From d52e7c151131952624f16af54cce5741f27c11fe Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 8 Jul 2020 16:22:49 +0200 Subject: NFUs --- data/CVE/list | 68 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index b29326b094..0f828c20cf 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -89,9 +89,9 @@ CVE-2020-15602 CVE-2020-15601 RESERVED CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to ...) - TODO: check + NOT-FOR-US: CMSUno CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php user_fir ...) - TODO: check + NOT-FOR-US: Victor CMS CVE-2020-15598 RESERVED CVE-2020-15597 @@ -169,7 +169,7 @@ CVE-2020-15574 (SolarWinds Serv-U File Server before 15.2.1 mishandles the Same- CVE-2020-15573 (SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulner ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2019-20896 (WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponen ...) - TODO: check + NOT-FOR-US: WebChess CVE-2020-15572 RESERVED CVE-2020-15571 @@ -300,15 +300,15 @@ CVE-2020-15519 CVE-2020-15518 (VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup &a ...) NOT-FOR-US: Veeam CVE-2020-15517 (The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x th ...) - TODO: check + NOT-FOR-US: Typo3 extension CVE-2020-15516 (The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be ...) - TODO: check + NOT-FOR-US: Typo3 extension CVE-2020-15515 (The turn extension through 0.3.2 for TYPO3 allows Remote Code Executio ...) - TODO: check + NOT-FOR-US: Typo3 extension CVE-2020-15514 (The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYP ...) - TODO: check + NOT-FOR-US: Typo3 extension CVE-2020-15513 (The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access ...) - TODO: check + NOT-FOR-US: Typo3 extension CVE-2020-15512 RESERVED CVE-2020-15511 @@ -1204,7 +1204,7 @@ CVE-2020-15098 CVE-2020-15097 RESERVED CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...) - TODO: check + - electron (bug #842420) CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...) TODO: check CVE-2020-15094 @@ -1331,25 +1331,25 @@ CVE-2020-15039 CVE-2020-15038 (The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. ...) NOT-FOR-US: WordPress plugin CVE-2020-15037 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) - TODO: check + NOT-FOR-US: NeDi CVE-2020-15036 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) - TODO: check + NOT-FOR-US: NeDi CVE-2020-15035 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) - TODO: check + NOT-FOR-US: NeDi CVE-2020-15034 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) - TODO: check + NOT-FOR-US: NeDi CVE-2020-15033 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) - TODO: check + NOT-FOR-US: NeDi CVE-2020-15032 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) - TODO: check + NOT-FOR-US: NeDi CVE-2020-15031 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) - TODO: check + NOT-FOR-US: NeDi CVE-2020-15030 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) - TODO: check + NOT-FOR-US: NeDi CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) - TODO: check + NOT-FOR-US: NeDi CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The ap ...) - TODO: check + NOT-FOR-US: NeDi CVE-2020-15027 RESERVED CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ ...) @@ -1398,7 +1398,7 @@ CVE-2020-15010 CVE-2020-15009 RESERVED CVE-2020-15008 (A SQLi exists in the probe code of all Connectwise Automate versions b ...) - TODO: check + NOT-FOR-US: Connectwise CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...) - rbdoom3bfg (unimportant) NOTE: https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabaa6cb9ec @@ -6808,7 +6808,7 @@ CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of serv CVE-2020-12822 RESERVED CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...) - TODO: check + NOT-FOR-US: Gossipsub CVE-2020-12820 RESERVED CVE-2020-12819 @@ -7054,7 +7054,7 @@ CVE-2020-12738 CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...) NOT-FOR-US: Maxum Rumpus CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and earlier ...) - TODO: check + NOT-FOR-US: Code42 CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...) NOT-FOR-US: DomainMOD CVE-2020-12734 @@ -9797,7 +9797,7 @@ CVE-2020-11884 (In the Linux kernel through 5.6.7 on the s390 platform, code exe CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...) NOT-FOR-US: Divante vue-storefront-api CVE-2020-11882 (The O2 Business application 1.2.0 for Android exposes the canvasm.myo2 ...) - TODO: check + NOT-FOR-US: O2 Business CVE-2020-11881 RESERVED CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...) @@ -17204,9 +17204,9 @@ CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection by CVE-2020-9263 RESERVED CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) - TODO: check + NOT-FOR-US: HUAWEI CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) - TODO: check + NOT-FOR-US: HUAWEI CVE-2020-9260 RESERVED CVE-2020-9259 @@ -17276,7 +17276,7 @@ CVE-2020-9228 CVE-2020-9227 RESERVED CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...) - TODO: check + NOT-FOR-US: HUAWEI CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...) TODO: check CVE-2020-9224 @@ -17528,7 +17528,7 @@ CVE-2020-9102 CVE-2020-9101 RESERVED CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Th ...) - TODO: check + NOT-FOR-US: Huawei CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...) NOT-FOR-US: Huawei CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...) @@ -18917,11 +18917,11 @@ CVE-2020-8523 CVE-2020-8522 RESERVED CVE-2020-8521 (SQL injection with start and length parameters in Records.php for phpz ...) - TODO: check + NOT-FOR-US: phpzag CVE-2020-8520 (SQL injection in order and column parameters in Records.php for phpzag ...) - TODO: check + NOT-FOR-US: phpzag CVE-2020-8519 (SQL injection with the search parameter in Records.php for phpzag live ...) - TODO: check + NOT-FOR-US: phpzag CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...) {DLA-2174-1} - php-horde-data (bug #951537) @@ -29696,13 +29696,13 @@ CVE-2020-4079 CVE-2020-4078 RESERVED CVE-2020-4077 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...) - TODO: check + - electron (bug #842420) CVE-2020-4076 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...) - TODO: check + - electron (bug #842420) CVE-2020-4075 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary ...) - TODO: check + - electron (bug #842420) CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the aut ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2020-4073 RESERVED CVE-2020-4072 (In generator-jhipster-kotlin version 1.6.0 log entries are created for ...) -- cgit v1.2.3