[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Mar 17 08:49:35 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7a712a5 by Salvatore Bonaccorso at 2020-03-17T09:49:04+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1307,7 +1307,7 @@ CVE-2019-20493
 CVE-2019-20492
 	RESERVED
 CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual mail accoun ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2019-20490
 	RESERVED
 CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...)
@@ -2529,9 +2529,9 @@ CVE-2020-9474
 CVE-2020-9473
 	RESERVED
 CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...)
-	TODO: check
+	NOT-FOR-US: Umbraco CMS
 CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...)
-	TODO: check
+	NOT-FOR-US: Umbraco
 CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...)
 	NOT-FOR-US: Wing FTP Server
 CVE-2020-9469
@@ -2853,9 +2853,9 @@ CVE-2020-9349
 CVE-2020-9348
 	RESERVED
 CVE-2020-9347 (Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Ma ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no protectio ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2020-9345
 	RESERVED
 CVE-2020-9344
@@ -4158,15 +4158,15 @@ CVE-2020-8789
 CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...)
 	NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer
 CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2020-8786 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2020-8785 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2019-20450
 	RESERVED
 CVE-2019-20449
@@ -5962,7 +5962,7 @@ CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an
 	NOTE: https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8
 	NOTE: https://github.com/Exiv2/exiv2/issues/1011
 CVE-2020-7982 (An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and ...)
-	TODO: check
+	NOT-FOR-US: OpenWrt
 CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...)
 	- ruby-geocoder 1.5.1-3 (bug #949870)
 	NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613
@@ -6140,7 +6140,7 @@ CVE-2019-20409
 CVE-2019-20408
 	RESERVED
 CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira Software ...)
-	TODO: check
+	NOT-FOR-US: Atlassian Jira
 CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...)
 	NOT-FOR-US: Atlassian
 CVE-2019-20405 (The JMX monitoring flag in Atlassian Jira Server and Data Center befor ...)
@@ -6172,7 +6172,7 @@ CVE-2020-7918
 CVE-2020-7917
 	RESERVED
 CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...)
-	TODO: check
+	NOT-FOR-US: LearnPress plugin for WordPress
 CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...)
 	NOT-FOR-US: Eaton devices
 CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...)
@@ -7589,7 +7589,7 @@ CVE-2020-7250
 CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...)
 	NOT-FOR-US: SMC D3G0804W devices
 CVE-2020-7248 (libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged ...)
-	TODO: check
+	NOT-FOR-US: libubox in OpenWrt
 CVE-2020-XXXX [opensmtpd DoS via opportunistic TLS downgrade]
 	- opensmtpd 6.6.2p1-1 (bug #950121)
 	[stretch] - opensmtpd 6.0.2p1-2+deb9u2
@@ -10159,7 +10159,7 @@ CVE-2019-20362 (In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 1
 CVE-2020-6176
 	RESERVED
 CVE-2020-6175 (Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missin ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2020-6174 (TUF (aka The Update Framework) through 0.12.1 has Improper Verificatio ...)
 	- python-tuf <itp> (bug #934151)
 CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolle ...)
@@ -12760,7 +12760,7 @@ CVE-2019-20193
 CVE-2019-20192
 	RESERVED
 CVE-2019-20191 (Oxygen XML Editor 21.1.1 allows XXE to read any file. ...)
-	TODO: check
+	NOT-FOR-US: Oxygen XML Editor
 CVE-2019-20190
 	RESERVED
 CVE-2019-20189
@@ -15389,7 +15389,7 @@ CVE-2019-20107 (Multiple SQL injection vulnerabilities in TestLink through 1.9.1
 CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center before ver ...)
 	NOT-FOR-US: Atlassian
 CVE-2019-20105 (The EditApplinkServlet resource in the Atlassian Application Links plu ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2019-20104 (The OpenID client application in Atlassian Crowd before version 3.6.2, ...)
 	NOT-FOR-US: Atlassian
 CVE-2019-20103
@@ -15842,7 +15842,7 @@ CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks o
 CVE-2019-19946 (The API in Dradis Pro 3.4.1 allows any user to extract the content of  ...)
 	NOT-FOR-US: Dradis Pro
 CVE-2019-19945 (uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an  ...)
-	TODO: check
+	NOT-FOR-US: uhttpd in OpenWrt
 CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c ...)
 	NOT-FOR-US: libIEC61850
 CVE-2019-19943 (The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3 ...)
@@ -15858,7 +15858,7 @@ CVE-2019-19939
 CVE-2019-19938
 	RESERVED
 CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to restrict eithe ...)
-	TODO: check
+	NOT-FOR-US: JFrog Artifactory
 CVE-2019-19936
 	RESERVED
 CVE-2019-19935
@@ -23425,7 +23425,7 @@ CVE-2019-18919
 CVE-2019-18918
 	RESERVED
 CVE-2019-18917 (A potential security vulnerability has been identified for certain HP  ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2019-18916
 	RESERVED
 CVE-2019-18915 (A potential security vulnerability has been identified with certain ve ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7a712a53866d7cd1926f72b10d12d9357c6392e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7a712a53866d7cd1926f72b10d12d9357c6392e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200317/b6b0f653/attachment.html>


More information about the debian-security-tracker-commits mailing list