From c74f02aa33f1fd9c0d0b403fe48f3f0ef39f0f0e Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 19 Sep 2020 09:11:39 +0200 Subject: Process some NFUs --- data/CVE/2020.list | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index e0d9042a0f..e956776a64 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -3,7 +3,7 @@ CVE-2020-25768 CVE-2020-25767 RESERVED CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...) - TODO: check + NOT-FOR-US: MISP CVE-2020-25765 RESERVED CVE-2020-25764 @@ -2397,7 +2397,7 @@ CVE-2020-24625 CVE-2020-24624 RESERVED CVE-2020-24623 (A potential security vulnerability has been identified in Hewlett Pack ...) - TODO: check + NOT-FOR-US: Hewlett Packard Enterprise Universal API Framework CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...) NOT-FOR-US: Sonatype CVE-2020-24621 @@ -19372,7 +19372,7 @@ CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allow NOTE: Upstream of the project did disputed the CVE. Upstream position is NOTE: that the refererred behaviour is intended functionality. CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) - TODO: check + NOT-FOR-US: Philips CVE-2020-16246 RESERVED CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...) @@ -19406,7 +19406,7 @@ CVE-2020-16232 CVE-2020-16231 RESERVED CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...) - TODO: check + NOT-FOR-US: HMS Networks CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) @@ -19466,11 +19466,11 @@ CVE-2020-16202 CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) - TODO: check + NOT-FOR-US: Philips CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Wh ...) - TODO: check + NOT-FOR-US: Philips CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...) NOT-FOR-US: Octopus Deploy CVE-2020-16196 @@ -19984,7 +19984,7 @@ CVE-2020-15959 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-15958 (An issue was discovered in 1CRM System through 8.6.7. An insecure dire ...) - TODO: check + NOT-FOR-US: 1CRM System CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...) NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T) CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...) @@ -21862,9 +21862,9 @@ CVE-2020-15191 CVE-2020-15190 RESERVED CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) u ...) - TODO: check + NOT-FOR-US: SOY CMS CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Co ...) - TODO: check + NOT-FOR-US: SOY CMS CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain d ...) TODO: check CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitiz ...) @@ -21878,7 +21878,7 @@ CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scr CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site Request ...) NOT-FOR-US: SoyCMS CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies on untr ...) - TODO: check + NOT-FOR-US: Alfresco Reset Password add-on CVE-2020-15180 RESERVED CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 allows sto ...) @@ -23332,7 +23332,7 @@ CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of O CVE-2020-14526 RESERVED CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) - TODO: check + NOT-FOR-US: Philips CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...) NOT-FOR-US: Softing Industrial Automation CVE-2020-14523 @@ -23370,7 +23370,7 @@ CVE-2020-14508 (GateManager versions prior to 9.2c, The affected product is vuln CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to multiple pat ...) NOT-FOR-US: Advantech CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) - TODO: check + NOT-FOR-US: Philips CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...) NOT-FOR-US: Advantech CVE-2020-14504 @@ -24696,7 +24696,7 @@ CVE-2020-14031 CVE-2020-14030 RESERVED CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RS ...) - TODO: check + NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14028 RESERVED CVE-2020-14027 @@ -24712,7 +24712,7 @@ CVE-2020-14023 CVE-2020-14022 RESERVED CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The AS ...) - TODO: check + NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14020 RESERVED CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...) @@ -35378,9 +35378,9 @@ CVE-2020-9747 CVE-2020-9746 RESERVED CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9744 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9743 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9742 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and ...) @@ -35390,7 +35390,7 @@ CVE-2020-9741 (The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 CVE-2020-9740 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9739 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-9738 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9737 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) @@ -36870,7 +36870,7 @@ CVE-2020-9086 CVE-2020-9085 RESERVED CVE-2020-9084 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use- ...) - TODO: check + NOT-FOR-US: Taurus-AN00B CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E ...) NOT-FOR-US: Huawei CVE-2020-9082 @@ -40798,7 +40798,7 @@ CVE-2020-7360 (An Uncontrolled Search Path Element (CWE-427) vulnerability in Sm CVE-2020-7359 RESERVED CVE-2020-7358 (In AppSpider installer versions prior to 7.2.126, the AppSpider instal ...) - TODO: check + NOT-FOR-US: AppSpider installer CVE-2020-7357 (Cayin CMS suffers from an authenticated OS semi-blind command injectio ...) NOT-FOR-US: Cayin CMS CVE-2020-7356 (CAYIN xPost suffers from an unauthenticated SQL Injection vulnerabilit ...) @@ -44384,9 +44384,9 @@ CVE-2020-5978 CVE-2020-5977 RESERVED CVE-2020-5976 (NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and vers ...) - TODO: check + NOT-FOR-US: NVIDIA GeForce NOW CVE-2020-5975 (NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, con ...) - TODO: check + NOT-FOR-US: NVIDIA GeForce NOW CVE-2020-5974 (NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in i ...) NOT-FOR-US: NVIDIA CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerabili ...) @@ -48610,7 +48610,7 @@ CVE-2020-3981 CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...) NOT-FOR-US: VMware CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) installers lo ...) - TODO: check + NOT-FOR-US: InstallBuilder for Qt Windows installers CVE-2020-3978 RESERVED CVE-2020-3977 -- cgit v1.2.3