[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Mar 5 20:19:59 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98562a02 by Salvatore Bonaccorso at 2020-03-05T21:19:44+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...)
-	TODO: check
+	NOT-FOR-US: ESET AV parsing engine
 CVE-2020-10179
 	RESERVED
 CVE-2020-10178
@@ -13,7 +13,7 @@ CVE-2020-10175
 CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely  ...)
 	TODO: check
 CVE-2020-10173 (Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Mult ...)
-	TODO: check
+	NOT-FOR-US: Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices
 CVE-2020-10172
 	RESERVED
 CVE-2020-10171
@@ -115,11 +115,11 @@ CVE-2020-10124
 CVE-2020-10123
 	RESERVED
 CVE-2019-20501 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-20499 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2020-10122
 	RESERVED
 CVE-2020-10121
@@ -151,9 +151,9 @@ CVE-2020-10109
 CVE-2020-10108
 	RESERVED
 CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Daily Expense Tracker System
 CVE-2020-10106 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injec ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Daily Expense Tracker System
 CVE-2020-10105 (An issue was discovered in Zammad 3.0 through 3.2. It returns source c ...)
 	- zammad <itp> (bug #841355)
 CVE-2020-10104 (An issue was discovered in Zammad 3.0 through 3.2. After authenticatio ...)
@@ -1323,7 +1323,7 @@ CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the int
 CVE-2020-9545 (Pale Moon 28.x before 28.8.4 has a segmentation fault related to modul ...)
 	NOT-FOR-US: Pale Moon
 CVE-2020-9544 (An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The ad ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2020-9543
 	RESERVED
 CVE-2020-9542
@@ -1621,7 +1621,7 @@ CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash.
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73c5fff899f253c44a72657048aec7db6edee571
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2530f740d67d41908e84434bb5ec99480c2ac2e
 CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...)
-	TODO: check
+	NOT-FOR-US: PDFescape
 CVE-2020-9417
 	RESERVED
 CVE-2020-9416
@@ -1709,7 +1709,7 @@ CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 fo
 CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows remote attackers to exe ...)
 	NOT-FOR-US: Total.js CMS
 CVE-2020-9380 (IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to exe ...)
-	TODO: check
+	NOT-FOR-US: IPTV Smarters WEB TV PLAYER
 CVE-2020-9379 (The Software Development Kit of the MiContact Center Business with Sit ...)
 	NOT-FOR-US: Mitel
 CVE-2020-9378
@@ -1731,7 +1731,7 @@ CVE-2020-9372 (The Appointment Booking Calendar plugin before 1.3.35 for WordPre
 CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin before 1. ...)
 	NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
 CVE-2020-9370 (HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. ...)
-	TODO: check
+	NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices
 CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial  ...)
 	- sympa 6.2.40~dfsg-4 (bug #952428)
 	[stretch] - sympa <not-affected> (Vulnerability introduced later in 6.2.38)
@@ -10957,7 +10957,7 @@ CVE-2020-5252
 CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...)
 	NOT-FOR-US: parser-server
 CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their addr ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...)
 	- puma 3.12.4-1 (bug #953122)
 	NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
@@ -13407,7 +13407,7 @@ CVE-2020-4280
 CVE-2020-4279
 	RESERVED
 CVE-2020-4278 (IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Sp ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4277
 	RESERVED
 CVE-2020-4276
@@ -13797,9 +13797,9 @@ CVE-2020-4085
 CVE-2020-4084
 	RESERVED
 CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...)
-	TODO: check
+	NOT-FOR-US: HCL Connections
 CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...)
-	TODO: check
+	NOT-FOR-US: HCL Connections
 CVE-2020-4081
 	RESERVED
 CVE-2020-4080



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98562a02732fec94b4c204fc7c4ea76a26f3dfde

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98562a02732fec94b4c204fc7c4ea76a26f3dfde
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200305/2c668f6c/attachment.html>

More information about the debian-security-tracker-commits mailing list