summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMoritz Muehlenhoff <jmm@debian.org>2020-04-09 23:51:46 +0200
committerMoritz Muehlenhoff <jmm@debian.org>2020-04-09 23:51:46 +0200
commitaf1cdf50cecfadad0ba67a21127127bf2fbd9882 (patch)
tree4581fc54fc0b502ef18e80921d40fd5ce749e47e
parent25f7cd4177537be1a041cadfc4c74c51d04abcbb (diff)
NFUs
-rw-r--r--data/CVE/2018.list2
-rw-r--r--data/CVE/2019.list12
-rw-r--r--data/CVE/2020.list108
3 files changed, 61 insertions, 61 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 8503bf6..040c5dd 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -120,7 +120,7 @@ CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to
NOTE: https://bugreports.qt.io/browse/QTBUG-70693
NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735
CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...)
- TODO: check
+ NOT-FOR-US: Argo
CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Au ...)
NOT-FOR-US: Hitachi
CVE-2018-21032 (A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 3d82313..95304de 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -7444,7 +7444,7 @@ CVE-2019-17659
CVE-2019-17658 (An unquoted service path vulnerability in the FortiClient FortiTray co ...)
NOT-FOR-US: Fortiguard
CVE-2019-17657 (An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSw ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2019-17656
RESERVED
CVE-2019-17655
@@ -12118,7 +12118,7 @@ CVE-2019-15790
RESERVED
NOT-FOR-US: Apport
CVE-2019-15789 (Privilege escalation vulnerability in MicroK8s allows a low privilege ...)
- TODO: check
+ NOT-FOR-US: MicroK8s
CVE-2019-15807 (In the Linux kernel before 5.1.13, there is a memory leak in drivers/s ...)
{DLA-1930-1 DLA-1919-1}
- linux 5.2.6-1
@@ -18204,7 +18204,7 @@ CVE-2019-13561 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote atta
CVE-2019-13560 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers ...)
NOT-FOR-US: D-Link
CVE-2019-13559 (GE Mark VIe Controller is shipped with pre-configured hard-coded crede ...)
- TODO: check
+ NOT-FOR-US: GE Mark VIe Controller
CVE-2019-13558 (In WebAccess versions 8.4.1 and prior, an exploit executed over the ne ...)
NOT-FOR-US: WebAccess
CVE-2019-13557 (In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an ...)
@@ -18214,7 +18214,7 @@ CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based buff
CVE-2019-13555 (In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial n ...)
NOT-FOR-US: Mitsubishi
CVE-2019-13554 (GE Mark VIe Controller has an unsecured Telnet protocol that may allow ...)
- TODO: check
+ NOT-FOR-US: GE Mark VIe Controller
CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
NOT-FOR-US: Rittal Chiller SK 3232-Series
CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command injection vuln ...)
@@ -42681,11 +42681,11 @@ CVE-2019-4395 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.
CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 con ...)
NOT-FOR-US: IBM
CVE-2019-4393 (HCL AppScan Standard is vulnerable to excessive authorization attempts ...)
- TODO: check
+ NOT-FOR-US: HCL AppScan
CVE-2019-4392 (HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded cred ...)
NOT-FOR-US: HCL AppScan
CVE-2019-4391 (HCL AppScan Standard is vulnerable to XML External Entity Injection (X ...)
- TODO: check
+ NOT-FOR-US: HCL AppScan
CVE-2019-4390
RESERVED
CVE-2019-4389
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 56a4d73..52624ea 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -2276,11 +2276,11 @@ CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists
CVE-2020-10632
RESERVED
CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...)
- TODO: check
+ NOT-FOR-US: WebAccess/NMS
CVE-2020-10630
RESERVED
CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...)
- TODO: check
+ NOT-FOR-US: WebAccess/NMS
CVE-2020-10628
RESERVED
CVE-2020-10627
@@ -2288,23 +2288,23 @@ CVE-2020-10627
CVE-2020-10626
RESERVED
CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...)
- TODO: check
+ NOT-FOR-US: WebAccess/NMS
CVE-2020-10624
RESERVED
CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...)
- TODO: check
+ NOT-FOR-US: WebAccess/NMS
CVE-2020-10622
RESERVED
CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on ...)
- TODO: check
+ NOT-FOR-US: WebAccess/NMS
CVE-2020-10620
RESERVED
CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside ...)
- TODO: check
+ NOT-FOR-US: WebAccess/NMS
CVE-2020-10618
RESERVED
CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL ...)
