[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Mar 23 20:19:55 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ef1fa88 by Salvatore Bonaccorso at 2020-03-23T21:19:28+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2020-10856
 CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. ...)
 	TODO: check
 CVE-2019-20626 (The remote keyless system on Honda HR-V 2017 vehicles sends the same R ...)
-	TODO: check
+	NOT-FOR-US: Honda HR-V 2017 vehicles
 CVE-2020-XXXX [memcached extlen buffer overflow]
 	- memcached <unfixed> (bug #954808)
 	[buster] - memcached <not-affected> (Introduced in 1.6)
@@ -346,7 +346,7 @@ CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x
 CVE-2020-10805
 	RESERVED
 CVE-2016-11022 (NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...)
 	- phpmyadmin <unfixed> (bug #954667)
 	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -657,9 +657,9 @@ CVE-2020-10663
 CVE-2020-10662
 	RESERVED
 CVE-2020-10661 (HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2019-20529 (In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12 ...)
 	NOT-FOR-US: Frappe Framework
 CVE-2019-20528 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
@@ -1323,7 +1323,7 @@ CVE-2020-10366
 CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...)
 	NOT-FOR-US: LogicalDoc
 CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote  ...)
-	TODO: check
+	NOT-FOR-US: SSH daemon on MikroTik routers
 CVE-2020-10363
 	RESERVED
 CVE-2020-10362
@@ -4777,7 +4777,7 @@ CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not co
 	NOTE: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686980
 CVE-2020-8838 (An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2020-8837
 	RESERVED
 CVE-2020-8836
@@ -5525,7 +5525,7 @@ CVE-2020-8513
 CVE-2020-8512 (In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webma ...)
 	NOT-FOR-US: IceWarp Webmail Server
 CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: Artica Pandora FMS
 CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...)
 	NOT-FOR-US: phpABook
 CVE-2020-8509
@@ -5553,7 +5553,7 @@ CVE-2020-8499
 CVE-2020-8498 (XSS exists in the shortcode functionality of the GistPress plugin befo ...)
 	NOT-FOR-US: shortcode functionality of the GistPress plugin for WordPress
 CVE-2020-8497 (In Artica Pandora FMS through 7.42, an unauthenticated attacker can re ...)
-	TODO: check
+	NOT-FOR-US: Artica Pandora FMS
 CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions ...)
 	NOT-FOR-US: Kronos Web Time and Attendance (webTA)
 CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ef1fa889b1bd24aa9c3c3889e3c78e4937181ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ef1fa889b1bd24aa9c3c3889e3c78e4937181ea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200323/b6f57423/attachment.html>

More information about the debian-security-tracker-commits mailing list