[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jan 9 21:05:00 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6767d893 by Salvatore Bonaccorso at 2020-01-09T22:04:04+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1195,7 +1195,7 @@ CVE-2020-6169
 CVE-2020-6168
 	RESERVED
 CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2020-6166
 	RESERVED
 CVE-2020-6165
@@ -3007,7 +3007,7 @@ CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decodin
 CVE-2020-5309
 	RESERVED
 CVE-2020-5308 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System
 CVE-2020-5307 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL  ...)
 	NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System
 CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display name, t ...)
@@ -3213,7 +3213,7 @@ CVE-2020-5207
 CVE-2020-5206
 	RESERVED
 CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...)
-	TODO: check
+	NOT-FOR-US: Pow
 CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...)
 	NOT-FOR-US: uftpd
 CVE-2020-5203
@@ -3496,7 +3496,7 @@ CVE-2020-5181
 CVE-2020-5180
 	RESERVED
 CVE-2019-20224 (netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2019-20223 (In Support Incident Tracker (SiT!) 3.67, the id parameter is affected  ...)
 	NOT-FOR-US: Support Incident Tracker
 CVE-2019-20222 (In Support Incident Tracker (SiT!) 3.67, the Short Application Name an ...)
@@ -12010,7 +12010,7 @@ CVE-2019-19496 (Alfresco Enterprise before 5.2.5 allows stored XSS via an upload
 CVE-2019-19495 (The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable t ...)
 	NOT-FOR-US: Technicolor
 CVE-2019-19494 (Broadcom based cable modems across multiple vendors are vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: Broadcom based cable modems
 CVE-2019-19493 (Kentico before 12.0.50 allows file uploads in which the Content-Type h ...)
 	NOT-FOR-US: Kentico
 CVE-2019-19492 (FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socke ...)
@@ -12203,7 +12203,7 @@ CVE-2020-1828
 CVE-2020-1827
 	RESERVED
 CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1825
 	RESERVED
 CVE-2020-1824
@@ -12235,7 +12235,7 @@ CVE-2020-1812
 CVE-2020-1811
 	RESERVED
 CVE-2020-1810 (Huawei products CloudEngine 12800, S5700, and S6700 have a weak algori ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1809
 	RESERVED
 CVE-2020-1808
@@ -12281,9 +12281,9 @@ CVE-2020-1789
 CVE-2020-1788
 	RESERVED
 CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1786 (HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of ser ...)
 	NOT-FOR-US: Huawei
 CVE-2019-19466 (SCEditor 2.1.3 allows XSS. ...)
@@ -28161,11 +28161,11 @@ CVE-2019-14922
 CVE-2019-14921
 	RESERVED
 CVE-2019-14920 (Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authe ...)
-	TODO: check
+	NOT-FOR-US: Billion Smart Energy Router SG600R2 Firmware
 CVE-2019-14919 (An exposed Telnet Service on the Billion Smart Energy Router SG600R2 w ...)
-	TODO: check
+	NOT-FOR-US: Billion Smart Energy Router SG600R2 Firmware
 CVE-2019-14918 (XSS in the DHCP lease-status table in Billion Smart Energy Router SG60 ...)
-	TODO: check
+	NOT-FOR-US: Billion Smart Energy Router SG600R2 Firmware
 CVE-2019-14917
 	RESERVED
 CVE-2019-14916 (An issue was discovered in PRiSE adAS 1.7.0. A file's format is not pr ...)
@@ -54022,11 +54022,11 @@ CVE-2019-6334 (HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed
 CVE-2019-6333 (A potential security vulnerability has been identified with certain ve ...)
 	NOT-FOR-US: HP Touchpoint Analytics
 CVE-2019-6332 (A potential security vulnerability has been identified with certain HP ...)
-	TODO: check
+	NOT-FOR-US: HP InkJet printers
 CVE-2019-6331 (An issue was found in Samsung Mobile Print (Android) versions prior to ...)