- TODO: check
+ NOT-FOR-US: WebAccess/NMS
CVE-2020-10616
RESERVED
CVE-2020-10615
@@ -2332,7 +2332,7 @@ CVE-2020-10605
CVE-2020-10604
RESERVED
CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...)
- TODO: check
+ NOT-FOR-US: WebAccess/NMS
CVE-2020-10602
RESERVED
CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...)
@@ -2453,7 +2453,7 @@ CVE-2020-10553
CVE-2020-10552
RESERVED
CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...)
- TODO: check
+ NOT-FOR-US: QQBrowser
CVE-2020-10550
RESERVED
CVE-2020-10549
@@ -2833,7 +2833,7 @@ CVE-2020-10368
CVE-2020-10367
RESERVED
CVE-2020-10366 (LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a d ...)
- TODO: check
+ NOT-FOR-US: LogicalDoc
CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...)
NOT-FOR-US: LogicalDoc
CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote ...)
@@ -3039,9 +3039,9 @@ CVE-2020-10265 (Universal Robots Robot Controllers Version CB2 SW Version 1.4 up
CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards al ...)
NOT-FOR-US: CB3 SW
CVE-2020-10263 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Atta ...)
- TODO: check
+ NOT-FOR-US: XIAOMI
CVE-2020-10262 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Att ...)
- TODO: check
+ NOT-FOR-US: XIAOMI
CVE-2020-10261
RESERVED
CVE-2020-10260
@@ -4675,9 +4675,9 @@ CVE-2020-9502
CVE-2020-9501
RESERVED
CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2020-9498
RESERVED
CVE-2020-9497
@@ -6176,11 +6176,11 @@ CVE-2020-8830
CVE-2020-8829
RESERVED
CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...)
- TODO: check
+ NOT-FOR-US: Argo
CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...)
- TODO: check
+ NOT-FOR-US: Argo
CVE-2020-8826 (As of v1.5.0, the Argo web interface authentication system issued immu ...)
- TODO: check
+ NOT-FOR-US: Argo
CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...)
NOT-FOR-US: Vanilla Forums
CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...)
@@ -8142,7 +8142,7 @@ CVE-2020-7924
CVE-2020-7923
RESERVED
CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...)
- TODO: check
+ NOT-FOR-US: MongoDB Enterprise
CVE-2020-7921
RESERVED
CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...)
@@ -8716,23 +8716,23 @@ CVE-2020-7641
CVE-2020-7640
RESERVED
CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...)
- TODO: check
+ NOT-FOR-US: Node eivindfjeldstad-dot
CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...)
- TODO: check
+ NOT-FOR-US: Node confinit
CVE-2020-7637 (class-transformer through 0.2.3 is vulnerable to Prototype Pollution. ...)
- TODO: check
+ NOT-FOR-US: Node class-transformer
CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It allows ...)
- TODO: check
+ NOT-FOR-US: Node adb-driver
CVE-2020-7635 (compass-compile through 0.0.1 is vulnerable to Command Injection.It al ...)
- TODO: check
+ NOT-FOR-US: Node compass-compile
CVE-2020-7634 (heroku-addonpool through 0.1.15 is vulnerable to Command Injection. ...)
- TODO: check
+ NOT-FOR-US: Node heroku-addonpool
CVE-2020-7633 (apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injectio ...)
- TODO: check
+ NOT-FOR-US: Node apiconnect-cli-plugins
CVE-2020-7632 (node-mpv through 1.4.3 is vulnerable to Command Injection. It allows e ...)
- TODO: check
+ NOT-FOR-US: Node node-mpv
CVE-2020-7631 (diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allow ...)
- TODO: check
+ NOT-FOR-US: Node diskusage-ng
CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection. It al ...)
NOT-FOR-US: git-add-remote node module
CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...)
@@ -8758,17 +8758,17 @@ CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.I
CVE-2020-7619 (get-git-data through 1.3.1 is vulnerable to Command Injection. It is p ...)
NOT-FOR-US: get-git-data node module
CVE-2020-7618 (sds through 3.2.0 is vulnerable to Prototype Pollution.The library cou ...)
- TODO: check
+ NOT-FOR-US: Node sds
CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The libr ...)
NOT-FOR-US: Node ini-parser
CVE-2020-7616 (express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollu ...)
- TODO: check
+ NOT-FOR-US: Node express-mock-middleware
CVE-2020-7615 (fsa through 0.5.1 is vulnerable to Command Injection. The first argume ...)
- TODO: check
+ NOT-FOR-US: Node fsa
CVE-2020-7614 (npm-programmatic through 0.0.12 is vulnerable to Command Injection.The ...)
