[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Feb 17 20:27:56 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b32eac53 by Salvatore Bonaccorso at 2020-02-17T21:27:30+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2020-9040
 CVE-2020-9039
 	RESERVED
 CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
-	TODO: check
+	NOT-FOR-US: Joplin
 CVE-2020-9037
 	RESERVED
 CVE-2020-9036
@@ -17,7 +17,7 @@ CVE-2020-9036
 CVE-2020-9035
 	RESERVED
 CVE-2019-20474 (An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.4 ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Remote Access Plus
 CVE-2016-11019
 	RESERVED
 CVE-2020-XXXX [privilege escalation vulnerablility]
@@ -68,9 +68,9 @@ CVE-2020-9015
 CVE-2020-9014
 	RESERVED
 CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...)
-	TODO: check
+	NOT-FOR-US: Arvato Skillpipe
 CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People functi ...)
-	TODO: check
+	NOT-FOR-US: Gluu Identity Configuration
 CVE-2020-9011
 	RESERVED
 CVE-2020-9010
@@ -118,7 +118,7 @@ CVE-2020-9007 (Codoforum 4.8.8 allows self-XSS via the title of a new topic. ...
 CVE-2020-9006 (The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulner ...)
 	NOT-FOR-US: Popup Builder plugin for WordPress
 CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attack ...)
-	TODO: check
+	NOT-FOR-US: Dota 2
 CVE-2020-9004
 	RESERVED
 CVE-2020-9003
@@ -244,7 +244,7 @@ CVE-2020-8952
 CVE-2020-8951
 	RESERVED
 CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...)
-	TODO: check
+	NOT-FOR-US: Radeon AMD User Experience Program Launcher
 CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...)
 	NOT-FOR-US: Gocloud devices
 CVE-2020-8948
@@ -381,7 +381,7 @@ CVE-2019-20453
 CVE-2019-20452
 	RESERVED
 CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1)  ...)
-	TODO: check
+	NOT-FOR-US: SocialEngine
 CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...)
 	NOT-FOR-US: SocialEngine
 CVE-2020-8884
@@ -1408,9 +1408,9 @@ CVE-2020-8431
 CVE-2020-8430
 	RESERVED
 CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not  ...)
-	TODO: check
+	NOT-FOR-US: Kinetica
 CVE-2020-8427 (Kaseya Traverse before 9.5.20 allows OS command injection attacks agai ...)
-	TODO: check
+	NOT-FOR-US: Kaseya Traverse
 CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...)
 	NOT-FOR-US: Elementor plugin for WordPress
 CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...)
@@ -3979,7 +3979,7 @@ CVE-2020-7254
 CVE-2020-7253
 	RESERVED
 CVE-2020-7252 (Unquoted service executable path in DXL Broker in McAfee Data eXchange ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7251 (Improper access control vulnerability in Configuration Tool in McAfee  ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7250
@@ -7726,7 +7726,7 @@ CVE-2020-5533
 CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for ...)
 	NOT-FOR-US: ilbo App
 CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI500 ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2020-5530
 	RESERVED
 CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...)
@@ -18776,7 +18776,7 @@ CVE-2019-19197 (IOCTL Handling in the kyrld.sys driver in Kyrol Internet Securit
 CVE-2019-19196 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation  ...)
 	TODO: check
 CVE-2019-19195 (The Bluetooth Low Energy implementation on Microchip Technology BluSDK ...)
-	TODO: check
+	NOT-FOR-US: Microchip
 CVE-2019-19194 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation  ...)
 	TODO: check
 CVE-2019-19193 (The Bluetooth Low Energy peripheral implementation on Texas Instrument ...)
@@ -19335,7 +19335,7 @@ CVE-2019-19000
 CVE-2019-18999
 	RESERVED
 CVE-2019-18998 (Insufficient access control in the web interface of ABB Asset Suite ve ...)
-	TODO: check
+	NOT-FOR-US: ABB Asset Suite
 CVE-2019-18997 (The HMISimulator component of ABB PB610 Panel Builder 600 uses the rea ...)
 	NOT-FOR-US: ABB PB610 Panel Builder
 CVE-2019-18996 (Path settings in HMIStudio component of ABB PB610 Panel Builder 600 ve ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b32eac534eae830dceef743c810b61126d466930

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b32eac534eae830dceef743c810b61126d466930
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200217/bc9eb200/attachment.html>


More information about the debian-security-tracker-commits mailing list