[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Apr 1 21:22:25 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d0324e4 by Salvatore Bonaccorso at 2020-04-01T22:22:03+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2020-11459
 CVE-2020-11458
 	RESERVED
 CVE-2020-11457 (pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2020-11456 (LimeSurvey before 4.1.12+200324 has stored XSS in application/views/ad ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains a path traversal vulnerabilit ...)
@@ -23,7 +23,7 @@ CVE-2020-11451
 CVE-2020-11450
 	RESERVED
 CVE-2020-11449 (An issue was discovered on Technicolor TC7337 8.89.17 devices. An atta ...)
-	TODO: check
+	NOT-FOR-US: Technicolor devices
 CVE-2020-11448
 	RESERVED
 CVE-2020-11447
@@ -1249,23 +1249,23 @@ CVE-2020-10870 (Zim through 0.72.1 creates temporary directories with predictabl
 CVE-2020-10869
 	RESERVED
 CVE-2020-10868 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2020-10867 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2020-10866 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2020-10865 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2020-10864 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2020-10863 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2020-10862 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2020-10861 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC  ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2020-10860 (An issue was discovered in Avast Antivirus before 20. An Arbitrary Mem ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2020-10859
 	RESERVED
 CVE-2020-10858
@@ -2882,7 +2882,7 @@ CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a
 	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836
 	NOTE: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1
 CVE-2020-10231 (TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_17 ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) al ...)
 	NOT-FOR-US: CentOS-WebPanel.com
 CVE-2020-10229
@@ -2940,9 +2940,9 @@ CVE-2020-10206
 CVE-2020-10205
 	RESERVED
 CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. ...)
-	TODO: check
+	NOT-FOR-US: Sonatype Nexus Repository
 CVE-2020-10203 (Sonatype Nexus Repository before 3.21.2 allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: Sonatype Nexus Repository
 CVE-2020-10202
 	RESERVED
 CVE-2020-10201
@@ -2950,7 +2950,7 @@ CVE-2020-10201
 CVE-2020-10200
 	RESERVED
 CVE-2020-10199 (Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue ...)
-	TODO: check
+	NOT-FOR-US: Sonatype Nexus Repository
 CVE-2020-10198
 	RESERVED
 CVE-2020-10197
@@ -13561,7 +13561,7 @@ CVE-2020-5550
 CVE-2020-5549
 	RESERVED
 CVE-2020-5548 (Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yam ...)
-	TODO: check
+	NOT-FOR-US: Yamaha
 CVE-2020-5547 (Resource Management Errors vulnerability in TCP function included in t ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2020-5546 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
@@ -62694,7 +62694,7 @@ CVE-2019-7757
 CVE-2019-7756
 	RESERVED
 CVE-2019-7755 (In webERP 4.15, the Import Bank Transactions function fails to sanitiz ...)
-	TODO: check
+	NOT-FOR-US: webERP
 CVE-2019-7754
 	RESERVED
 CVE-2019-7753 (Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count r ...)
@@ -65732,7 +65732,7 @@ CVE-2019-6587
 CVE-2019-6586
 	RESERVED
 CVE-2019-6585 (A vulnerability has been identified in SCALANCE S602 (All versions &gt ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2019-6584 (A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0 ...)
 	NOT-FOR-US: Siemens
 CVE-2019-6583
@@ -68321,7 +68321,7 @@ CVE-2019-5650
 CVE-2019-5649
 	RESERVED
 CVE-2019-5648 (Authenticated, administrative access to a Barracuda Load Balancer ADC  ...)
-	TODO: check
+	NOT-FOR-US: Barracuda
 CVE-2019-5647 (The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser se ...)
 	NOT-FOR-US: Chrome Plugin for Rapid7 AppSpider
 CVE-2019-5646
@@ -71992,13 +71992,13 @@ CVE-2019-3947 (Fuji Electric V-Server before 6.0.33.0 stores database credential
 CVE-2019-3946 (Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of serv ...)
 	NOT-FOR-US: Fuji Electric V-Server
 CVE-2019-3945 (Web server running on Parrot ANAFI can be crashed due to the SDK comma ...)
-	TODO: check
+	NOT-FOR-US: Parrot ANAFI
 CVE-2019-3944 (Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing  ...)
-	TODO: check
+	NOT-FOR-US: Parrot ANAFI
 CVE-2019-3943 (MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 ...)
 	NOT-FOR-US: MikroTik
 CVE-2019-3942 (Advantech WebAccess 8.3.4 does not properly restrict an RPC call that  ...)
-	TODO: check
+	NOT-FOR-US: Advantech WebAccess
 CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to  ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2019-3940 (Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via una ...)
@@ -106588,7 +106588,7 @@ CVE-2018-11108
 CVE-2018-11107
 	RESERVED
 CVE-2018-11106 (NETGEAR has released fixes for a pre-authentication command injection  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2018-11105 (There is stored cross site scripting in the wp-live-chat-support plugi ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2018-11104



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d0324e422d74a04a058750b44541996fde36bc5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d0324e422d74a04a058750b44541996fde36bc5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200401/0fcec263/attachment.html>

More information about the debian-security-tracker-commits mailing list