From cfa24d9769e1bfb91fe3977130c7e0a66f062e50 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 20 Oct 2020 22:38:14 +0200 Subject: Process more NFUs --- data/CVE/list.2019 | 2 +- data/CVE/list.2020 | 30 +++++++++++++++--------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 5c17d6206a..a4610fc49c 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -32345,7 +32345,7 @@ CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and othe CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...) NOT-FOR-US: Laravel Framework CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...) - TODO: check + NOT-FOR-US: DomainMOD CVE-2019-9079 RESERVED CVE-2019-9078 (zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter b ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index e650aa7f2e..1c79df64e6 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -22839,7 +22839,7 @@ CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allow CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-16246 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...) - TODO: check + NOT-FOR-US: Reason S20 Ethernet Switch CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...) NOT-FOR-US: Advantech CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...) @@ -23866,7 +23866,7 @@ CVE-2020-15824 (In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is n CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Wor ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15822 (In JetBrains YouTrack before 2020.2.10514, SSRF is possible because UR ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without permission is ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser could di ...) @@ -25299,7 +25299,7 @@ CVE-2020-15265 CVE-2020-15264 RESERVED CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not properly e ...) - TODO: check + NOT-FOR-US: Laravel Orchid Platform CVE-2020-15262 (In webpack-subresource-integrity before version 1.5.1, all dynamically ...) TODO: check CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an unquoted ...) @@ -44545,9 +44545,9 @@ CVE-2020-7372 CVE-2020-7371 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) TODO: check CVE-2020-7370 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) - TODO: check + NOT-FOR-US: Danyil Vasilenko's Bolt Browser CVE-2020-7369 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) - TODO: check + NOT-FOR-US: Yandex Browser CVE-2020-7368 RESERVED CVE-2020-7367 @@ -44557,9 +44557,9 @@ CVE-2020-7366 CVE-2020-7365 RESERVED CVE-2020-7364 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) - TODO: check + NOT-FOR-US: UCWeb's UC Browser CVE-2020-7363 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) - TODO: check + NOT-FOR-US: UCWeb's UC Browser CVE-2020-7362 RESERVED CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command injecti ...) @@ -47876,9 +47876,9 @@ CVE-2020-6087 (An exploitable denial of service vulnerability exists in the ENIP CVE-2020-6086 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) NOT-FOR-US: Allen-Bradley Flex IO CVE-2020-6085 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) - TODO: check + NOT-FOR-US: Allen-Bradley Flex IO CVE-2020-6084 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) - TODO: check + NOT-FOR-US: Allen-Bradley Flex IO CVE-2020-6083 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) NOT-FOR-US: Allen-Bradley Flex IO CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...) @@ -48839,7 +48839,7 @@ CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Li CVE-2020-5641 RESERVED CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and earlier ...) - TODO: check + NOT-FOR-US: OneThird CMS CVE-2020-5639 RESERVED CVE-2020-5638 @@ -52336,11 +52336,11 @@ CVE-2020-3997 CVE-2020-3996 RESERVED CVE-2020-3995 (In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-20 ...) - TODO: check + NOT-FOR-US: VMware CVE-2020-3994 (VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a ...) - TODO: check + NOT-FOR-US: VMware CVE-2020-3993 (VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a sec ...) - TODO: check + NOT-FOR-US: VMware CVE-2020-3992 (OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6. ...) TODO: check CVE-2020-3991 (VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial ...) @@ -52362,9 +52362,9 @@ CVE-2020-3984 CVE-2020-3983 RESERVED CVE-2020-3982 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...) - TODO: check + NOT-FOR-US: VMware CVE-2020-3981 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...) - TODO: check + NOT-FOR-US: VMware CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...) NOT-FOR-US: VMware CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) installers lo ...) -- cgit v1.2.3