From de2a2db059912aca31087ddb5b26ca74bb9d4d45 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 17 Sep 2020 22:19:22 +0200 Subject: Process some NFUs --- data/CVE/2020.list | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 3ffdab8da5..21a1d00afa 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -22,9 +22,9 @@ CVE-2020-25729 (ZoneMinder before 1.34.21 has XSS via the connkey parameter to d - zoneminder NOTE: https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413 CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a broken algor ...) - TODO: check + NOT-FOR-US: Reset Password add-on for Alfresco CVE-2020-25727 (The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS- ...) - TODO: check + NOT-FOR-US: Reset Password add-on for Alfresco CVE-2020-25726 RESERVED CVE-2020-25725 @@ -496,9 +496,9 @@ CVE-2020-25492 CVE-2020-25491 RESERVED CVE-2020-25490 (Lack of cryptographic signature verification in the Sqreen PHP agent d ...) - TODO: check + NOT-FOR-US: Sqreen CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0 ...) - TODO: check + NOT-FOR-US: Sqreen CVE-2020-25488 RESERVED CVE-2020-25487 @@ -1062,9 +1062,9 @@ CVE-2020-25218 CVE-2020-25217 RESERVED CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...) - TODO: check + NOT-FOR-US: yWorks yEd Desktop CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...) - TODO: check + NOT-FOR-US: yWorks yEd Desktop CVE-2020-25214 RESERVED CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...) @@ -3564,9 +3564,9 @@ CVE-2020-24048 CVE-2020-24047 RESERVED CVE-2020-24046 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...) - TODO: check + NOT-FOR-US: TitanHQ CVE-2020-24045 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...) - TODO: check + NOT-FOR-US: TitanHQ CVE-2020-24044 RESERVED CVE-2020-24043 @@ -26709,7 +26709,7 @@ CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enf NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/8068 CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platf ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2020-13168 RESERVED CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution ...) @@ -30090,9 +30090,9 @@ CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) t CVE-2020-11805 RESERVED CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to improper sanit ...) - TODO: check + NOT-FOR-US: Titan SpamTitan CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...) - TODO: check + NOT-FOR-US: Titan SpamTitan CVE-2020-11802 RESERVED CVE-2020-11801 @@ -30395,11 +30395,11 @@ CVE-2020-11702 (An issue was discovered in ProVide (formerly zFTPServer) through CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11700 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...) - TODO: check + NOT-FOR-US: Titan SpamTitan CVE-2020-11699 (An issue was discovered in Titan SpamTitan 7.07. Improper validation o ...) - TODO: check + NOT-FOR-US: Titan SpamTitan CVE-2020-11698 (An issue was discovered in Titan SpamTitan 7.07. Improper input saniti ...) - TODO: check + NOT-FOR-US: Titan SpamTitan CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a reflective XSS ...) NOT-FOR-US: Combodo iTop CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a stored XS ...) @@ -43974,15 +43974,15 @@ CVE-2020-6118 (SQL injection vulnerabilities exist in the CheckDuplicateStudent. CVE-2020-6117 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6116 (An arbitrary code execution vulnerability exists in the rendering func ...) - TODO: check + NOT-FOR-US: Nitro Pro CVE-2020-6115 (An exploitable vulnerability exists in the cross-reference table repai ...) - TODO: check + NOT-FOR-US: Nitro Pro CVE-2020-6114 (An exploitable SQL injection vulnerability exists in the Admin Reports ...) NOT-FOR-US: Glacies IceHRM CVE-2020-6113 (An exploitable vulnerability exists in the object stream parsing funct ...) - TODO: check + NOT-FOR-US: Nitro Pro CVE-2020-6112 (An exploitable code execution vulnerability exists in the JPEG2000 Str ...) - TODO: check + NOT-FOR-US: Nitro Pro CVE-2020-6111 RESERVED CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way ...) @@ -56352,7 +56352,7 @@ CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible li [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/68035c80e129c4cfec659aac4180354530b26527 CVE-2020-0403 (In the FPC TrustZone fingerprint App, there is a possible invalid comm ...) - TODO: check + NOT-FOR-US: FPC TrustZone fingerprint App CVE-2020-0402 RESERVED NOTE: Duplicate assignment for CVE-2019-19769 (Android security informed) -- cgit v1.2.3