[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Nov 27 20:21:10 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14042b7b by Salvatore Bonaccorso at 2020-11-27T21:20:27+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -457,7 +457,7 @@ CVE-2020-29140
 CVE-2020-29139
 	RESERVED
 CVE-2020-29138 (Incorrect Access Control in the configuration backup path in SAGEMCOM  ...)
-	TODO: check
+	NOT-FOR-US: SAGEMCOM
 CVE-2020-29137 (cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interf ...)
 	NOT-FOR-US: cPanel
 CVE-2020-29136 (In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approa ...)
@@ -944,9 +944,9 @@ CVE-2020-28924 (An issue was discovered in Rclone before 1.53.3. Due to the use
 CVE-2020-28923
 	RESERVED
 CVE-2020-28922 (An issue was discovered in Devid Espenschied PC Analyser through 4.10. ...)
-	TODO: check
+	NOT-FOR-US: Devid Espenschied PC Analyser
 CVE-2020-28921 (An issue was discovered in Devid Espenschied PC Analyser through 4.10. ...)
-	TODO: check
+	NOT-FOR-US: Devid Espenschied PC Analyser
 CVE-2020-28920
 	RESERVED
 CVE-2020-28919
@@ -13107,7 +13107,7 @@ CVE-2020-25017 (Envoy through 1.15.0 only considers the first value when multipl
 CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. Genexis ...)
 	NOT-FOR-US: Genexis Platinum 4410 V2-1.28
 CVE-2020-25014 (A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and  ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2020-25013 (JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Ser ...)
 	NOT-FOR-US: JetBrains
 CVE-2020-25012
@@ -65074,25 +65074,25 @@ CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers
 CVE-2019-19879 (HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain ...)
 	NOT-FOR-US: HashiCorp Sentinel (different from Redis Sentinel)
 CVE-2019-19878 (An issue was discovered in B&R Industrial Automation APROL before  ...)
-	TODO: check
+	NOT-FOR-US: B&R Industrial Automation APROL
 CVE-2019-19877 (An issue was discovered in B&R Industrial Automation APROL before  ...)
-	TODO: check
+	NOT-FOR-US: B&R Industrial Automation APROL
 CVE-2019-19876 (An issue was discovered in B&R Industrial Automation APROL before  ...)
-	TODO: check
+	NOT-FOR-US: B&R Industrial Automation APROL
 CVE-2019-19875 (An issue was discovered in B&R Industrial Automation APROL before  ...)
-	TODO: check
+	NOT-FOR-US: B&R Industrial Automation APROL
 CVE-2019-19874 (An issue was discovered in B&R Industrial Automation APROL before  ...)
-	TODO: check
+	NOT-FOR-US: B&R Industrial Automation APROL
 CVE-2019-19873 (An issue was discovered in B&R Industrial Automation APROL before  ...)
-	TODO: check
+	NOT-FOR-US: B&R Industrial Automation APROL
 CVE-2019-19872 (An issue was discovered in B&R Industrial Automation APROL before  ...)
-	TODO: check
+	NOT-FOR-US: B&R Industrial Automation APROL
 CVE-2019-19871
 	RESERVED
 CVE-2019-19870
 	RESERVED
 CVE-2019-19869 (An issue was discovered in B&R Industrial Automation APROL before  ...)
-	TODO: check
+	NOT-FOR-US: B&R Industrial Automation APROL
 CVE-2019-19868
 	RESERVED
 CVE-2019-19867
@@ -190404,19 +190404,19 @@ CVE-2017-15688
 CVE-2017-15687 (DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7 ...)
 	NOT-FOR-US: Logitech
 CVE-2017-15686 (Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting  ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS Crafter Studio
 CVE-2017-15685 (Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity ( ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS Crafter Studio
 CVE-2017-15684 (Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS Crafter Studio
 CVE-2017-15683 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS Crafter Studio
 CVE-2017-15682 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS Crafter Studio
 CVE-2017-15681 (In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS Crafter Studio
 CVE-2017-15680 (In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which ...)
-	TODO: check
+	NOT-FOR-US: Crafter CMS Crafter Studio
 CVE-2017-15679
 	RESERVED
 CVE-2017-15678



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14042b7bf9bc01e9ca3e20b19d749a2d1bb2a44a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14042b7bf9bc01e9ca3e20b19d749a2d1bb2a44a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201127/ccbf1daa/attachment.html>

More information about the debian-security-tracker-commits mailing list