[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Sep 25 09:29:24 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45100e16 by Salvatore Bonaccorso at 2020-09-25T10:28:55+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -785,11 +785,11 @@ CVE-2020-25751 (The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injectio
 CVE-2020-25750 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 b ...)
 	NOT-FOR-US: DotPlant2
 CVE-2020-25749 (The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 ca ...)
-	TODO: check
+	NOT-FOR-US: Rubetek
 CVE-2020-25748 (A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3 ...)
-	TODO: check
+	NOT-FOR-US: Rubetek
 CVE-2020-25747 (The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (f ...)
-	TODO: check
+	NOT-FOR-US: Rubetek
 CVE-2020-25746
 	RESERVED
 CVE-2020-25745
@@ -842,7 +842,7 @@ CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a broken
 CVE-2020-25727 (The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS- ...)
 	NOT-FOR-US: Reset Password add-on for Alfresco
 CVE-2020-25726 (A Directory Traversal issue was discovered on Hak5 WiFi Pineapple Mark ...)
-	TODO: check
+	NOT-FOR-US: Hak5 WiFi Pineapple Mark VII devices
 CVE-2020-25725
 	RESERVED
 CVE-2020-25724
@@ -1929,7 +1929,7 @@ CVE-2020-25225
 CVE-2020-25224
 	RESERVED
 CVE-2020-25223 (A remote code execution vulnerability exists in the WebAdmin of Sophos ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2020-25222
 	RESERVED
 CVE-2020-25221 (get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5 ...)
@@ -3092,7 +3092,7 @@ CVE-2020-24694
 CVE-2020-24693
 	RESERVED
 CVE-2020-24692 (The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 co ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-24691
 	RESERVED
 CVE-2020-24690
@@ -3265,7 +3265,7 @@ CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the in
 	NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
 	NOTE: but still an issue when Default Typing is enabled.
 CVE-2020-24615 (Pexip Infinity before 24.1 has Improper Input Validation, leading to t ...)
-	TODO: check
+	NOT-FOR-US: Pexip Infinity
 CVE-2020-24613 (wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_C ...)
 	- wolfssl 4.5.0+dfsg-1 (bug #969663)
 	NOTE: https://research.nccgroup.com/2020/08/24/technical-advisory-wolfssl-tls-1-3-client-man-in-the-middle-attack/
@@ -3304,13 +3304,13 @@ CVE-2020-24597
 CVE-2020-24596
 	RESERVED
 CVE-2020-24595 (Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-24594 (Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthen ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-24593 (Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote at ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-24592 (Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-24591 (The Management Console in certain WSO2 products allows XXE attacks dur ...)
 	NOT-FOR-US: WSO2
 CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...)
@@ -4904,7 +4904,7 @@ CVE-2020-23839 (A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimpl
 CVE-2020-23838
 	RESERVED
 CVE-2020-23837 (A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User pl ...)
-	TODO: check
+	NOT-FOR-US: GetSimple CMS
 CVE-2020-23836 (A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in  ...)
 	NOT-FOR-US: OSWAPP Warehouse Inventory System
 CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php  ...)
@@ -13684,7 +13684,7 @@ CVE-2020-19449
 CVE-2020-19448
 	RESERVED
 CVE-2020-19447 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! co ...)
-	TODO: check
+	NOT-FOR-US: jdownloads component for Joomla!
 CVE-2020-19446
 	RESERVED
 CVE-2020-19445
@@ -17897,7 +17897,7 @@ CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through 0
 	- routinator <itp> (bug #929024)
 	NOTE: https://github.com/NLnetLabs/routinator/issues/319
 CVE-2020-17365 (Improper directory permissions in the Hotspot Shield VPN client softwa ...)
-	TODO: check
+	NOT-FOR-US: Hotspot Shield VPN client for Windows
 CVE-2020-17364 (USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. ...)
 	NOT-FOR-US: User-friendly SVN
 CVE-2020-17363



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45100e162903663b77454b4d5a94a8cb41aa3fd0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45100e162903663b77454b4d5a94a8cb41aa3fd0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200925/981af380/attachment.html>

More information about the debian-security-tracker-commits mailing list