Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fb8d90a4 by Salvatore Bonaccorso at 2021-01-25T21:23:10+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -561,7 +561,7 @@ CVE-2021-3280
CVE-2021-3279
RESERVED
CVE-2021-3278 (Local Service Search Engine Management System 1.0 has a
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Local Service Search Engine Management System
CVE-2021-3277
RESERVED
CVE-2021-3276
@@ -10776,7 +10776,7 @@ CVE-2020-35855
CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in
the Bod ...)
TODO: check
CVE-2020-35853 (4images Image Gallery Management System 1.7.11 is affected by
cross-si ...)
- TODO: check
+ NOT-FOR-US: 4images Image Gallery Management System
CVE-2020-35852
RESERVED
CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters
properly. Att ...)
@@ -10819,7 +10819,7 @@ CVE-2020-35845
CVE-2020-35844
RESERVED
CVE-2020-35843 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a
crafted i ...)
- TODO: check
+ NOT-FOR-US: FastStone Image Viewer
CVE-2020-35842 (Certain NETGEAR devices are affected by stored XSS. This
affects D6200 ...)
NOT-FOR-US: Netgear
CVE-2020-35841 (Certain NETGEAR devices are affected by stored XSS. This
affects D6200 ...)
@@ -15167,7 +15167,7 @@ CVE-2020-35272 (Employee Performance Evaluation System
in PHP/MySQLi with Source
CVE-2020-35271 (Employee Performance Evaluation System in PHP/MySQLi with
Source Code ...)
NOT-FOR-US: Employee Performance Evaluation System in PHP/MySQLi with
Source Code
CVE-2020-35270 (Student Result Management System In PHP With Source Code is
affected b ...)
- TODO: check
+ NOT-FOR-US: Student Result Management System In PHP With Source Code
CVE-2020-35269 (Nagios Core application version 4.2.4 is vulnerable to
Site-Wide Cross ...)
- nagios4 <undetermined>
NOTE: https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc
@@ -29695,7 +29695,7 @@ CVE-2020-25739 (An issue was discovered in the gon gem
before gon-6.4.0 for Ruby
CVE-2020-25738 (CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows
attackers ...)
NOT-FOR-US: CyberArk Endpoint Privilege Manager (EPM)
CVE-2020-25737 (An elevation of privilege vulnerability exists in Hackolade
versions p ...)
- TODO: check
+ NOT-FOR-US: Hackolade
CVE-2020-25736
RESERVED
CVE-2020-25735 (webTareas through 2.1 allows XSS in clients/editclient.php,
extensions ...)
@@ -49493,7 +49493,7 @@ CVE-2020-16238
CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product
receives input ...)
NOT-FOR-US: Philips SureSigns
CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability
when a ...)
- TODO: check
+ NOT-FOR-US: FPWIN Pro
CVE-2020-16235
RESERVED
CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based
buffer overf ...)
@@ -64164,7 +64164,7 @@ CVE-2020-11182
CVE-2020-11181 (Out of bound access issue while handling cvp process control
command d ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11180 (Out of bound access in computer vision control due to improper
validat ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-11179 (Arbitrary read and write to kernel addresses by temporarily
overwritin ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11178
@@ -64249,7 +64249,7 @@ CVE-2020-11141 (u'Buffer over-read issue in Bluetooth
estack due to lack of chec
CVE-2020-11140 (Out of bound memory access during music playback with ALAC
modified co ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11139 (Out of bound memory access while processing frames due to lack
of chec ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-11138 (Uninitialized pointers accessed during music play back with
incorrect ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11137 (Integer multiplication overflow resulting in lower buffer size
allocat ...)
@@ -71820,7 +71820,7 @@ CVE-2020-8294
CVE-2020-8293
RESERVED
CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2020-8291
RESERVED
CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439
suffer ...)
@@ -71828,7 +71828,7 @@ CVE-2020-8290 (Backblaze for Windows and Backblaze for
macOS before 7.0.0.439 su
CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS
before ...)
NOT-FOR-US: Backblaze
CVE-2020-8288 (The `specializedRendering` function in Rocket.Chat server
before 3.9.2 ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow
two co ...)
{DSA-4826-1}
- nodejs 12.20.1~dfsg-1 (bug #979364)
@@ -75715,9 +75715,9 @@ CVE-2020-6782
CVE-2020-6781 (Improper certificate validation for certain connections in the
Bosch S ...)
NOT-FOR-US: Bosch Smart Home System App for iOS
CVE-2020-6780 (Use of Password Hash With Insufficient Computational Effort in
the dat ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2020-6779 (Use of Hard-coded Credentials in the database of Bosch FSM-2500
server ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2020-6778
RESERVED
CVE-2020-6777 (A vulnerability in the web-based management interface of Bosch
PRAESID ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb8d90a4f428e4fd7e571364047637bcb0a94c31
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb8d90a4f428e4fd7e571364047637bcb0a94c31
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
