From 07ae946402a28434a8bb3a4beb2dba6f069abc64 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 21 Oct 2020 15:14:56 +0200 Subject: NFUs veyon n/a --- data/CVE/list.2020 | 49 +++++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 24b27d60e9..ce0d50c671 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -5196,7 +5196,7 @@ CVE-2020-25159 CVE-2020-25158 RESERVED CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection ...) - TODO: check + NOT-FOR-US: R-SeeNet CVE-2020-25156 RESERVED CVE-2020-25155 @@ -6036,7 +6036,7 @@ CVE-2020-24767 CVE-2020-24766 RESERVED CVE-2020-24765 (InterMind iMind Server through 3.13.65 allows remote unauthenticated a ...) - TODO: check + NOT-FOR-US: InterMind iMind Server CVE-2020-24764 RESERVED CVE-2020-24763 @@ -6798,21 +6798,21 @@ CVE-2020-24418 CVE-2020-24417 RESERVED CVE-2020-24416 (Marketo Sales Insight plugin version 1.4355 (and earlier) is affected ...) - TODO: check + NOT-FOR-US: Marketo Sales Insight plugin CVE-2020-24415 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-24414 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-24413 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-24412 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-24411 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-24410 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-24409 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-24408 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a per ...) NOT-FOR-US: Magento CVE-2020-24407 @@ -6857,9 +6857,9 @@ CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape th CVE-2020-24389 RESERVED CVE-2020-24388 (An issue was discovered in the _send_secure_msg() function of yubihsm- ...) - TODO: check + NOT-FOR-US: yubihsm-shell CVE-2020-24387 (An issue was discovered in the yh_create_session() function of yubihsm ...) - TODO: check + NOT-FOR-US: yubihsm-shell CVE-2020-24386 RESERVED CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...) @@ -6886,7 +6886,7 @@ CVE-2020-24377 (A DNS rebinding vulnerability in the Freebox OS web interface in CVE-2020-24376 (A DNS rebinding vulnerability in the UPnP IGD implementations in Freeb ...) NOT-FOR-US: Freebox CVE-2020-24375 (A DNS rebinding vulnerability in the UPnP MediaServer implementation i ...) - TODO: check + NOT-FOR-US: Freebox CVE-2020-24374 (A DNS rebinding vulnerability in Freebox HD before 1.5.29. ...) NOT-FOR-US: Freebox CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in Freebox ...) @@ -23519,13 +23519,13 @@ CVE-2020-16163 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validato CVE-2020-16162 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...) NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16161 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Sca ...) - TODO: check + NOT-FOR-US: GoPro CVE-2020-16160 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Dec ...) - TODO: check + NOT-FOR-US: GoPro CVE-2020-16159 (GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GP ...) - TODO: check + NOT-FOR-US: GoPro CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerab ...) - TODO: check + NOT-FOR-US: GoPro CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...) NOT-FOR-US: Nagios Log Server CVE-2020-16156 @@ -24118,7 +24118,7 @@ CVE-2020-15933 CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...) NOT-FOR-US: Overwolf CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Netwrix Account Lockout Examiner CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary cod ...) NOT-FOR-US: Joplin desktop CVE-2020-15929 @@ -25794,7 +25794,7 @@ CVE-2020-15271 CVE-2020-15270 RESERVED CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens ...) - TODO: check + NOT-FOR-US: Spree CVE-2020-15268 RESERVED CVE-2020-15267 @@ -25804,13 +25804,14 @@ CVE-2020-15266 CVE-2020-15265 RESERVED CVE-2020-15264 (The Boxstarter installer before version 2.13.0 configures C:\ProgramDa ...) - TODO: check + NOT-FOR-US: Boxstarter CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not properly e ...) NOT-FOR-US: Laravel Orchid Platform CVE-2020-15262 (In webpack-subresource-integrity before version 1.5.1, all dynamically ...) - TODO: check + NOT-FOR-US: Node webpack-subresource-integrity CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an unquoted ...) - TODO: check + - veyon (Windows-specific) + NOTE: https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp CVE-2020-15260 RESERVED CVE-2020-15259 @@ -25846,7 +25847,7 @@ CVE-2020-15247 CVE-2020-15246 RESERVED CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...) - TODO: check + NOT-FOR-US: Sylius CVE-2020-15244 RESERVED CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi Authentication a ...) @@ -40453,7 +40454,7 @@ CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...) NOT-FOR-US: PDFescape CVE-2020-9417 (The Transaction Insight reporting component of TIBCO Software Inc.'s T ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2020-9416 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO Software Inc.' ...) -- cgit v1.2.3