[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Jan 13 20:59:31 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e34f9410 by Salvatore Bonaccorso at 2020-01-13T21:58:36+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2020-6949 (A privilege escalation issue was discovered in the postUser function i ...)
-	TODO: check
+	NOT-FOR-US: HashBrown CMS
 CVE-2020-6948 (A remote code execution issue was discovered in HashBrown CMS through  ...)
-	TODO: check
+	NOT-FOR-US: HashBrown CMS
 CVE-2020-6947
 	RESERVED
 CVE-2020-6946
@@ -181,7 +181,7 @@ CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar
 	NOTE: https://github.com/hoene/libmysofa/issues/96
 	NOTE: https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85
 CVE-2020-6859 (Multiple Insecure Direct Object Reference vulnerabilities in includes/ ...)
-	TODO: check
+	NOT-FOR-US: Ultimate Member plugin for WordPress
 CVE-2020-6858
 	RESERVED
 CVE-2020-6857
@@ -3929,7 +3929,7 @@ CVE-2020-5197
 CVE-2020-5196
 	RESERVED
 CVE-2020-5195 (Reflected XSS through an IMG element in Cerberus FTP Server prior to v ...)
-	TODO: check
+	NOT-FOR-US: Cerberus FTP Server
 CVE-2020-5194
 	RESERVED
 CVE-2019-20225 (MyBB before 1.8.22 allows an open redirect on login. ...)
@@ -3994,13 +3994,13 @@ CVE-2019-20214
 CVE-2019-20213 (D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Info ...)
 	NOT-FOR-US: D-Link
 CVE-2019-20212 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
-	TODO: check
+	NOT-FOR-US: themes for WordPress
 CVE-2019-20211 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
-	TODO: check
+	NOT-FOR-US: themes for WordPress
 CVE-2019-20210 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
-	TODO: check
+	NOT-FOR-US: themes for WordPress
 CVE-2019-20209 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...)
-	TODO: check
+	NOT-FOR-US: themes for WordPress
 CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based  ...)
 	- gpac <unfixed>
 	[buster] - gpac <no-dsa> (Minor issue)
@@ -7366,7 +7366,7 @@ CVE-2019-19893
 CVE-2019-19892
 	RESERVED
 CVE-2019-19891 (An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 ...)
-	TODO: check
+	NOT-FOR-US: Mitel SIP-DECT wireless devices
 CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading  ...)
 	{DSA-4591-1 DLA-2044-1}
 	- cyrus-sasl2 2.1.27+dfsg-2 (bug #947043)
@@ -12201,7 +12201,7 @@ CVE-2019-19549
 CVE-2019-19548
 	RESERVED
 CVE-2019-19547 (Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may b ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2019-19546 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to an in ...)
 	NOT-FOR-US: Norton Password Manager
 CVE-2019-19545 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cro ...)
@@ -14418,9 +14418,9 @@ CVE-2019-18896
 CVE-2019-18895 (Scanguard through 2019-11-12 on Windows has Insecure Permissions for t ...)
 	NOT-FOR-US: Scanguard
 CVE-2019-18894 (In Avast Premium Security 19.8.2393, attackers can send a specially cr ...)
-	TODO: check
+	NOT-FOR-US: Avast Premium Security
 CVE-2019-18893 (XSS in the Video Downloader component before 1.5 of Avast Secure Brows ...)
-	TODO: check
+	NOT-FOR-US: Avast Secure Browser
 CVE-2019-18892
 	RESERVED
 CVE-2019-18891
@@ -243333,7 +243333,7 @@ CVE-2014-6062
 CVE-2014-6061
 	RESERVED
 CVE-2014-6059 (WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary ...)
-	TODO: check
+	NOT-FOR-US: WordPress Advanced Access Manager Plugin
 CVE-2014-6058
 	RESERVED
 CVE-2014-6057
@@ -244788,9 +244788,9 @@ CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI hotplug
 CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
 	NOT-FOR-US: Schrack Technik microControl
 CVE-2014-5381 (Grand MA 300 allows a brute-force attack on the PIN. ...)
-	TODO: check
+	NOT-FOR-US: Grand MA 300
 CVE-2014-5380 (Grand MA 300 allows retrieval of the access PIN from sniffed data. ...)
-	TODO: check
+	NOT-FOR-US: Grand MA 300
 CVE-2014-5379
 	RESERVED
 CVE-2014-5378
@@ -262034,7 +262034,7 @@ CVE-2013-6227 (Unrestricted file upload vulnerability in plugins/editor.zoho/age
 CVE-2013-6226 (Directory traversal vulnerability in plugins/editor.zoho/agent/save_zo ...)
 	NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin
 CVE-2013-6225 (LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability ...)
-	TODO: check
+	NOT-FOR-US: LiveZilla
 CVE-2013-6224 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla befor ...)
 	NOT-FOR-US: Livezilla
 CVE-2013-6223 (LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and  ...)
@@ -283279,7 +283279,7 @@ CVE-2012-4769
 CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor plugi ...)
 	NOT-FOR-US: Download Monitor plugin for WordPress
 CVE-2012-4767 (An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the se ...)
-	TODO: check
+	NOT-FOR-US: Safend Data Protector Agent
 CVE-2012-4766
 	RESERVED
 CVE-2012-4765



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e34f9410878cfc0e4888a527d6ab636a947ef880

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e34f9410878cfc0e4888a527d6ab636a947ef880
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200113/cf987dd5/attachment.html>

More information about the debian-security-tracker-commits mailing list