Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a5d1cbee by Salvatore Bonaccorso at 2020-12-27T09:55:41+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2020-35731
CVE-2020-35730
RESERVED
CVE-2020-35729 (KLog Server 2.4.1 allows OS command injection via shell
metacharacters ...)
- TODO: check
+ NOT-FOR-US: KLog Server
CVE-2020-35728 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
@@ -3668,7 +3668,7 @@ CVE-2020-35364 (Beijing Huorong Internet Security
5.0.55.2 allows a non-admin us
CVE-2020-35363
RESERVED
CVE-2020-35362 (DEXT5Upload 2.7.1262310 and earlier is affected by Directory
Traversal ...)
- TODO: check
+ NOT-FOR-US: DEXT5Upload
CVE-2020-35361
RESERVED
CVE-2020-35360
@@ -3824,7 +3824,7 @@ CVE-2020-35286
CVE-2020-35285
RESERVED
CVE-2020-35284 (Flamingo (aka FlamingoIM) through 2020-09-29 allows ../
directory trav ...)
- TODO: check
+ NOT-FOR-US: Flamingo (aka FlamingoIM)
CVE-2020-35283
RESERVED
CVE-2020-35282
@@ -3904,13 +3904,13 @@ CVE-2020-35247
CVE-2020-35246
RESERVED
CVE-2020-35245 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: Flamingo (aka FlamingoIM)
CVE-2020-35244 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: Flamingo (aka FlamingoIM)
CVE-2020-35243 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: Flamingo (aka FlamingoIM)
CVE-2020-35242 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: Flamingo (aka FlamingoIM)
CVE-2020-35241
RESERVED
CVE-2020-35240
@@ -6878,7 +6878,7 @@ CVE-2020-29301
CVE-2020-29300
RESERVED
CVE-2020-29299 (Certain Zyxel products allow command injection by an admin via
an inpu ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2020-29298
RESERVED
CVE-2020-29297
@@ -6976,9 +6976,9 @@ CVE-2020-29252
CVE-2020-29251
RESERVED
CVE-2020-29250 (CXUUCMS V3 allows XSS via the first and third input fields to
/public/ ...)
- TODO: check
+ NOT-FOR-US: CXUUCMS
CVE-2020-29249 (CXUUCMS V3 allows class="layui-input" XSS. ...)
- TODO: check
+ NOT-FOR-US: CXUUCMS
CVE-2020-29248
RESERVED
CVE-2020-29247 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in
the Admin ...)
@@ -7068,7 +7068,7 @@ CVE-2020-29206
CVE-2020-29205
RESERVED
CVE-2020-29204 (XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the
20-charact ...)
- TODO: check
+ NOT-FOR-US: XXL-JOB
CVE-2020-29203 (struct2json before 2020-11-18 is affected by a Buffer Overflow
because ...)
TODO: check
CVE-2020-29202
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5d1cbeeb1c0c90db65ae557b874131df31aad8f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5d1cbeeb1c0c90db65ae557b874131df31aad8f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