- TODO: check
+ NOT-FOR-US: npm-programmatic
CVE-2020-7613 (clamscan through 1.2.0 is vulnerable to Command Injection. It is possi ...)
- TODO: check
+ NOT-FOR-US: Node clamscan
CVE-2020-7612
RESERVED
CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11 and a ...)
@@ -10205,7 +10205,7 @@ CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and pr
CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
NOT-FOR-US: Digi International ConnectPort LTS 32 MEI
CVE-2020-6974 (Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a pa ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
NOT-FOR-US: Digi International ConnectPort LTS 32 MEI
CVE-2020-6972 (In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell F ...)
@@ -10998,7 +10998,7 @@ CVE-2020-6649
CVE-2020-6648
RESERVED
CVE-2020-6647 (An improper neutralization of input vulnerability in the dashboard of ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...)
NOT-FOR-US: Fortiguard
CVE-2020-6645
@@ -12146,7 +12146,7 @@ CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncont
CVE-2020-6172
RESERVED
CVE-2020-6171 (A cross-site scripting (XSS) vulnerability in the index page of the CL ...)
- TODO: check
+ NOT-FOR-US: Clink Office
CVE-2020-6170 (An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P ...)
NOT-FOR-US: Genexis
CVE-2020-6169
@@ -13040,11 +13040,11 @@ CVE-2020-5738
CVE-2020-5737
RESERVED
CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...)
- TODO: check
+ NOT-FOR-US: Amcrest
CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer overflo ...)
- TODO: check
+ NOT-FOR-US: Amcrest
CVE-2020-5734 (Classic buffer overflow in SolarWinds Dameware allows a remote, unauth ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2020-5733
RESERVED
CVE-2020-5732
@@ -13412,9 +13412,9 @@ CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 allow
CVE-2020-5551 (Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenti ...)
NOT-FOR-US: Toyota
CVE-2020-5550 (Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earli ...)
- TODO: check
+ NOT-FOR-US: EasyBlocks
CVE-2020-5549 (Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver ...)
- TODO: check
+ NOT-FOR-US: EasyBlocks
CVE-2020-5548 (Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yam ...)
NOT-FOR-US: Yamaha
CVE-2020-5547 (Resource Management Errors vulnerability in TCP function included in t ...)
@@ -13948,7 +13948,7 @@ CVE-2020-5304
CVE-2020-5303
RESERVED
CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...)
- TODO: check
+ NOT-FOR-US: MH-WikiBot
CVE-2020-5301
RESERVED
CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified&#8482; OpenID Connect ...)
@@ -14046,7 +14046,7 @@ CVE-2020-5265
CVE-2020-5264
RESERVED
CVE-2020-5263 (auth0.js (NPM package auth0-js) greater than version 8.0.0 and before ...)
- TODO: check
+ NOT-FOR-US: Node auth0-js
CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...)
NOT-FOR-US: EasyBuild
CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Sa ...)
@@ -20778,23 +20778,23 @@ CVE-2020-1994
CVE-2020-1993
RESERVED
CVE-2020-1992 (A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-70 ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2020-1991 (An insecure temporary file vulnerability in Palo Alto Networks Traps a ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2020-1990 (A stack-based buffer overflow vulnerability in the management server c ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2020-1989 (An incorrect privilege assignment vulnerability when writing applicati ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2020-1988 (An unquoted search path vulnerability in the Windows release of Global ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2020-1987 (An information exposure vulnerability in the logging component of Palo ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2020-1986 (Improper input validation vulnerability in Secdo allows an authenticat ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in S ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2020-1983
RESERVED
CVE-2020-1982
@@ -20806,7 +20806,7 @@ CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows
CVE-2020-1979 (A format string vulnerability in the PAN-OS log daemon (logd) on Panor ...)
NOT-FOR-US: PAN-OS
CVE-2020-1978 (TechSupport files generated on Palo Alto Networks VM Series firewalls ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...)
NOT-FOR-US: Palo Alto
CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...)
@@ -21027,7 +21027,7 @@ CVE-2020-1897
CVE-2020-1896
RESERVED
CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...)
- TODO: check
+ NOT-FOR-US: Instagram for Android
CVE-2020-1894
RESERVED
CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out ...)
@@ -21047,7 +21047,7 @@ CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions
CVE-2020-1886
RESERVED
CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...)
- TODO: check
+ NOT-FOR-US: Oculus Desktop
CVE-2020-1884
RESERVED
CVE-2020-1883

© 2014-2020 Faster IT GmbH | imprint | privacy policy