[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri May 15 21:26:15 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
06d38b00 by Salvatore Bonaccorso at 2020-05-15T22:25:40+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2020-13094
 	RESERVED
 CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...)
-	TODO: check
+	NOT-FOR-US: iSpyConnect.com Agent DVR
 CVE-2020-13092 (scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute  ...)
 	TODO: check
 CVE-2020-13091 (pandas through 1.0.3 can unserialize and execute commands from an untr ...)
@@ -409,7 +409,7 @@ CVE-2020-12891
 CVE-2020-12890
 	RESERVED
 CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...)
 	- linux <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244
@@ -520,7 +520,7 @@ CVE-2020-12836
 CVE-2020-12835
 	RESERVED
 CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 thr ...)
-	TODO: check
+	NOT-FOR-US: eQ-3 Homematic Central Control Unit
 CVE-2020-12833
 	RESERVED
 CVE-2020-12832 (The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. ...)
@@ -606,7 +606,7 @@ CVE-2020-12800
 CVE-2020-12799
 	RESERVED
 CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...)
-	TODO: check
+	NOT-FOR-US: Cellebrite UFED
 CVE-2020-12797
 	RESERVED
 CVE-2020-12796
@@ -867,7 +867,7 @@ CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/atta
 CVE-2020-12686
 	RESERVED
 CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...)
-	TODO: check
+	NOT-FOR-US: Interchange
 CVE-2020-12684
 	RESERVED
 CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
@@ -10819,7 +10819,7 @@ CVE-2020-9075
 CVE-2020-9074
 	RESERVED
 CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a  ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9071
@@ -13064,7 +13064,7 @@ CVE-2020-8102
 CVE-2020-8101
 	RESERVED
 CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as  ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...)
 	NOT-FOR-US: Bitdefender Antivirus Free
 CVE-2020-8098
@@ -14545,7 +14545,7 @@ CVE-2020-7472
 CVE-2019-20390 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Su ...)
 	TODO: check
 CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configurat ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...)
 	- libxml2 2.9.10+dfsg-2.1 (bug #949583)
 	[buster] - libxml2 <no-dsa> (Minor issue)
@@ -29491,7 +29491,7 @@ CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products.
 CVE-2020-1809
 	RESERVED
 CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 wi ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1806 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...)
@@ -34237,7 +34237,7 @@ CVE-2019-18668 (An issue was discovered in the Currency Switcher addon before 2.
 CVE-2019-18667 (/usr/local/www/freeradius_view_config.php in the freeradius3 package b ...)
 	NOT-FOR-US: FreeBSD specific freeradius_view_config.php in the freeradius3 package
 CVE-2019-18666 (An issue was discovered on D-Link DAP-1360 revision F devices. Remote  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-18665 (The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion ...)
 	NOT-FOR-US: SECUDOS DOMOS
 CVE-2019-18664 (The Log module in SECUDOS DOMOS before 5.6 allows XSS. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06d38b00f8bfe43e853582d286d2dfc65776d913

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06d38b00f8bfe43e853582d286d2dfc65776d913
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200515/3c81b267/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list