[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Mar 9 20:39:18 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b63cc0ba by Salvatore Bonaccorso at 2020-03-09T21:38:52+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1042,7 +1042,7 @@ CVE-2020-9760
 CVE-2020-9759
 	RESERVED
 CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...)
-	TODO: check
+	NOT-FOR-US: LiveZilla Live Chat
 CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows Server-Side  ...)
 	NOT-FOR-US: Seomatic component for Craft CMS
 CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...)
@@ -2815,7 +2815,7 @@ CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of da
 CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...)
 	NOT-FOR-US: Voatz application for Android
 CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 pr ...)
-	TODO: check
+	NOT-FOR-US: Avast AntiTrack
 CVE-2020-8986
 	RESERVED
 CVE-2020-8985
@@ -3591,9 +3591,9 @@ CVE-2020-8637
 CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...)
 	NOT-FOR-US: OpServices OpMon
 CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...)
-	TODO: check
+	NOT-FOR-US: Wing FTP Server
 CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...)
-	TODO: check
+	NOT-FOR-US: Wing FTP Server
 CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8 ...)
 	NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
 CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...)
@@ -10964,7 +10964,7 @@ CVE-2020-5329
 CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized  ...)
 	NOT-FOR-US: EMC
 CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 contain a Ja ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2020-5326 (Affected Dell Client platforms contain a BIOS Setup configuration auth ...)
 	NOT-FOR-US: Dell
 CVE-2020-5325
@@ -13976,7 +13976,7 @@ CVE-2020-4086
 CVE-2020-4085
 	RESERVED
 CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scri ...)
-	TODO: check
+	NOT-FOR-US: HCL Connections
 CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...)
 	NOT-FOR-US: HCL Connections
 CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...)
@@ -14371,7 +14371,7 @@ CVE-2019-20109
 CVE-2019-20108
 	RESERVED
 CVE-2019-20107 (Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allo ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center before ver ...)
 	NOT-FOR-US: Atlassian
 CVE-2019-20105
@@ -16011,9 +16011,9 @@ CVE-2019-19775 (The image thumbnailing handler in Zulip Server versions 1.9.0 to
 CVE-2019-19774 (An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP ...)
 	NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
 CVE-2019-19773 (Various Lexmark products have stored XSS in the embedded web server us ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2019-19772 (Various Lexmark products have reflected XSS in the embedded web server ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2019-19771 (The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have b ...)
 	NOT-FOR-US: lodahs malicious package on npm
 CVE-2019-19830 (_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authent ...)
@@ -18752,7 +18752,7 @@ CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the
 CVE-2019-19615
 	RESERVED
 CVE-2019-19614 (An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login p ...)
-	TODO: check
+	NOT-FOR-US: Halvotec RAQuest
 CVE-2019-19613
 	RESERVED
 CVE-2019-19612
@@ -19469,57 +19469,57 @@ CVE-2020-2161
 CVE-2020-2160
 	RESERVED
 CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job ...)
-	TODO: check
+	NOT-FOR-US: Jenkins CryptoMove Plugin
 CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its YAML pa ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Literate Plugin
 CVE-2020-2157 (Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured c ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Skytap Cloud CI Plugin
 CVE-2020-2156 (Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured crede ...)
-	TODO: check
+	NOT-FOR-US: Jenkins DeployHub Plugin
 CVE-2020-2155 (Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configur ...)
-	TODO: check
+	NOT-FOR-US: Jenkins OpenShift Deployer Plugin
 CVE-2020-2154 (Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Zephyr for JIRA Test Management Plugin
 CVE-2020-2153 (Jenkins Backlog Plugin 2.4 and earlier transmits configured credential ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Backlog Plugin
 CVE-2020-2152 (Jenkins Subversion Release Manager Plugin 1.2 and earlier does not esc ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Subversion Release Manager Plugin
 CVE-2020-2151 (Jenkins Quality Gates Plugin 2.5 and earlier transmits configured cred ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Quality Gates Plugin
 CVE-2020-2150 (Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configu ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Sonar Quality Gates Plugin
 CVE-2020-2149 (Jenkins Repository Connector Plugin 1.2.6 and earlier transmits config ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Repository Connector Plugin
 CVE-2020-2148 (A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier all ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Mac Plugin
 CVE-2020-2147 (A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Mac Plugin
 CVE-2020-2146 (Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys w ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Mac Plugin
 CVE-2020-2145 (Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier sto ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Zephyr Enterprise Test Management Plugin
 CVE-2020-2144 (Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML pa ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Rundeck Plugin
 CVE-2020-2143 (Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credent ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Logstash Plugin
 CVE-2020-2142 (A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier al ...)
-	TODO: check
+	NOT-FOR-US: Jenkins P4 Plugin
 CVE-2020-2141 (A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.1 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins P4 Plugin
 CVE-2020-2140 (Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error m ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Audit Trail Plugin
 CVE-2020-2139 (An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Cobertura Plugin
 CVE-2020-2138 (Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML p ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Cobertura Plugin
 CVE-2020-2137 (Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML f ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Timestamper Plugin
 CVE-2020-2136 (Jenkins Git Plugin 4.2.0 and earlier does not escape the error message ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Git Plugin
 CVE-2020-2135 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Script Security Plugin
 CVE-2020-2134 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins Script Security Plugin
 CVE-2020-2133 (Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted  ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2020-2132 (Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b63cc0ba007ee1d6c9dd3d54ca4f118f56848aba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b63cc0ba007ee1d6c9dd3d54ca4f118f56848aba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200309/b2035764/attachment.html>

More information about the debian-security-tracker-commits mailing list