[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Mon Jul 4 09:35:12 BST 2022



Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ebca431c by Neil Williams at 2022-07-04T09:34:51+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -604,7 +604,7 @@ CVE-2017-20125 (A vulnerability classified as critical was found in Online Hotel
 CVE-2017-20124 (A vulnerability classified as critical has been found in Online Hotel  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2017-20123 (A vulnerability was found in Viscosity 1.6.7. It has been classified a ...)
-	TODO: check
+	NOT-FOR-US: Viscosity on Windows and macOS
 CVE-2017-20122 (A vulnerability classified as problematic was found in Bitrix Site Man ...)
 	NOT-FOR-US: Bitrix Site Manager
 CVE-2022-34734
@@ -115345,7 +115345,7 @@ CVE-2020-28867
 CVE-2020-28866
 	RESERVED
 CVE-2020-28865 (An issue was discovered in PowerJob through 3.2.2, allows attackers to ...)
-	TODO: check
+	NOT-FOR-US: PowerJob
 CVE-2020-28864 (Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to caus ...)
 	NOT-FOR-US: WinSCP
 CVE-2020-28863
@@ -122274,7 +122274,7 @@ CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML compon
 CVE-2020-27510
 	RESERVED
 CVE-2020-27509 (Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11 ...)
-	TODO: check
+	NOT-FOR-US: Galaxkey
 CVE-2020-27508 (In two-factor authentication, the system also sending 2fa secret key i ...)
 	NOT-FOR-US: Frappe Framework
 CVE-2020-27507
@@ -123737,7 +123737,7 @@ CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hard
 CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command injection. An  ...)
 	NOT-FOR-US: Ruckus
 CVE-2020-26877 (ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in a ...)
-	TODO: check
+	NOT-FOR-US: ApiFest OAuth 2.0
 CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows remote attac ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2020-26875
@@ -127326,7 +127326,7 @@ CVE-2020-25461 (Invalid Memory Access in the fxProxyGetter function in moddable/
 CVE-2020-25460
 	RESERVED
 CVE-2020-25459 (An issue was discovered in function sync_tree in hetero_decision_tree_ ...)
-	TODO: check
+	NOT-FOR-US: FederatedAI/FATE
 CVE-2020-25458
 	RESERVED
 CVE-2020-25457
@@ -136856,7 +136856,7 @@ CVE-2020-21163
 CVE-2020-21162
 	RESERVED
 CVE-2020-21161 (Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirect ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2020-21160
 	RESERVED
 CVE-2020-21159
@@ -137099,7 +137099,7 @@ CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 a
 CVE-2020-21047
 	RESERVED
 CVE-2020-21046 (A local privilege escalation vulnerability was identified within the " ...)
-	TODO: check
+	NOT-FOR-US: EagleGet for Windows
 CVE-2020-21045
 	RESERVED
 CVE-2020-21044
@@ -139469,9 +139469,9 @@ CVE-2020-19899
 CVE-2020-19898
 	RESERVED
 CVE-2020-19897 (A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remot ...)
-	TODO: check
+	NOT-FOR-US: Wuzhicms
 CVE-2020-19896 (File inclusion vulnerability in Minicms v1.9 allows remote attackers t ...)
-	TODO: check
+	NOT-FOR-US: MiniCMS
 CVE-2020-19895
 	RESERVED
 CVE-2020-19894
@@ -166211,7 +166211,7 @@ CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows i
 CVE-2020-9755
 	RESERVED
 CVE-2020-9754 (NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Whale Browser
 CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support signatur ...)
 	NOT-FOR-US: Whale Browser
 CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...)
@@ -177990,7 +177990,7 @@ CVE-2020-5182 (The J-BusinessDirectory extension before 5.2.9 for Joomla! allows
 CVE-2020-5181
 	RESERVED
 CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to se ...)
-	NOT-FOR-US: Viscosity on Widnows and macOS
+	NOT-FOR-US: Viscosity on Windows and macOS
 CVE-2019-20224 (netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows ...)
 	NOT-FOR-US: Pandora FMS
 CVE-2019-20223 (In Support Incident Tracker (SiT!) 3.67, the id parameter is affected  ...)
@@ -425351,7 +425351,8 @@ CVE-2014-3650 (Multiple persistent cross-site scripting (XSS) flaws were found i
 CVE-2014-3649 (JBoss AeroGear has reflected XSS via the password field ...)
 	NOT-FOR-US: JBoss AeroGear
 CVE-2014-3648 (The simplepush server iterates through the application installations a ...)
-	TODO: check
+	NOTE: https://issues.redhat.com/browse/AEROGEAR-6091 (private)
+	TODO: check, if more information becomes available.
 CVE-2014-3647 (arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel throug ...)
 	{DSA-3060-1}
 	- linux 3.16.7-1
@@ -443623,7 +443624,7 @@ CVE-2013-4172 (The Red Hat CloudForms Management Engine 5.1 allow remote adminis
 CVE-2013-4171 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller b ...)
 	NOT-FOR-US: Apache Roller
 CVE-2013-4170 (In general, Ember.js escapes or strips any user-supplied content befor ...)
-	TODO: check
+	NOT-FOR-US: ember.js
 CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to change ...)
 	- gdm <removed> (unimportant)
 	- gdm3 <not-affected> (Only affected older gdm < 2.21.1)
@@ -443734,7 +443735,8 @@ CVE-2013-4146
 CVE-2013-4145
 	REJECTED
 CVE-2013-4144 (There is an object injection vulnerability in swfupload plugin for wor ...)
-	TODO: check
+	- libjs-swfupload <removed>
+	NOTE: https://github.com/wordpress/secure-swfupload/issues/1
 CVE-2013-4143 (The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockm ...)
 	- xlockmore <removed>
 	NOTE: http://openwall.com/lists/oss-security/2013/07/16/8
@@ -449629,7 +449631,7 @@ CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly val
 	[squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is EOLed)
 	NOTE: https://www.openwall.com/lists/oss-security/2013/03/25/7
 CVE-2013-1891 (In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filem ...)
-	TODO: check
+	NOT-FOR-US: OpenCart
 CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...)
 	- owncloud <not-affected> (only affecting 5.0 branch)
 CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly handles file descriptors which allow ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebca431c2a12a86e255d31a18a3eccb503b4daef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebca431c2a12a86e255d31a18a3eccb503b4daef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220704/23c82160/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list