[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Jan 31 11:51:53 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b2ccf13 by Salvatore Bonaccorso at 2020-01-31T12:51:29+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,13 +7,13 @@ CVE-2020-8498 (XSS exists in the shortcode functionality of the GistPress plugin
 CVE-2020-8497
 	RESERVED
 CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions ...)
-	TODO: check
+	NOT-FOR-US: Kronos Web Time and Attendance (webTA)
 CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...)
-	TODO: check
+	NOT-FOR-US: Kronos Web Time and Attendance (webTA)
 CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...)
-	TODO: check
+	NOT-FOR-US: Kronos Web Time and Attendance (webTA)
 CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...)
-	TODO: check
+	NOT-FOR-US: Kronos Web Time and Attendance (webTA)
 CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7  ...)
 	- python3.8 <unfixed>
 	- python3.7 <unfixed>
@@ -834,7 +834,7 @@ CVE-2020-8097
 CVE-2020-8096
 	RESERVED
 CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion  ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender Total Security
 CVE-2020-8094
 	RESERVED
 CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...)
@@ -6341,7 +6341,7 @@ CVE-2020-5528
 CVE-2020-5527
 	RESERVED
 CVE-2020-5526 (The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2. ...)
-	TODO: check
+	NOT-FOR-US: AWMS Mobile App for Android and iOS
 CVE-2020-5525
 	RESERVED
 CVE-2020-5524
@@ -7016,13 +7016,13 @@ CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authe
 CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...)
 	TODO: check
 CVE-2020-5231 (In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN  ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2020-5230 (Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for me ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2020-5229 (Opencast before 8.1 stores passwords using the rather outdated and cry ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2020-5228 (Opencast before 8.1 and 7.6 allows unauthorized public access to all m ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of  ...)
 	NOT-FOR-US: Feedgen
 CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...)
@@ -7042,7 +7042,7 @@ CVE-2020-5224 (In Django User Sessions (django-user-sessions) before 1.7.1, the
 CVE-2020-5223 (In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a p ...)
 	NOT-FOR-US: PrivateBin
 CVE-2020-5222 (Opencast before 7.6 and 8.1 enables a remember-me cookie based on a ha ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...)
 	NOT-FOR-US: uftpd
 CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups to be  ...)
@@ -7094,7 +7094,7 @@ CVE-2020-5208
 CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...)
 	NOT-FOR-US: Ktor
 CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with an arb ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...)
 	NOT-FOR-US: Pow
 CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...)
@@ -235071,7 +235071,7 @@ CVE-2015-0951 (X-Cart before 5.1.11 allows remote authenticated users to read or
 CVE-2015-0950 (Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6  ...)
 	NOT-FOR-US: X-Cart
 CVE-2015-0949 (The System Management Mode (SMM) implementation in Dell Latitude E6430 ...)
-	TODO: check
+	NOT-FOR-US: System Management Mode (SMM) implementation in various BIOS implementations
 CVE-2015-0948
 	RESERVED
 CVE-2015-0947
@@ -275184,7 +275184,7 @@ CVE-2013-2501 (Cross-site scripting (XSS) vulnerability in the Terillion Reviews
 CVE-2013-2500
 	RESERVED
 CVE-2013-2499 (SimpleHRM 2.3 and earlier could allow remote attackers to bypass the a ...)
-	TODO: check
+	NOT-FOR-US: SimpleHRM
 CVE-2013-2498 (SQL injection vulnerability in the login page in flexycms/modules/user ...)
 	NOT-FOR-US: SimpleHRM
 CVE-2013-2497
@@ -275874,7 +275874,7 @@ CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit
 CVE-2012-6534 (Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to  ...)
 	NOT-FOR-US: Novell Sentinel Log Manager
 CVE-2013-2267 (PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3 ...)
-	TODO: check
+	NOT-FOR-US: FUDforum
 CVE-2013-2266 (libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5 ...)
 	{DSA-2656-1}
 	- bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #704174)
@@ -277206,7 +277206,7 @@ CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and
 	NOTE: http://www.videolan.org/security/sa1301.html
 	NOTE: The freetype issue is a harmless NULL deref and won't be fixed
 CVE-2013-1867 (Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Gemalto Tokend
 CVE-2013-1866 (OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerab ...)
 	TODO: check
 CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocatio ...)
@@ -280763,9 +280763,9 @@ CVE-2013-0741 (Cross-site scripting (XSS) vulnerability in imagegen.ashx in Perc
 CVE-2013-0740 (Open redirect vulnerability in Dell OpenManage Server Administrator (O ...)
 	NOT-FOR-US: Dell OpenManage Server Administrator
 CVE-2013-0739 (Chamilo 1.9.4 has XSS due to improper validation of user-supplied inpu ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2013-0738 (Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blo ...)
-	TODO: check
+	NOT-FOR-US: Chamilo LMS
 CVE-2013-0737 (Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier a ...)
 	NOT-FOR-US: BoltWire
 CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Ming ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b2ccf13c54e4cdefbce90ccd08800fa5fd09455

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b2ccf13c54e4cdefbce90ccd08800fa5fd09455
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200131/1b3014a0/attachment.html>

More information about the debian-security-tracker-commits mailing list