[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Sep 17 21:19:46 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
538805eb by Salvatore Bonaccorso at 2020-09-17T22:19:22+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22,9 +22,9 @@ CVE-2020-25729 (ZoneMinder before 1.34.21 has XSS via the connkey parameter to d
 	- zoneminder <unfixed>
 	NOTE: https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413
 CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a broken algor ...)
-	TODO: check
+	NOT-FOR-US: Reset Password add-on for Alfresco
 CVE-2020-25727 (The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS- ...)
-	TODO: check
+	NOT-FOR-US: Reset Password add-on for Alfresco
 CVE-2020-25726
 	RESERVED
 CVE-2020-25725
@@ -500,9 +500,9 @@ CVE-2020-25492
 CVE-2020-25491
 	RESERVED
 CVE-2020-25490 (Lack of cryptographic signature verification in the Sqreen PHP agent d ...)
-	TODO: check
+	NOT-FOR-US: Sqreen
 CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0 ...)
-	TODO: check
+	NOT-FOR-US: Sqreen
 CVE-2020-25488
 	RESERVED
 CVE-2020-25487
@@ -1092,9 +1092,9 @@ CVE-2020-25218
 CVE-2020-25217
 	RESERVED
 CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...)
-	TODO: check
+	NOT-FOR-US: yWorks yEd Desktop
 CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...)
-	TODO: check
+	NOT-FOR-US: yWorks yEd Desktop
 CVE-2020-25214
 	RESERVED
 CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...)
@@ -3602,9 +3602,9 @@ CVE-2020-24048
 CVE-2020-24047
 	RESERVED
 CVE-2020-24046 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...)
-	TODO: check
+	NOT-FOR-US: TitanHQ
 CVE-2020-24045 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...)
-	TODO: check
+	NOT-FOR-US: TitanHQ
 CVE-2020-24044
 	RESERVED
 CVE-2020-24043
@@ -27297,7 +27297,7 @@ CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enf
 	NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
 	NOTE: https://github.com/hashicorp/consul/pull/8068
 CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platf ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2020-13168
 	RESERVED
 CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution  ...)
@@ -31415,9 +31415,9 @@ CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) t
 CVE-2020-11805
 	RESERVED
 CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to improper sanit ...)
-	TODO: check
+	NOT-FOR-US: Titan SpamTitan
 CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...)
-	TODO: check
+	NOT-FOR-US: Titan SpamTitan
 CVE-2020-11802
 	RESERVED
 CVE-2020-11801
@@ -31982,11 +31982,11 @@ CVE-2020-11702 (An issue was discovered in ProVide (formerly zFTPServer) through
 CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
 	NOT-FOR-US: ProVide (formerly zFTPServer)
 CVE-2020-11700 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...)
-	TODO: check
+	NOT-FOR-US: Titan SpamTitan
 CVE-2020-11699 (An issue was discovered in Titan SpamTitan 7.07. Improper validation o ...)
-	TODO: check
+	NOT-FOR-US: Titan SpamTitan
 CVE-2020-11698 (An issue was discovered in Titan SpamTitan 7.07. Improper input saniti ...)
-	TODO: check
+	NOT-FOR-US: Titan SpamTitan
 CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a reflective XSS  ...)
 	NOT-FOR-US: Combodo iTop
 CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a stored XS ...)
@@ -46656,15 +46656,15 @@ CVE-2020-6118 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.
 CVE-2020-6117 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
 	NOT-FOR-US: OS4Ed openSIS
 CVE-2020-6116 (An arbitrary code execution vulnerability exists in the rendering func ...)
-	TODO: check
+	NOT-FOR-US: Nitro Pro
 CVE-2020-6115 (An exploitable vulnerability exists in the cross-reference table repai ...)
-	TODO: check
+	NOT-FOR-US: Nitro Pro
 CVE-2020-6114 (An exploitable SQL injection vulnerability exists in the Admin Reports ...)
 	NOT-FOR-US: Glacies IceHRM
 CVE-2020-6113 (An exploitable vulnerability exists in the object stream parsing funct ...)
-	TODO: check
+	NOT-FOR-US: Nitro Pro
 CVE-2020-6112 (An exploitable code execution vulnerability exists in the JPEG2000 Str ...)
-	TODO: check
+	NOT-FOR-US: Nitro Pro
 CVE-2020-6111
 	RESERVED
 CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way  ...)
@@ -64788,7 +64788,7 @@ CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible li
 	[stretch] - linux 4.9.228-1
 	NOTE: https://git.kernel.org/linus/68035c80e129c4cfec659aac4180354530b26527
 CVE-2020-0403 (In the FPC TrustZone fingerprint App, there is a possible invalid comm ...)
-	TODO: check
+	NOT-FOR-US: FPC TrustZone fingerprint App
 CVE-2020-0402
 	RESERVED
 	NOTE: Duplicate assignment for CVE-2019-19769 (Android security informed)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/538805ebb7c6f4379cbb83ec5525bd878880ec0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/538805ebb7c6f4379cbb83ec5525bd878880ec0d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200917/e1182a21/attachment.html>

More information about the debian-security-tracker-commits mailing list