From b55d14b0341fb103bd2dc6470d90d7b0509a258f Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 28 Oct 2020 21:19:26 +0100 Subject: Process NFUs --- data/CVE/2020.list | 70 +++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 5ac1fed7cd..079c1d6b83 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,5 +1,5 @@ CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WL ...) - TODO: check + NOT-FOR-US: Genexis Platinum-4410 P4410-V2-1.28 devices CVE-2020-27979 RESERVED CVE-2020-27978 (Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service ...) @@ -7,11 +7,11 @@ CVE-2020-27978 (Shibboleth Identify Provider 3.x before 3.4.6 has a denial of se CVE-2020-27977 RESERVED CVE-2020-27976 (osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remot ...) - TODO: check + NOT-FOR-US: osCommerce Phoenix CE CVE-2020-27975 (osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php ...) - TODO: check + NOT-FOR-US: osCommerce Phoenix CE CVE-2020-27974 (NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_B ...) - TODO: check + NOT-FOR-US: NeoPost Mail Accounting Software Pro CVE-2020-27973 RESERVED CVE-2020-27972 @@ -3825,13 +3825,13 @@ CVE-2020-26135 (Live Helper Chat before 3.44v allows reflected XSS via the setse CVE-2020-26134 (Live Helper Chat before 3.44v allows stored XSS in chat messages with ...) NOT-FOR-US: Live Helper Chat CVE-2020-26133 (An issue was discovered in Dual DHCP DNS Server 7.40. Due to insuffici ...) - TODO: check + NOT-FOR-US: Dual DHCP DNS Server CVE-2020-26132 (An issue was discovered in Home DNS Server 0.10. Due to insufficient a ...) - TODO: check + NOT-FOR-US: Home DNS Server CVE-2020-26131 (Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHC ...) - TODO: check + NOT-FOR-US: Open DHCP Server CVE-2020-26130 (Issues were discovered in Open TFTP Server multithreaded 1.66 and Open ...) - TODO: check + NOT-FOR-US: Open TFTP Server CVE-2020-26129 RESERVED CVE-2020-26128 @@ -4181,7 +4181,7 @@ CVE-2020-25968 CVE-2020-25967 RESERVED CVE-2020-25966 (Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that l ...) - TODO: check + NOT-FOR-US: Sectona Spectra CVE-2020-25965 RESERVED CVE-2020-25964 @@ -5899,7 +5899,7 @@ CVE-2020-25206 CVE-2020-25205 RESERVED CVE-2020-25204 (The God Kings application 0.60.1 for Android exposes a broadcast recei ...) - TODO: check + NOT-FOR-US: God Kings application for Android CVE-2020-25203 (The Framer Preview application 12 for Android exposes com.framer.viewe ...) NOT-FOR-US: Framer Preview application CVE-2020-25576 (An issue was discovered in the rand_core crate before 0.4.2 for Rust. ...) @@ -6369,7 +6369,7 @@ CVE-2020-24992 CVE-2020-24991 RESERVED CVE-2020-24990 (An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing ...) - TODO: check + NOT-FOR-US: QSC Q-SYS Core Manager CVE-2020-24989 RESERVED CVE-2020-24988 @@ -11402,7 +11402,7 @@ CVE-2020-22554 CVE-2020-22553 RESERVED CVE-2020-22552 (The Snap7 server component in version 1.4.1, when an attacker sends a ...) - TODO: check + NOT-FOR-US: Snap7 CVE-2020-22551 RESERVED CVE-2020-22550 @@ -24124,21 +24124,21 @@ CVE-2020-16265 CVE-2020-16264 RESERVED CVE-2020-16263 (Winston 1.5.4 devices have a CORS configuration that trusts arbitrary ...) - TODO: check + NOT-FOR-US: Winston devices CVE-2020-16262 (Winston 1.5.4 devices have a local www-data user that is overly permis ...) - TODO: check + NOT-FOR-US: Winston devices CVE-2020-16261 (Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local roo ...) - TODO: check + NOT-FOR-US: Winston devices CVE-2020-16260 (Winston 1.5.4 devices do not enforce authorization. This is exploitabl ...) - TODO: check + NOT-FOR-US: Winston devices CVE-2020-16259 (Winston 1.5.4 devices have an SSH user account with access from bastio ...) - TODO: check + NOT-FOR-US: Winston devices CVE-2020-16258 (Winston 1.5.4 devices make use of a Monit service (not managed during ...) - TODO: check + NOT-FOR-US: Winston devices CVE-2020-16257 (Winston 1.5.4 devices are vulnerable to command injection via the API. ...) - TODO: check + NOT-FOR-US: Winston devices CVE-2020-16256 (The API on Winston 1.5.4 devices is vulnerable to CSRF. ...) - TODO: check + NOT-FOR-US: Winston devices CVE-2020-16255 RESERVED CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...) @@ -26604,7 +26604,7 @@ CVE-2020-15280 CVE-2020-15279 RESERVED CVE-2020-15278 (Red Discord Bot before version 3.4.1 has an unauthorized privilege esc ...) - TODO: check + NOT-FOR-US: Red Discord Bot CVE-2020-15277 RESERVED CVE-2020-15276 @@ -43886,13 +43886,13 @@ CVE-2020-8264 [Possible XSS Vulnerability in Action Pack in Development Mode] [stretch] - rails (Vulnerable code not present) NOTE: https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ CVE-2020-8263 (A vulnerability in the authenticated user web interface of Pulse Conne ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-8262 (A vulnerability in the Pulse Connect Secure / Pulse Policy Secure belo ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure / Pulse Policy Secure CVE-2020-8261 (A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure / Pulse Policy Secure CVE-2020-8260 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web inter ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-8259 RESERVED CVE-2020-8258 @@ -43902,9 +43902,9 @@ CVE-2020-8257 CVE-2020-8256 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web int ...) NOT-FOR-US: Pulse Connect Secure CVE-2020-8255 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web inter ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-8254 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remo ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...) NOT-FOR-US: Citrix CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 12.18.4, an ...) @@ -43923,11 +43923,11 @@ CVE-2020-8251 (Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS - nodejs (Only affects 14.x series) NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251 CVE-2020-8250 (A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8249 (A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8248 (A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8247 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) NOT-FOR-US: Citrix CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) @@ -43945,11 +43945,11 @@ CVE-2020-8243 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin we CVE-2020-8242 RESERVED CVE-2020-8241 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could al ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8240 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8239 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulne ...) - TODO: check + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8238 (A vulnerability in the authenticated user web interface of Pulse Conne ...) NOT-FOR-US: Pulse Connect Secure CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lead to ...) @@ -52127,7 +52127,7 @@ CVE-2020-4784 CVE-2020-4783 RESERVED CVE-2020-4782 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4781 (An improper input validation before calling java readLine() method may ...) NOT-FOR-US: IBM CVE-2020-4780 (OOTB build scripts does not set the secure attribute on session cookie ...) @@ -52157,7 +52157,7 @@ CVE-2020-4769 CVE-2020-4768 RESERVED CVE-2020-4767 (IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6 ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4766 RESERVED CVE-2020-4765 -- cgit v1.2.3