)
- TODO: check
+ NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7553 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS
Definition ...)
- TODO: check
+ NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7552 (A CWE-119 Improper Restriction of Operations within the Bounds
of a Me ...)
- TODO: check
+ NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7551 (A CWE-119 Improper Restriction of Operations within the Bounds
of a Me ...)
- TODO: check
+ NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7550 (A CWE-119 Improper Restriction of Operations within the Bounds
of a Me ...)
- TODO: check
+ NOT-FOR-US: IGSS Definition (Def.exe)
CVE-2020-7549
RESERVED
CVE-2020-7548
@@ -55542,7 +55542,7 @@ CVE-2020-6881
CVE-2020-6880
RESERVED
CVE-2020-6879 (Some ZTE devices have input verification vulnerabilities. The
devices ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2020-6878
RESERVED
CVE-2020-6877 (A ZTE product is impacted by an information leak vulnerability.
An att ...)
@@ -58689,7 +58689,7 @@ CVE-2020-5670
CVE-2020-5669
RESERVED
CVE-2020-5668 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R
Series ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi Electric
CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App
for iOS ...)
NOT-FOR-US: Studyplus
CVE-2020-5666 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R
Series ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1f8b6681bc299032c263b34371619355c7fa429
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1f8b6681bc299032c263b34371619355c7fa429
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