 	TODO: check
 CVE-2019-6330 (A potential security vulnerability has been identified in the software ...)
-	TODO: check
+	NOT-FOR-US: HP Access Control
 CVE-2019-6329 (HP Support Assistant 8.7.50 and earlier allows a user to gain system p ...)
 	NOT-FOR-US: HP Support Assistant
 CVE-2019-6328 (HP Support Assistant 8.7.50 and earlier allows a user to gain system p ...)
@@ -54046,9 +54046,9 @@ CVE-2019-6322 (HP has identified a security vulnerability with some versions of
 CVE-2019-6321 (HP has identified a security vulnerability with some versions of Works ...)
 	NOT-FOR-US: HP
 CVE-2019-6320 (Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4 ...)
-	TODO: check
+	NOT-FOR-US: HP DeskJet 3630 All-in-One Printers models
 CVE-2019-6319 (HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K ...)
-	TODO: check
+	NOT-FOR-US: HP DeskJet 3630 All-in-One Printers models
 CVE-2019-6318 (HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP L ...)
 	NOT-FOR-US: HP
 CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1 ...)
@@ -248289,7 +248289,7 @@ CVE-2014-3757 (SQL injection vulnerability in sorter.php in the phpManufaktur ki
 CVE-2014-3754
 	RESERVED
 CVE-2014-3753 (AgileBits 1Password through 1.0.9.340 allows security feature bypass ...)
-	TODO: check
+	NOT-FOR-US: AgileBits 1Password
 CVE-2014-3752 (The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and ea ...)
 	NOT-FOR-US: G Data TotalProtection
 CVE-2014-3751
@@ -251626,9 +251626,9 @@ CVE-2014-2653 (The verify_host_key function in sshconnect.c in the client in Ope
 CVE-2014-2652 (SQL injection vulnerability in OpenScape Deployment Service (DLS) befo ...)
 	NOT-FOR-US: OpenScape Deployment Service
 CVE-2014-2651 (Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an a ...)
-	TODO: check
+	NOT-FOR-US: Unify OpenStage/OpenScape Desk Phone IP SIP
 CVE-2014-2650 (Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an ...)
-	TODO: check
+	NOT-FOR-US: Unify OpenStage / OpenScape Desk Phone IP
 CVE-2014-2649 (Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows ...)
 	NOT-FOR-US: HP Operations Manager
 CVE-2014-2648 (Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UN ...)
@@ -264870,7 +264870,7 @@ CVE-2013-4794
 CVE-2013-4793 (The update function in umbraco.webservices/templates/templateService.c ...)
 	NOT-FOR-US: Umbraco
 CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2 ...)
-	TODO: check
+	NOT-FOR-US: Imperva SecureSphere Web Application Firewall (WAF)
 CVE-2013-4792
 	RESERVED
 CVE-2013-4791
@@ -279188,13 +279188,13 @@ CVE-2012-6071 (nuSOAP before 0.7.3-5 does not properly check the hostname of a c
 CVE-2012-6070 (Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may  ...)
 	- falconpl 0.9.6.9-git20120606-2 (bug #696681)
 CVE-2011-5250 (Snare for Linux before 1.7.0 has CSRF in the web interface. ...)
-	TODO: check
+	NOT-FOR-US: Snare for Linux
 CVE-2011-5249 (Cross-site scripting (XSS) vulnerability in the events page in the Sys ...)
 	NOT-FOR-US: SNARE
 CVE-2011-5248
 	RESERVED
 CVE-2011-5247 (Snare for Linux before 1.7.0 has password disclosure because the rende ...)
-	TODO: check
+	NOT-FOR-US: Snare for Linux
 CVE-2009-5133
 	RESERVED
 CVE-2012-6069 (Directory traversal vulnerability in the Runtime Toolkit in CODESYS Ru ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6767d893d5928f074b708a53b3bcbe02d451890a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6767d893d5928f074b708a53b3bcbe02d451890a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200109/e6ee50c5/attachment.html>


More information about the debian-security-tracker-commits mailing list