[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jun 23 06:55:38 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a134559 by Salvatore Bonaccorso at 2020-06-23T07:55:13+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2020-14983
 CVE-2020-14982
 	RESERVED
 CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...)
-	TODO: check
+	NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS
 CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...)
-	TODO: check
+	NOT-FOR-US: Sophos Secure Email application for Android
 CVE-2020-14979
 	RESERVED
 CVE-2020-14978
@@ -19,21 +19,21 @@ CVE-2020-14975
 CVE-2020-14974
 	RESERVED
 CVE-2020-14973 (The loginForm within the general/login.php webpage in webTareas 2.0p8  ...)
-	TODO: check
+	NOT-FOR-US: webTareas
 CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online  ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodester Pisay Online E-Learning System
 CVE-2020-14971
 	RESERVED
 CVE-2020-14970
 	RESERVED
 CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribu ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2020-14968 (An issue was discovered in the jsrsasign package before 8.0.17 for Nod ...)
-	TODO: check
+	NOT-FOR-US: jsrsasign
 CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18 for Nod ...)
-	TODO: check
+	NOT-FOR-US: jsrsasign
 CVE-2020-14966 (An issue was discovered in the jsrsasign package through 8.0.18 for No ...)
-	TODO: check
+	NOT-FOR-US: jsrsasign
 CVE-2020-14965
 	RESERVED
 CVE-2020-14964
@@ -1048,7 +1048,7 @@ CVE-2020-14463
 CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box. ...)
 	TODO: check
 CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversa ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5. ...)
 	NOT-FOR-US: Mattermost
 CVE-2020-14459 (An issue was discovered in Mattermost Server before 5.19.0. Attackers  ...)
@@ -1904,11 +1904,11 @@ CVE-2020-14206
 CVE-2020-14205
 	RESERVED
 CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal ...)
-	TODO: check
+	NOT-FOR-US: WebFOCUS Business Intelligence
 CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request F ...)
-	TODO: check
+	NOT-FOR-US: WebFOCUS Business Intelligence
 CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrar ...)
-	TODO: check
+	NOT-FOR-US: WebFOCUS Business Intelligence
 CVE-2020-14201
 	RESERVED
 CVE-2020-14200
@@ -2282,7 +2282,7 @@ CVE-2020-14051
 CVE-2020-14050
 	RESERVED
 CVE-2020-14049 (Viber for Windows up to 13.2.0.39 does not properly quote its custom U ...)
-	TODO: check
+	NOT-FOR-US: Viber
 CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remo ...)
 	NOT-FOR-US: Zoho
 CVE-2020-14047
@@ -2661,9 +2661,9 @@ CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS vi
 CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS. ...)
 	NOT-FOR-US: Bludit
 CVE-2020-13888 (Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, use ...)
-	TODO: check
+	NOT-FOR-US: Kordil EDMS
 CVE-2020-13887 (documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Comma ...)
-	TODO: check
+	NOT-FOR-US: Kordil EDMS
 CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module befor ...)
 	- libcrypt-perl-perl <itp> (bug #907353)
 	NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14
@@ -3363,13 +3363,13 @@ CVE-2020-13642 (An issue was discovered in the SiteOrigin Page Builder plugin be
 CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace plugin befor ...)
 	NOT-FOR-US: Real-Time Find and Replace plugin for WordPress
 CVE-2020-13640 (A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlie ...)
-	TODO: check
+	NOT-FOR-US: gVectors wpDiscuz plugin for WordPress
 CVE-2020-13639
 	RESERVED
 CVE-2020-13638
 	RESERVED
 CVE-2020-13637 (An issue was discovered in the stashcat app through 3.9.2 for macOS, W ...)
-	TODO: check
+	NOT-FOR-US: stashcat app
 CVE-2020-13636
 	RESERVED
 CVE-2020-13635
@@ -3709,7 +3709,7 @@ CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecu
 CVE-2020-13481
 	RESERVED
 CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ...)
-	TODO: check
+	NOT-FOR-US: Verint Workforce Optimization (WFO)
 CVE-2020-13479
 	RESERVED
 CVE-2020-13478
@@ -3831,9 +3831,9 @@ CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function
 	NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11
 	NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
 CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user v ...)
-	TODO: check
+	NOT-FOR-US: Victor CMS
 CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Reques ...)
-	TODO: check
+	NOT-FOR-US: Multi-Scheduler plugin for WordPress
 CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep  ...)
 	NOT-FOR-US: TrackR
 CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...)
@@ -4436,9 +4436,9 @@ CVE-2020-13161
 CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...)
 	NOT-FOR-US: AnyDesk
 CVE-2020-13159 (Artica Proxy before 4.30.000000 Community Edition allows OS command in ...)
-	TODO: check
+	NOT-FOR-US: Artica Proxy
 CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows Directory Tra ...)
-	TODO: check
+	NOT-FOR-US: Artica Proxy
 CVE-2020-13157
 	RESERVED
 CVE-2020-13156



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a134559ed88c986a1924a231d2567b67fbf9b86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a134559ed88c986a1924a231d2567b67fbf9b86
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200623/bed99d90/attachment.html>


More information about the debian-security-tracker-commits mailing list