[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Feb 3 20:30:45 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6982b4a6 by Salvatore Bonaccorso at 2020-02-03T21:30:02+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83,13 +83,13 @@ CVE-2020-8550
 CVE-2020-8549 (Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPre ...)
 	NOT-FOR-US: Strong Testimonials plugin for WordPress
 CVE-2020-8548 (massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resu ...)
-	TODO: check
+	NOT-FOR-US: massCode
 CVE-2020-8547 (phpList 3.5.0 allows type juggling for admin login bypass because == i ...)
 	TODO: check
 CVE-2020-8546
 	RESERVED
 CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...)
-	TODO: check
+	NOT-FOR-US: AIL framework
 CVE-2020-8544
 	RESERVED
 CVE-2020-8543
@@ -167,7 +167,7 @@ CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the logi
 CVE-2020-8509
 	RESERVED
 CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...)
-	TODO: check
+	NOT-FOR-US: Norman Malware Cleaner
 CVE-2020-8507
 	RESERVED
 CVE-2020-8506
@@ -7607,7 +7607,7 @@ CVE-2020-5184
 CVE-2020-5183 (FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption ...)
 	NOT-FOR-US: FTPGetter Professional
 CVE-2020-5182 (The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reve ...)
-	TODO: check
+	NOT-FOR-US: J-BusinessDirectory extension for Joomla!
 CVE-2020-5181
 	RESERVED
 CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to se ...)
@@ -10969,11 +10969,11 @@ CVE-2020-3929
 CVE-2020-3928
 	RESERVED
 CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...)
-	TODO: check
+	NOT-FOR-US: ServiSign security plugin
 CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...)
-	TODO: check
+	NOT-FOR-US: ServiSign security plugin
 CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some designated a ...)
-	TODO: check
+	NOT-FOR-US: ServiSign security plugin
 CVE-2020-3924
 	RESERVED
 CVE-2020-3923
@@ -15946,7 +15946,7 @@ CVE-2020-1966
 CVE-2020-1965
 	RESERVED
 CVE-2019-19550 (Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 ...)
-	TODO: check
+	NOT-FOR-US: Senior Rubiweb
 CVE-2019-19549
 	RESERVED
 CVE-2019-19548 (Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privil ...)
@@ -17651,7 +17651,7 @@ CVE-2019-19121
 CVE-2019-19120
 	RESERVED
 CVE-2019-19119 (An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficie ...)
-	TODO: check
+	NOT-FOR-US: PRTG Network Monitor
 CVE-2019-19118 (Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model  ...)
 	- python-django 2:2.2.8-1 (bug #946011)
 	[buster] - python-django <not-affected> (Vulnerable code introduced later)
@@ -22345,7 +22345,7 @@ CVE-2019-18195 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. No
 CVE-2019-18194 (TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escal ...)
 	NOT-FOR-US: TotalAV
 CVE-2019-18193 (In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114,  ...)
-	TODO: check
+	NOT-FOR-US: Unisys Stealth
 CVE-2020-0500
 	RESERVED
 CVE-2020-0499
@@ -26603,7 +26603,7 @@ CVE-2019-16895
 CVE-2019-16894 (download.php in inoERP 4.15 allows SQL injection through insecure dese ...)
 	NOT-FOR-US: inoERP
 CVE-2019-16893 (The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 device ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass application che ...)
 	- ruby-zip 2.0.0-1 (low; bug #941222)
 	[buster] - ruby-zip <no-dsa> (Minor issue)
@@ -206235,11 +206235,11 @@ CVE-2016-2035
 CVE-2016-2034 (SQL injection vulnerability in ClearPass Policy Manager 6.5.x through  ...)
 	NOT-FOR-US: ClearPass Policy Manager
 CVE-2016-2033 (Multiple vulnerabilities exist in Aruba ClearPass Policy Manager up to ...)
-	TODO: check
+	NOT-FOR-US: Aruba ClearPass Policy Manager
 CVE-2016-2032 (A vulnerability exists in the Aruba AirWave Management Platform 8.x pr ...)
-	TODO: check
+	NOT-FOR-US: Aruba AirWave Management Platform
 CVE-2016-2031 (Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4. ...)
-	TODO: check
+	NOT-FOR-US: Aruba Instate
 CVE-2016-2030 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote authentic ...)
 	NOT-FOR-US: HPE Systems Insight Manager
 CVE-2016-2029 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers  ...)
@@ -241576,7 +241576,7 @@ CVE-2014-8340 (SQL injection vulnerability in Php/Functions/log_function.php in
 CVE-2014-8339 (SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ...)
 	NOT-FOR-US: Nuevolabs Nuevoplayer for clipshare
 CVE-2014-8338 (Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/ ...)
-	TODO: check
+	NOT-FOR-US: VideoWhisper Webcam plugins for Drupal
 CVE-2014-8337 (Unrestricted file upload vulnerability in includes/classes/uploadify-v ...)
 	NOT-FOR-US: HelpDEZk
 CVE-2014-8336 (The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugi ...)
@@ -273043,9 +273043,9 @@ CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in the
 CVE-2013-3490
 	RESERVED
 CVE-2013-3489 (Buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before  ...)
-	TODO: check
+	NOT-FOR-US: Media Player Classic - Home Cinema (MPC-HC)
 CVE-2013-3488 (Stack-based buffer overflow in Media Player Classic - Home Cinema (MPC ...)
-	TODO: check
+	NOT-FOR-US: Media Player Classic - Home Cinema (MPC-HC)
 CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the security lo ...)
 	NOT-FOR-US: BulletProof Security plugin for WordPress
 CVE-2013-3486 (IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerabilit ...)
@@ -274978,11 +274978,11 @@ CVE-2013-2676
 CVE-2013-2675
 	RESERVED
 CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
-	TODO: check
+	NOT-FOR-US: Brother MFC-9970CDW 1.10 firmware L devices
 CVE-2013-2673 (Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass  ...)
-	TODO: check
+	NOT-FOR-US: Brother MFC-9970CDW 1.10 firmware L devices
 CVE-2013-2672 (Brother MFC-9970CDW devices with firmware 0D allow cleartext submissio ...)
-	TODO: check
+	NOT-FOR-US: Brother MFC-9970CDW devices
 CVE-2013-2671 (Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC ...)
 	NOT-FOR-US: Brother printer
 CVE-2013-2670 (Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW pr ...)
@@ -275034,7 +275034,7 @@ CVE-2013-2648
 CVE-2013-2647
 	RESERVED
 CVE-2013-2646 (TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of ...)
-	TODO: check
+	NOT-FOR-US: TP-LINK
 CVE-2013-2645 (Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-L ...)
 	NOT-FOR-US: TP-LINK Router
 CVE-2013-2644



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6982b4a644c8b5cbd32a60c1b3966a226e29b683

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6982b4a644c8b5cbd32a60c1b3966a226e29b683
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200203/8b6ccd83/attachment.html>

More information about the debian-security-tracker-commits mailing list