diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-20 10:52:29 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-20 10:52:29 +0100 |
| commit | 1306d2b2143fa8c00498fc1eac3b766f7f98b543 (patch) | |
| tree | e9cca04300ea856411dff67be9fc9406840b10e7 /data/CVE/2020.list | |
| parent | 2a062bf24f5a4b70a337df49e51336dbb2d9dd04 (diff) | |
Process some NFUs
Diffstat (limited to 'data/CVE/2020.list')
| -rw-r--r-- | data/CVE/2020.list | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index f20ba10072..791e3cb463 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -6570,7 +6570,7 @@ CVE-2020-27999 CVE-2020-27998 (An issue was discovered in FastReport before 2020.4.0. It lacks a Scri ...) NOT-FOR-US: FastReport CVE-2020-27997 (An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross S ...) - TODO: check + NOT-FOR-US: SmartStoreNET CVE-2020-27996 (An issue was discovered in SmartStoreNET before 4.0.1. It does not pro ...) NOT-FOR-US: SmartStoreNET CVE-2020-27995 (SQL Injection in Zoho ManageEngine Applications Manager 14 before 1456 ...) @@ -13301,7 +13301,7 @@ CVE-2020-25173 (An attacker with local network access can obtain a fixed cryptog CVE-2020-25172 (A relative path traversal attack in the B. Braun OnlineSuite Version A ...) NOT-FOR-US: B. Braun OnlineSuite Version AP CVE-2020-25171 (The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 ar ...) - TODO: check + NOT-FOR-US: Fuji Electric CVE-2020-25170 (An Excel Macro Injection vulnerability exists in the export feature in ...) NOT-FOR-US: B. Braun OnlineSuite Version AP CVE-2020-25169 (The affected Reolink P2P products do not sufficiently protect data tra ...) @@ -14505,7 +14505,7 @@ CVE-2020-24619 (In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020. ...) NOT-FOR-US: JetBrains CVE-2020-24617 (Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribe ...) - TODO: check + NOT-FOR-US: Mailtrain CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...) - jackson-databind 2.12.1-1 [buster] - jackson-databind <no-dsa> (Minor issue) @@ -15009,7 +15009,7 @@ CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS serv [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/22cf8419f1319ff87ec759d0ebdff4cbafaee832 CVE-2020-24393 (TweetStream 2.6.1 uses the library eventmachine in an insecure way tha ...) - TODO: check + NOT-FOR-US: TweetStream CVE-2020-24392 (In voloko twitter-stream 0.1.10, missing TLS hostname validation allow ...) TODO: check CVE-2020-24391 @@ -38643,7 +38643,7 @@ CVE-2020-13551 (An exploitable local privilege elevation vulnerability exists in CVE-2020-13550 (A local file inclusion vulnerability exists in the installation functi ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13549 (An exploitable local privilege elevation vulnerability exists in the f ...) - TODO: check + NOT-FOR-US: Sytech XL Reporter CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...) NOT-FOR-US: Foxit Reader CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...) @@ -40178,7 +40178,7 @@ CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate a CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the ...) NOT-FOR-US: Veritas CVE-2020-12873 (An issue was discovered in Alfresco Enterprise Content Management (ECM ...) - TODO: check + NOT-FOR-US: Alfresco Enterprise Content Management (ECM) CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ...) - erlang 1:21.2.6+dfsg-1 (low) [stretch] - erlang 1:19.2.1+dfsg-2+deb9u3 @@ -40793,7 +40793,7 @@ CVE-2020-12670 (XSS exists in Webmin 1.941 and earlier affecting the Save functi CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...) - dolibarr <removed> CVE-2020-12668 (Jinjava before 2.5.4 allow access to arbitrary classes by calling Java ...) - TODO: check + NOT-FOR-US: Jinjava CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...) - knot-resolver 5.1.1-0.1 (bug #961076) NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ @@ -41599,7 +41599,7 @@ CVE-2020-12376 (Use of hard-coded key in the BMC firmware for some Intel(R) Serv CVE-2020-12375 (Heap overflow in the BMC firmware for some Intel(R) Server Boards, Ser ...) NOT-FOR-US: Intel CVE-2020-12374 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-12373 (Expired pointer dereference in some Intel(R) Graphics Drivers before v ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12372 (Unchecked return value in some Intel(R) Graphics Drivers before versio ...) @@ -49878,7 +49878,7 @@ CVE-2020-9052 CVE-2020-9051 RESERVED CVE-2020-9050 (Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) ...) - TODO: check + NOT-FOR-US: Metasys Reporting Engine (MRE) Web Services CVE-2020-9049 (A vulnerability in specified versions of American Dynamics victor Web ...) NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls CVE-2020-9048 (A vulnerability in specified versions of American Dynamics victor Web ...) |