diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2020-04-09 23:51:46 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-04-09 23:51:46 +0200 |
| commit | bf070d3e976a6ff290f8852fc42f3ab42fec1bf1 (patch) | |
| tree | 7296a557db7e30b697c8d7d79860d162a1e1d27f | |
| parent | 58a0c789c36ca7b9c42e406a8588a74577286e0c (diff) | |
NFUs
| -rw-r--r-- | data/CVE/list | 122 |
1 files changed, 61 insertions, 61 deletions
diff --git a/data/CVE/list b/data/CVE/list index 880ca3e864..a875140db9 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2855,11 +2855,11 @@ CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists CVE-2020-10632 RESERVED CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10630 RESERVED CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10628 RESERVED CVE-2020-10627 @@ -2867,23 +2867,23 @@ CVE-2020-10627 CVE-2020-10626 RESERVED CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10624 RESERVED CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10622 RESERVED CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10620 RESERVED CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10618 RESERVED CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10616 RESERVED CVE-2020-10615 @@ -2911,7 +2911,7 @@ CVE-2020-10605 CVE-2020-10604 RESERVED CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10602 RESERVED CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...) @@ -3036,7 +3036,7 @@ CVE-2020-10553 CVE-2020-10552 RESERVED CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...) - TODO: check + NOT-FOR-US: QQBrowser CVE-2020-10550 RESERVED CVE-2020-10549 @@ -3418,7 +3418,7 @@ CVE-2020-10368 CVE-2020-10367 RESERVED CVE-2020-10366 (LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a d ...) - TODO: check + NOT-FOR-US: LogicalDoc CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...) NOT-FOR-US: LogicalDoc CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote ...) @@ -3626,9 +3626,9 @@ CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwa CVE-2019-20509 REJECTED CVE-2020-10263 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Atta ...) - TODO: check + NOT-FOR-US: XIAOMI CVE-2020-10262 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Att ...) - TODO: check + NOT-FOR-US: XIAOMI CVE-2020-10261 RESERVED CVE-2020-10260 @@ -5321,9 +5321,9 @@ CVE-2020-9502 CVE-2020-9501 RESERVED CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...) - TODO: check + NOT-FOR-US: Dahua CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...) - TODO: check + NOT-FOR-US: Dahua CVE-2020-9498 RESERVED CVE-2020-9497 @@ -6945,11 +6945,11 @@ CVE-2020-8830 CVE-2020-8829 RESERVED CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...) - TODO: check + NOT-FOR-US: Argo CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...) - TODO: check + NOT-FOR-US: Argo CVE-2020-8826 (As of v1.5.0, the Argo web interface authentication system issued immu ...) - TODO: check + NOT-FOR-US: Argo CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...) NOT-FOR-US: Vanilla Forums CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...) @@ -6975,7 +6975,7 @@ CVE-2020-8815 (Improper connection handling in the base connection handler in IK CVE-2020-8814 RESERVED CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...) - TODO: check + NOT-FOR-US: Argo CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext HTTP, a ...) - lxc-templates <unfixed> - lxc 1:3.0.3-1 (low) @@ -9023,7 +9023,7 @@ CVE-2020-7924 CVE-2020-7923 RESERVED CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...) - TODO: check + NOT-FOR-US: MongoDB Enterprise CVE-2020-7921 RESERVED CVE-2019-20419 @@ -9686,23 +9686,23 @@ CVE-2020-7641 CVE-2020-7640 RESERVED CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...) - TODO: check + NOT-FOR-US: Node eivindfjeldstad-dot CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...) - TODO: check + NOT-FOR-US: Node confinit CVE-2020-7637 (class-transformer through 0.2.3 is vulnerable to Prototype Pollution. ...) - TODO: check + NOT-FOR-US: Node class-transformer CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It allows ...) - TODO: check + NOT-FOR-US: Node adb-driver CVE-2020-7635 (compass-compile through 0.0.1 is vulnerable to Command Injection.It al ...) - TODO: check + NOT-FOR-US: Node compass-compile CVE-2020-7634 (heroku-addonpool through 0.1.15 