[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Aug 28 06:12:43 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e6d15f9a by Salvatore Bonaccorso at 2020-08-28T07:12:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -668,7 +668,7 @@ CVE-2020-24392
 CVE-2020-24391
 	RESERVED
 CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...)
-	TODO: check
+	NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2020-24389
 	RESERVED
 CVE-2020-24388
@@ -1089,7 +1089,7 @@ CVE-2020-24205
 CVE-2020-24204
 	RESERVED
 CVE-2020-24203 (Insecure File Permissions and Arbitrary File Upload in the upload pic  ...)
-	TODO: check
+	NOT-FOR-US: Projects World Travel Management System
 CVE-2020-24202 (File Upload component in Projects World House Rental v1.0 suffers from ...)
 	NOT-FOR-US: Projects World House Rental
 CVE-2020-24201
@@ -1527,7 +1527,7 @@ CVE-2020-23986
 CVE-2020-23985
 	RESERVED
 CVE-2020-23984 (Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-s ...)
-	TODO: check
+	NOT-FOR-US: Online Hotel Booking System Pro PHP
 CVE-2020-23983 (Michael-design iChat Realtime PHP Live Support System 1.6 has persiste ...)
 	NOT-FOR-US: Michael-design iChat Realtime PHP Live Support System
 CVE-2020-23982 (DesignMasterEvents Conference management 1.0.0 has cross site scriptin ...)
@@ -1547,7 +1547,7 @@ CVE-2020-23976 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Inje
 CVE-2020-23975 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scr ...)
 	NOT-FOR-US: Webexcels Ecommerce CMS
 CVE-2020-23974 (Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: Create-Project Manager
 CVE-2020-23973 (KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php ...)
 	NOT-FOR-US: KandNconcepts Club CMS
 CVE-2020-23972 (In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can  ...)
@@ -2177,7 +2177,7 @@ CVE-2020-23661
 CVE-2020-23660 (webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." ...)
 	TODO: check
 CVE-2020-23659 (WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the " ...)
-	TODO: check
+	NOT-FOR-US: WebPort
 CVE-2020-23658 (PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infus ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2020-23657 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...)
@@ -2343,7 +2343,7 @@ CVE-2020-23578
 CVE-2020-23577
 	RESERVED
 CVE-2020-23576 (Laborator Neon dashboard v3 is affected by stored Cross Site Scripting ...)
-	TODO: check
+	NOT-FOR-US: Laborator Neon dashboard
 CVE-2020-23575
 	RESERVED
 CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...)
@@ -20717,9 +20717,9 @@ CVE-2020-14731
 CVE-2020-14730
 	RESERVED
 CVE-2020-14729 (Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle NetSuite
 CVE-2020-14728 (Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle  ...)
-	TODO: check
+	NOT-FOR-US: Oracle NetSuite
 CVE-2020-14727
 	RESERVED
 CVE-2020-14726
@@ -23207,7 +23207,7 @@ CVE-2020-13865 (The Elementor Page Builder plugin before 2.9.9 for WordPress suf
 CVE-2020-13864 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...)
 	NOT-FOR-US: Elementor Page Builder plugin for WordPress
 CVE-2020-13863 (The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker  ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-13862
 	RESERVED
 CVE-2020-13861
@@ -23304,7 +23304,7 @@ CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature ma
 	[buster] - node-elliptic <no-dsa> (Minor issue)
 	NOTE: https://github.com/indutny/elliptic/issues/226
 CVE-2020-13821 (An issue was discovered in HiveMQ Broker Control Center 4.3.2. A craft ...)
-	TODO: check
+	NOT-FOR-US: HiveMQ Broker Control Center
 CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated reflected XS ...)
 	NOT-FOR-US: Extreme Management Center
 CVE-2020-13819 (Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS vi ...)
@@ -23534,7 +23534,7 @@ CVE-2020-13769
 CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via  ...)
 	NOT-FOR-US: MiniShare
 CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could allow an u ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-13766
 	RESERVED
 CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the rel ...)
@@ -23925,7 +23925,7 @@ CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an
 CVE-2020-13618
 	RESERVED
 CVE-2020-13617 (The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones  ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...)
 	NOT-FOR-US: pichi
 CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification  ...)
@@ -24370,7 +24370,7 @@ CVE-2020-13412 (An issue was discovered in Aviatrix Controller before 5.4.1204.
 CVE-2020-13411
 	RESERVED
 CVE-2020-13410 (An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not ...)
-	TODO: check
+	NOT-FOR-US: MoscaJS Aedes
 CVE-2020-13409
 	RESERVED
 CVE-2020-13408
@@ -25703,7 +25703,7 @@ CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe v1.0
 CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTrac ...)
 	NOT-FOR-US: COVIDSafe
 CVE-2020-12855 (A Host header injection vulnerability has been discovered in SecZetta  ...)
-	TODO: check
+	NOT-FOR-US: SecZetta NEProfile
 CVE-2020-12854 (A remote code execution vulnerability was identified in SecZetta NEPro ...)
 	NOT-FOR-US: SecZetta NEProfile
 CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...)
@@ -26729,7 +26729,7 @@ CVE-2020-12457 (An issue was discovered in wolfSSL before 4.5.0. It mishandles t
 	NOTE: https://github.com/wolfSSL/wolfssl/commit/df1b7f34f173cfc2968ce12e8fcd2fd8bcc61a59 (v4.5.0-stable)
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/2927
 CVE-2020-12456 (A remote code execution vulnerability in Mitel MiVoice Connect Client  ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-12455
 	RESERVED
 CVE-2020-12454
@@ -29077,7 +29077,7 @@ CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate p
 CVE-2020-11798 (A Directory Traversal vulnerability in the web conference component of ...)
 	NOT-FOR-US: Mitel
 CVE-2020-11797 (An Authentication Bypass vulnerability in the Published Area of the we ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...)
 	NOT-FOR-US: JetBrains Space
 CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was  ...)
@@ -39919,7 +39919,7 @@ CVE-2020-7833
 CVE-2020-7832
 	RESERVED
 CVE-2020-7831 (A vulnerability in the web-based contract management service interface ...)
-	TODO: check
+	NOT-FOR-US: Inogard Ebiz4u
 CVE-2020-7830
 	RESERVED
 CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...)
@@ -39933,7 +39933,7 @@ CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions conta
 CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...)
 	NOT-FOR-US: MiPlatform
 CVE-2020-7824 (A vulnerability in the web-based management interface of iPECS could a ...)
-	TODO: check
+	NOT-FOR-US: iPECS
 CVE-2020-7823 (DaviewIndy has a Memory corruption vulnerability, triggered when the u ...)
 	NOT-FOR-US: DaviewIndy
 CVE-2020-7822 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d15f9af87b5fc9277e2bc7ef5e574ad4117266

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6d15f9af87b5fc9277e2bc7ef5e574ad4117266
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200828/76cebc21/attachment.html>


More information about the debian-security-tracker-commits mailing list