Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
74d105a6 by Salvatore Bonaccorso at 2020-12-24T09:32:39+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2020-35678
RESERVED
CVE-2020-35677 (BigProf Online Invoicing System before 4.0 fails to adequately
sanitiz ...)
- TODO: check
+ NOT-FOR-US: BigProf Online Invoicing System
CVE-2020-35676 (BigProf Online Invoicing System before 3.1 fails to correctly
sanitize ...)
- TODO: check
+ NOT-FOR-US: BigProf Online Invoicing System
CVE-2020-35675 (BigProf Online Invoicing System before 3.0 offers a
functionality that ...)
- TODO: check
+ NOT-FOR-US: BigProf Online Invoicing System
CVE-2020-35674 (BigProf Online Invoicing System before 2.9 suffers from an
unauthentic ...)
- TODO: check
+ NOT-FOR-US: BigProf Online Invoicing System
CVE-2020-35673
RESERVED
CVE-2020-35672
@@ -29850,11 +29850,11 @@ CVE-2020-20143
CVE-2020-20142 (Cross Site Scripting (XSS) vulnerability in the "To Remote
CSV" compon ...)
TODO: check
CVE-2020-20141 (Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA)
compone ...)
- TODO: check
+ NOT-FOR-US: Flexmonster Pivot Table & Charts
CVE-2020-20140 (Cross Site Scripting (XSS) vulnerability in Remote Report
component un ...)
- TODO: check
+ NOT-FOR-US: Flexmonster Pivot Table & Charts
CVE-2020-20139 (Cross Site Scripting (XSS) vulnerability in the Remote JSON
component ...)
- TODO: check
+ NOT-FOR-US: Flexmonster Pivot Table & Charts
CVE-2020-20138 (Cross Site Scripting (XSS) vulnerability in the Showtime2
Slideshow mo ...)
NOT-FOR-US: CMS Made Simple (CMSMS)
CVE-2020-20137
@@ -44142,9 +44142,9 @@ CVE-2020-13971 (In Shopware before 6.2.3, authenticated
users are allowed to use
CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request
Forgery ( ...)
NOT-FOR-US: Shopware
CVE-2020-13969 (CRK Business Platform <= 2019.1 allows reflected XSS via
erro.aspx ...)
- TODO: check
+ NOT-FOR-US: CRK Business Platform
CVE-2020-13968 (CRK Business Platform <= 2019.1 allows can inject SQL
statements ag ...)
- TODO: check
+ NOT-FOR-US: CRK Business Platform
CVE-2020-13967
RESERVED
CVE-2020-13966
@@ -50943,11 +50943,11 @@ CVE-2020-11721 (load_png in loader.c in libsixel.a in
libsixel 1.8.6 has an unin
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/134
CVE-2020-11720 (An issue was discovered in Programi Bilanc build 007 release
014 31.01 ...)
- TODO: check
+ NOT-FOR-US: Programi Bilanc
CVE-2020-11719 (An issue was discovered in Programi Bilanc build 007 release
014 31.01 ...)
- TODO: check
+ NOT-FOR-US: Programi Bilanc
CVE-2020-11718 (An issue was discovered in Programi Bilanc build 007 release
014 31.01 ...)
- TODO: check
+ NOT-FOR-US: Programi Bilanc
CVE-2020-11717 (An issue was discovered in Programi 014 31.01.2020. It has
multiple SQ ...)
NOT-FOR-US: Programi
CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro
devices throu ...)
@@ -66785,13 +66785,13 @@ CVE-2020-5686
CVE-2020-5685
RESERVED
CVE-2020-5684 (iSM client versions from V5.1 prior to V12.1 running on NEC
Storage Ma ...)
- TODO: check
+ NOT-FOR-US: iSM client
CVE-2020-5683 (Directory traversal vulnerability in GROWI versions prior to
v4.2.3 (v ...)
NOT-FOR-US: GROWI
CVE-2020-5682 (Improper input validation in GROWI versions prior to v4.2.3
(v4.2 Seri ...)
NOT-FOR-US: GROWI
CVE-2020-5681 (Untrusted search path vulnerability in self-extracting files
created b ...)
- TODO: check
+ NOT-FOR-US: EpsonNet SetupManager
CVE-2020-5680 (Improper input validation vulnerability in EC-CUBE versions
from 3.0.5 ...)
NOT-FOR-US: EC-CUBE
CVE-2020-5679 (Improper restriction of rendered UI layers or frames in EC-CUBE
versio ...)
@@ -75458,11 +75458,11 @@ CVE-2020-2507
CVE-2020-2506
RESERVED
CVE-2020-2505 (If exploited, this vulnerability could allow attackers to gain
sensiti ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2504 (If exploited, this absolute path traversal vulnerability could
allow a ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2503 (If exploited, this stored cross-site scripting vulnerability
could all ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2502
RESERVED
CVE-2020-2501
@@ -75470,7 +75470,7 @@ CVE-2020-2501
CVE-2020-2500 (This improper access control vulnerability in Helpdesk allows
attacker ...)
NOT-FOR-US: QNAP
CVE-2020-2499 (A hard-coded password vulnerability has been reported to affect
earlie ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2020-2498 (If exploited, this cross-site scripting vulnerability could
allow remo ...)
NOT-FOR-US: QNAP
CVE-2020-2497 (If exploited, this cross-site scripting vulnerability could
allow remo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d105a6343787ef5e6f000966cbd84ae7daf767
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d105a6343787ef5e6f000966cbd84ae7daf767
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
