[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue May 5 21:18:18 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7adeb266 by Salvatore Bonaccorso at 2020-05-05T22:17:51+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2017-18867 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18866 (Certain NETGEAR devices are affected by stored XSS. This affects R9000 ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18865 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2017-18864 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-12661
 	RESERVED
 CVE-2020-12660
@@ -1263,7 +1263,7 @@ CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from
 	NOTE: Only an issue if building with OpenSSL, where Debian binary packages use
 	NOTE: GnuTLS.
 CVE-2020-12104 (The Import feature in the wp-advanced-search plugin 3.3.6 for WordPres ...)
-	TODO: check
+	NOT-FOR-US: Import feature in the wp-advanced-search plugin for WordPress
 CVE-2020-12103 (In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file b ...)
 	NOT-FOR-US: Tiny File Manager
 CVE-2020-12102 (In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in ...)
@@ -10416,7 +10416,7 @@ CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization. ...)
 CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PH ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2020-8799 (A Stored XSS vulnerability has been found in the administration page o ...)
-	TODO: check
+	NOT-FOR-US: administration page of the WTI Like Post plugin for WordPress
 CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to cha ...)
 	NOT-FOR-US: Juplink
 CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7adeb2665decdb9c6b39e0ff6fe4386fcb5f3bb7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7adeb2665decdb9c6b39e0ff6fe4386fcb5f3bb7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200505/4d84fd45/attachment.html>

More information about the debian-security-tracker-commits mailing list