[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Apr 1 16:32:27 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80e0571c by Salvatore Bonaccorso at 2020-04-01T17:32:00+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62,7 +62,7 @@ CVE-2020-11416
 CVE-2020-11415
 	RESERVED
 CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before  ...)
-	TODO: check
+	NOT-FOR-US: Progress Telerik UI
 CVE-2020-11413
 	RESERVED
 CVE-2020-11412
@@ -9605,7 +9605,7 @@ CVE-2020-7265
 CVE-2020-7264
 	RESERVED
 CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS for W ...)
-	TODO: check
+	NOT-FOR-US: ENS for Windows
 CVE-2020-7262
 	RESERVED
 CVE-2020-7261
@@ -12608,7 +12608,7 @@ CVE-2020-6010
 CVE-2020-6009
 	RESERVED
 CVE-2020-6008 (LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbi ...)
-	TODO: check
+	NOT-FOR-US: LifterLMS Wordpress plugin
 CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 1935144020 ...)
 	NOT-FOR-US: Philips Hue Bridge model
 CVE-2020-6006
@@ -14147,7 +14147,7 @@ CVE-2020-5294
 CVE-2020-5293
 	RESERVED
 CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vuln ...)
-	TODO: check
+	NOT-FOR-US: Leantime
 CVE-2020-5290
 	RESERVED
 CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and  ...)
@@ -45898,7 +45898,7 @@ CVE-2019-13497 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows C
 CVE-2019-13496 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP byp ...)
 	NOT-FOR-US: One Identity Cloud Access Manager
 CVE-2019-13495 (In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross- ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0. ...)
 	NOT-FOR-US: Castle Rock SNMPc
 CVE-2019-13493 (In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library ...)
@@ -53477,7 +53477,7 @@ CVE-2019-10810
 CVE-2019-10809
 	RESERVED
 CVE-2019-10808 (utilitify prior to 1.0.3 allows modification of object properties. The ...)
-	TODO: check
+	NOT-FOR-US: utilitify
 CVE-2019-10807 (Blamer versions prior to 1.0.1 allows execution of arbitrary commands. ...)
 	TODO: check
 CVE-2019-10806 (vega-util prior to 1.13.1 allows manipulation of object prototype. The ...)
@@ -53904,7 +53904,7 @@ CVE-2019-10684 (Application/Admin/Controller/ConfigController.class.php in 74cms
 CVE-2019-10683
 	RESERVED
 CVE-2019-10682 (django-nopassword before 5.0.0 stores cleartext secrets in the databas ...)
-	TODO: check
+	NOT-FOR-US: django-nopassword
 CVE-2019-10681
 	RESERVED
 CVE-2019-10680
@@ -77863,7 +77863,7 @@ CVE-2019-2313
 CVE-2019-2312 (When handling the vendor command there exists a potential buffer overf ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-2311 (Possible buffer overflow in WLAN handler due to lack of validation of  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2310 (Out of bound read would occur while trying to read action category and ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2309 (While storing calibrated data from firmware in cache, An integer overf ...)
@@ -77885,7 +77885,7 @@ CVE-2019-2302 (While processing vendor command which contains corrupted channel
 CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not in ran ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-2300 (Possible buffer overflow in WLAN handler due to lack of validation of  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-2299 (An out-of-bound write can be triggered by a specially-crafted command  ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-2298 (Protection is missing while accessing md sessions info via macro which ...)
@@ -85703,7 +85703,7 @@ CVE-2018-18896
 CVE-2018-18895
 	REJECTED
 CVE-2018-18894 (Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) c ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, related to co ...)
 	NOT-FOR-US: Jinjava
 CVE-2018-18892 (MiniCMS 1.10 allows execution of arbitrary PHP code via the install.ph ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80e0571c7fe35796786fae1a516a6dd3d22c066c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80e0571c7fe35796786fae1a516a6dd3d22c066c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200401/609a56c5/attachment.html>

More information about the debian-security-tracker-commits mailing list