[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Jan 8 20:24:27 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0dc7f5de by Salvatore Bonaccorso at 2020-01-08T21:24:01+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2020-6583 (BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be  ...)
-	TODO: check
+	NOT-FOR-US: BigProf Online Invoicing System (OIS)
 CVE-2020-6582
 	RESERVED
 CVE-2020-6581
@@ -815,15 +815,15 @@ CVE-2020-6177
 CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...)
 	TODO: check
 CVE-2019-20366 (An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTr ...)
-	TODO: check
+	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-20365 (An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via sear ...)
-	TODO: check
+	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-20364 (An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cach ...)
-	TODO: check
+	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-20363 (An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alia ...)
-	TODO: check
+	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-20362 (In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3 ...)
-	TODO: check
+	NOT-FOR-US: Teradici
 CVE-2020-6176
 	RESERVED
 CVE-2020-6175
@@ -2169,9 +2169,9 @@ CVE-2020-5513 (Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. ...)
 CVE-2020-5512 (Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. ...)
 	NOT-FOR-US: Gila CMS
 CVE-2020-5511 (PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypas ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Small CRM
 CVE-2020-5510 (PHPGurukul Hostel Management System v2.0 allows SQL injection via the  ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Hostel Management System
 CVE-2020-5509
 	RESERVED
 CVE-2020-5508
@@ -3126,7 +3126,7 @@ CVE-2020-5185
 CVE-2020-5184
 	RESERVED
 CVE-2020-5183 (FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption ...)
-	TODO: check
+	NOT-FOR-US: FTPGetter Professional
 CVE-2020-5182
 	RESERVED
 CVE-2020-5181
@@ -11357,7 +11357,7 @@ CVE-2019-19546 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to
 CVE-2019-19545 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cro ...)
 	NOT-FOR-US: Norton Password Manager
 CVE-2019-19544 (CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to  ...)
-	TODO: check
+	NOT-FOR-US: CA Automic Dollar Universe
 CVE-2019-19542 (The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS ...)
 	NOT-FOR-US: ListingPro theme for WordPress
 CVE-2019-19541 (The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS ...)
@@ -11440,7 +11440,7 @@ CVE-2019-19520 (xlock in OpenBSD 6.6 allows local users to gain the privileges o
 CVE-2019-19519 (In OpenBSD 6.6, local users can use the su -L option to achieve any lo ...)
 	NOT-FOR-US: OpenBSD
 CVE-2019-19518 (CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, relat ...)
-	TODO: check
+	NOT-FOR-US: CA Automic Sysload
 CVE-2020-1964
 	RESERVED
 CVE-2020-1963
@@ -11646,7 +11646,7 @@ CVE-2019-19497 (MDaemon Email Server 17.5.1 allows XSS via the filename of an at
 CVE-2019-19496 (Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTM ...)
 	NOT-FOR-US: Alfresco
 CVE-2019-19495 (The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: Technicolor
 CVE-2019-19494
 	RESERVED
 CVE-2019-19493 (Kentico before 12.0.50 allows file uploads in which the Content-Type h ...)
@@ -21294,7 +21294,7 @@ CVE-2019-17078
 CVE-2019-17077
 	RESERVED
 CVE-2019-17076 (An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deser ...)
-	TODO: check
+	NOT-FOR-US: Jamf Pro
 CVE-2019-17075 (An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cx ...)
 	- linux 5.3.7-1
 	[jessie] - linux <ignored> (Not a problem in practice)
@@ -56860,7 +56860,7 @@ CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in t
 CVE-2019-5083 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
 	NOT-FOR-US: Accusoft ImageGear
 CVE-2019-5082 (An exploitable heap buffer overflow vulnerability exists in the iochec ...)
-	TODO: check
+	NOT-FOR-US: WAGO Firmware
 CVE-2019-5081 (An exploitable heap buffer overflow vulnerability exists in the iochec ...)
 	NOT-FOR-US: WAGO
 CVE-2019-5080 (An exploitable denial-of-service vulnerability exists in the iocheckd  ...)
@@ -186161,19 +186161,19 @@ CVE-2016-6593 (A code-execution vulnerability exists during startup in jhi.dll a
 CVE-2016-6592
 	RESERVED
 CVE-2016-6591 (A security bypass vulnerability exists in Symantec Norton App Lock 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-6590 (A privilege escalation vulnerability exists when loading DLLs during b ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-6589 (A Denial of Service vulnerability exists in the ITMS workflow process  ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-6588 (A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-6587 (An Information Disclosure vulnerability exists in the mid.dat file sto ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-6586 (A security bypass vulnerability exists in Symantec Norton Mobile Secur ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-6585 (A Denial of Service vulnerability exists in Symantec Norton Mobile Sec ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2016-6584
 	RESERVED
 CVE-2016-6583
@@ -244118,7 +244118,7 @@ CVE-2014-5289 (Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to
 CVE-2014-5288
 	RESERVED
 CVE-2014-5287 (A Bash script injection vulnerability exists in Kemp Load Master 7.1-1 ...)
-	TODO: check
+	NOT-FOR-US: Kemp Load Master
 CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveM ...)
 	NOT-FOR-US: TIBCO
 CVE-2014-5285 (Unspecified vulnerability in the Authentication Module in TIBCO Spotfi ...)
@@ -254953,7 +254953,7 @@ CVE-2014-1456 (Cross-site scripting (XSS) vulnerability in the login page in Ope
 CVE-2014-1455 (SQL injection vulnerability in the password reset functionality in Pea ...)
 	NOT-FOR-US: Pearson eSIS Enterprise Student Information System
 CVE-2014-1454 (Pearson eSIS (Enterprise Student Information System) message board has ...)
-	TODO: check
+	NOT-FOR-US: Pearson eSIS (Enterprise Student Information System) message board
 CVE-2014-1453 (The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquir ...)
 	{DSA-2952-1}
 	- kfreebsd-8 <removed>
@@ -255119,7 +255119,7 @@ CVE-2014-1447 (Race condition in the virNetServerClientStartKeepAlive function i
 	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef6c18bc1faf8b3e10787b39796a7a06cc0
 	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c2914734eb5c32df6d35a82bf503e12261bcf
 CVE-2014-1409 (MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5. ...)
-	TODO: check
+	NOT-FOR-US: MobileIron VSP
 CVE-2014-1404
 	RESERVED
 CVE-2014-1403 (Cross-site scripting (XSS) vulnerability in name.html in easyXDM befor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0dc7f5deadb1506f0102271661908f0cb58d3f72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0dc7f5deadb1506f0102271661908f0cb58d3f72
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200108/1bbf9ffc/attachment.html>


More information about the debian-security-tracker-commits mailing list