[Git][security-tracker-team/security-tracker][master] Process NFUs

Thu Mar 26 08:16:31 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5361c66 by Salvatore Bonaccorso at 2020-03-26T09:16:08+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through 0.9.8-25 a ...)
-	TODO: check
+	NOT-FOR-US: VESTA Control Panel
 CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: Teradici PCoIP Management Console
 CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to execute ...)
 	TODO: check
 CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...)
-	TODO: check
+	NOT-FOR-US: FrozenNode Laravel-Administrator
 CVE-2020-10962
 	RESERVED
 CVE-2020-10961
@@ -159,21 +159,21 @@ CVE-2020-10890
 CVE-2020-10889
 	RESERVED
 CVE-2020-10888 (This vulnerability allows remote attackers to bypass authentication on ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2020-10887 (This vulnerability allows a firewall bypass on affected installations  ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2020-10886 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2020-10885 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2020-10884 (This vulnerability allows network-adjacent attackers execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2020-10883 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2020-10882 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2020-10881 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
 	TODO: check
 CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
@@ -1796,7 +1796,7 @@ CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the sighting popover tool. Th
 CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is ...)
 	NOT-FOR-US: MISP
 CVE-2020-10245 (CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control run ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. ...)
 	NOT-FOR-US: JPaseto
 CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...)
@@ -3394,7 +3394,7 @@ CVE-2020-9522
 CVE-2020-9521
 	RESERVED
 CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus Vibe
 CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro Focus Serv ...)
 	NOT-FOR-US: Micro Focus
 CVE-2020-9518 (Login filter can access configuration files vulnerability in Micro Foc ...)
@@ -12445,7 +12445,7 @@ CVE-2020-5563
 CVE-2020-5562
 	RESERVED
 CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS ...)
-	TODO: check
+	NOT-FOR-US: Keijiban Tsumiki
 CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS c ...)
 	TODO: check
 CVE-2020-5559 (Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remo ...)
@@ -12455,11 +12455,11 @@ CVE-2020-5558 (CuteNews 2.0.1 allows remote authenticated attackers to execute a
 CVE-2020-5557 (Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote att ...)
 	TODO: check
 CVE-2020-5556 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers  ...)
-	TODO: check
+	NOT-FOR-US: Shihonkanri Plus GOOUT
 CVE-2020-5555 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers  ...)
-	TODO: check
+	NOT-FOR-US: Shihonkanri Plus GOOUT
 CVE-2020-5554 (Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 a ...)
-	TODO: check
+	NOT-FOR-US: Shihonkanri Plus GOOUT
 CVE-2020-5553 (mailform version 1.04 allows remote attackers to execute arbitrary PHP ...)
 	TODO: check
 CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 allows rem ...)
@@ -12970,9 +12970,9 @@ CVE-2020-5342 (Dell Digital Delivery versions prior to 3.5.2015 contain an incor
 CVE-2020-5341
 	RESERVED
 CVE-2020-5340 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored  ...)
-	TODO: check
+	NOT-FOR-US: RSA Authentication Manager
 CVE-2020-5339 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored  ...)
-	TODO: check
+	NOT-FOR-US: RSA Authentication Manager
 CVE-2020-5338
 	RESERVED
 CVE-2020-5337
@@ -13116,7 +13116,7 @@ CVE-2020-5279
 CVE-2020-5278
 	RESERVED
 CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflect ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-5276
 	RESERVED
 CVE-2020-5275
@@ -13789,7 +13789,7 @@ CVE-2020-5131
 CVE-2020-5130
 	RESERVED
 CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows a ...)
-	TODO: check
+	NOT-FOR-US: SonicWall
 CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...)
 	NOT-FOR-US: Nagios XI
 CVE-2019-20196
@@ -17408,33 +17408,33 @@ CVE-2020-3810
 CVE-2020-3809
 	RESERVED
 CVE-2020-3808 (Creative Cloud Desktop Application versions 5.0 and earlier have a tim ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3806 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3805 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3804 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3803 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3802 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3801 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3800 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3799 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3798
 	RESERVED
 CVE-2020-3797 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3796
 	RESERVED
 CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3794 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file i ...)
 	TODO: check
 CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5361c66995bd58b89c12835231f108e08b3b414

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5361c66995bd58b89c12835231f108e08b3b414
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200326/03e4b084/attachment.html>
