[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Dec 4 20:32:43 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31261c7c by Salvatore Bonaccorso at 2020-12-04T21:32:21+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2020-29562 (The iconv function in the GNU C Library (aka glibc or libc6) 2.3
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26923
 	NOTE: https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html
 CVE-2020-29561 (An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does ...)
-	TODO: check
+	NOT-FOR-US: SonicBOOM riscv-boom
 CVE-2020-29560
 	RESERVED
 CVE-2020-29559
@@ -841,7 +841,7 @@ CVE-2020-29284 (The file view-chair-list.php in Multi Restaurant Table Reservati
 CVE-2020-29283 (An SQL injection vulnerability was discovered in Online Doctor Appoint ...)
 	NOT-FOR-US: Online Doctor Appointment Booking System
 CVE-2020-29282 (SQL injection vulnerability in BloodX 1.0 allows attackers to bypass a ...)
-	TODO: check
+	NOT-FOR-US: BloodX
 CVE-2020-29281
 	RESERVED
 CVE-2020-29280 (The Victor CMS v1.0 application is vulnerable to SQL injection via the ...)
@@ -8318,9 +8318,9 @@ CVE-2020-27411
 CVE-2020-27410
 	RESERVED
 CVE-2020-27409 (OpenSIS Community Edition before 7.5 is affected by a cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: OS4Ed openSIS
 CVE-2020-27408 (OpenSIS Community Edition through 7.6 is affected by incorrect access  ...)
-	TODO: check
+	NOT-FOR-US: OS4Ed openSIS
 CVE-2020-27407
 	RESERVED
 CVE-2020-27406
@@ -12829,15 +12829,15 @@ CVE-2020-25467
 CVE-2020-25466 (A SSRF vulnerability exists in the downloadimage interface of CRMEB 3. ...)
 	NOT-FOR-US: CRMEB
 CVE-2020-25465 (Null Pointer Dereference. in xObjectBindingFromExpression at moddable/ ...)
-	TODO: check
+	NOT-FOR-US: Moddable SDK
 CVE-2020-25464 (Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK  ...)
-	TODO: check
+	NOT-FOR-US: Moddable SDK
 CVE-2020-25463 (Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon. ...)
-	TODO: check
+	NOT-FOR-US: Moddable SDK
 CVE-2020-25462 (Heap buffer overflow in the fxCheckArrowFunction function at moddable/ ...)
-	TODO: check
+	NOT-FOR-US: Moddable SDK
 CVE-2020-25461 (Invalid Memory Access in the fxProxyGetter function in moddable/xs/sou ...)
-	TODO: check
+	NOT-FOR-US: Moddable SDK
 CVE-2020-25460
 	RESERVED
 CVE-2020-25459
@@ -60571,7 +60571,7 @@ CVE-2020-5677 (Reflected cross-site scripting vulnerability in GROWI v4.0.0 and
 CVE-2020-5676 (GROWI v4.1.3 and earlier allow remote attackers to obtain information  ...)
 	NOT-FOR-US: GROWI
 CVE-2020-5675 (Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD  ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...)
 	NOT-FOR-US: SEIKO EPSON products
 CVE-2020-5673



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31261c7c8be9c82f5910627ebe1049b223e3a611

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31261c7c8be9c82f5910627ebe1049b223e3a611
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201204/946fd451/attachment.html>

More information about the debian-security-tracker-commits mailing list