[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Apr 21 21:36:35 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e03d289f by Salvatore Bonaccorso at 2020-04-21T22:36:20+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -161,17 +161,17 @@ CVE-2020-11970
 CVE-2020-11969
 	RESERVED
 CVE-2020-11968 (In the web-panel in IQrouter through 3.3.1, remote attackers can read  ...)
-	TODO: check
+	NOT-FOR-US: IQrouter
 CVE-2020-11967 (In IQrouter through 3.3.1, remote attackers can control the device (re ...)
-	TODO: check
+	NOT-FOR-US: IQrouter
 CVE-2020-11966 (In IQrouter through 3.3.1, the Lua function reset_password in the web- ...)
-	TODO: check
+	NOT-FOR-US: IQrouter
 CVE-2020-11965 (In IQrouter through 3.3.1, there is a root user without a password, wh ...)
-	TODO: check
+	NOT-FOR-US: IQrouter
 CVE-2020-11964 (In IQrouter through 3.3.1, the Lua function diag_set_password in the w ...)
-	TODO: check
+	NOT-FOR-US: IQrouter
 CVE-2020-11963 (IQrouter through 3.3.1, when unconfigured, has multiple remote code ex ...)
-	TODO: check
+	NOT-FOR-US: IQrouter
 CVE-2020-11962
 	RESERVED
 CVE-2020-11961
@@ -583,33 +583,33 @@ CVE-2017-18822 (Certain NETGEAR devices are affected by vertical privilege escal
 CVE-2017-18821 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...)
 	NOT-FOR-US: Netgear
 CVE-2017-18820 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18819 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18818
 	RESERVED
 CVE-2017-18817
 	RESERVED
 CVE-2017-18816 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18815 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18814 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18813 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18812 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18811 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18810 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18809 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18808 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18807 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18806 (Certain NETGEAR devices are affected by command injection. This affect ...)
 	NOT-FOR-US: Netgear
 CVE-2017-18805 (Certain NETGEAR devices are affected by command injection. This affect ...)
@@ -913,11 +913,11 @@ CVE-2020-11893
 CVE-2020-11892
 	RESERVED
 CVE-2020-11891 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2020-11890 (An issue was discovered in Joomla! before 3.9.17. Improper input valid ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2020-11889 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names are mi ...)
 	TODO: check
 CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an  ...)
@@ -1091,7 +1091,7 @@ CVE-2020-11830
 CVE-2020-11829
 	RESERVED
 CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...)
-	TODO: check
+	NOT-FOR-US: ColorOS
 CVE-2020-11827
 	RESERVED
 CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...)
@@ -4218,9 +4218,9 @@ CVE-2020-10789 (openITCOCKPIT before 3.7.3 has a web-based terminal that allows
 CVE-2020-10788 (openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a941523 ...)
 	NOT-FOR-US: openITCOCKPIT
 CVE-2020-10787 (An elevation of privilege in Vesta Control Panel through 0.9.8-26 allo ...)
-	TODO: check
+	NOT-FOR-US: Vesta Control Panel
 CVE-2020-10786 (A remote command execution in Vesta Control Panel through 0.9.8-26 all ...)
-	TODO: check
+	NOT-FOR-US: Vesta Control Panel
 CVE-2020-10785
 	RESERVED
 CVE-2020-10784
@@ -8560,7 +8560,7 @@ CVE-2020-8897
 CVE-2020-8896
 	RESERVED
 CVE-2020-8895 (A vulnerability in the windows installer of Google Earth Pro versions  ...)
-	TODO: check
+	NOT-FOR-US: windows installer of Google Earth Pro
 CVE-2020-8894 (An issue was discovered in MISP before 2.4.121. ACLs for discussion th ...)
 	NOT-FOR-US: MISP
 CVE-2020-8893 (An issue was discovered in MISP before 2.4.121. The Galaxy view contai ...)
@@ -8687,7 +8687,7 @@ CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary c
 CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...)
 	NOT-FOR-US: itsio
 CVE-2020-8842 (Unquoted search path vulnerability in MSI True Color before 3.0.52.0 a ...)
-	TODO: check
+	NOT-FOR-US: MSI True Color
 CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...)
 	NOT-FOR-US: TestLink
 CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...)
@@ -10370,7 +10370,7 @@ CVE-2020-8101
 CVE-2020-8100
 	RESERVED
 CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender Antivirus Free
 CVE-2020-8098
 	RESERVED
 CVE-2020-8097



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e03d289f76a537367fb2cc9728695465ca531728

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e03d289f76a537367fb2cc9728695465ca531728
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200421/7e98ea12/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list