[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Dec 22 20:54:19 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45060b59 by Salvatore Bonaccorso at 2020-12-22T21:53:59+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19596,7 +19596,7 @@ CVE-2020-25108 (An issue was discovered in the DNS implementation in Ethernut in
 CVE-2020-25107 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
 	NOT-FOR-US: Nut/OS
 CVE-2020-25106 (Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem  ...)
-	TODO: check
+	NOT-FOR-US: Nanosystems SupRemo
 CVE-2020-25105 (eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recove ...)
 	NOT-FOR-US: eramba
 CVE-2020-25104 (eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted f ...)
@@ -20752,13 +20752,13 @@ CVE-2020-24583 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before
 CVE-2020-24582 (Zulip Desktop before 5.4.3 allows XSS because string escaping is misha ...)
 	NOT-FOR-US: Zulip Desktop
 CVE-2020-24581 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2020-24580 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2020-24579 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2020-24578 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2020-24577
 	RESERVED
 CVE-2020-24576
@@ -29749,7 +29749,7 @@ CVE-2020-20140 (Cross Site Scripting (XSS) vulnerability in Remote Report compon
 CVE-2020-20139 (Cross Site Scripting (XSS) vulnerability in the Remote JSON component  ...)
 	TODO: check
 CVE-2020-20138 (Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow mo ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple (CMSMS)
 CVE-2020-20137
 	RESERVED
 CVE-2020-20136 (QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an  ...)
@@ -45182,7 +45182,7 @@ CVE-2020-13572
 CVE-2020-13571
 	RESERVED
 CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-13569
 	RESERVED
 CVE-2020-13568
@@ -45202,13 +45202,13 @@ CVE-2020-13562
 CVE-2020-13561
 	RESERVED
 CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-13559
 	RESERVED
 CVE-2020-13558
 	RESERVED
 CVE-2020-13557 (A use after free vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP server  ...)
 	NOT-FOR-US: EIP Stack Group OpENer
 CVE-2020-13555
@@ -45228,7 +45228,7 @@ CVE-2020-13549
 CVE-2020-13548
 	RESERVED
 CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-13546
 	RESERVED
 CVE-2020-13545
@@ -58307,7 +58307,7 @@ CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal to
 CVE-2019-20456 (Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, ...)
 	NOT-FOR-US: Goverlan
 CVE-2020-8995 (Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file  ...)
-	TODO: check
+	NOT-FOR-US: Programi Bilanc
 CVE-2019-20455 (Gateways/Gateway.php in Heartland & Global Payments PHP SDK before ...)
 	NOT-FOR-US: Heartland & Global Payments PHP SDK
 CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...)
@@ -170277,7 +170277,7 @@ CVE-2018-7582 (WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of S
 CVE-2018-7581 (\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert We ...)
 	NOT-FOR-US: WebLog Expert Web Server Enterprise
 CVE-2018-7580 (Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN ...)
-	TODO: check
+	NOT-FOR-US: Philips Hue
 CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was fou ...)
 	{DLA-2366-1}
 	- imagemagick 8:6.9.9.34+dfsg-3 (low)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45060b59935ed05698d9d6ab7bb2bfe4e014be4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45060b59935ed05698d9d6ab7bb2bfe4e014be4c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201222/f44af58e/attachment.html>

More information about the debian-security-tracker-commits mailing list