[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Nov 24 09:21:58 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
543b3c6a by Salvatore Bonaccorso at 2020-11-24T10:21:36+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -180,7 +180,7 @@ CVE-2020-28928 [wcsnrtombs destination buffer overflow]
 	[buster] - musl <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4
 CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User Registration sectio ...)
-	TODO: check
+	NOT-FOR-US: Magicpin
 CVE-2020-28926
 	RESERVED
 CVE-2020-28925
@@ -9258,7 +9258,7 @@ CVE-2020-26233
 CVE-2020-26232
 	RESERVED
 CVE-2020-26231 (October is a free, open-source, self-hosted CMS platform based on the  ...)
-	TODO: check
+	NOT-FOR-US: October CMS
 CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app for Spa ...)
 	NOT-FOR-US: Radar COVID
 CVE-2020-26229 (TYPO3 is an open source PHP based web content management system. In TY ...)
@@ -13906,7 +13906,7 @@ CVE-2020-24229
 CVE-2020-24228
 	RESERVED
 CVE-2020-24227 (Playground Sessions v2.5.582 (and earlier) for Windows, stores the use ...)
-	TODO: check
+	NOT-FOR-US: Playground Sessions for Windows
 CVE-2020-24226
 	RESERVED
 CVE-2020-24225
@@ -30863,9 +30863,9 @@ CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attack
 CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary cod ...)
 	NOT-FOR-US: Joplin desktop
 CVE-2020-15929 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...)
-	TODO: check
+	NOT-FOR-US: Ortus TestBox
 CVE-2020-15928 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...)
-	TODO: check
+	NOT-FOR-US: Ortus TestBox
 CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior allows  ...)
 	NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...)
@@ -32663,13 +32663,13 @@ CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule Temp
 	NOTE: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
 	NOTE: https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae
 CVE-2020-15249 (October is a free, open-source, self-hosted CMS platform based on the  ...)
-	TODO: check
+	NOT-FOR-US: October CMS
 CVE-2020-15248 (October is a free, open-source, self-hosted CMS platform based on the  ...)
-	TODO: check
+	NOT-FOR-US: October CMS
 CVE-2020-15247 (October is a free, open-source, self-hosted CMS platform based on the  ...)
-	TODO: check
+	NOT-FOR-US: October CMS
 CVE-2020-15246 (October is a free, open-source, self-hosted CMS platform based on the  ...)
-	TODO: check
+	NOT-FOR-US: October CMS
 CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...)
 	NOT-FOR-US: Sylius
 CVE-2020-15244 (In Magento (rubygems openmage/magento-lts package) before versions 19. ...)
@@ -58861,7 +58861,7 @@ CVE-2020-5676
 CVE-2020-5675
 	RESERVED
 CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...)
-	TODO: check
+	NOT-FOR-US: SEIKO EPSON products
 CVE-2020-5673
 	RESERVED
 CVE-2020-5672
@@ -58927,7 +58927,7 @@ CVE-2020-5643 (Improper input validation vulnerability in Cybozu Garoon 5.0.0 to
 CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Live su ...)
 	NOT-FOR-US: Live Chat
 CVE-2020-5641 (Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware v ...)
-	TODO: check
+	NOT-FOR-US: GS108Ev3 firmware
 CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and earlier  ...)
 	NOT-FOR-US: OneThird CMS
 CVE-2020-5639
@@ -62924,7 +62924,7 @@ CVE-2020-4008
 CVE-2020-4007
 	RESERVED
 CVE-2020-4006 (VMware Workspace One Access, Access Connector, Identity Manager, and I ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-4005 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...)
 	NOT-FOR-US: VMware
 CVE-2020-4004 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...)
@@ -137996,15 +137996,15 @@ CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the asset
 CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...)
 	NOT-FOR-US: baijiacms
 CVE-2018-16723 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
-	TODO: check
+	NOT-FOR-US: Jingyun Antivirus
 CVE-2018-16722 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
-	TODO: check
+	NOT-FOR-US: Jingyun Antivirus
 CVE-2018-16721 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
-	TODO: check
+	NOT-FOR-US: Jingyun Antivirus
 CVE-2018-16720 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
-	TODO: check
+	NOT-FOR-US: Jingyun Antivirus
 CVE-2018-16719 (In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows  ...)
-	TODO: check
+	NOT-FOR-US: Jingyun Antivirus
 CVE-2018-16718 (An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26  ...)
 	NOT-FOR-US: NCBI ToolBox
 CVE-2018-16717 (A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543b3c6adad82062bc02600e0fc27ad8e062c0c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/543b3c6adad82062bc02600e0fc27ad8e062c0c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201124/62ddb7ae/attachment.html>


More information about the debian-security-tracker-commits mailing list