[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Sep 3 21:21:36 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0157427 by Salvatore Bonaccorso at 2020-09-03T22:21:07+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2020-25124 (The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.p ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2020-25123 (The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smili ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2020-25122 (The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Ran ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2020-25121 (The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription E ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2020-25120 (The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php? ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2020-25119 (The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2020-25118 (The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Setting ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2020-25117 (The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title t ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2020-25116 (The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title t ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2020-25115 (The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or  ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2020-25114
 	RESERVED
 CVE-2020-25113
@@ -117,7 +117,7 @@ CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain sensi
 	[buster] - plinth <no-dsa> (Minor issue)
 	NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935
 CVE-2020-25068 (Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vuln ...)
-	TODO: check
+	NOT-FOR-US: Setelsa Conacwin
 CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command injecti ...)
 	NOT-FOR-US: Netgear
 CVE-2020-25066
@@ -169,7 +169,7 @@ CVE-2020-25044 (Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulne
 CVE-2020-25043 (The installer of Kaspersky VPN Secure Connection prior to 5.0 was vuln ...)
 	NOT-FOR-US: Kaspersky
 CVE-2020-25042 (An arbitrary file upload issue exists in Mara CMS 7.5. In order to exp ...)
-	TODO: check
+	NOT-FOR-US: Mara CMS
 CVE-2020-25041
 	RESERVED
 CVE-2020-25040
@@ -359,9 +359,9 @@ CVE-2020-24951
 CVE-2020-24950
 	RESERVED
 CVE-2020-24949 (Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php all ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2020-24948 (The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 doe ...)
-	TODO: check
+	NOT-FOR-US: Autoptimize Wordpress Plugin
 CVE-2020-24947
 	RESERVED
 CVE-2020-24946
@@ -1965,7 +1965,7 @@ CVE-2020-24195
 CVE-2020-24194
 	RESERVED
 CVE-2020-24193 (A SQL injection vulnerability in login in Sourcecodetester Daily Track ...)
-	TODO: check
+	NOT-FOR-US: Sourcecodetester Daily Tracker System
 CVE-2020-24192
 	RESERVED
 CVE-2020-24191
@@ -2027,13 +2027,13 @@ CVE-2020-24164
 CVE-2020-24163
 	RESERVED
 CVE-2020-24162 (The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Tencent app
 CVE-2020-24161 (Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacki ...)
-	TODO: check
+	NOT-FOR-US: Guangzhou NetEase Mail Master
 CVE-2020-24160 (Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vu ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Tencent TIM Windows client
 CVE-2020-24159 (NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can ...)
-	TODO: check
+	NOT-FOR-US: NetEase Youdao Dictionary
 CVE-2020-24158 (360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which ...)
 	TODO: check
 CVE-2020-24157
@@ -23861,7 +23861,7 @@ CVE-2020-13974 (** DISPUTED ** An issue was discovered in the Linux kernel throu
 CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...)
 	NOT-FOR-US: OWASP json-sanitizer
 CVE-2020-13972 (Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own dom ...)
-	TODO: check
+	NOT-FOR-US: Enghouse Web Chat
 CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to use the M ...)
 	NOT-FOR-US: Shopware
 CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery ( ...)
@@ -28794,7 +28794,7 @@ CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request w
 CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...)
 	NOTE: Duplicate of CVE-2019-10877
 CVE-2020-12058 (Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 al ...)
-	TODO: check
+	NOT-FOR-US: osCommerce CE Phoenix
 CVE-2020-12057
 	RESERVED
 CVE-2020-12056
@@ -37440,7 +37440,7 @@ CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.
 CVE-2020-9236
 	RESERVED
 CVE-2020-9235 (Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9234
 	RESERVED
 CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication vulnerability. ...)
@@ -37512,7 +37512,7 @@ CVE-2020-9201
 CVE-2020-9200
 	RESERVED
 CVE-2020-9199 (B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9198
 	RESERVED
 CVE-2020-9197
@@ -37744,7 +37744,7 @@ CVE-2020-9085
 CVE-2020-9084
 	RESERVED
 CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9082
 	RESERVED
 CVE-2020-9081
@@ -46902,7 +46902,7 @@ CVE-2020-5388
 CVE-2020-5387
 	RESERVED
 CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource  ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suit ...)
 	NOT-FOR-US: Dell
 CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Wi ...)
@@ -46936,7 +46936,7 @@ CVE-2020-5371 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC Pow
 CVE-2020-5370
 	RESERVED
 CVE-2020-5369 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2020-5368 (Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authe ...)
 	NOT-FOR-US: EMC
 CVE-2020-5367 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC U ...)
@@ -49003,7 +49003,7 @@ CVE-2020-4640
 CVE-2020-4639
 	RESERVED
 CVE-2020-4638 (IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulner ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4637
 	RESERVED
 CVE-2020-4636
@@ -49605,7 +49605,7 @@ CVE-2020-4339
 CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive informat ...)
 	NOT-FOR-US: IBM
 CVE-2020-4337 (IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4336
 	RESERVED
 CVE-2020-4335



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0157427343be24f029a67ad0f164d5dec969f9f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0157427343be24f029a67ad0f164d5dec969f9f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200903/57f1b8d3/attachment.html>

More information about the debian-security-tracker-commits mailing list