[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a5d1cbee by Salvatore Bonaccorso at 2020-12-27T09:55:41+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2020-35731
 CVE-2020-35730
 	RESERVED
 CVE-2020-35729 (KLog Server 2.4.1 allows OS command injection via shell metacharacters ...)
-	TODO: check
+	NOT-FOR-US: KLog Server
 CVE-2020-35728 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
 	- jackson-databind <unfixed>
 	[buster] - jackson-databind <no-dsa> (Minor issue)
@@ -3668,7 +3668,7 @@ CVE-2020-35364 (Beijing Huorong Internet Security 5.0.55.2 allows a non-admin us
 CVE-2020-35363
 	RESERVED
 CVE-2020-35362 (DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal ...)
-	TODO: check
+	NOT-FOR-US: DEXT5Upload
 CVE-2020-35361
 	RESERVED
 CVE-2020-35360
@@ -3824,7 +3824,7 @@ CVE-2020-35286
 CVE-2020-35285
 	RESERVED
 CVE-2020-35284 (Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory trav ...)
-	TODO: check
+	NOT-FOR-US: Flamingo (aka FlamingoIM)
 CVE-2020-35283
 	RESERVED
 CVE-2020-35282
@@ -3904,13 +3904,13 @@ CVE-2020-35247
 CVE-2020-35246
 	RESERVED
 CVE-2020-35245 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
-	TODO: check
+	NOT-FOR-US: Flamingo (aka FlamingoIM)
 CVE-2020-35244 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
-	TODO: check
+	NOT-FOR-US: Flamingo (aka FlamingoIM)
 CVE-2020-35243 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
-	TODO: check
+	NOT-FOR-US: Flamingo (aka FlamingoIM)
 CVE-2020-35242 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
-	TODO: check
+	NOT-FOR-US: Flamingo (aka FlamingoIM)
 CVE-2020-35241
 	RESERVED
 CVE-2020-35240
@@ -6878,7 +6878,7 @@ CVE-2020-29301
 CVE-2020-29300
 	RESERVED
 CVE-2020-29299 (Certain Zyxel products allow command injection by an admin via an inpu ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2020-29298
 	RESERVED
 CVE-2020-29297
@@ -6976,9 +6976,9 @@ CVE-2020-29252
 CVE-2020-29251
 	RESERVED
 CVE-2020-29250 (CXUUCMS V3 allows XSS via the first and third input fields to /public/ ...)
-	TODO: check
+	NOT-FOR-US: CXUUCMS
 CVE-2020-29249 (CXUUCMS V3 allows class="layui-input" XSS. ...)
-	TODO: check
+	NOT-FOR-US: CXUUCMS
 CVE-2020-29248
 	RESERVED
 CVE-2020-29247 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin ...)
@@ -7068,7 +7068,7 @@ CVE-2020-29206
 CVE-2020-29205
 	RESERVED
 CVE-2020-29204 (XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-charact ...)
-	TODO: check
+	NOT-FOR-US: XXL-JOB
 CVE-2020-29203 (struct2json before 2020-11-18 is affected by a Buffer Overflow because ...)
 	TODO: check
 CVE-2020-29202



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5d1cbeeb1c0c90db65ae557b874131df31aad8f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a5d1cbeeb1c0c90db65ae557b874131df31aad8f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201227/a3493f35/attachment-0001.html>