[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Nov 17 08:32:28 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
94218458 by Salvatore Bonaccorso at 2020-11-17T09:32:05+01:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -411,7 +411,7 @@ CVE-2020-28695
 CVE-2020-28694
 	RESERVED
 CVE-2020-28693 (An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an  ...)
-	TODO: check
+	NOT-FOR-US: HorizontCMS
 CVE-2020-28692 (In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and  ...)
 	NOT-FOR-US: Gila CMS
 CVE-2020-28691
@@ -6847,7 +6847,7 @@ CVE-2020-27195 (HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5
 CVE-2020-27193 (A cross-site scripting (XSS) vulnerability in the Color Dialog plugin  ...)
 	NOT-FOR-US: CKEditor plugin
 CVE-2020-27192 (BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs. ...)
-	TODO: check
+	NOT-FOR-US: BinaryNights ForkLift
 CVE-2020-27191 (LionWiki before 3.2.12 allows an unauthenticated user to read files as ...)
 	NOT-FOR-US: LionWiki
 CVE-2020-27194 (An issue was discovered in the Linux kernel before 5.8.15. scalar32_mi ...)
@@ -6989,9 +6989,9 @@ CVE-2020-27133
 CVE-2020-27132
 	RESERVED
 CVE-2020-27131 (Multiple vulnerabilities in the Java deserialization function that is  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-27130 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-27129 (A vulnerability in the remote management feature of Cisco SD-WAN vMana ...)
 	NOT-FOR-US: Cisco
 CVE-2020-27128 (A vulnerability in the application data endpoints of Cisco SD-WAN vMan ...)
@@ -7001,7 +7001,7 @@ CVE-2020-27127
 CVE-2020-27126
 	RESERVED
 CVE-2020-27125 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-27124
 	RESERVED
 CVE-2020-27123 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
@@ -8885,9 +8885,9 @@ CVE-2020-26227
 CVE-2020-26226
 	RESERVED
 CVE-2020-26225 (In PrestaShop Product Comments before version 4.2.0, an attacker could ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-26224 (In PrestaShop before version 1.7.6.9 an attacker is able to list all t ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-26223 (Spree is a complete open source e-commerce solution built with Ruby on ...)
 	NOT-FOR-US: Spree
 CVE-2020-26222 (Dependabot is a set of packages for automated dependency management fo ...)
@@ -31945,7 +31945,7 @@ CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRA
 CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...)
 	NOT-FOR-US: RIOT RIOT-OS
 CVE-2020-15349 (BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation  ...)
-	TODO: check
+	NOT-FOR-US: BinaryNights ForkLift
 CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManag ...)
 	NOT-FOR-US: Zyxel
 CVE-2020-15347 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b pa ...)
@@ -36378,15 +36378,15 @@ CVE-2020-13775 (ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger
 CVE-2020-13774 (An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivant ...)
 	NOT-FOR-US: Ivanti
 CVE-2020-13773 (Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_spli ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2020-13772 (In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, a ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2020-13771 (Various components in Ivanti Endpoint Manager through 2020.1.1 rely on ...)
 	NOT-FOR-US: Ivanti
 CVE-2020-13770 (Several services are accessing named pipes in Ivanti Endpoint Manager  ...)
 	NOT-FOR-US: Ivanti
 CVE-2020-13769 (LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows S ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via  ...)
 	NOT-FOR-US: MiniShare
 CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could allow an u ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/942184583d8ad77df88cdc5a030dbc17621b0dfa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/942184583d8ad77df88cdc5a030dbc17621b0dfa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201117/04a3cdf2/attachment.html>


More information about the debian-security-tracker-commits mailing list