[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Thu, 09 Jan 2020 13:06:06 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6767d893 by Salvatore Bonaccorso at 2020-01-09T22:04:04+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1195,7 +1195,7 @@ CVE-2020-6169
 CVE-2020-6168
        RESERVED
 CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; 
Maintenance  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2020-6166
        RESERVED
 CVE-2020-6165
@@ -3007,7 +3007,7 @@ CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 
6.2.2 has a TIFF decodin
 CVE-2020-5309
        RESERVED
 CVE-2020-5308 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable 
to XSS, ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System
 CVE-2020-5307 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable 
to SQL  ...)
        NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System
 CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display 
name, t ...)
@@ -3213,7 +3213,7 @@ CVE-2020-5207
 CVE-2020-5206
        RESERVED
 CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in 
Pow.Plu ...)
-       TODO: check
+       NOT-FOR-US: Pow
 CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability 
in hand ...)
        NOT-FOR-US: uftpd
 CVE-2020-5203
@@ -3496,7 +3496,7 @@ CVE-2020-5181
 CVE-2020-5180
        RESERVED
 CVE-2019-20224 (netflow_get_stats in functions_netflow.php in Pandora FMS 
7.0NG allows ...)
-       TODO: check
+       NOT-FOR-US: Pandora FMS
 CVE-2019-20223 (In Support Incident Tracker (SiT!) 3.67, the id parameter is 
affected  ...)
        NOT-FOR-US: Support Incident Tracker
 CVE-2019-20222 (In Support Incident Tracker (SiT!) 3.67, the Short Application 
Name an ...)
@@ -12010,7 +12010,7 @@ CVE-2019-19496 (Alfresco Enterprise before 5.2.5 allows 
stored XSS via an upload
 CVE-2019-19495 (The web interface on the Technicolor TC7230 STEB 01.25 is 
vulnerable t ...)
        NOT-FOR-US: Technicolor
 CVE-2019-19494 (Broadcom based cable modems across multiple vendors are 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: Broadcom based cable modems
 CVE-2019-19493 (Kentico before 12.0.50 allows file uploads in which the 
Content-Type h ...)
        NOT-FOR-US: Kentico
 CVE-2019-19492 (FreeSWITCH 1.6.10 through 1.10.1 has a default password in 
event_socke ...)
@@ -12203,7 +12203,7 @@ CVE-2020-1828
 CVE-2020-1827
        RESERVED
 CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 
10.0.0.17 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2020-1825
        RESERVED
 CVE-2020-1824
@@ -12235,7 +12235,7 @@ CVE-2020-1812
 CVE-2020-1811
        RESERVED
 CVE-2020-1810 (Huawei products CloudEngine 12800, S5700, and S6700 have a weak 
algori ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2020-1809
        RESERVED
 CVE-2020-1808
@@ -12281,9 +12281,9 @@ CVE-2020-1789
 CVE-2020-1788
        RESERVED
 CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 
9.1.0.139(C00E133R3P1 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2020-1786 (HUAWEI Mate 20 Pro smartphones versions earlier than 
10.0.0.175(C00E69 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial 
of ser ...)
        NOT-FOR-US: Huawei
 CVE-2019-19466 (SCEditor 2.1.3 allows XSS. ...)
@@ -28161,11 +28161,11 @@ CVE-2019-14922
 CVE-2019-14921
        RESERVED
 CVE-2019-14920 (Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows 
an authe ...)
-       TODO: check
+       NOT-FOR-US: Billion Smart Energy Router SG600R2 Firmware
 CVE-2019-14919 (An exposed Telnet Service on the Billion Smart Energy Router 
SG600R2 w ...)
-       TODO: check
+       NOT-FOR-US: Billion Smart Energy Router SG600R2 Firmware
 CVE-2019-14918 (XSS in the DHCP lease-status table in Billion Smart Energy 
Router SG60 ...)
-       TODO: check
+       NOT-FOR-US: Billion Smart Energy Router SG600R2 Firmware
 CVE-2019-14917
        RESERVED
 CVE-2019-14916 (An issue was discovered in PRiSE adAS 1.7.0. A file's format 
is not pr ...)
@@ -54022,11 +54022,11 @@ CVE-2019-6334 (HP LaserJet, PageWide, OfficeJet 
Enterprise, and LaserJet Managed
 CVE-2019-6333 (A potential security vulnerability has been identified with 
certain ve ...)
        NOT-FOR-US: HP Touchpoint Analytics
 CVE-2019-6332 (A potential security vulnerability has been identified with 
certain HP ...)