is vulnerable to Command Injection. ...) - TODO: check + NOT-FOR-US: Node heroku-addonpool CVE-2020-7633 (apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injectio ...) - TODO: check + NOT-FOR-US: Node apiconnect-cli-plugins CVE-2020-7632 (node-mpv through 1.4.3 is vulnerable to Command Injection. It allows e ...) - TODO: check + NOT-FOR-US: Node node-mpv CVE-2020-7631 (diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allow ...) - TODO: check + NOT-FOR-US: Node diskusage-ng CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection. It al ...) NOT-FOR-US: git-add-remote node module CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...) @@ -9728,17 +9728,17 @@ CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.I CVE-2020-7619 (get-git-data through 1.3.1 is vulnerable to Command Injection. It is p ...) NOT-FOR-US: get-git-data node module CVE-2020-7618 (sds through 3.2.0 is vulnerable to Prototype Pollution.The library cou ...) - TODO: check + NOT-FOR-US: Node sds CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The libr ...) NOT-FOR-US: Node ini-parser CVE-2020-7616 (express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollu ...) - TODO: check + NOT-FOR-US: Node express-mock-middleware CVE-2020-7615 (fsa through 0.5.1 is vulnerable to Command Injection. The first argume ...) - TODO: check + NOT-FOR-US: Node fsa CVE-2020-7614 (npm-programmatic through 0.0.12 is vulnerable to Command Injection.The ...) - TODO: check + NOT-FOR-US: npm-programmatic CVE-2020-7613 (clamscan through 1.2.0 is vulnerable to Command Injection. It is possi ...) - TODO: check + NOT-FOR-US: Node clamscan CVE-2020-7612 RESERVED CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11 and a ...) @@ -11217,7 +11217,7 @@ CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and pr CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) NOT-FOR-US: Digi International ConnectPort LTS 32 MEI CVE-2020-6974 (Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a pa ...) - TODO: check + NOT-FOR-US: Honeywell CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) NOT-FOR-US: Digi International ConnectPort LTS 32 MEI CVE-2020-6972 (In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell F ...) @@ -12038,7 +12038,7 @@ CVE-2020-6649 CVE-2020-6648 RESERVED CVE-2020-6647 (An improper neutralization of input vulnerability in the dashboard of ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...) NOT-FOR-US: Fortiguard CVE-2020-6645 @@ -13211,7 +13211,7 @@ CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncont CVE-2020-6172 RESERVED CVE-2020-6171 (A cross-site scripting (XSS) vulnerability in the index page of the CL ...) - TODO: check + NOT-FOR-US: Clink Office CVE-2020-6170 (An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P ...) NOT-FOR-US: Genexis CVE-2020-6169 @@ -14115,11 +14115,11 @@ CVE-2020-5738 CVE-2020-5737 RESERVED CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...) - TODO: check + NOT-FOR-US: Amcrest CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer overflo ...) - TODO: check + NOT-FOR-US: Amcrest CVE-2020-5734 (Classic buffer overflow in SolarWinds Dameware allows a remote, unauth ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2020-5733 RESERVED CVE-2020-5732 @@ -14487,9 +14487,9 @@ CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 allow CVE-2020-5551 (Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenti ...) NOT-FOR-US: Toyota CVE-2020-5550 (Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earli ...) - TODO: check + NOT-FOR-US: EasyBlocks CVE-2020-5549 (Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver ...) - TODO: check + NOT-FOR-US: EasyBlocks CVE-2020-5548 (Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yam ...) NOT-FOR-US: Yamaha CVE-2020-5547 (Resource Management Errors vulnerability in TCP function included in t ...) @@ -15086,7 +15086,7 @@ CVE-2020-5304 CVE-2020-5303 RESERVED CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...) - TODO: check + NOT-FOR-US: MH-WikiBot CVE-2020-5301 RESERVED CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect ...) @@ -15184,7 +15184,7 @@ CVE-2020-5265 CVE-2020-5264 RESERVED CVE-2020-5263 (auth0.js (NPM package auth0-js) greater than version 8.0.0 and before ...) - TODO: check + NOT-FOR-US: Node auth0-js CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...) NOT-FOR-US: