[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Tue, 21 Jan 2020 12:22:12 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dfa75500 by Salvatore Bonaccorso at 2020-01-21T21:21:34+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2020-7471
        RESERVED
 CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS 
via the  ...)
-       TODO: check
+       NOT-FOR-US: Sonoff TH 10 and 16 devices
 CVE-2020-7469
        RESERVED
 CVE-2020-7468
@@ -449,7 +449,7 @@ CVE-2020-7248
 CVE-2020-7247
        RESERVED
 CVE-2020-7246 (A remote code execution (RCE) vulnerability exists in qdPM 9.1 
and ear ...)
-       TODO: check
+       NOT-FOR-US: qdPM
 CVE-2020-7245
        RESERVED
 CVE-2020-7244 (Comtech Stampede FX-1010 7.4.3 devices allow remote 
authenticated admi ...)
@@ -496,7 +496,7 @@ CVE-2020-7231 (Evoko Home 1.31 devices provide different 
error messages for fail
 CVE-2019-20381 (TestLink before 1.9.20 allows XSS via non-lowercase 
javascript: in the ...)
        TODO: check
 CVE-2016-11018 (An issue was discovered in the Huge-IT gallery-images plugin 
before 1. ...)
-       TODO: check
+       NOT-FOR-US: Huge-IT gallery-images plugin for WordPress
 CVE-2020-7230
        RESERVED
 CVE-2020-7229 (An issue was discovered in Simplejobscript.com SJS before 1.65. 
There  ...)
@@ -1307,7 +1307,7 @@ CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based 
buffer overflow in opj_t1
 CVE-2020-6850
        RESERVED
 CVE-2020-6849 (The marketo-forms-and-tracking plugin through 1.0.2 for 
WordPress allo ...)
-       TODO: check
+       NOT-FOR-US: marketo-forms-and-tracking plugin for WordPress
 CVE-2020-6848 (Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka 
Device Na ...)
        NOT-FOR-US: Axper Vision II 4 devices
 CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that 
is exec ...)
@@ -13271,7 +13271,7 @@ CVE-2019-19594 
(reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adob
 CVE-2019-19593
        RESERVED
 CVE-2019-19592 (Jama Connect 8.44.0 has XSS via the "Import File and 
Destination" tab  ...)
-       TODO: check
+       NOT-FOR-US: Jama Connect
 CVE-2019-19591
        RESERVED
 CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the 
variable  ...)
@@ -13881,7 +13881,7 @@ CVE-2020-1842
 CVE-2020-1841
        RESERVED
 CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 
10.0.0.175(C00E ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2020-1839
        RESERVED
 CVE-2020-1838
@@ -14112,7 +14112,7 @@ CVE-2019-19413
 CVE-2019-19412
        RESERVED
 CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, 
V500R00 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-19410
        RESERVED
 CVE-2019-19409
@@ -30560,13 +30560,13 @@ CVE-2019-14770 (In Backdrop CMS 1.12.x before 1.12.8 
and 1.13.x before 1.13.3, s
 CVE-2019-14769 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 
doesn't suf ...)
        - backdrop <itp> (bug #914257)
 CVE-2019-14768 (An Arbitrary File Upload issue in the file browser of DIMO 
YellowBox C ...)
-       TODO: check
+       NOT-FOR-US: DIMO YellowBox CRM
 CVE-2019-14767 (In DIMO YellowBox CRM before 6.3.4, Path Traversal in 
images/Apparence ...)
-       TODO: check
+       NOT-FOR-US: DIMO YellowBox CRM
 CVE-2019-14766 (Path Traversal in the file browser of DIMO YellowBox CRM 
before 6.3.4  ...)
-       TODO: check
+       NOT-FOR-US: DIMO YellowBox CRM
 CVE-2019-14765 (Incorrect Access Control in AfficheExplorateurParam() in DIMO 
YellowBo ...)
-       TODO: check
+       NOT-FOR-US: DIMO YellowBox CRM
 CVE-2019-14764
        RESERVED
 CVE-2019-14763 (In the Linux kernel before 4.16.4, a double-locking error in 
drivers/u ...)
@@ -43742,7 +43742,7 @@ CVE-2019-10563 (Buffer over-read can occur in fast 
message handler due to improp
 CVE-2019-10562
        RESERVED
 CVE-2019-10561 (Improper initialization of local variables which are 
parameters to sfs ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-10560
        RESERVED
 CVE-2019-10559 (Accessing data buffer beyond the available data while parsing 
ogg clip ...)
@@ -240424,7 +240424,7 @@ CVE-2014-7862 (The DCPluginServelet servlet in 
ManageEngine Desktop Central and
 CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not 
properly v ...)
        NOT-FOR-US: Apple OS X
 CVE-2011-5282 (mIRC prior to 7.22 has a message leak because chopping of 
outbound mes ...)
-       TODO: check
+       NOT-FOR-US: mIRC
 CVE-2008-7314
        RESERVED
 CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel 
through 3 ...)
@@ -283566,7 +283566,7 @@ CVE-2012-5192 (Directory traversal vulnerability in 
gmap/view_overlay.php in Bit
 CVE-2012-5191
        RESERVED
 CVE-2012-5190 (Prizm Content Connect 5.1 has an Arbitrary File Upload 
Vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Prizm Content Connect
 CVE-2012-5189
        REJECTED
 CVE-2012-5188 (Untrusted search path vulnerability in mora Downloader before 
1.0.0.1  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dfa75500869e9d28cbda94d2a0609d1125bf9344

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/dfa75500869e9d28cbda94d2a0609d1125bf9344
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to