[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jan 21 20:21:47 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dfa75500 by Salvatore Bonaccorso at 2020-01-21T21:21:34+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2020-7471
 	RESERVED
 CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the  ...)
-	TODO: check
+	NOT-FOR-US: Sonoff TH 10 and 16 devices
 CVE-2020-7469
 	RESERVED
 CVE-2020-7468
@@ -449,7 +449,7 @@ CVE-2020-7248
 CVE-2020-7247
 	RESERVED
 CVE-2020-7246 (A remote code execution (RCE) vulnerability exists in qdPM 9.1 and ear ...)
-	TODO: check
+	NOT-FOR-US: qdPM
 CVE-2020-7245
 	RESERVED
 CVE-2020-7244 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...)
@@ -496,7 +496,7 @@ CVE-2020-7231 (Evoko Home 1.31 devices provide different error messages for fail
 CVE-2019-20381 (TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the ...)
 	TODO: check
 CVE-2016-11018 (An issue was discovered in the Huge-IT gallery-images plugin before 1. ...)
-	TODO: check
+	NOT-FOR-US: Huge-IT gallery-images plugin for WordPress
 CVE-2020-7230
 	RESERVED
 CVE-2020-7229 (An issue was discovered in Simplejobscript.com SJS before 1.65. There  ...)
@@ -1307,7 +1307,7 @@ CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1
 CVE-2020-6850
 	RESERVED
 CVE-2020-6849 (The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allo ...)
-	TODO: check
+	NOT-FOR-US: marketo-forms-and-tracking plugin for WordPress
 CVE-2020-6848 (Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Na ...)
 	NOT-FOR-US: Axper Vision II 4 devices
 CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is exec ...)
@@ -13271,7 +13271,7 @@ CVE-2019-19594 (reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adob
 CVE-2019-19593
 	RESERVED
 CVE-2019-19592 (Jama Connect 8.44.0 has XSS via the "Import File and Destination" tab  ...)
-	TODO: check
+	NOT-FOR-US: Jama Connect
 CVE-2019-19591
 	RESERVED
 CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the variable  ...)
@@ -13881,7 +13881,7 @@ CVE-2020-1842
 CVE-2020-1841
 	RESERVED
 CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1839
 	RESERVED
 CVE-2020-1838
@@ -14112,7 +14112,7 @@ CVE-2019-19413
 CVE-2019-19412
 	RESERVED
 CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-19410
 	RESERVED
 CVE-2019-19409
@@ -30560,13 +30560,13 @@ CVE-2019-14770 (In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, s
 CVE-2019-14769 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't suf ...)
 	- backdrop <itp> (bug #914257)
 CVE-2019-14768 (An Arbitrary File Upload issue in the file browser of DIMO YellowBox C ...)
-	TODO: check
+	NOT-FOR-US: DIMO YellowBox CRM
 CVE-2019-14767 (In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence ...)
-	TODO: check
+	NOT-FOR-US: DIMO YellowBox CRM
 CVE-2019-14766 (Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4  ...)
-	TODO: check
+	NOT-FOR-US: DIMO YellowBox CRM
 CVE-2019-14765 (Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBo ...)
-	TODO: check
+	NOT-FOR-US: DIMO YellowBox CRM
 CVE-2019-14764
 	RESERVED
 CVE-2019-14763 (In the Linux kernel before 4.16.4, a double-locking error in drivers/u ...)
@@ -43742,7 +43742,7 @@ CVE-2019-10563 (Buffer over-read can occur in fast message handler due to improp
 CVE-2019-10562
 	RESERVED
 CVE-2019-10561 (Improper initialization of local variables which are parameters to sfs ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10560
 	RESERVED
 CVE-2019-10559 (Accessing data buffer beyond the available data while parsing ogg clip ...)
@@ -240424,7 +240424,7 @@ CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and
 CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly v ...)
 	NOT-FOR-US: Apple OS X
 CVE-2011-5282 (mIRC prior to 7.22 has a message leak because chopping of outbound mes ...)
-	TODO: check
+	NOT-FOR-US: mIRC
 CVE-2008-7314
 	RESERVED
 CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel through 3 ...)
@@ -283566,7 +283566,7 @@ CVE-2012-5192 (Directory traversal vulnerability in gmap/view_overlay.php in Bit
 CVE-2012-5191
 	RESERVED
 CVE-2012-5190 (Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Prizm Content Connect
 CVE-2012-5189
 	REJECTED
 CVE-2012-5188 (Untrusted search path vulnerability in mora Downloader before 1.0.0.1  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dfa75500869e9d28cbda94d2a0609d1125bf9344

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dfa75500869e9d28cbda94d2a0609d1125bf9344
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200121/a5f9c01a/attachment.html>

More information about the debian-security-tracker-commits mailing list