[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Mar 19 20:25:57 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6e0eb05f by Salvatore Bonaccorso at 2020-03-19T21:25:44+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2020-10679
 	RESERVED
 CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running on-premises A ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2020-10677
 	RESERVED
 CVE-2020-10676
@@ -13,15 +13,15 @@ CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the in
 CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	TODO: check
 CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missi ...)
-	TODO: check
+	NOT-FOR-US: Canon
 CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
-	TODO: check
+	NOT-FOR-US: Canon
 CVE-2020-10669
 	RESERVED
 CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
-	TODO: check
+	NOT-FOR-US: Canon
 CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
-	TODO: check
+	NOT-FOR-US: Canon
 CVE-2020-10666
 	RESERVED
 CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS comman ...)
@@ -44,35 +44,35 @@ CVE-2019-20529 (In core/doctype/prepared_report/prepared_report.py in Frappe 11
 CVE-2019-20528 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
 	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-20527 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
-	TODO: check
+	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-20526 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
-	TODO: check
+	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-20525 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
-	TODO: check
+	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-20524 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner param ...)
-	TODO: check
+	NOT-FOR-US: ilchCMS
 CVE-2019-20523 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name paramet ...)
-	TODO: check
+	NOT-FOR-US: ilchCMS
 CVE-2019-20522 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link paramet ...)
-	TODO: check
+	NOT-FOR-US: ilchCMS
 CVE-2019-20521 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2019-20520 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/meth ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2019-20519 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ UR ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2019-20518 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2019-20517 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2019-20516 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ UR ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2019-20515 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresse ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2019-20514 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2019-20513 (Open edX Ironwood.1 allows support/certificates?user= reflected XSS. ...)
-	TODO: check
+	NOT-FOR-US: Open edX Ironwood.1
 CVE-2019-20512 (Open edX Ironwood.1 allows support/certificates?course_id= reflected X ...)
 	NOT-FOR-US: Open edX Ironwood.1
 CVE-2019-20511 (ERPNext 11.1.47 allows blog?blog_category= Frame Injection. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e0eb05f4719006983c3413ee0c51f7054507829

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e0eb05f4719006983c3413ee0c51f7054507829
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200319/38c6c6f3/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list