diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-08-20 20:35:44 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-08-20 20:35:44 +0200 |
commit | 9a3b31c1801415245f914b0ae961d2a8fed74ebb (patch) | |
tree | 17471127a8878637641da2780b58e4eef2edd538 | |
parent | 9a375d6190562440e236a75ca90bfaf9d2a7da0f (diff) |
new snmptt issue
new linux issue
NFUs
-rw-r--r-- | data/CVE/2016.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 209 |
2 files changed, 105 insertions, 106 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 6dfe0c86bc..fd09fbd078 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,5 +1,5 @@ CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...) NOT-FOR-US: Mattermost CVE-2016-11083 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index fc8870f2e5..4593419bb0 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -311,7 +311,8 @@ CVE-2020-24396 CVE-2020-24395 RESERVED CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) ca ...) - TODO: check + - linux <unfixed> + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832 CVE-2020-24393 RESERVED CVE-2020-24392 @@ -337,7 +338,7 @@ CVE-2020-24383 CVE-2020-24382 RESERVED CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) through 3.9 ...) - TODO: check + NOT-FOR-US: GUnet Open eClass Platform CVE-2020-24380 RESERVED CVE-2020-24379 @@ -377,7 +378,7 @@ CVE-2020-24363 CVE-2020-24362 RESERVED CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, P ...) - TODO: check + - snmptt 1.4.2-1 CVE-2020-24360 RESERVED CVE-2020-24359 @@ -671,7 +672,7 @@ CVE-2020-24222 CVE-2020-24221 RESERVED CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...) - TODO: check + NOT-FOR-US: ShopXO CVE-2020-24219 RESERVED CVE-2020-24218 @@ -695,7 +696,7 @@ CVE-2020-24210 CVE-2020-24209 RESERVED CVE-2020-24208 (A SQL injection vulnerability in SourceCodester Online Shopping Alphaw ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2020-24207 RESERVED CVE-2020-24206 @@ -1047,7 +1048,7 @@ CVE-2020-24034 CVE-2020-24033 RESERVED CVE-2020-24032 (tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cm ...) - TODO: check + NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD CVE-2020-24031 RESERVED CVE-2020-24030 @@ -1243,7 +1244,7 @@ CVE-2020-23936 CVE-2020-23935 RESERVED CVE-2020-23934 (An issue was discovered in RiteCMS 2.2.1. An authenticated user can di ...) - TODO: check + NOT-FOR-US: RiteCMS CVE-2020-23933 REJECTED CVE-2020-23932 @@ -1963,7 +1964,7 @@ CVE-2020-23576 CVE-2020-23575 RESERVED CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...) - TODO: check + NOT-FOR-US: Sysax Multi Server CVE-2020-23573 RESERVED CVE-2020-23572 @@ -14218,7 +14219,7 @@ CVE-2020-17458 CVE-2020-17457 RESERVED CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...) - TODO: check + NOT-FOR-US: SEOWON INTECH CVE-2020-17455 RESERVED CVE-2020-17454 @@ -16696,11 +16697,11 @@ CVE-2020-16256 CVE-2020-16255 RESERVED CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...) - TODO: check + NOT-FOR-US: Chartkick gem CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...) - ruby-pghero <itp> (bug #882288) CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. ...) - TODO: check + NOT-FOR-US: Field Test gem CVE-2020-16251 RESERVED CVE-2020-16250 @@ -17406,7 +17407,7 @@ CVE-2020-15928 CVE-2020-15927 RESERVED CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...) - TODO: check + NOT-FOR-US: Rocket.Chat CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...) NOT-FOR-US: Loway QueueMetrics CVE-2020-15924 (There is a SQL Injection in Mida eFramework through 2.9.0 that leads t ...) @@ -17561,7 +17562,7 @@ CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the m NOTE: https://github.com/mruby/mruby/issues/5042 NOTE: https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b CVE-2020-15865 (A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Re ...) - TODO: check + NOT-FOR-US: Stimulsoft CVE-2020-15864 RESERVED CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...) @@ -18136,15 +18137,15 @@ CVE-2020-15640 CVE-2020-15639 RESERVED CVE-2020-15638 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2020-15637 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Foxit CVE-2020-15636 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-15635 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-15634 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: Netgear CVE-2020-15633 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass authent ...) @@ -18152,9 +18153,9 @@ CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass a CVE-2020-15631 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2020-15630 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Foxit CVE-2020-15629 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2020-15628 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15627 (This vulnerability allows remote attackers to disclose sensitive infor ...) @@ -18387,9 +18388,9 @@ CVE-2020-15534 CVE-2020-15533 RESERVED CVE-2020-15532 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...) - TODO: check + NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK CVE-2020-15531 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...) - TODO: check + NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK CVE-2020-15530 (An issue was discovered in Valve Steam Client 2.10.91.91. The installe ...) - steam <not-affected> (Steam on Windows) CVE-2020-15529 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation ...) @@ -19213,23 +19214,23 @@ CVE-2020-15153 CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Req ...) TODO: check CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...) - TODO: check + NOT-FOR-US: OpenMage CVE-2020-15150 RESERVED CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...) - TODO: check + NOT-FOR-US: NodeBB CVE-2020-15148 RESERVED CVE-2020-15147 RESERVED CVE-2020-15146 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...) - TODO: check + NOT-FOR-US: SyliusResourceBundle CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...) NOT-FOR-US: Composer-Setup for Windows CVE-2020-15144 RESERVED CVE-2020-15143 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...) - TODO: check + NOT-FOR-US: SyliusResourceBundle CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with ...) TODO: check CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...) @@ -19243,11 +19244,11 @@ CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9 NOTE: https://github.com/PrismJS/prism/commit/8bba4880202ef6bd7a1e379fe9aebe69dd75f7be CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...) - TODO: check + NOT-FOR-US: HoRNDIS CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...) TODO: check CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...) - TODO: check + NOT-FOR-US: Node save-server CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...) - ruby-faye <unfixed> (bug #967063) [buster] - ruby-faye <no-dsa> (Minor issue) @@ -19261,7 +19262,7 @@ CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of cert NOTE: https://github.com/faye/faye-websocket-ruby/pull/129 NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/ CVE-2020-15132 (In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget pa ...) - TODO: check + NOT-FOR-US: Sulu CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...) NOT-FOR-US: Node slp-validate CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...) @@ -19271,7 +19272,7 @@ CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there e CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...) NOT-FOR-US: October CMS CVE-2020-15127 (In Contour ( Ingress controller for Kubernetes) before version 1.7.0, ...) - TODO: check + NOT-FOR-US: Countour CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...) NOT-FOR-US: Node parser-server CVE-2020-15125 (In auth0 (npm package) versions before 2.27.1, a DenyList of specific ...) @@ -19314,7 +19315,7 @@ CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c. CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able ...) NOT-FOR-US: jupyterhub-kubespawner CVE-2020-15109 (In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bilit ...) - TODO: check + NOT-FOR-US: solidus CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of "Clon ...) - glpi <removed> (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v @@ -19711,13 +19712,13 @@ CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assu NOTE: https://bugs.freedroid.org/b/issue952 NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html CVE-2020-14937 (Memory access out of buffer boundaries issues was discovered in Contik ...) - TODO: check + NOT-FOR-US: Contiki-NG CVE-2020-14936 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) - TODO: check + NOT-FOR-US: Contiki-NG CVE-2020-14935 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) - TODO: check + NOT-FOR-US: Contiki-NG CVE-2020-14934 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) - TODO: check + NOT-FOR-US: Contiki-NG CVE-2020-14933 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachme ...) - squirrelmail <removed> NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1 @@ -23865,7 +23866,7 @@ CVE-2020-13185 CVE-2020-13184 RESERVED CVE-2020-13183 (Reflected Cross Site Scripting in Teradici PCoIP Management Console pr ...) - TODO: check + NOT-FOR-US: Teradici CVE-2020-13182 RESERVED CVE-2020-13181 @@ -23939,7 +23940,7 @@ CVE-2020-13152 (A remote user can create a specially crafted M3U file, media pla - amarok <removed> (unimportant) NOTE: Elevated resource usage in client application, no security impact CVE-2020-13151 (Aerospike Community Edition 4.9.0.5 allows for unauthenticated submiss ...) - TODO: check + NOT-FOR-US: Aerospike CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 secon ...) NOT-FOR-US: D-link CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...) @@ -24002,7 +24003,7 @@ CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerabil CVE-2020-13123 RESERVED CVE-2020-13122 (The novish command-line interface, included in NoviFlow NoviWare befor ...) - TODO: check + NOT-FOR-US: Noviflow CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...) NOT-FOR-US: Submitty CVE-2020-13120 @@ -25288,7 +25289,7 @@ CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...) NOT-FOR-US: fastecdsa CVE-2020-12606 (An issue was discovered in DB Soft SGLAC before 20.05.001. The Procedi ...) - TODO: check + NOT-FOR-US: DB Soft CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...) @@ -25540,7 +25541,7 @@ CVE-2020-12482 