[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri May 22 21:41:56 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9fa4fa1d by Salvatore Bonaccorso at 2020-05-22T22:41:28+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,17 +27,17 @@ CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bound
 CVE-2020-13395
 	RESERVED
 CVE-2020-13394 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
-	TODO: check
+	NOT-FOR-US: Tenda devices
 CVE-2020-13393 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
-	TODO: check
+	NOT-FOR-US: Tenda devices
 CVE-2020-13392 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
-	TODO: check
+	NOT-FOR-US: Tenda devices
 CVE-2020-13391 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
-	TODO: check
+	NOT-FOR-US: Tenda devices
 CVE-2020-13390 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
-	TODO: check
+	NOT-FOR-US: Tenda devices
 CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
-	TODO: check
+	NOT-FOR-US: Tenda devices
 CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...)
 	TODO: check
 CVE-2020-13387
@@ -47,7 +47,7 @@ CVE-2020-13386
 CVE-2020-13385
 	RESERVED
 CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...)
-	TODO: check
+	NOT-FOR-US: Monstra CMS
 CVE-2020-13383
 	RESERVED
 CVE-2020-13382
@@ -97,13 +97,13 @@ CVE-2020-13361
 CVE-2019-20805
 	RESERVED
 CVE-2019-20804 (Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/th ...)
-	TODO: check
+	NOT-FOR-US: Gila CMS
 CVE-2019-20803 (Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcat ...)
-	TODO: check
+	NOT-FOR-US: Gila CMS
 CVE-2018-21234 (Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when ...)
 	TODO: check
 CVE-2017-18868 (Digi XBee 2 devices do not have an effective protection mechanism agai ...)
-	TODO: check
+	NOT-FOR-US: Digi XBee 2 devices
 CVE-2020-13360
 	RESERVED
 CVE-2020-13359
@@ -498,7 +498,7 @@ CVE-2020-13168
 CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution  ...)
 	TODO: check
 CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers to ex ...)
-	TODO: check
+	NOT-FOR-US: MyLittleAdmin
 CVE-2020-13165
 	RESERVED
 CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the ...)
@@ -1202,7 +1202,7 @@ CVE-2020-12837
 CVE-2020-12836
 	RESERVED
 CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to ...)
-	TODO: check
+	NOT-FOR-US: SmartBear ReadyAPI SoapUI Pro
 CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 thr ...)
 	NOT-FOR-US: eQ-3 Homematic Central Control Unit
 CVE-2020-12833
@@ -1223,7 +1223,7 @@ CVE-2020-12829
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026
 CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VP ...)
-	TODO: check
+	NOT-FOR-US: AnchorFree VPN SDK
 CVE-2020-12827
 	RESERVED
 CVE-2019-20796
@@ -2159,7 +2159,7 @@ CVE-2020-12433
 CVE-2020-12432
 	RESERVED
 CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software  ...)
-	TODO: check
+	NOT-FOR-US: Splashtop Software Updater
 CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...)
 	[experimental] - libvirt 6.2.0-1
 	- libvirt <unfixed> (low; bug #959447)
@@ -3128,7 +3128,7 @@ CVE-2020-12040
 CVE-2020-12039
 	RESERVED
 CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2020-12037
 	RESERVED
 CVE-2020-12036
@@ -3136,7 +3136,7 @@ CVE-2020-12036
 CVE-2020-12035
 	RESERVED
 CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2020-12033
 	RESERVED
 CVE-2020-12032
@@ -4806,7 +4806,7 @@ CVE-2020-11718
 CVE-2020-11717
 	RESERVED
 CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices throu ...)
-	TODO: check
+	NOT-FOR-US: Panasonic
 CVE-2020-11715 (Panasonic P99 devices through 2020-04-10 have Incorrect Access Control ...)
 	NOT-FOR-US: Panasonic
 CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Loc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fa4fa1d94fef3905d46eeddc9eaad577c9d9598

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fa4fa1d94fef3905d46eeddc9eaad577c9d9598
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200522/05ed4332/attachment.html>

More information about the debian-security-tracker-commits mailing list