[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Apr 28 22:19:52 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e790657 by Salvatore Bonaccorso at 2020-04-28T23:19:22+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -772,7 +772,7 @@ CVE-2020-12137 (GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubb
 CVE-2020-12079 (Beaker before 0.8.9 allows a sandbox escape, enabling system access an ...)
 	TODO: check
 CVE-2020-12078 (An issue was discovered in Open-AudIT 3.3.1. There is shell metacharac ...)
-	TODO: check
+	NOT-FOR-US: Open-AudIT
 CVE-2020-12077 (The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPr ...)
 	NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress
 CVE-2020-12076 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...)
@@ -6784,7 +6784,7 @@ CVE-2020-10095
 CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW7 ...)
 	TODO: check
 CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series in ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerab ...)
 	- gitlab <not-affected> (Only affects Gitlab 12.1 and later)
 	NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
@@ -17212,23 +17212,23 @@ CVE-2020-5572
 CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...)
 	NOT-FOR-US: SHARP AQUOS
 CVE-2020-5570 (Cross-site scripting vulnerability in Sales Force Assistant version 11 ...)
-	TODO: check
+	NOT-FOR-US: Sales Force Assistant
 CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password tool (for ...)
 	NOT-FOR-US: HDD Password tool (CANVIO)
 CVE-2020-5568 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 all ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Garoon
 CVE-2020-5567 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Garoon
 CVE-2020-5566 (Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3  ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Garoon
 CVE-2020-5565 (Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Garoon
 CVE-2020-5564 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 al ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Garoon
 CVE-2020-5563 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Garoon
 CVE-2020-5562 (Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6. ...)
-	TODO: check
+	NOT-FOR-US: Cybozu Garoon
 CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS ...)
 	NOT-FOR-US: Keijiban Tsumiki
 CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS c ...)
@@ -21536,7 +21536,7 @@ CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. Wh
 CVE-2019-20003 (Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored ...)
 	NOT-FOR-US: Feldtech easescreen Crystal 9.0 Web-Services
 CVE-2019-20002 (Formula Injection exists in the export feature in SolarWinds WebHelpDe ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds WebHelpDesk
 CVE-2019-20001
 	RESERVED
 CVE-2019-20000 (The malware scan function in BullGuard Premium Protection 20.0.371.8 h ...)
@@ -42881,7 +42881,7 @@ CVE-2019-15236
 CVE-2019-15235 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an att ...)
 	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-15234 (SHAREit through 4.0.6.177 does not check the full message length from  ...)
-	TODO: check
+	NOT-FOR-US: SHAREit
 CVE-2019-15233 (The Live:Text Box macro in the Old Street Live Input Macros app before ...)
 	NOT-FOR-US: Old Street Live Input Macros app for Confluence
 CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMediaSer ...)
@@ -43985,7 +43985,7 @@ CVE-2019-14942 [Insecure Cookie Handling on GitLab Pages]
 	- gitlab 12.6.8-3 (bug #934708)
 	NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
 CVE-2019-14941 (SHAREit through 4.0.6.177 does not check the body length from the rece ...)
-	TODO: check
+	NOT-FOR-US: SHAREit
 CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a user of  ...)
 	NOT-FOR-US: Storage Performance Development Kit
 CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for N ...)
@@ -62992,7 +62992,7 @@ CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in Bolt
 CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for ...)
 	NOT-FOR-US: J2Store plugin for Joomla!
 CVE-2019-9183 (An issue was discovered in Contiki-NG through 4.3 and Contiki through  ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=e ...)
 	NOT-FOR-US: ZZZCMS
 CVE-2019-9181 (SchoolCMS version 2.3.1 allows file upload via the logo upload feature ...)
@@ -65351,7 +65351,7 @@ CVE-2019-8361 (PHP Scripts Mall Responsive Video News Script has XSS via the Sea
 CVE-2019-8360 (Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find ...)
 	NOT-FOR-US: Themerig Find a Place CMS Directory
 CVE-2019-8359 (An issue was discovered in Contiki-NG through 4.3 and Contiki through  ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do directory t ...)
 	NOT-FOR-US: Hiawatha
 CVE-2019-8357 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c  ...)
@@ -69075,7 +69075,7 @@ CVE-2019-6861
 CVE-2019-6860
 	RESERVED
 CVE-2019-6859 (A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modico ...)
-	TODO: check
+	NOT-FOR-US: Modicon
 CVE-2019-6858 (A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX ...)
 	NOT-FOR-US: MSX Configurator
 CVE-2019-6857 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
@@ -73074,9 +73074,9 @@ CVE-2019-5305 (The image processing module of some Huawei Mate 10 smartphones ve
 CVE-2019-5304 (Some Huawei products have a buffer error vulnerability. An unauthentic ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5303 (There are two denial of service vulnerabilities on some Huawei smartph ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5302 (There are two denial of service vulnerabilities on some Huawei smartph ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5301 (Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E1 ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5300 (There is a digital signature verification bypass vulnerability in AR12 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e790657953224c2dc88b5202156287813e0ea0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e790657953224c2dc88b5202156287813e0ea0d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200428/a45a8164/attachment.html>

More information about the debian-security-tracker-commits mailing list