[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Nov 16 20:40:49 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f44a8b6b by Salvatore Bonaccorso at 2020-11-16T21:40:24+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -333,7 +333,7 @@ CVE-2020-28725
 CVE-2020-28724
 	RESERVED
 CVE-2020-28723 (Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. ...)
-	TODO: check
+	NOT-FOR-US: CloudAvid
 CVE-2020-28722
 	RESERVED
 CVE-2020-28721
@@ -395,7 +395,7 @@ CVE-2020-28694
 CVE-2020-28693
 	RESERVED
 CVE-2020-28692 (In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and  ...)
-	TODO: check
+	NOT-FOR-US: Gila CMS
 CVE-2020-28691
 	RESERVED
 CVE-2020-28690
@@ -4558,13 +4558,13 @@ CVE-2020-27993 (Hrsale 2.0.0 allows download?type=files&filename=../ directo
 CVE-2020-27992 (Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse ...)
 	NOT-FOR-US: Dr.Fone
 CVE-2020-27991 (Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Em ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2020-27990 (Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (ad ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2020-27989 (Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit D ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2020-27988 (Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username  ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2020-27987
 	RESERVED
 CVE-2020-27986 (** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discov ...)
@@ -5898,11 +5898,11 @@ CVE-2020-27631
 CVE-2020-27630
 	RESERVED
 CVE-2020-27629 (In JetBrains TeamCity before 2020.1.5, secure dependency parameters co ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2020-27628 (In JetBrains TeamCity before 2020.1.5, the Guest user had access to au ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2020-27627 (JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. ...)
-	TODO: check
+	NOT-FOR-US: JetBrains TeamCity
 CVE-2020-27626 (JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. ...)
 	TODO: check
 CVE-2020-27625 (In JetBrains YouTrack before 2020.3.888, notifications might have ment ...)
@@ -6290,7 +6290,7 @@ CVE-2020-27461
 CVE-2020-27460
 	RESERVED
 CVE-2020-27459 (Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a ...)
-	TODO: check
+	NOT-FOR-US: Chronoforeum
 CVE-2020-27458
 	RESERVED
 CVE-2020-27457
@@ -6362,9 +6362,9 @@ CVE-2020-27425
 CVE-2020-27424
 	RESERVED
 CVE-2020-27423 (Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password rese ...)
-	TODO: check
+	NOT-FOR-US: Anuko Time Tracker
 CVE-2020-27422 (In Anuko Time Tracker v1.19.23.5311, the password reset link emailed t ...)
-	TODO: check
+	NOT-FOR-US: Anuko Time Tracker
 CVE-2020-27421
 	RESERVED
 CVE-2020-27420
@@ -6831,7 +6831,7 @@ CVE-2020-27193 (A cross-site scripting (XSS) vulnerability in the Color Dialog p
 CVE-2020-27192
 	RESERVED
 CVE-2020-27191 (LionWiki before 3.2.12 allows an unauthenticated user to read files as ...)
-	TODO: check
+	NOT-FOR-US: LionWiki
 CVE-2020-27194 (An issue was discovered in the Linux kernel before 5.8.15. scalar32_mi ...)
 	- linux 5.9.1-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -8295,11 +8295,11 @@ CVE-2020-26512
 CVE-2020-26511 (The wpo365-login plugin before v11.7 for WordPress allows use of a sym ...)
 	NOT-FOR-US: wpo365-login plugin for WordPress
 CVE-2020-26510 (Airleader Master <= 6.21 devices have default credentials that can  ...)
-	TODO: check
+	NOT-FOR-US: Airleader Master
 CVE-2020-26509 (Airleader Master and Easy <= 6.21 devices have default credentials  ...)
-	TODO: check
+	NOT-FOR-US: Airleader Master and Easy
 CVE-2020-26508 (The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices all ...)
-	TODO: check
+	NOT-FOR-US: Canon devices
 CVE-2020-26507 (A CSV Injection (also known as Formula Injection) vulnerability in the ...)
 	NOT-FOR-US: Marmind web application
 CVE-2020-26506 (An Authorization Bypass vulnerability in the Marmind web application w ...)
@@ -9486,7 +9486,7 @@ CVE-2020-25954
 CVE-2020-25953
 	RESERVED
 CVE-2020-25952 (SQL injection vulnerability in PHPGurukul User Registration & Logi ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2020-25951
 	RESERVED
 CVE-2020-25950



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f44a8b6b894706328c8c02805c1a83cd68a94bdc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f44a8b6b894706328c8c02805c1a83cd68a94bdc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201116/cfa7f16e/attachment.html>

More information about the debian-security-tracker-commits mailing list