-       TODO: check
+       NOT-FOR-US: HP InkJet printers
 CVE-2019-6331 (An issue was found in Samsung Mobile Print (Android) versions 
prior to ...)
        TODO: check
 CVE-2019-6330 (A potential security vulnerability has been identified in the 
software ...)
-       TODO: check
+       NOT-FOR-US: HP Access Control
 CVE-2019-6329 (HP Support Assistant 8.7.50 and earlier allows a user to gain 
system p ...)
        NOT-FOR-US: HP Support Assistant
 CVE-2019-6328 (HP Support Assistant 8.7.50 and earlier allows a user to gain 
system p ...)
@@ -54046,9 +54046,9 @@ CVE-2019-6322 (HP has identified a security 
vulnerability with some versions of
 CVE-2019-6321 (HP has identified a security vulnerability with some versions 
of Works ...)
        NOT-FOR-US: HP
 CVE-2019-6320 (Certain HP DeskJet 3630 All-in-One Printers models F5S43A - 
F5S57A, K4 ...)
-       TODO: check
+       NOT-FOR-US: HP DeskJet 3630 All-in-One Printers models
 CVE-2019-6319 (HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, 
K4T93A - K ...)
-       TODO: check
+       NOT-FOR-US: HP DeskJet 3630 All-in-One Printers models
 CVE-2019-6318 (HP LaserJet Enterprise printers, HP PageWide Enterprise 
printers, HP L ...)
        NOT-FOR-US: HP
 CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 
1.2.0.B3, and 1 ...)
@@ -248289,7 +248289,7 @@ CVE-2014-3757 (SQL injection vulnerability in 
sorter.php in the phpManufaktur ki
 CVE-2014-3754
        RESERVED
 CVE-2014-3753 (AgileBits 1Password through 1.0.9.340 allows security feature 
bypass ...)
-       TODO: check
+       NOT-FOR-US: AgileBits 1Password
 CVE-2014-3752 (The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 
and ea ...)
        NOT-FOR-US: G Data TotalProtection
 CVE-2014-3751
@@ -251626,9 +251626,9 @@ CVE-2014-2653 (The verify_host_key function in 
sshconnect.c in the client in Ope
 CVE-2014-2652 (SQL injection vulnerability in OpenScape Deployment Service 
(DLS) befo ...)
        NOT-FOR-US: OpenScape Deployment Service
 CVE-2014-2651 (Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 
has an a ...)
-       TODO: check
+       NOT-FOR-US: Unify OpenStage/OpenScape Desk Phone IP SIP
 CVE-2014-2650 (Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP 
has an ...)
-       TODO: check
+       NOT-FOR-US: Unify OpenStage / OpenScape Desk Phone IP
 CVE-2014-2649 (Unspecified vulnerability in HP Operations Manager 9.20 on UNIX 
allows ...)
        NOT-FOR-US: HP Operations Manager
 CVE-2014-2648 (Unspecified vulnerability in HP Operations Manager 9.10 and 
9.11 on UN ...)
@@ -264870,7 +264870,7 @@ CVE-2013-4794
 CVE-2013-4793 (The update function in 
umbraco.webservices/templates/templateService.c ...)
        NOT-FOR-US: Umbraco
 CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 
12-august-2 ...)
-       TODO: check
+       NOT-FOR-US: Imperva SecureSphere Web Application Firewall (WAF)
 CVE-2013-4792
        RESERVED
 CVE-2013-4791
@@ -279188,13 +279188,13 @@ CVE-2012-6071 (nuSOAP before 0.7.3-5 does not 
properly check the hostname of a c
 CVE-2012-6070 (Falconpl before 0.9.6.9-git20120606 misuses the libcurl API 
which may  ...)
        - falconpl 0.9.6.9-git20120606-2 (bug #696681)
 CVE-2011-5250 (Snare for Linux before 1.7.0 has CSRF in the web interface. ...)
-       TODO: check
+       NOT-FOR-US: Snare for Linux
 CVE-2011-5249 (Cross-site scripting (XSS) vulnerability in the events page in 
the Sys ...)
        NOT-FOR-US: SNARE
 CVE-2011-5248
        RESERVED
 CVE-2011-5247 (Snare for Linux before 1.7.0 has password disclosure because 
the rende ...)
-       TODO: check
+       NOT-FOR-US: Snare for Linux
 CVE-2009-5133
        RESERVED
 CVE-2012-6069 (Directory traversal vulnerability in the Runtime Toolkit in 
CODESYS Ru ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6767d893d5928f074b708a53b3bcbe02d451890a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6767d893d5928f074b708a53b3bcbe02d451890a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to