[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jun 11 21:20:09 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02ec6e09 by Salvatore Bonaccorso at 2020-06-11T22:19:45+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,7 +51,7 @@ CVE-2020-14014
 CVE-2020-14013
 	RESERVED
 CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase C ...)
-	TODO: check
+	NOT-FOR-US: osTicket
 CVE-2020-14011
 	RESERVED
 CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via t ...)
@@ -79,11 +79,11 @@ CVE-2020-14000
 CVE-2020-13999
 	RESERVED
 CVE-2020-13998 (** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA  ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2020-13997
 	RESERVED
 CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection at ...)
-	TODO: check
+	NOT-FOR-US: J2Store plugin for Joomla!
 CVE-2020-13995
 	RESERVED
 CVE-2020-13994
@@ -256,7 +256,7 @@ CVE-2020-13913
 CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users  ...)
 	NOT-FOR-US: SolarWinds Advanced Monitoring Agent
 CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a ...)
-	TODO: check
+	NOT-FOR-US: Your Online Shop
 CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nf ...)
 	NOT-FOR-US: Pengutronix Barebox
 CVE-2020-13909 (The Ignition page before 2.0.5 for Laravel mishandles globals, _get, _ ...)
@@ -266,9 +266,9 @@ CVE-2020-13908
 CVE-2020-13907
 	RESERVED
 CVE-2020-13906 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an  ...)
 	- ffmpeg <unfixed>
 	NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/
@@ -343,7 +343,7 @@ CVE-2020-13874
 CVE-2020-13873
 	RESERVED
 CVE-2020-13872 (Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for at ...)
-	TODO: check
+	NOT-FOR-US: Royal TS
 CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec ...)
 	- sqlite3 3.32.2-2
 	NOTE: Fixed by: https://www.sqlite.org/src/info/79eff1d0383179c4
@@ -381,17 +381,17 @@ CVE-2020-13857
 CVE-2020-13856
 	RESERVED
 CVE-2020-13855 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...)
-	TODO: check
+	NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13854 (Artica Pandora FMS 7.44 allows privilege escalation. ...)
-	TODO: check
+	NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13853 (Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. ...)
-	TODO: check
+	NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13852 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...)
-	TODO: check
+	NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13851 (Artica Pandora FMS 7.44 allows remote command execution via the events ...)
-	TODO: check
+	NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13850 (Artica Pandora FMS 7.44 has inadequate access controls on a web folder ...)
-	TODO: check
+	NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout value of 1. ...)
 	TODO: check
 CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attac ...)
@@ -1392,9 +1392,9 @@ CVE-2020-13447
 CVE-2020-13446
 	RESERVED
 CVE-2020-13445 (In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2020-13444 (Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 9 ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2020-13443
 	RESERVED
 CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 t ...)
@@ -1874,7 +1874,7 @@ CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Set
 CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html file ...)
 	- dolibarr <removed>
 CVE-2020-13238 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2020-13237
 	RESERVED
 CVE-2020-13236
@@ -1907,7 +1907,7 @@ CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnera
 CVE-2020-13224
 	RESERVED
 CVE-2020-13223 (HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 before 1. ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2020-13222
 	RESERVED
 CVE-2020-13221
@@ -2742,7 +2742,7 @@ CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator
 CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or overwrite e ...)
 	NOT-FOR-US: Pydio Cells
 CVE-2020-12850 (The following vulnerability applies only to the Pydio Cells Enterprise ...)
-	TODO: check
+	NOT-FOR-US: Pydio Cells
 CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to the web ...)
 	NOT-FOR-US: Pydio Cells
 CVE-2020-12848 (In Pydio Cells 2.0.4, once an authenticated user shares a file selecti ...)
@@ -3004,7 +3004,7 @@ CVE-2020-12759
 CVE-2020-12758
 	RESERVED
 CVE-2020-12757 (HashiCorp Vault and Vault Enterprise 1.4.x before 1.4.2 has Incorrect  ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2020-12756
 	RESERVED
 CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras t ...)
@@ -3105,9 +3105,9 @@ CVE-2020-12716
 CVE-2020-12715
 	RESERVED
 CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual Applia ...)
-	TODO: check
+	NOT-FOR-US: CipherMail
 CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...)
-	TODO: check
+	NOT-FOR-US: CipherMail
 CVE-2020-12712 (A vulnerability based on insecure user/password encryption in the JOE  ...)
 	TODO: check
 CVE-2020-12711
@@ -5959,7 +5959,7 @@ CVE-2020-11800
 CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...)
 	NOT-FOR-US: Z-Cron
 CVE-2020-11798 (A Directory Traversal vulnerability in the web conference component of ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-11797
 	RESERVED
 CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...)
@@ -24774,7 +24774,7 @@ CVE-2020-4382
 CVE-2020-4381
 	RESERVED
 CVE-2020-4380 (IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting.  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
 	NOT-FOR-US: IBM
 CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged au ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02ec6e0970eed956a3493d96a06e578a98318718

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02ec6e0970eed956a3493d96a06e578a98318718
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200611/0d33fcb4/attachment.html>

More information about the debian-security-tracker-commits mailing list