[Git][security-tracker-team/security-tracker][master] Process NFUs

Mon Jan 25 20:23:53 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb8d90a4 by Salvatore Bonaccorso at 2021-01-25T21:23:10+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -561,7 +561,7 @@ CVE-2021-3280
 CVE-2021-3279
 	RESERVED
 CVE-2021-3278 (Local Service Search Engine Management System 1.0 has a vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Local Service Search Engine Management System
 CVE-2021-3277
 	RESERVED
 CVE-2021-3276
@@ -10776,7 +10776,7 @@ CVE-2020-35855
 CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Bod ...)
 	TODO: check
 CVE-2020-35853 (4images Image Gallery Management System 1.7.11 is affected by cross-si ...)
-	TODO: check
+	NOT-FOR-US: 4images Image Gallery Management System
 CVE-2020-35852
 	RESERVED
 CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters properly. Att ...)
@@ -10819,7 +10819,7 @@ CVE-2020-35845
 CVE-2020-35844
 	RESERVED
 CVE-2020-35843 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...)
-	TODO: check
+	NOT-FOR-US: FastStone Image Viewer
 CVE-2020-35842 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
 	NOT-FOR-US: Netgear
 CVE-2020-35841 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
@@ -15167,7 +15167,7 @@ CVE-2020-35272 (Employee Performance Evaluation System in PHP/MySQLi with Source
 CVE-2020-35271 (Employee Performance Evaluation System in PHP/MySQLi with Source Code  ...)
 	NOT-FOR-US: Employee Performance Evaluation System in PHP/MySQLi with Source Code
 CVE-2020-35270 (Student Result Management System In PHP With Source Code is affected b ...)
-	TODO: check
+	NOT-FOR-US: Student Result Management System In PHP With Source Code
 CVE-2020-35269 (Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross ...)
 	- nagios4 <undetermined>
 	NOTE: https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc
@@ -29695,7 +29695,7 @@ CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for Ruby
 CVE-2020-25738 (CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers  ...)
 	NOT-FOR-US: CyberArk Endpoint Privilege Manager (EPM)
 CVE-2020-25737 (An elevation of privilege vulnerability exists in Hackolade versions p ...)
-	TODO: check
+	NOT-FOR-US: Hackolade
 CVE-2020-25736
 	RESERVED
 CVE-2020-25735 (webTareas through 2.1 allows XSS in clients/editclient.php, extensions ...)
@@ -49493,7 +49493,7 @@ CVE-2020-16238
 CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives input  ...)
 	NOT-FOR-US: Philips SureSigns
 CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a  ...)
-	TODO: check
+	NOT-FOR-US: FPWIN Pro
 CVE-2020-16235
 	RESERVED
 CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer overf ...)
@@ -64164,7 +64164,7 @@ CVE-2020-11182
 CVE-2020-11181 (Out of bound access issue while handling cvp process control command d ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11180 (Out of bound access in computer vision control due to improper validat ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-11179 (Arbitrary read and write to kernel addresses by temporarily overwritin ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11178
@@ -64249,7 +64249,7 @@ CVE-2020-11141 (u'Buffer over-read issue in Bluetooth estack due to lack of chec
 CVE-2020-11140 (Out of bound memory access during music playback with ALAC modified co ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11139 (Out of bound memory access while processing frames due to lack of chec ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-11138 (Uninitialized pointers accessed during music play back with incorrect  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11137 (Integer multiplication overflow resulting in lower buffer size allocat ...)
@@ -71820,7 +71820,7 @@ CVE-2020-8294
 CVE-2020-8293
 	RESERVED
 CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scr ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2020-8291
 	RESERVED
 CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer  ...)
@@ -71828,7 +71828,7 @@ CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439 su
 CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before  ...)
 	NOT-FOR-US: Backblaze
 CVE-2020-8288 (The `specializedRendering` function in Rocket.Chat server before 3.9.2 ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two co ...)
 	{DSA-4826-1}
 	- nodejs 12.20.1~dfsg-1 (bug #979364)
@@ -75715,9 +75715,9 @@ CVE-2020-6782
 CVE-2020-6781 (Improper certificate validation for certain connections in the Bosch S ...)
 	NOT-FOR-US: Bosch Smart Home System App for iOS
 CVE-2020-6780 (Use of Password Hash With Insufficient Computational Effort in the dat ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2020-6779 (Use of Hard-coded Credentials in the database of Bosch FSM-2500 server ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2020-6778
 	RESERVED
 CVE-2020-6777 (A vulnerability in the web-based management interface of Bosch PRAESID ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb8d90a4f428e4fd7e571364047637bcb0a94c31

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb8d90a4f428e4fd7e571364047637bcb0a94c31
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210125/3f7b21a9/attachment-0001.html>
