[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Dec 21 20:27:48 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e1a6c84c by Salvatore Bonaccorso at 2020-12-21T21:27:18+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2898,13 +2898,13 @@ CVE-2020-35278
 CVE-2020-35277
 	RESERVED
 CVE-2020-35276 (EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An at ...)
-	TODO: check
+	NOT-FOR-US: EgavilanMedia ECM Address Book
 CVE-2020-35275 (Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user c ...)
-	TODO: check
+	NOT-FOR-US: Coastercms
 CVE-2020-35274 (DotCMS Add Template with admin panel 20.11 is affected by cross-site S ...)
-	TODO: check
+	NOT-FOR-US: DotCMS
 CVE-2020-35273 (EgavilanMedia User Registration & Login System with Admin Panel 1. ...)
-	TODO: check
+	NOT-FOR-US: EgavilanMedia User Registration & Login System with Admin Panel
 CVE-2020-35272
 	RESERVED
 CVE-2020-35271
@@ -13817,7 +13817,7 @@ CVE-2020-27256
 CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
 	NOT-FOR-US: FactoryTalk
 CVE-2020-27254 (Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, X ...)
-	TODO: check
+	NOT-FOR-US: Emerson
 CVE-2020-27253 (A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx ...)
 	NOT-FOR-US: FactoryTalk
 CVE-2020-27252 (Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race ...)
@@ -16882,7 +16882,7 @@ CVE-2020-25903
 CVE-2020-25902
 	RESERVED
 CVE-2020-25901 (Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to r ...)
-	TODO: check
+	NOT-FOR-US: Spiceworks
 CVE-2020-25900
 	RESERVED
 CVE-2020-25899
@@ -42596,7 +42596,7 @@ CVE-2020-14227
 CVE-2020-14226
 	RESERVED
 CVE-2020-14225 (HCL iNotes is susceptible to a Tabnabbing vulnerability caused by impr ...)
-	TODO: check
+	NOT-FOR-US: HCL iNotes
 CVE-2020-14224 (A vulnerability in the MIME message handling of the HCL Notes v9 clien ...)
 	NOT-FOR-US: HCL Notes
 CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scri ...)
@@ -62826,9 +62826,9 @@ CVE-2020-6884
 CVE-2020-6883
 	RESERVED
 CVE-2020-6882 (ZTE E8810/E8820/E8822 series routers have an information leak vulnerab ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2020-6881 (ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, w ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2020-6880 (A ZXELINK wireless controller has a SQL injection vulnerability. A rem ...)
 	NOT-FOR-US: ZXELINK
 CVE-2020-6879 (Some ZTE devices have input verification vulnerabilities. The devices  ...)
@@ -70055,7 +70055,7 @@ CVE-2020-4001 (The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passw
 CVE-2020-4000 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, ...)
 	NOT-FOR-US: VMware
 CVE-2020-3999 (VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16. ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3998 (VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an inf ...)
 	NOT-FOR-US: VMware
 CVE-2020-3997 (VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross ...)
@@ -87243,7 +87243,7 @@ CVE-2019-16961
 CVE-2019-16960
 	RESERVED
 CVE-2019-16959 (SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Fo ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-16958 (Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 1 ...)
 	NOT-FOR-US: SolarWinds Web Help Desk
 CVE-2019-16957 (SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1a6c84c3f1eff9c7070133dcbdfa507b5f5d3d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1a6c84c3f1eff9c7070133dcbdfa507b5f5d3d1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201221/a8eb46ed/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list