[Git][security-tracker-team/security-tracker][master] 4 commits: Add two new dolibarr issues

Salvatore Bonaccorso carnil at debian.org
Thu Apr 16 21:22:01 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86a4fc55 by Salvatore Bonaccorso at 2020-04-16T22:20:03+02:00
Add two new dolibarr issues

- - - - -
d1f4b0bc by Salvatore Bonaccorso at 2020-04-16T22:20:46+02:00
Process more NFUs

- - - - -
e610a569 by Salvatore Bonaccorso at 2020-04-16T22:21:21+02:00
Merge remote-tracking branch 'origin/master'

- - - - -
87991c43 by Salvatore Bonaccorso at 2020-04-16T22:21:47+02:00
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -73,35 +73,35 @@ CVE-2020-11827
 CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...)
 	TODO: check
 CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...)
-	TODO: check
+	- dolibarr <removed>
 CVE-2020-11824
 	RESERVED
 CVE-2020-11823 (In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored  ...)
-	TODO: check
+	- dolibarr <removed>
 CVE-2020-11822
 	RESERVED
 CVE-2020-11821
 	RESERVED
 CVE-2020-11820 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file lo ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2020-11818 (In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF at ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2020-11817
 	RESERVED
 CVE-2020-11816 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2020-11815 (In Rukovoditel 2.5.2, attackers can upload arbitrary file to the serve ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2020-11814 (A Host Header Injection vulnerability in qdPM 9.1 may allow an attacke ...)
-	TODO: check
+	NOT-FOR-US: qdPM
 CVE-2020-11813 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the confi ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2020-11812 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel
 CVE-2020-11811 (In qdPM 9.1, an attacker can upload a malicious .php file to the serve ...)
-	TODO: check
+	NOT-FOR-US: qdPM
 CVE-2020-11810
 	RESERVED
 CVE-2020-11809
@@ -2397,7 +2397,7 @@ CVE-2020-11009
 CVE-2020-11008
 	RESERVED
 CVE-2020-11007 (In Shopizer before version 2.11.0, using API or Controller based versi ...)
-	TODO: check
+	NOT-FOR-US: Shopizer
 CVE-2020-11006
 	RESERVED
 CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...)
@@ -11323,7 +11323,7 @@ CVE-2020-7226 (CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS
 CVE-2020-7225
 	RESERVED
 CVE-2020-7224 (The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows ...)
-	TODO: check
+	NOT-FOR-US: Aviatrix OpenVPN client
 CVE-2020-7223
 	RESERVED
 CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06- ...)
@@ -11555,15 +11555,15 @@ CVE-2020-7116
 CVE-2020-7115
 	RESERVED
 CVE-2020-7114 (A vulnerability exists allowing attackers, when present in the same ne ...)
-	TODO: check
+	NOT-FOR-US: ClearPass
 CVE-2020-7113 (A vulnerability was found when an attacker, while communicating with t ...)
-	TODO: check
+	NOT-FOR-US: ClearPass
 CVE-2020-7112
 	RESERVED
 CVE-2020-7111 (A server side injection vulnerability exists which could allow an auth ...)
-	TODO: check
+	NOT-FOR-US: ClearPass
 CVE-2020-7110 (ClearPass is vulnerable to Stored Cross Site Scripting by allowing a m ...)
-	TODO: check
+	NOT-FOR-US: ClearPass
 CVE-2020-7109 (The Elementor Page Builder plugin before 2.8.4 for WordPress does not  ...)
 	NOT-FOR-US: Elementor Page Builder plugin for WordPress
 CVE-2020-7108 (The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ...)
@@ -15689,7 +15689,7 @@ CVE-2020-5348 (Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 conta
 CVE-2020-5347 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of s ...)
 	NOT-FOR-US: Dell EMC Isilon OneFS
 CVE-2020-5346 (RSA Authentication Manager versions prior to 8.4 P11 contain a stored  ...)
-	TODO: check
+	NOT-FOR-US: RSA Authentication Manager
 CVE-2020-5345
 	RESERVED
 CVE-2020-5344 (Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c37996431e8a53631a73e6d7f28f4f049c103107...87991c43797c695125f47ce8fab69f3d8eaf534b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c37996431e8a53631a73e6d7f28f4f049c103107...87991c43797c695125f47ce8fab69f3d8eaf534b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200416/d6e53626/attachment.html>

More information about the debian-security-tracker-commits mailing list