CVE-2020-12481 RESERVED CVE-2020-12480 (In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed ...) - TODO: check + NOT-FOR-US: Play Framework CVE-2020-12479 (TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a ...) - teampass <itp> (bug #730180) CVE-2020-12478 (TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve file ...) @@ -26081,7 +26082,7 @@ CVE-2020-12289 CVE-2020-12288 RESERVED CVE-2020-12287 (Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Too ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...) NOT-FOR-US: Octopus Deploy CVE-2020-12285 @@ -27150,7 +27151,7 @@ CVE-2020-11850 CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...) NOT-FOR-US: Micro Focus CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Management Cen ...) - TODO: check + NOT-FOR-US: Micro Focus CVE-2020-11847 RESERVED CVE-2020-11846 @@ -27450,7 +27451,7 @@ CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allo CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...) NOT-FOR-US: CyberSolutions CyberMail CVE-2020-11733 (An issue was discovered on Spirent TestCenter and Avalanche appliance ...) - TODO: check + NOT-FOR-US: Spirent CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) @@ -31738,7 +31739,7 @@ CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to CVE-2020-10056 RESERVED CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...) - TODO: check + NOT-FOR-US: Desigo CVE-2020-10054 RESERVED CVE-2020-10053 @@ -32338,7 +32339,7 @@ CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. T CVE-2020-9768 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9767 (A vulnerability related to Dynamic-link Library (“DLL”) lo ...) - TODO: check + NOT-FOR-US: Zoom CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...) @@ -32495,69 +32496,69 @@ CVE-2020-9726 CVE-2020-9725 RESERVED CVE-2020-9724 (Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9723 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9722 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9721 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9720 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9719 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9718 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9717 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9716 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9715 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9714 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9713 RESERVED CVE-2020-9712 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9711 RESERVED CVE-2020-9710 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9709 RESERVED CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9707 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9706 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9705 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9704 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9703 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9702 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9701 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9700 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9699 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9698 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9697 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9696 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9695 RESERVED CVE-2020-9694 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9693 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9692 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9691 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) @@ -33194,7 +33195,7 @@ CVE-2020-9417 CVE-2020-9416 RESERVED CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO Software Inc.' ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...) NOT-FOR-US: TIBCO CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...) @@ -33625,9 +33626,9 @@ CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: Huawei CVE-2020-9242 (FusionCompute 8.0.0 have a command injection vulnerability. The softwa ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9241 (Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00), ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9240 RESERVED CVE-2020-9239 @@ -33635,7 +33636,7 @@ CVE-2020-9239 CVE-2020-9238 RESERVED CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9236 RESERVED CVE-2020-9235 @@ -33643,7 +33644,7 @@ CVE-2020-9235 CVE-2020-9234 RESERVED CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication vulnerability. ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9232 RESERVED CVE-2020-9231 @@ -33651,9 +33652,9 @@ CVE-2020-9231 CVE-2020-9230 RESERVED CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 ...) NOT-FOR-US: Huawei CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...) @@ -33903,7 +33904,7 @@ CVE-2020-9105 CVE-2020-9104 RESERVED CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...) NOT-FOR-US: Huawei CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...) @@ -33951,9 +33952,9 @@ CVE-2020-9081 CVE-2020-9080 RESERVED CVE-2020-9079 (FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulne ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9078 (FusionCompute 8.0.0 have local privilege escalation vulnerability. A l ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9077 (HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R ...) NOT-FOR-US: Huawei CVE-2020-9076 (HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier ...) @@ -34037,7 +34038,7 @@ CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...) CVE-2020-9037 RESERVED CVE-2020-9036 (Jeedom through 4.0.38 allows XSS. ...) - TODO: check + NOT-FOR-US: Jeedom CVE-2020-9035 RESERVED CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalati ...) @@ -34395,9 +34396,9 @@ CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive i CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8870 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2020-8869 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Quest Foglight Evolve CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...) @@ -34663,7 +34664,7 @@ CVE-2020-8765 CVE-2020-8764 RESERVED CVE-2020-8763 (Improper permissions in the installer for the Intel(R) RealSense(TM) D ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-8762 RESERVED CVE-2020-8761 @@ -34671,7 +34672,7 @@ CVE-2020-8761 CVE-2020-8760 RESERVED CVE-2020-8759 (Improper access control in the installer for Intel(R) SSD DCT versions ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-8758 RESERVED CVE-2020-8757 @@ -34703,10 +34704,9 @@ CVE-2020-8745 CVE-2020-8744 RESERVED CVE-2020-8743 (Improper permissions in the installer for the Intel(R) Mailbox Interfa ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-8742 (Improper input validation in the firmware for Intel(R) NUCs may allow ...) NOT-FOR-US: Intel - TODO: check CVE-2020-8741 RESERVED CVE-2020-8740 @@ -34718,7 +34718,7 @@ CVE-2020-8738 CVE-2020-8737 RESERVED CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing Improv ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-8735 RESERVED CVE-2020-8734 @@ -34779,7 +34779,7 @@ CVE-2020-8708 (Improper authentication for some Intel(R) Server Boards, Server S CVE-2020-8707 (Buffer overflow in daemon for some Intel(R) Server Boards, Server Syst ...) NOT-FOR-US: Intel CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards, Server Sy ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-8705 RESERVED CVE-2020-8704 @@ -34816,16 +34816,15 @@ CVE-2020-8689 (Improper buffer restrictions in the Intel(R) Wireless for Open So - iwd 1.5-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00379.html CVE-2020-8688 (Improper input validation in the Intel(R) RAID Web Console 3 for Windo ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-8687 (Uncontrolled search path in the installer for Intel(R) RSTe Software R ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-8686 RESERVED CVE-2020-8685 (Improper authentication in subsystem for Intel (R) LED Manager for NUC ...) NOT-FOR-US: Intel - TODO: check CVE-2020-8684 (Improper access control in firmware for Intel(R) PAC with Arria(R) 10 ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-8683 (Improper buffer restrictions in system driver for some Intel(R) Graphi ...) TODO: check CVE-2020-8682 (Out of bounds read in system driver for some Intel(R) Graphics Drivers ...) @@ -35840,9 +35839,9 @@ CVE-2020-8235 CVE-2020-8234 RESERVED CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware <v1 ...) - TODO: check + NOT-FOR-US: Edgeswitch CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...) - TODO: check + NOT-FOR-US: Edgeswitch CVE-2020-8231 RESERVED CVE-2020-8230 (A memory corruption vulnerability exists in NextCloud Desktop Client v ...) @@ -35882,15 +35881,15 @@ CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows an CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect before v ...) NOT-FOR-US: UniFi Protect CVE-2020-8212 (Improper access control in Citrix XenMobile Server 10.12 before RP3, C ...) - TODO: check + NOT-FOR-US: Citrix CVE-2020-8211 (Improper input validation in Citrix XenMobile Server 10.12 before RP3, ...) - TODO: check + NOT-FOR-US: Citrix CVE-2020-8210 (Insufficient protection of secrets in Citrix XenMobile Server 10.12 be ...) - TODO: check + NOT-FOR-US: Citrix CVE-2020-8209 (Improper access control in Citrix XenMobile Server 10.12 before RP2, C ...) - TODO: check + NOT-FOR-US: Citrix CVE-2020-8208 (Improper input validation in Citrix XenMobile Server 10.12 before RP1, ...) - TODO: check + NOT-FOR-US: Citrix CVE-2020-8207 (Improper access control in Citrix Workspace app for Windows 1912 CU1 a ...) NOT-FOR-US: Citrix CVE-2020-8206 (An improper authentication vulnerability exists in Pulse Connect Secur ...) @@ -37328,7 +37327,7 @@ CVE-2020-7585 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and ear CVE-2020-7584 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU family ...) NOT-FOR-US: Siemens CVE-2020-7583 (A vulnerability has been identified in Automation License Manager 5 (A ...) - TODO: check + NOT-FOR-US: Siemens CVE-2020-7582 RESERVED CVE-2020-7581 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...) @@ -37756,7 +37755,7 @@ CVE-2020-7376 CVE-2020-7375 RESERVED CVE-2020-7374 (Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scan ...) - TODO: check + NOT-FOR-US: Documalis Free PDF Editor CVE-2020-7373 RESERVED CVE-2020-7372 |