diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-10-29 12:02:47 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-10-29 12:02:47 +0100 |
commit | 23af8935b175b5818b9f611d93ffdc3bc6c39baf (patch) | |
tree | e5632a6f54f475587d6d047affdc8e64c2d75c71 /data/CVE/2020.list | |
parent | d83670e80d0adda56bd5147e818737af5a2a575f (diff) |
new webcit issues
NFUs
Diffstat (limited to 'data/CVE/2020.list')
-rw-r--r-- | data/CVE/2020.list | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index a290118e63..d4fdb1e8c6 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -19,7 +19,7 @@ CVE-2020-27983 CVE-2020-27982 RESERVED CVE-2020-27981 (An XSS vulnerability in the auto-complete function of the description ...) - TODO: check + NOT-FOR-US: Firefly III CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WL ...) NOT-FOR-US: Genexis Platinum-4410 P4410-V2-1.28 devices CVE-2020-27979 @@ -498,13 +498,13 @@ CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure - libpam-tacplus <unfixed> (bug #973250) NOTE: https://github.com/kravietz/pam_tacplus/pull/163 CVE-2020-27742 (An Insecure Direct Object Reference vulnerability in Citadel WebCit th ...) - TODO: check + - webcit <unfixed> CVE-2020-27741 (Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit ...) - TODO: check + - webcit <unfixed> CVE-2020-27740 (Citadel WebCit through 926 allows unauthenticated remote attackers to ...) - TODO: check + - webcit <unfixed> CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit through 926 ...) - TODO: check + - webcit <unfixed> CVE-2020-27738 RESERVED CVE-2020-27737 @@ -6982,19 +6982,19 @@ CVE-2020-24715 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Valid CVE-2020-24714 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation ...) NOT-FOR-US: Scalyr CVE-2020-24713 (Gophish through 0.10.1 does not invalidate the gophish cookie upon log ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24712 (Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24711 (The Reset button on the Account Settings page in Gophish before 0.11.0 ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24710 (Gophish before 0.11.0 allows SSRF attacks. ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24709 (Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24708 (Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24707 (Gophish before 0.11.0 allows the creation of CSV sheets that contain m ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24706 (An issue was discovered in certain WSO2 products. The Try It tool allo ...) NOT-FOR-US: WSO2 CVE-2020-24705 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...) @@ -45129,13 +45129,13 @@ CVE-2020-7757 CVE-2020-7756 RESERVED CVE-2020-7755 (All versions of package dat.gui are vulnerable to Regular Expression D ...) - TODO: check + NOT-FOR-US: dat.GUI CVE-2020-7754 (This affects the package npm-user-validate before 1.0.1. The regex tha ...) - TODO: check + NOT-FOR-US: npm-user-validate CVE-2020-7753 (All versions of package trim are vulnerable to Regular Expression Deni ...) - TODO: check + NOT-FOR-US: Node trim CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This packag ...) - TODO: check + NOT-FOR-US: Node systeminformation CVE-2020-7751 (This affects all versions of package pathval. ...) - node-pathval 1.1.0-4 (bug #972895) [buster] - node-pathval <no-dsa> (Minor issue) @@ -51429,9 +51429,9 @@ CVE-2020-5147 CVE-2020-5146 RESERVED CVE-2020-5145 (SonicWall Global VPN client version 4.10.4.0314 and earlier have an in ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2020-5144 (SonicWall Global VPN client version 4.10.4.0314 and earlier allows unp ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2020-5143 (SonicOS SSLVPN login page allows a remote unauthenticated attacker to ...) NOT-FOR-US: SonicOS SSLVPN CVE-2020-5142 (A stored cross-site scripting (XSS) vulnerability exists in the SonicO ...) |