Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ba51a3e3 by Salvatore Bonaccorso at 2021-01-20T09:22:49+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3555,7 +3555,7 @@ CVE-2021-23937
CVE-2021-3138 (In Discourse 2.7.0 through beta1, a rate-limit bypass leads to
a bypas ...)
NOT-FOR-US: Discourse
CVE-2021-3137 (XWiki 12.10.2 allows XSS via an SVG document to the upload
feature of ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2021-3136
RESERVED
CVE-2021-3135
@@ -14035,9 +14035,9 @@ CVE-2020-35131 (Cockpit before 0.6.1 allows an attacker
to inject custom PHP cod
CVE-2020-35130
RESERVED
CVE-2020-35129 (Mautic before 3.2.4 is affected by stored XSS. An attacker
with access ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2020-35128 (Mautic before 3.2.4 is affected by stored XSS. An attacker
with permis ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2020-35127 (Ignite Realtime Openfire 4.6.0 has
plugins/bookmarks/create-bookmark.j ...)
NOT-FOR-US: Ignite Realtime Openfire
CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to
conduct ...)
@@ -15826,7 +15826,7 @@ CVE-2020-29599 (ImageMagick before 6.9.11-40 and 7.x
before 7.0.10-40 mishandles
NOTE: '-authenticate' replaced by '-define authenticate=' between
8787fc6de99078fde055bd400b14e1ce3a2971f9 (6.9.8-1) and 83ec5b above
NOTE: - bimodal ('-define delegate:bimodal=true' + pdf->(e)ps
delegates, %a expansion) after 78c7532f3ff5424de06e5d807cbb35c041bd2990
(6.9.4-2)
CVE-2020-29598 (The My AIA SG application 1.2.6 for Android allows attackers
to obtain ...)
- TODO: check
+ NOT-FOR-US: My AIA SG application for Android
CVE-2020-29597 (IncomCMS 2.0 has a modules/uploader/showcase/script.php
insecure file ...)
NOT-FOR-US: IncomCMS
CVE-2020-29596 (MiniWeb HTTP server 0.8.19 allows remote attackers to cause a
denial o ...)
@@ -18096,7 +18096,7 @@ CVE-2020-28709
CVE-2020-28708
RESERVED
CVE-2020-28707 (The Stockdio Historical Chart plugin before 2.8.1 for
WordPress is aff ...)
- TODO: check
+ NOT-FOR-US: Stockdio Historical Chart plugin for WordPress
CVE-2020-28706
RESERVED
CVE-2020-28705
@@ -22821,11 +22821,11 @@ CVE-2020-27854
CVE-2020-27853 (Wire before 2020-10-16 allows remote attackers to cause a
denial of se ...)
NOT-FOR-US: Wire app
CVE-2020-27852 (A stored Cross-Site Scripting (XSS) vulnerability in the
survey featur ...)
- TODO: check
+ NOT-FOR-US: Rocketgenius Gravity Forms
CVE-2020-27851 (Multiple stored HTML injection vulnerabilities in the "poll"
and "quiz ...)
- TODO: check
+ NOT-FOR-US: Rocketgenius Gravity Forms
CVE-2020-27850 (A stored Cross-Site Scripting (XSS) vulnerability in forms
import feat ...)
- TODO: check
+ NOT-FOR-US: Rocketgenius Gravity Forms
CVE-2020-27849
RESERVED
CVE-2020-27848 (dotCMS before 20.10.1 allows SQL injection, as demonstrated by
the /ap ...)
@@ -24702,7 +24702,7 @@ CVE-2020-27278
CVE-2020-27277 (Delta Electronics DOPSoft Version 4.0.8.21 and prior has a
null pointe ...)
NOT-FOR-US: Delta Electronics DOPSoft
CVE-2020-27276 (SOOIL Developments Co Ltd DiabecareRS,AnyDana-i &
AnyDana-A, the c ...)
- TODO: check
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27275 (Delta Electronics DOPSoft Version 4.0.8.21 and prior is
vulnerable to ...)
NOT-FOR-US: Delta Electronics DOPSoft
CVE-2020-27274
@@ -24710,23 +24710,23 @@ CVE-2020-27274
CVE-2020-27273
RESERVED
CVE-2020-27272 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A,
The commun ...)
- TODO: check
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27271
RESERVED
CVE-2020-27270 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A,
communicat ...)
- TODO: check
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27269 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and
AnyDana-A, ...)
- TODO: check
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27268 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and
AnyDana-A, ...)
- TODO: check
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27267 (KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and
v6.9, Thin ...)
NOT-FOR-US: KEPServerEX
CVE-2020-27266 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and
AnyDana-A, ...)
- TODO: check
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27265 (KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and
v6.9, Th ...)
NOT-FOR-US: KEPServerEX
CVE-2020-27264 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and
AnyDana-A, ...)
- TODO: check
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27263 (KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and
v6.9, Th ...)
NOT-FOR-US: KEPServerEX
CVE-2020-27262 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to
Version 1.7. ...)
@@ -24738,11 +24738,11 @@ CVE-2020-27260 (Innokas Yhtymä Oy Vital Signs
Monitor VC150 prior to Versio
CVE-2020-27259
RESERVED
CVE-2020-27258 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and
AnyDana-A, ...)
- TODO: check
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27257
RESERVED
CVE-2020-27256 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and
AnyDana-A, ...)
- TODO: check
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx
Version 6 ...)
NOT-FOR-US: FactoryTalk
CVE-2020-27254 (Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP,
XEGK, X ...)
@@ -41588,15 +41588,15 @@ CVE-2020-19366
CVE-2020-19365
RESERVED
CVE-2020-19364 (OpenEMR 5.0.1 allows an authenticated attacker to upload and
execute m ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2020-19363 (Vtiger CRM v7.2.0 allows an attacker to display hidden files,
list dir ...)
- TODO: check
+ NOT-FOR-US: Vtiger CRM
CVE-2020-19362 (Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php?
through the ...)
- TODO: check
+ NOT-FOR-US: Vtiger CRM
CVE-2020-19361 (Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating
the mot1 ...)
- TODO: check
+ NOT-FOR-US: Medintux
CVE-2020-19360 (Local file inclusion in FHEM 6.0 allows in
fhem/FileLog_logWrapper fil ...)
- TODO: check
+ NOT-FOR-US: FHEM
CVE-2020-19359
RESERVED
CVE-2020-19358
@@ -56560,9 +56560,9 @@ CVE-2020-13136 (D-Link DSP-W215 1.26b03 devices send an
obfuscated hash that can
CVE-2020-13135 (D-Link DSP-W215 1.26b03 devices allow information disclosure
by interc ...)
NOT-FOR-US: D-Link
CVE-2020-13134 (Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Tufin SecureChange
CVE-2020-13133 (Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Tufin SecureChange
CVE-2020-13132 (An issue was discovered in Yubico libykpiv before 2.1.0. An
attacker c ...)
- yubico-piv-tool 2.1.1-1 (bug #972644)
[stretch] - yubico-piv-tool <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba51a3e3fc680e0c8aa0a137ab0361e35c4b8837
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba51a3e3fc680e0c8aa0a137ab0361e35c4b8837
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
