[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Jan 7 22:50:27 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38b5358a by Salvatore Bonaccorso at 2021-01-07T23:50:01+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13016,7 +13016,7 @@ CVE-2020-28674
 CVE-2020-28673
 	RESERVED
 CVE-2020-28672 (MonoCMS Blog 1.0 is affected by incorrect access control that can lead ...)
-	TODO: check
+	NOT-FOR-US: MonoCMS Blog
 CVE-2020-28671
 	RESERVED
 CVE-2020-28670
@@ -20703,7 +20703,7 @@ CVE-2020-26775
 CVE-2020-26774
 	RESERVED
 CVE-2020-26773 (Restaurant Reservation System 1.0 suffers from an authenticated SQL in ...)
-	TODO: check
+	NOT-FOR-US: Restaurant Reservation System
 CVE-2020-26772
 	RESERVED
 CVE-2020-26771
@@ -23831,7 +23831,7 @@ CVE-2020-25478
 CVE-2020-25477
 	RESERVED
 CVE-2020-25476 (Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cro ...)
-	TODO: check
+	NOT-FOR-US: Liferay CMS Portal
 CVE-2020-25475 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injectio ...)
 	NOT-FOR-US: SimplePHPscripts News Script PHP Pro
 CVE-2020-25474 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site S ...)
@@ -50320,7 +50320,7 @@ CVE-2020-13575
 CVE-2020-13574
 	RESERVED
 CVE-2020-13573 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation RSLinx Classic
 CVE-2020-13572
 	RESERVED
 CVE-2020-13571
@@ -74200,19 +74200,19 @@ CVE-2020-4900 (IBM Business Automation Workflow 19.0.0.3 stores potentially sens
 CVE-2020-4899 (IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensit ...)
 	NOT-FOR-US: IBM
 CVE-2020-4898 (IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expec ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4897 (IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4896 (IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4895 (IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4894
 	RESERVED
 CVE-2020-4893 (IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 tr ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4892 (IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site sc ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4891
 	RESERVED
 CVE-2020-4890
@@ -134066,21 +134066,21 @@ CVE-2018-1000883 (Elixir Plug Plug version All contains a Header Injection vulne
 CVE-2018-20317
 	RESERVED
 CVE-2018-20316 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-20315 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-20314 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-20313 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-20312 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-20311 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-20310 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-20309 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-20308
 	RESERVED
 CVE-2018-1000882 (WeBid version up to current version 1.2.2 contains a Directory Travers ...)
@@ -143606,7 +143606,7 @@ CVE-2018-19420 (In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads bu
 CVE-2018-19419
 	RESERVED
 CVE-2018-19418 (Foxit PDF ActiveX before 5.5.1 allows remote code execution via comman ...)
-	TODO: check
+	NOT-FOR-US: Foxit PDF ActiveX
 CVE-2018-19417 (An issue was discovered in the MQTT server in Contiki-NG before 4.2. T ...)
 	NOT-FOR-US: Contiki-NG
 CVE-2018-19517 (An issue was discovered in sysstat 12.1.1. The remap_struct function i ...)
@@ -145860,9 +145860,9 @@ CVE-2018-18690 (In the Linux kernel before 4.17, a local attacker able to set at
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1105025
 	NOTE: https://git.kernel.org/linus/7b38460dc8e4eafba06c78f8e37099d3b34d473c
 CVE-2018-18689 (The Portable Document Format (PDF) specification does not provide any  ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-18688 (The Portable Document Format (PDF) specification does not provide any  ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2018-18687
 	RESERVED
 CVE-2018-18686



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38b5358a8ccde21fa8bb666f82f7ae5e18996aaf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38b5358a8ccde21fa8bb666f82f7ae5e18996aaf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210107/22fcc25a/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list