[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Apr 20 21:30:18 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd33e83d by Salvatore Bonaccorso at 2020-04-20T22:29:49+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1294,7 +1294,7 @@ CVE-2020-11755
 CVE-2020-11754
 	RESERVED
 CVE-2020-11753 (An issue was discovered in Sonatype Nexus Repository Manager in versio ...)
-	TODO: check
+	NOT-FOR-US: Sonatype
 CVE-2020-11752
 	RESERVED
 CVE-2020-11751
@@ -16020,7 +16020,7 @@ CVE-2020-5571
 CVE-2020-5570
 	RESERVED
 CVE-2020-5569 (An unquoted search path vulnerability exists HDD Password tool (for Wi ...)
-	TODO: check
+	NOT-FOR-US: HDD Password tool (CANVIO)
 CVE-2020-5568
 	RESERVED
 CVE-2020-5567
@@ -16676,7 +16676,7 @@ CVE-2020-5295
 CVE-2020-5294 (PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflect ...)
 	NOT-FOR-US: PrestaShop
 CVE-2020-5293 (In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vuln ...)
 	NOT-FOR-US: Leantime
 CVE-2020-5290 (In RedpwnCTF before version 2.3, there is a session fixation vulnerabi ...)
@@ -16684,13 +16684,13 @@ CVE-2020-5290 (In RedpwnCTF before version 2.3, there is a session fixation vuln
 CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and  ...)
 	NOT-FOR-US: Elide
 CVE-2020-5288 ("In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5287 (In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper  ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5286 (In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflect ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5285 (In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflect ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal vulnerability ...)
 	NOT-FOR-US: next.js
 CVE-2020-5283 (ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS ...)
@@ -16708,13 +16708,13 @@ CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify con
 CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file i ...)
 	NOT-FOR-US: http4s
 CVE-2020-5279 (In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5278 (In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflect ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflect ...)
 	NOT-FOR-US: PrestaShop
 CVE-2020-5276 (In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflect ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5275 (In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Fire ...)
 	- symfony <unfixed>
 	[buster] - symfony <not-affected> (Introduced in 4.4.0)
@@ -16733,13 +16733,13 @@ CVE-2020-5274 (In Symfony before versions 5.0.5 and 4.4.5, some properties of th
 CVE-2020-5273 (In PrestaShop module ps_linklist versions before 3.1.0, there is a sto ...)
 	NOT-FOR-US: PrestaShop
 CVE-2020-5272 (In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflect ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5271 (In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflect ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5270 (In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open r ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5269 (In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflect ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5268
 	RESERVED
 CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...)
@@ -16752,9 +16752,9 @@ CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a pos
 CVE-2020-5266 (In the ps_link module for PrestaShop before version 3.1.0, there is a  ...)
 	NOT-FOR-US: PrestaShop
 CVE-2020-5265 (In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflect ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5264 (In PrestaShop before version 1.7.6.5, there is a reflected XSS while r ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5263 (auth0.js (NPM package auth0-js) greater than version 8.0.0 and before  ...)
 	NOT-FOR-US: Node auth0-js
 CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd33e83d48af27a4101157e0a2c33e87afaae7f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd33e83d48af27a4101157e0a2c33e87afaae7f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200420/7d8abc82/attachment.html>

More information about the debian-security-tracker-commits mailing list