[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Jan 6 20:24:05 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a83eb9cc by Salvatore Bonaccorso at 2021-01-06T21:23:16+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18375,11 +18375,11 @@ CVE-2020-27287
 CVE-2020-27286
 	RESERVED
 CVE-2020-27285 (The default configuration of Crimson 3.1 (Build versions prior to 3119 ...)
-	TODO: check
+	NOT-FOR-US: Crimson
 CVE-2020-27284
 	RESERVED
 CVE-2020-27283 (An attacker could send a specially crafted message to Crimson 3.1 (Bui ...)
-	TODO: check
+	NOT-FOR-US: Crimson
 CVE-2020-27282
 	RESERVED
 CVE-2020-27281
@@ -18387,7 +18387,7 @@ CVE-2020-27281
 CVE-2020-27280
 	RESERVED
 CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in the prot ...)
-	TODO: check
+	NOT-FOR-US: Crimson
 CVE-2020-27278
 	RESERVED
 CVE-2020-27277
@@ -58420,13 +58420,13 @@ CVE-2019-20511 (ERPNext 11.1.47 allows blog?blog_category= Frame Injection. ...)
 CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows ...)
 	NOT-FOR-US: Entrust Entelligence Security Provider (ESP)
 CVE-2020-10658 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Insider Threat Management Server
 CVE-2020-10657 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Insider Threat Management Server
 CVE-2020-10656 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Insider Threat Management Server
 CVE-2020-10655 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Insider Threat Management Server
 CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...)
 	NOT-FOR-US: Ping Identity PingID
 CVE-2020-10653
@@ -62603,7 +62603,7 @@ CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the
 CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...)
 	NOT-FOR-US: SocialEngine
 CVE-2020-8884 (rcdsvc in the Proofpoint Insider Threat Management Windows Agent (form ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint Insider Threat Management Windows Agent
 CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	NOT-FOR-US: Foxit Studio Photo
 CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -64462,7 +64462,7 @@ CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 tha
 	NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa
 	NOTE: Test: https://github.com/rack/rack/commit/775c836bdd25b63340399fea739532d746860a94
 CVE-2020-8160 (MendixSSO <= 2.1.1 contains endpoints that make use of the openid h ...)
-	TODO: check
+	NOT-FOR-US: MendixSSO
 CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...)
 	- ruby-actionpack-page-caching 1.2.2-1 (bug #960680)
 	[buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue)
@@ -92079,7 +92079,7 @@ CVE-2019-16964 (app/call_centers/cmd.php in the Call Center Queue Module in Fusi
 CVE-2019-16963
 	RESERVED
 CVE-2019-16962 (Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2019-16961
 	RESERVED
 CVE-2019-16960 (SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file wit ...)
@@ -92095,7 +92095,7 @@ CVE-2019-16956 (SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type
 CVE-2019-16955 (SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG documen ...)
 	NOT-FOR-US: SolarWinds
 CVE-2019-16954 (SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-16953
 	RESERVED
 CVE-2019-16952



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a83eb9cc47d9df55c60856a1bdfa1a30509ef4c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a83eb9cc47d9df55c60856a1bdfa1a30509ef4c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210106/95503eaf/attachment.html>

More information about the debian-security-tracker-commits mailing list