[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 23 20:19:55 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5ef1fa88 by Salvatore Bonaccorso at 2020-03-23T21:19:28+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2020-10856
CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. ...)
TODO: check
CVE-2019-20626 (The remote keyless system on Honda HR-V 2017 vehicles sends the same R ...)
- TODO: check
+ NOT-FOR-US: Honda HR-V 2017 vehicles
CVE-2020-XXXX [memcached extlen buffer overflow]
- memcached <unfixed> (bug #954808)
[buster] - memcached <not-affected> (Introduced in 1.6)
@@ -346,7 +346,7 @@ CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x
CVE-2020-10805
RESERVED
CVE-2016-11022 (NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...)
- phpmyadmin <unfixed> (bug #954667)
[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -657,9 +657,9 @@ CVE-2020-10663
CVE-2020-10662
RESERVED
CVE-2020-10661 (HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2019-20529 (In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12 ...)
NOT-FOR-US: Frappe Framework
CVE-2019-20528 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
@@ -1323,7 +1323,7 @@ CVE-2020-10366
CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...)
NOT-FOR-US: LogicalDoc
CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote ...)
- TODO: check
+ NOT-FOR-US: SSH daemon on MikroTik routers
CVE-2020-10363
RESERVED
CVE-2020-10362
@@ -4777,7 +4777,7 @@ CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not co
NOTE: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686980
CVE-2020-8838 (An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2020-8837
RESERVED
CVE-2020-8836
@@ -5525,7 +5525,7 @@ CVE-2020-8513
CVE-2020-8512 (In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webma ...)
NOT-FOR-US: IceWarp Webmail Server
CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute arbitr ...)
- TODO: check
+ NOT-FOR-US: Artica Pandora FMS
CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...)
NOT-FOR-US: phpABook
CVE-2020-8509
@@ -5553,7 +5553,7 @@ CVE-2020-8499
CVE-2020-8498 (XSS exists in the shortcode functionality of the GistPress plugin befo ...)
NOT-FOR-US: shortcode functionality of the GistPress plugin for WordPress
CVE-2020-8497 (In Artica Pandora FMS through 7.42, an unauthenticated attacker can re ...)
- TODO: check
+ NOT-FOR-US: Artica Pandora FMS
CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions ...)
NOT-FOR-US: Kronos Web Time and Attendance (webTA)
CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ef1fa889b1bd24aa9c3c3889e3c78e4937181ea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ef1fa889b1bd24aa9c3c3889e3c78e4937181ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200323/b6f57423/attachment.html>
More information about the debian-security-tracker-commits
mailing list