[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 12 21:30:15 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
44c81bc9 by Salvatore Bonaccorso at 2020-08-12T22:29:50+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61,9 +61,9 @@ CVE-2020-17508
CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...)
TODO: check
CVE-2020-17506 (Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privil ...)
- TODO: check
+ NOT-FOR-US: Artica Web Proxy
CVE-2020-17505 (Artica Web Proxy 4.30.000000 allows an authenticated remote attacker t ...)
- TODO: check
+ NOT-FOR-US: Artica Web Proxy
CVE-2020-17504
RESERVED
CVE-2020-17503
@@ -81,7 +81,7 @@ CVE-2020-17498
CVE-2020-17497 (eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to ...)
TODO: check
CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution via craf ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...)
- python-django-celery-results <unfixed> (bug #968305)
NOTE: https://github.com/celery/django-celery-results/issues/142
@@ -335,9 +335,9 @@ CVE-2020-17375
CVE-2020-17374
RESERVED
CVE-2020-17373 (SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. ...)
- TODO: check
+ NOT-FOR-US: SugarCRM
CVE-2020-17372 (SugarCRM before 10.1.0 (Q3 2020) allows XSS. ...)
- TODO: check
+ NOT-FOR-US: SugarCRM
CVE-2020-17371
RESERVED
CVE-2020-17370
@@ -363,9 +363,9 @@ CVE-2020-17363
CVE-2020-17362
RESERVED
CVE-2020-17361 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...)
- TODO: check
+ NOT-FOR-US: ReadyTalk Avian
CVE-2020-17360 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...)
- TODO: check
+ NOT-FOR-US: ReadyTalk Avian
CVE-2020-17359
RESERVED
CVE-2020-17358
@@ -10054,7 +10054,7 @@ CVE-2020-13280
CVE-2020-13279 (Client side code execution in gitlab-vscode-extension v2.2.0 allows at ...)
NOT-FOR-US: gitlab-vscode-extension
CVE-2020-13278 (Reflected Cross-Site Scripting vulnerability in Modules.php in Rosario ...)
- TODO: check
+ NOT-FOR-US: RosarioSIS Student Information System
CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...)
- gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/06/10/critical-security-release-13-0-6-released/
@@ -22484,7 +22484,7 @@ CVE-2020-8915
CVE-2020-8914
RESERVED
CVE-2020-8913 (A local, arbitrary code execution vulnerability exists in the SplitCom ...)
- TODO: check
+ NOT-FOR-US: Android's Play Core Library
CVE-2020-8912 (A vulnerability in the in-band key negotiation exists in the AWS S3 Cr ...)
TODO: check
CVE-2020-8911 (A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoL ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44c81bc9330defc9be08a1425bbabe1d132e10c1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44c81bc9330defc9be08a1425bbabe1d132e10c1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200812/12faae1b/attachment.html>
More information about the debian-security-tracker-commits
mailing list