[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Feb 25 20:44:45 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28a642f9 by Salvatore Bonaccorso at 2020-02-25T21:44:12+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -36,7 +36,7 @@ CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows remote attackers t
 CVE-2020-9380
 	RESERVED
 CVE-2020-9379 (The Software Development Kit of the MiContact Center Business with Sit ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-9378
 	RESERVED
 CVE-2020-9377
@@ -153,7 +153,7 @@ CVE-2020-6802 [mutation XSS vulnerability]
 	NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r
 	NOTE: https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd
 CVE-2020-9335 (Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery p ...)
-	TODO: check
+	NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
 CVE-2020-9334 (A stored XSS vulnerability exists in the Envira Photo Gallery plugin t ...)
 	NOT-FOR-US: Envira Photo Gallery plugin for WordPress
 CVE-2020-9333
@@ -842,9 +842,9 @@ CVE-2020-9020 (Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices
 CVE-2020-9019 (The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via th ...)
 	NOT-FOR-US: WPJobBoard plugin for WordPress
 CVE-2020-9018 (LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF  ...)
-	TODO: check
+	NOT-FOR-US: LiteCart
 CVE-2020-9017 (LiteCart through 2.2.1 allows CSV injection via a customer's profile. ...)
-	TODO: check
+	NOT-FOR-US: LiteCart
 CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter,  ...)
 	- dolibarr <removed>
 CVE-2020-9015 (Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7 ...)
@@ -862,7 +862,7 @@ CVE-2020-9010
 CVE-2020-9009
 	RESERVED
 CVE-2020-9008 (Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/Pe ...)
-	TODO: check
+	NOT-FOR-US: Blackboard Learn/PeopleTool
 CVE-2019-20473
 	RESERVED
 CVE-2019-20472
@@ -42475,7 +42475,7 @@ CVE-2012-6711 (A heap-based buffer overflow exists in GNU Bash before 4.3 when w
 CVE-2019-12864
 	RESERVED
 CVE-2019-12863 (SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows  ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-12862
 	RESERVED
 CVE-2019-12861



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28a642f91881e5a1b785d45ed4678f468f93816b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28a642f91881e5a1b785d45ed4678f468f93816b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200225/eb4f949c/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list