[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Feb 27 08:20:25 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
426dfc1b by Salvatore Bonaccorso at 2020-02-27T09:12:13+01:00
Process NFUs

- - - - -
a3043933 by Salvatore Bonaccorso at 2020-02-27T09:19:46+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -187,7 +187,7 @@ CVE-2020-9339 (SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
 CVE-2020-9338 (SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. ...)
 	NOT-FOR-US: SOPlanning
 CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encod ...)
-	TODO: check
+	NOT-FOR-US: GolfBuddy Course Manager
 CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings ...)
 	NOT-FOR-US: fauzantrif eLection
 CVE-2020-6802 [mutation XSS vulnerability]
@@ -1074,9 +1074,9 @@ CVE-2020-8954
 CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...)
 	NOT-FOR-US: OpenVPN Access Server
 CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp ti ...)
-	TODO: check
+	NOT-FOR-US: Fiserv Accurate Reconciliation
 CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source or Des ...)
-	TODO: check
+	NOT-FOR-US: Fiserv Accurate Reconciliation
 CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...)
 	NOT-FOR-US: Radeon AMD User Experience Program Launcher
 CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...)
@@ -12823,23 +12823,23 @@ CVE-2019-19996 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A
 CVE-2019-19995 (A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, lead ...)
 	NOT-FOR-US: Intelbras IWR 3000N devices
 CVE-2019-19994 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
-	TODO: check
+	NOT-FOR-US: Selesta Visual Access Manager (VAM)
 CVE-2019-19993 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
-	TODO: check
+	NOT-FOR-US: Selesta Visual Access Manager (VAM)
 CVE-2019-19992 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
-	TODO: check
+	NOT-FOR-US: Selesta Visual Access Manager (VAM)
 CVE-2019-19991 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
-	TODO: check
+	NOT-FOR-US: Selesta Visual Access Manager (VAM)
 CVE-2019-19990 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
-	TODO: check
+	NOT-FOR-US: Selesta Visual Access Manager (VAM)
 CVE-2019-19989 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
-	TODO: check
+	NOT-FOR-US: Selesta Visual Access Manager (VAM)
 CVE-2019-19988 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
-	TODO: check
+	NOT-FOR-US: Selesta Visual Access Manager (VAM)
 CVE-2019-19987 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
-	TODO: check
+	NOT-FOR-US: Selesta Visual Access Manager (VAM)
 CVE-2019-19986 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0  ...)
-	TODO: check
+	NOT-FOR-US: Selesta Visual Access Manager (VAM)
 CVE-2019-19985 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2019-19984 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...)
@@ -13102,9 +13102,9 @@ CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign securi
 CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some designated a ...)
 	NOT-FOR-US: ServiSign security plugin
 CVE-2020-3924 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...)
-	TODO: check
+	NOT-FOR-US: DVR firmware in TAT-76 and TAT-77 series
 CVE-2020-3923 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...)
-	TODO: check
+	NOT-FOR-US: DVR firmware in TAT-76 and TAT-77 series
 CVE-2020-3922
 	RESERVED
 CVE-2020-3921
@@ -15042,27 +15042,27 @@ CVE-2020-3177
 CVE-2020-3176
 	RESERVED
 CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS Softwar ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3174 (A vulnerability in the anycast gateway feature of Cisco NX-OS Software ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3173 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3172 (A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3171 (A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3170 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3169 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3168 (A vulnerability in the Secure Login Enhancements capability of Cisco N ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3167 (A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manage ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3166 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3165 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3164
 	RESERVED
 CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified Contact Cente ...)
@@ -19899,7 +19899,7 @@ CVE-2019-19136
 CVE-2019-19135
 	RESERVED
 CVE-2019-19134 (The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to ...)
-	TODO: check
+	NOT-FOR-US: Hero Maps Premium plugin for WordPress
 CVE-2019-19133 (The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected  ...)
 	NOT-FOR-US: CSS Hero plugin for WordPress
 CVE-2019-19132
@@ -24590,7 +24590,7 @@ CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based bu
 CVE-2019-18239
 	RESERVED
 CVE-2019-18238 (Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Config ...)
-	TODO: check
+	NOT-FOR-US: Moxa
 CVE-2019-18237
 	RESERVED
 CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC Editor Ver ...)
@@ -27961,9 +27961,9 @@ CVE-2019-17277
 CVE-2019-17276
 	RESERVED
 CVE-2019-17275 (OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arb ...)
-	TODO: check
+	NOT-FOR-US: OnCommand Cloud Manager
 CVE-2019-17274 (NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2019-17273 (E-Series SANtricity OS Controller Software version 11.60.0 is suscepti ...)
 	NOT-FOR-US: E-Series SANtricity OS Controller Software
 CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are suscept ...)
@@ -65211,7 +65211,7 @@ CVE-2019-4728
 CVE-2019-4727
 	RESERVED
 CVE-2019-4726 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4725
 	RESERVED
 CVE-2019-4724
@@ -65467,11 +65467,11 @@ CVE-2019-4600 (IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sen
 CVE-2019-4599
 	RESERVED
 CVE-2019-4598 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4597 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4596 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4595 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 c ...)
 	NOT-FOR-US: IBM
 CVE-2019-4594
@@ -65589,7 +65589,7 @@ CVE-2019-4539 (IBM Security Directory Server 6.4.0 does not properly neutralize
 CVE-2019-4538 (IBM Security Directory Server 6.4.0 could allow a remote attacker to c ...)
 	NOT-FOR-US: IBM
 CVE-2019-4537 (IBM WebSphere Service Registry and Repository 8.5 could allow a user t ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4536 (IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4535
@@ -166621,7 +166621,7 @@ CVE-2017-6373
 CVE-2017-6372
 	RESERVED
 CVE-2017-6371 (Synchronet BBS 3.16c for Windows allows remote attackers to cause a de ...)
-	TODO: check
+	NOT-FOR-US: Synchronet BBS
 CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI i ...)
 	NOT-FOR-US: TYPO3
 CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9c6503ba71a46edbc0a04a29bcc4dc095dca1ff3...a3043933c91fdd48888c48fad4be76f9e704117c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9c6503ba71a46edbc0a04a29bcc4dc095dca1ff3...a3043933c91fdd48888c48fad4be76f9e704117c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200227/2741600c/attachment.html>

More information about the debian-security-tracker-commits mailing list