[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Oct 6 21:28:37 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e393d30 by Salvatore Bonaccorso at 2020-10-06T22:28:14+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,9 +17,9 @@ CVE-2020-26600 (An issue was discovered on Samsung mobile devices with Q(10.0) s
 CVE-2020-26599 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
 	NOT-FOR-US: Samsung mobile devices
 CVE-2020-26598 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2020-26597 (An issue was discovered on LG mobile devices with Android OS 9.0 and 1 ...)
-	TODO: check
+	NOT-FOR-US: LG mobile devices
 CVE-2020-26596
 	RESERVED
 CVE-2020-26595
@@ -49,7 +49,7 @@ CVE-2020-26584
 CVE-2020-26583
 	RESERVED
 CVE-2020-26582 (D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2020-26581
 	RESERVED
 CVE-2020-26580
@@ -65,7 +65,7 @@ CVE-2020-26576
 CVE-2020-26575 (In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) di ...)
 	TODO: check
 CVE-2020-26574 (** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is a ...)
-	TODO: check
+	NOT-FOR-US: Leostream
 CVE-2020-26573
 	RESERVED
 CVE-2019-20932
@@ -1336,9 +1336,9 @@ CVE-2020-25989
 CVE-2020-25988
 	RESERVED
 CVE-2020-25987 (MonoCMS Blog version as of 29-09-2020 stores hard-coded admin hashes i ...)
-	TODO: check
+	NOT-FOR-US: MonoCMS Blog
 CVE-2020-25986 (Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog versio ...)
-	TODO: check
+	NOT-FOR-US: MonoCMS Blog
 CVE-2020-25985
 	RESERVED
 CVE-2020-25984
@@ -1740,9 +1740,9 @@ CVE-2020-25805
 CVE-2020-25804
 	RESERVED
 CVE-2020-25803 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Crafter Studio of Crafter CMS
 CVE-2020-25802 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Crafter Studio of Crafter CMS
 CVE-2020-25801
 	RESERVED
 CVE-2020-25800
@@ -5268,17 +5268,17 @@ CVE-2020-24221
 CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...)
 	NOT-FOR-US: ShopXO
 CVE-2020-24219 (An issue was discovered on URayTech IPTV/H.264/H.265 video encoders th ...)
-	TODO: check
+	NOT-FOR-US: URayTech IPTV/H.264/H.265 video encoders
 CVE-2020-24218 (An issue was discovered on URayTech IPTV/H.264/H.265 video encoders th ...)
-	TODO: check
+	NOT-FOR-US: URayTech IPTV/H.264/H.265 video encoders
 CVE-2020-24217 (An issue was discovered in the box application on HiSilicon based IPTV ...)
-	TODO: check
+	NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders
 CVE-2020-24216 (An issue was discovered in the box application on HiSilicon based IPTV ...)
-	TODO: check
+	NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders
 CVE-2020-24215 (An issue was discovered in the box application on HiSilicon based IPTV ...)
-	TODO: check
+	NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders
 CVE-2020-24214 (An issue was discovered in the box application on HiSilicon based IPTV ...)
-	TODO: check
+	NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders
 CVE-2020-24213 (An integer overflow was discovered in YGOPro ygocore v13.51. Attackers ...)
 	NOT-FOR-US: ygocore
 CVE-2020-24212
@@ -6042,7 +6042,7 @@ CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real Time
 CVE-2020-23833 (Projectworlds House Rental v1.0 suffers from an unauthenticated SQL In ...)
 	NOT-FOR-US: Projectworlds House Rental
 CVE-2020-23832 (A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin ...)
-	TODO: check
+	NOT-FOR-US: Projectworlds Car Rental Management System
 CVE-2020-23831 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php  ...)
 	NOT-FOR-US: SourceCodester Stock Management System
 CVE-2020-23830 (A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.ph ...)
@@ -21312,7 +21312,7 @@ CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, c
 CVE-2020-16268
 	RESERVED
 CVE-2020-16267 (Zoho ManageEngine Applications Manager version 14740 and prior allows  ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...)
 	- mantis <removed>
 CVE-2015-9549 (A reflected Cross-site Scripting (XSS) vulnerability exists in OcPorta ...)
@@ -22072,7 +22072,7 @@ CVE-2020-15929
 CVE-2020-15928
 	RESERVED
 CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior allows  ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Applications Manager
 CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...)
 	NOT-FOR-US: Rocket.Chat
 CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e393d301104f98feac0e5640268e1bba6ce509c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e393d301104f98feac0e5640268e1bba6ce509c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201006/3c27c935/attachment.html>

More information about the debian-security-tracker-commits mailing list