[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Oct 26 20:37:04 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
651a523e by Salvatore Bonaccorso at 2020-10-26T21:36:41+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3683,7 +3683,7 @@ CVE-2020-26163 (BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host a
 CVE-2020-26162 (Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073 ...)
 	NOT-FOR-US: Xerox
 CVE-2020-26161 (In Octopus Deploy through 2020.4.2, an attacker could redirect users t ...)
-	TODO: check
+	NOT-FOR-US: Octopus Deploy
 CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended acces ...)
 	- golang-github-dgrijalva-jwt-go <unfixed> (bug #971556)
 	NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
@@ -5282,7 +5282,7 @@ CVE-2020-25472
 CVE-2020-25471
 	RESERVED
 CVE-2020-25470 (AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: AntSword
 CVE-2020-25469
 	RESERVED
 CVE-2020-25468
@@ -6255,7 +6255,7 @@ CVE-2020-25036
 CVE-2020-25035
 	RESERVED
 CVE-2020-25034 (eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authentic ...)
-	TODO: check
+	NOT-FOR-US: eMPS
 CVE-2020-25033 (The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for ...)
 	NOT-FOR-US: Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin for WordPress
 CVE-2020-25032 (An issue was discovered in Flask-CORS (aka CORS Middleware for Flask)  ...)
@@ -18956,7 +18956,7 @@ CVE-2020-18768
 CVE-2020-18767
 	RESERVED
 CVE-2020-18766 (A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotel ...)
-	TODO: check
+	NOT-FOR-US: AntSword
 CVE-2020-18765
 	RESERVED
 CVE-2020-18764
@@ -25006,7 +25006,7 @@ CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data rela
 CVE-2020-15898
 	RESERVED
 CVE-2020-15897 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...)
-	TODO: check
+	NOT-FOR-US: Arista EOS
 CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link DAP-1522 devic ...)
 	NOT-FOR-US: D-Link
 CVE-2020-15895 (An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10 ...)
@@ -32549,7 +32549,7 @@ CVE-2020-13102
 CVE-2020-13101 (In OASIS Digital Signature Services (DSS) 1.0, an attacker can control ...)
 	NOT-FOR-US: OASIS Digital Signature Services (DSS)
 CVE-2020-13100 (Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22 ...)
-	TODO: check
+	NOT-FOR-US: Arista
 CVE-2020-13099
 	RESERVED
 CVE-2020-13098
@@ -48875,7 +48875,7 @@ CVE-2020-7198
 CVE-2020-7197 (SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreSe ...)
 	TODO: check
 CVE-2020-7196 (The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Co ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2020-7195 (A iccselectrules expression language injection remote code execution v ...)
 	NOT-FOR-US: HPE Intelligent Management Center (iMC)
 CVE-2020-7194 (A perfaddormoddevicemonitor expression language injection remote code  ...)
@@ -49013,13 +49013,13 @@ CVE-2020-7129
 CVE-2020-7128
 	RESERVED
 CVE-2020-7127 (A remote unauthenticated arbitrary code execution vulnerability was di ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2020-7126 (A remote server-side request forgery (ssrf) vulnerability was discover ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2020-7125 (A remote escalation of privilege vulnerability was discovered in Aruba ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2020-7124 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
-	TODO: check
+	NOT-FOR-US: Aruba
 CVE-2020-7123
 	RESERVED
 CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches Series  ...)
@@ -49654,7 +49654,7 @@ CVE-2020-6878
 CVE-2020-6877
 	RESERVED
 CVE-2020-6876 (A ZTE product is impacted by an XSS vulnerability. The vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2020-6875 (A ZTE product is impacted by the improper access control vulnerability ...)
 	NOT-FOR-US: ZTE
 CVE-2020-6874 (A ZTE product is impacted by the cryptographic issues vulnerability. T ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651a523e427d9159f9f693da53868a9f2a2de7a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651a523e427d9159f9f693da53868a9f2a2de7a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201026/42f8f0fc/attachment.html>


More information about the debian-security-tracker-commits mailing list