[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Sep 14 21:17:25 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29261d70 by Salvatore Bonaccorso at 2020-09-14T22:17:02+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27872,11 +27872,11 @@ CVE-2020-12791
 CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMet ...)
 	NOT-FOR-US: SEOmatic plugin for Craft CMS
 CVE-2020-12789 (The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded ...)
-	TODO: check
+	NOT-FOR-US: Microchip Atmel ATSAMA5 products
 CVE-2020-12788 (CMAC verification functionality in Microchip Atmel ATSAMA5 products is ...)
-	TODO: check
+	NOT-FOR-US: Microchip Atmel ATSAMA5 products
 CVE-2020-12787 (Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to b ...)
-	TODO: check
+	NOT-FOR-US: Microchip Atmel ATSAMA5 products
 CVE-2020-12786
 	RESERVED
 CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the current ...)
@@ -39438,7 +39438,7 @@ CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 3
 CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2.0.30 ...)
 	NOT-FOR-US: CardGate Payments plugin for Magento
 CVE-2020-8817 (Dataiku DSS before 6.0.5 allows attackers write access to the project  ...)
-	TODO: check
+	NOT-FOR-US: Dataiku
 CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by priv ...)
 	NOT-FOR-US: Pi-hole
 CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam  ...)
@@ -75396,9 +75396,9 @@ CVE-2019-14759
 CVE-2019-14758
 	RESERVED
 CVE-2019-14757 (An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Cont ...)
-	TODO: check
+	NOT-FOR-US: KaiOS
 CVE-2019-14756 (An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-insta ...)
-	TODO: check
+	NOT-FOR-US: KaiOS
 CVE-2019-14755 (The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows U ...)
 	NOT-FOR-US: Leaf Admin
 CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL Injection via t ...)
@@ -108845,7 +108845,7 @@ CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in co
 	[stretch] - c3p0 0.9.1.2-9+deb9u1
 	NOTE: https://github.com/swaldman/c3p0/commit/7dfdda63f42759a5ec9b63d725b7412f74adb3e1
 CVE-2018-20432 (D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2018-20431 (GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerabil ...)
 	{DSA-4361-1 DLA-1616-1}
 	- libextractor 1:1.8-2 (bug #917213)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29261d7003848ce849d747d7e78cde4d2cfa58b6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29261d7003848ce849d747d7e78cde4d2cfa58b6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200914/567968c6/attachment.html>

More information about the debian-security-tracker-commits mailing list