[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Aug 31 22:26:54 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04909edc by Salvatore Bonaccorso at 2020-08-31T23:26:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -516,7 +516,7 @@ CVE-2020-24788
 CVE-2020-24787
 	RESERVED
 CVE-2020-24786 (An issue was discovered in Zoho ManageEngine Exchange Reporter Plus be ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2020-24785
 	RESERVED
 CVE-2020-24784
@@ -1397,7 +1397,7 @@ CVE-2020-24365
 CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via the note ...)
 	NOT-FOR-US: MineTime
 CVE-2020-24363 (TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2020-24362
@@ -1418,7 +1418,7 @@ CVE-2020-24356
 CVE-2020-24355
 	RESERVED
 CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2020-24353
 	RESERVED
 CVE-2020-24352
@@ -1925,7 +1925,7 @@ CVE-2020-24117
 CVE-2020-24116
 	RESERVED
 CVE-2020-24115 (In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials i ...)
-	TODO: check
+	NOT-FOR-US: projectworlds Online Book Store
 CVE-2020-24114
 	RESERVED
 CVE-2020-24113
@@ -1947,7 +1947,7 @@ CVE-2020-24106
 CVE-2020-24105
 	RESERVED
 CVE-2020-24104 (XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router. ...)
-	TODO: check
+	NOT-FOR-US: PIX-Link Repeater/Router LV-WR07
 CVE-2020-24103
 	RESERVED
 CVE-2020-24102
@@ -8899,13 +8899,13 @@ CVE-2020-20630
 CVE-2020-20629
 	RESERVED
 CVE-2020-20628 (controller/controller-comments.php in WP GDPR plugin through 2.1.1 has ...)
-	TODO: check
+	NOT-FOR-US: WP GDPR plugin
 CVE-2020-20627 (The includes/gateways/stripe/includes/admin/admin-actions.php in GiveW ...)
 	NOT-FOR-US: includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin for WordPress
 CVE-2020-20626 (lara-google-analytics.php in Lara Google Analytics plugin through 2.0. ...)
-	TODO: check
+	NOT-FOR-US: Lara Google Analytics plugin for WordPress
 CVE-2020-20625 (Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthen ...)
-	TODO: check
+	NOT-FOR-US: Sliced Invoices plugin for WordPress
 CVE-2020-20624
 	RESERVED
 CVE-2020-20623
@@ -15251,7 +15251,7 @@ CVE-2020-17467
 CVE-2020-17466 (Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by  ...)
 	NOT-FOR-US: Turcom TRCwifiZone
 CVE-2020-17465 (Dashboards and progressiveProfileForms in ForgeRock Identity Manager b ...)
-	TODO: check
+	NOT-FOR-US: Dashboards and progressiveProfileForms in ForgeRock Identity Manager
 CVE-2020-17464
 	REJECTED
 CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...)
@@ -19118,7 +19118,7 @@ CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI su
 CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server before 5.1.2  ...)
 	NOT-FOR-US: Embedthis GoAhead
 CVE-2020-15687 (Missing access control restrictions in the Hypervisor component of the ...)
-	TODO: check
+	NOT-FOR-US: ACRN Project
 CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the Linux ker ...)
 	- linux 5.2.6-1
 	[buster] - linux 4.19.132-1
@@ -24935,25 +24935,25 @@ CVE-2020-13474
 CVE-2020-13473
 	RESERVED
 CVE-2020-13472 (The flash memory readout protection in Gigadevice GD32F103 devices all ...)
-	TODO: check
+	NOT-FOR-US: Gigadevice GD32F103 devices
 CVE-2020-13471 (Apex Microelectronics APM32F103 devices allow physical attackers to ex ...)
-	TODO: check
+	NOT-FOR-US: Apex Microelectronics APM32F103 devices
 CVE-2020-13470 (Gigadevice GD32F103 and GD32F130 devices allow physical attackers to e ...)
-	TODO: check
+	NOT-FOR-US: Gigadevice GD32F103 and GD32F130 devices
 CVE-2020-13469 (The flash memory readout protection in Gigadevice GD32VF103 devices al ...)
-	TODO: check
+	NOT-FOR-US: Gigadevice GD32VF103 devices
 CVE-2020-13468 (Gigadevice GD32F130 devices allow physical attackers to escalate their ...)
-	TODO: check
+	NOT-FOR-US: Gigadevice GD32F130 devices
 CVE-2020-13467 (The flash memory readout protection in China Key Systems & Integra ...)
-	TODO: check
+	NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices
 CVE-2020-13466 (STMicroelectronics STM32F103 devices through 2020-05-20 allow physical ...)
-	TODO: check
+	NOT-FOR-US: STMicroelectronics STM32F103 devices
 CVE-2020-13465 (The security protection in Gigadevice GD32F103 devices allows physical ...)
-	TODO: check
+	NOT-FOR-US: Gigadevice GD32F103 devices
 CVE-2020-13464 (The flash memory readout protection in China Key Systems & Integra ...)
-	TODO: check
+	NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices
 CVE-2020-13463 (The flash memory readout protection in Apex Microelectronics APM32F103 ...)
-	TODO: check
+	NOT-FOR-US: Apex Microelectronics APM32F103 devices
 CVE-2020-13462
 	RESERVED
 CVE-2020-13461
@@ -27018,13 +27018,13 @@ CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and
 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...)
 	NOT-FOR-US: Unisys ALGOL Compiler
 CVE-2020-12646 (OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2020-12645 (OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate l ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2020-12644 (OX App Suite 7.10.3 and earlier allows SSRF, related to the mail accou ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2020-12643 (OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /a ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x before 5. ...)
 	NOT-FOR-US: Report Portal
 CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04909edc914e6d9117256cb7da720b7b2fd54dda

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04909edc914e6d9117256cb7da720b7b2fd54dda
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200831/38a63d6f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list