[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Dec 15 08:19:37 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a3e9b8ae by Salvatore Bonaccorso at 2020-12-15T09:19:08+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2020-35472
 	RESERVED
 CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and truncated datagrams, as dem ...)
-	TODO: check
+	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2020-35470 (Envoy before 1.16.1 logs an incorrect downstream address because it co ...)
-	TODO: check
+	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2020-35469
 	RESERVED
 CVE-2020-35468
@@ -3330,9 +3330,9 @@ CVE-2020-29306
 CVE-2020-29305
 	RESERVED
 CVE-2020-29304 (A cross-site scripting (XSS) vulnerability exists in the SabaiApps Wor ...)
-	TODO: check
+	NOT-FOR-US: SabaiApps WordPress Directories Pro plugin
 CVE-2020-29303 (A cross-site scripting (XSS) vulnerability in the SabaiApp Directories ...)
-	TODO: check
+	NOT-FOR-US: SabaiApp Directories Pro plugin for WordPress
 CVE-2020-29302
 	RESERVED
 CVE-2020-29301
@@ -4306,9 +4306,9 @@ CVE-2020-28863
 CVE-2020-28862
 	RESERVED
 CVE-2020-28861 (OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to ...)
-	TODO: check
+	NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
 CVE-2020-28860 (OpenAssetDigital Asset Management (DAM) through 12.0.19 does not corre ...)
-	TODO: check
+	NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
 CVE-2020-28859 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
 	NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
 CVE-2020-28858 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
@@ -11207,7 +11207,7 @@ CVE-2020-27254
 CVE-2020-27253 (A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx ...)
 	NOT-FOR-US: FactoryTalk
 CVE-2020-27252 (Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race ...)
-	TODO: check
+	NOT-FOR-US: Medtronic MyCareLink Smart 25000
 CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
 	NOT-FOR-US: FactoryTalk
 CVE-2020-27250
@@ -16057,7 +16057,7 @@ CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer o
 CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...)
 	NOT-FOR-US: LAquis SCADA
 CVE-2020-25187 (Medtronic MyCareLink Smart 25000 all versions are vulnerable when an a ...)
-	TODO: check
+	NOT-FOR-US: Medtronic MyCareLink Smart 25000
 CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 2019-09-2 ...)
 	NOT-FOR-US: LeviStudioU Release
 CVE-2020-25185 (The affected product is vulnerable to five post-authentication buffer  ...)
@@ -16065,7 +16065,7 @@ CVE-2020-25185 (The affected product is vulnerable to five post-authentication b
 CVE-2020-25184
 	RESERVED
 CVE-2020-25183 (Medtronic MyCareLink Smart 25000 all versions contain an authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Medtronic MyCareLink Smart 25000
 CVE-2020-25182
 	RESERVED
 CVE-2020-25181 (WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer over ...)
@@ -26272,7 +26272,7 @@ CVE-2020-20185
 CVE-2020-20184 (GateOne allows remote attackers to execute arbitrary commands via shel ...)
 	TODO: check
 CVE-2020-20183 (Insecure direct object reference vulnerability in Zyxel’s P1302- ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2020-20182
 	RESERVED
 CVE-2020-20181



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3e9b8aefb715a9ccc40cbfd3d20b635dd246bf7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3e9b8aefb715a9ccc40cbfd3d20b635dd246bf7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201215/0bbf605f/attachment.html>

More information about the debian-security-tracker-commits mailing list