EasyBuild CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Sa ...) @@ -23906,23 +23906,23 @@ CVE-2020-1994 CVE-2020-1993 RESERVED CVE-2020-1992 (A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-70 ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1991 (An insecure temporary file vulnerability in Palo Alto Networks Traps a ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1990 (A stack-based buffer overflow vulnerability in the management server c ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1989 (An incorrect privilege assignment vulnerability when writing applicati ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1988 (An unquoted search path vulnerability in the Windows release of Global ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1987 (An information exposure vulnerability in the logging component of Palo ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1986 (Improper input validation vulnerability in Secdo allows an authenticat ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in S ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1983 RESERVED CVE-2020-1982 @@ -23934,7 +23934,7 @@ CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows CVE-2020-1979 (A format string vulnerability in the PAN-OS log daemon (logd) on Panor ...) NOT-FOR-US: PAN-OS CVE-2020-1978 (TechSupport files generated on Palo Alto Networks VM Series firewalls ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...) NOT-FOR-US: Palo Alto CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...) @@ -24431,7 +24431,7 @@ CVE-2020-1897 CVE-2020-1896 RESERVED CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...) - TODO: check + NOT-FOR-US: Instagram for Android CVE-2020-1894 RESERVED CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out ...) @@ -24451,7 +24451,7 @@ CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions CVE-2020-1886 RESERVED CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...) - TODO: check + NOT-FOR-US: Oculus Desktop CVE-2019-19512 RESERVED CVE-2019-19511 @@ -32908,7 +32908,7 @@ CVE-2019-17659 CVE-2019-17658 (An unquoted service path vulnerability in the FortiClient FortiTray co ...) NOT-FOR-US: Fortiguard CVE-2019-17657 (An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSw ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2019-17656 RESERVED CVE-2019-17655 @@ -38265,7 +38265,7 @@ CVE-2019-15790 RESERVED NOT-FOR-US: Apport CVE-2019-15789 (Privilege escalation vulnerability in MicroK8s allows a low privilege ...) - TODO: check + NOT-FOR-US: MicroK8s CVE-2019-15807 (In the Linux kernel before 5.1.13, there is a memory leak in drivers/s ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 @@ -46801,7 +46801,7 @@ CVE-2019-13561 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote atta CVE-2019-13560 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers ...) NOT-FOR-US: D-Link CVE-2019-13559 (GE Mark VIe Controller is shipped with pre-configured hard-coded crede ...) - TODO: check + NOT-FOR-US: GE Mark VIe Controller CVE-2019-13558 (In WebAccess versions 8.4.1 and prior, an exploit executed over the ne ...) NOT-FOR-US: WebAccess CVE-2019-13557 (In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an ...) @@ -46811,7 +46811,7 @@ CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based buff CVE-2019-13555 (In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial n ...) NOT-FOR-US: Mitsubishi CVE-2019-13554 (GE Mark VIe Controller has an unsecured Telnet protocol that may allow ...) - TODO: check + NOT-FOR-US: GE Mark VIe Controller CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...) NOT-FOR-US: Rittal Chiller SK 3232-Series CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command injection vuln ...) @@ -72121,11 +72121,11 @@ CVE-2019-4395 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0. CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 con ...) NOT-FOR-US: IBM CVE-2019-4393 (HCL AppScan Standard is vulnerable to excessive authorization attempts ...) - TODO: check + NOT-FOR-US: HCL AppScan CVE-2019-4392 (HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded cred ...) NOT-FOR-US: HCL AppScan CVE-2019-4391 (HCL AppScan Standard is vulnerable to XML External Entity Injection (X ...) - TODO: check + NOT-FOR-US: HCL AppScan CVE-2019-4390 RESERVED CVE-2019-4389 |