[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Aug 26 11:21:05 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b80a6b4d by Salvatore Bonaccorso at 2020-08-26T12:20:39+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...)
-	TODO: check
+	NOT-FOR-US: Maltego
 CVE-2020-24655
 	RESERVED
 CVE-2020-24654
 	RESERVED
 CVE-2020-24653 (secure-store in Expo through 2.16.1 on iOS provides the insecure kSecA ...)
-	TODO: check
+	NOT-FOR-US: secure-store in Expo on iOS
 CVE-2020-24652
 	RESERVED
 CVE-2020-24651
@@ -11353,7 +11353,7 @@ CVE-2020-19007
 CVE-2020-19006
 	RESERVED
 CVE-2020-19005 (zrlog v2.1.0 has a vulnerability with the permission check. If admin a ...)
-	TODO: check
+	NOT-FOR-US: zrlog
 CVE-2020-19004
 	RESERVED
 CVE-2020-19003
@@ -14581,9 +14581,9 @@ CVE-2020-17406
 CVE-2020-17405
 	RESERVED
 CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17403 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-17402 (This vulnerability allows local attackers to disclose sensitive inform ...)
 	TODO: check
 CVE-2020-17401 (This vulnerability allows local attackers to disclose sensitive inform ...)
@@ -14611,11 +14611,11 @@ CVE-2020-17391 (This vulnerability allows local attackers to disclose informatio
 CVE-2020-17390 (This vulnerability allows local attackers to escalate privileges on af ...)
 	TODO: check
 CVE-2020-17389 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Marvell QConvergeConsole
 CVE-2020-17388 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Marvell QConvergeConsole
 CVE-2020-17387 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Marvell QConvergeConsole
 CVE-2020-17386 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
 	NOT-FOR-US: Cellopoint Cellos
 CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
@@ -18095,7 +18095,7 @@ CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in scp.c r
 	NOTE: Negligible security impact, changing the scp protocol can have a good chance
 	NOTE: of breaking existing workflows.
 CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...)
-	TODO: check
+	NOT-FOR-US: Maven Extension plugin for Gradle Enterprise
 CVE-2020-15776
 	RESERVED
 CVE-2020-15775
@@ -18491,19 +18491,19 @@ CVE-2020-15646
 	- thunderbird 1:68.10.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646
 CVE-2020-15645 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Marvell QConvergeConsole
 CVE-2020-15644 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Marvell QConvergeConsole
 CVE-2020-15643 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Marvell QConvergeConsole
 CVE-2020-15642 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Marvell QConvergeConsole
 CVE-2020-15641 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Marvell QConvergeConsole
 CVE-2020-15640 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Marvell QConvergeConsole
 CVE-2020-15639 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Marvell QConvergeConsole
 CVE-2020-15638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit
 CVE-2020-15637 (This vulnerability allows remote attackers to disclose sensitive infor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b80a6b4d920ff5d80f0469c9abb9ee2448fb586b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b80a6b4d920ff5d80f0469c9abb9ee2448fb586b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200826/8942df5f/attachment.html>

More information about the debian-security-tracker-commits mailing list