[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Oct 2 21:35:07 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
322396b0 by Salvatore Bonaccorso at 2020-10-02T22:34:44+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -843,9 +843,9 @@ CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker cont
 CVE-2020-26136
 	RESERVED
 CVE-2020-26135 (Live Helper Chat before 3.44v allows reflected XSS via the setsettinga ...)
-	TODO: check
+	NOT-FOR-US: Live Helper Chat
 CVE-2020-26134 (Live Helper Chat before 3.44v allows stored XSS in chat messages with  ...)
-	TODO: check
+	NOT-FOR-US: Live Helper Chat
 CVE-2020-26133
 	RESERVED
 CVE-2020-26132
@@ -4190,9 +4190,9 @@ CVE-2020-24630
 CVE-2020-24629
 	RESERVED
 CVE-2020-24628 (A remote code injection vulnerability was discovered in HPE KVM IP Con ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2020-24627 (A remote stored xss vulnerability was discovered in HPE KVM IP Console ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2020-24626 (Unathenticated directory traversal in the ReceiverServlet class doPost ...)
 	NOT-FOR-US: HPE
 CVE-2020-24625 (Unathenticated directory traversal in the ReceiverServlet class doGet( ...)
@@ -4328,7 +4328,7 @@ CVE-2020-24570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbC
 CVE-2020-24569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
 	NOT-FOR-US: MB CONNECT LINE
 CVE-2020-24568 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
-	TODO: check
+	NOT-FOR-US: MB CONNECT LINE
 CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08- ...)
 	NOT-FOR-US: voidtools
 CVE-2020-24566 (In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4. ...)
@@ -4686,7 +4686,7 @@ CVE-2020-24399
 CVE-2020-24398
 	RESERVED
 CVE-2020-24397 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2020-24396
 	RESERVED
 CVE-2020-24395
@@ -17158,9 +17158,9 @@ CVE-2020-18193
 CVE-2020-18192
 	RESERVED
 CVE-2020-18191 (GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attacke ...)
-	TODO: check
+	NOT-FOR-US: GetSimple CMS
 CVE-2020-18190 (Bludit v3.8.1 is affected by directory traversal. Remote attackers are ...)
-	TODO: check
+	NOT-FOR-US: Bludit
 CVE-2020-18189
 	RESERVED
 CVE-2020-18188
@@ -18811,7 +18811,7 @@ CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL i
 CVE-2020-17383
 	RESERVED
 CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x801 ...)
-	TODO: check
+	NOT-FOR-US: MSI AmbientLink MsIo64 driver
 CVE-2020-17381
 	RESERVED
 CVE-2020-17380 [heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c]
@@ -26317,9 +26317,9 @@ CVE-2020-14295 (A SQL injection issue in color.php in Cacti 1.2.12 allows an adm
 	NOTE: Introduced with the fix for https://github.com/Cacti/cacti/issues/2839
 	NOTE: Introduced by: https://github.com/Cacti/cacti/commit/b87747c38ba58e8cf6507d4f1f8476d1df567556 (1.2.6)
 CVE-2020-14294 (An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feat ...)
-	TODO: check
+	NOT-FOR-US: Secudos Qiata FTA
 CVE-2020-14293 (conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute  ...)
-	TODO: check
+	NOT-FOR-US: Secudos DOMOS
 CVE-2020-14292 (In the COVIDSafe application through 1.0.21 for Android, unsafe use of ...)
 	NOT-FOR-US: COVIDSafe application for Android
 CVE-2020-14291
@@ -29232,7 +29232,7 @@ CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enf
 CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platf ...)
 	NOT-FOR-US: SolarWinds
 CVE-2020-13168 (SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp acco ...)
-	TODO: check
+	NOT-FOR-US: SysAid
 CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution  ...)
 	NOT-FOR-US: Netsweeper
 CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers to ex ...)
@@ -31905,15 +31905,15 @@ CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolde
 CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal rela ...)
 	NOT-FOR-US: DONG JOO CHO File Transfer iFamily
 CVE-2020-12127 (An information disclosure vulnerability in the /cgi-bin/ExportAllSetti ...)
-	TODO: check
+	NOT-FOR-US: WAVLINK
 CVE-2020-12126 (Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoi ...)
-	TODO: check
+	NOT-FOR-US: WAVLINK
 CVE-2020-12125 (A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi ...)
-	TODO: check
+	NOT-FOR-US: WAVLINK
 CVE-2020-12124 (A remote command-line injection vulnerability in the /cgi-bin/live_api ...)
-	TODO: check
+	NOT-FOR-US: WAVLINK
 CVE-2020-12123 (CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 ...)
-	TODO: check
+	NOT-FOR-US: WAVLINK
 CVE-2020-12122
 	RESERVED
 CVE-2020-12121
@@ -43470,7 +43470,7 @@ CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 th
 CVE-2020-8111
 	RESERVED
 CVE-2020-8110 (A vulnerability has been discovered in the ceva_emu.cvd module that re ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender
 CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that results ...)
 	NOT-FOR-US: Bitdefender
 CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...)
@@ -48910,13 +48910,13 @@ CVE-2020-5984
 CVE-2020-5983
 	RESERVED
 CVE-2020-5982 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows GPU Display Driver
 CVE-2020-5981 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows GPU Display Driver
 CVE-2020-5980 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows GPU Display Driver
 CVE-2020-5979 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA Windows GPU Display Driver
 CVE-2020-5978
 	RESERVED
 CVE-2020-5977
@@ -50122,7 +50122,7 @@ CVE-2020-5424
 CVE-2020-5423
 	RESERVED
 CVE-2020-5422 (BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA pas ...)
-	TODO: check
+	NOT-FOR-US: BOSH System Metrics Server
 CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...)
 	- libspring-java <unfixed>
 	[stretch] - libspring-java <no-dsa> (Minor issue)
@@ -61522,7 +61522,7 @@ CVE-2019-19201
 CVE-2019-19200
 	RESERVED
 CVE-2019-19199 (REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiratio ...)
-	TODO: check
+	NOT-FOR-US: REDDOXX MailDepot
 CVE-2019-19198 (The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. ...)
 	NOT-FOR-US: Scoutnet Kalender plugin for WordPress
 CVE-2019-19197 (IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/322396b0a47f5df903ddac9052e90dcfb7877ef3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/322396b0a47f5df903ddac9052e90dcfb7877ef3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201002/4770968b/attachment.html>


More information about the debian-security-tracker-commits mailing list