[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso Fri, 31 Jan 2020 03:52:36 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1b2ccf13 by Salvatore Bonaccorso at 2020-01-31T12:51:29+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,13 +7,13 @@ CVE-2020-8498 (XSS exists in the shortcode functionality of 
the GistPress plugin
 CVE-2020-8497
        RESERVED
 CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x 
versions ...)
-       TODO: check
+       NOT-FOR-US: Kronos Web Time and Attendance (webTA)
 CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x 
versions ...)
-       TODO: check
+       NOT-FOR-US: Kronos Web Time and Attendance (webTA)
 CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x 
versions ...)
-       TODO: check
+       NOT-FOR-US: Kronos Web Time and Attendance (webTA)
 CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance 
(webTA) a ...)
-       TODO: check
+       NOT-FOR-US: Kronos Web Time and Attendance (webTA)
 CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 
3.6.10, 3.7  ...)
        - python3.8 <unfixed>
        - python3.7 <unfixed>
@@ -834,7 +834,7 @@ CVE-2020-8097
 CVE-2020-8096
        RESERVED
 CVE-2020-8095 (A vulnerability in the improper handling of junctions before 
deletion  ...)
-       TODO: check
+       NOT-FOR-US: Bitdefender Total Security
 CVE-2020-8094
        RESERVED
 CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in 
Bitdefender A ...)
@@ -6341,7 +6341,7 @@ CVE-2020-5528
 CVE-2020-5527
        RESERVED
 CVE-2020-5526 (The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 
2.0.0 to 2. ...)
-       TODO: check
+       NOT-FOR-US: AWMS Mobile App for Android and iOS
 CVE-2020-5525
        RESERVED
 CVE-2020-5524
@@ -7016,13 +7016,13 @@ CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open 
redirect vulnerability. Authe
 CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them 
to tra ...)
        TODO: check
 CVE-2020-5231 (In Opencast before 7.6 and 8.1, users with the role 
ROLE_COURSE_ADMIN  ...)
-       TODO: check
+       NOT-FOR-US: Opencast
 CVE-2020-5230 (Opencast before 8.1 and 7.6 allows almost arbitrary identifiers 
for me ...)
-       TODO: check
+       NOT-FOR-US: Opencast
 CVE-2020-5229 (Opencast before 8.1 stores passwords using the rather outdated 
and cry ...)
-       TODO: check
+       NOT-FOR-US: Opencast
 CVE-2020-5228 (Opencast before 8.1 and 7.6 allows unauthorized public access 
to all m ...)
-       TODO: check
+       NOT-FOR-US: Opencast
 CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML 
Denial of  ...)
        NOT-FOR-US: Feedgen
 CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. 
The www/e ...)
@@ -7042,7 +7042,7 @@ CVE-2020-5224 (In Django User Sessions 
(django-user-sessions) before 1.7.1, the
 CVE-2020-5223 (In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 
1.3.2, a p ...)
        NOT-FOR-US: PrivateBin
 CVE-2020-5222 (Opencast before 7.6 and 8.1 enables a remember-me cookie based 
on a ha ...)
-       TODO: check
+       NOT-FOR-US: Opencast
 CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated 
user to pe ...)
        NOT-FOR-US: uftpd
 CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups 
to be  ...)
@@ -7094,7 +7094,7 @@ CVE-2020-5208
 CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when 
running behin ...)
        NOT-FOR-US: Ktor
 CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with 
an arb ...)
-       TODO: check
+       NOT-FOR-US: Opencast
 CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in 
Pow.Plu ...)
        NOT-FOR-US: Pow
 CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability 
in hand ...)
@@ -235071,7 +235071,7 @@ CVE-2015-0951 (X-Cart before 5.1.11 allows remote 
authenticated users to read or
 CVE-2015-0950 (Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 
5.1.6  ...)
        NOT-FOR-US: X-Cart
 CVE-2015-0949 (The System Management Mode (SMM) implementation in Dell 
Latitude E6430 ...)
-       TODO: check
+       NOT-FOR-US: System Management Mode (SMM) implementation in various BIOS 
implementations
 CVE-2015-0948
        RESERVED
 CVE-2015-0947
@@ -275184,7 +275184,7 @@ CVE-2013-2501 (Cross-site scripting (XSS) 
vulnerability in the Terillion Reviews
 CVE-2013-2500
        RESERVED
 CVE-2013-2499 (SimpleHRM 2.3 and earlier could allow remote attackers to 
bypass the a ...)
-       TODO: check
+       NOT-FOR-US: SimpleHRM
 CVE-2013-2498 (SQL injection vulnerability in the login page in 
flexycms/modules/user ...)
        NOT-FOR-US: SimpleHRM
 CVE-2013-2497
@@ -275874,7 +275874,7 @@ CVE-2013-2268 (Unspecified vulnerability in the 
MathML implementation in WebKit
 CVE-2012-6534 (Novell Sentinel Log Manager before 1.2.0.3 allows remote 
attackers to  ...)
        NOT-FOR-US: Novell Sentinel Log Manager
 CVE-2013-2267 (PHP Code Injection vulnerability in FUDforum Bulletin Board 
Software 3 ...)
-       TODO: check
+       NOT-FOR-US: FUDforum
 CVE-2013-2266 (libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 
before 9.8.5 ...)
        {DSA-2656-1}
        - bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #704174)
@@ -277206,7 +277206,7 @@ CVE-2013-1868 (Multiple buffer overflows in VideoLAN 
VLC media player 2.0.4 and
        NOTE: http://www.videolan.org/security/sa1301.html
        NOTE: The freetype issue is a harmless NULL deref and won't be fixed
 CVE-2013-1867 (Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite 
Vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Gemalto Tokend
 CVE-2013-1866 (OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite 
Vulnerab ...)
        TODO: check
 CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform 
revocatio ...)
@@ -280763,9 +280763,9 @@ CVE-2013-0741 (Cross-site scripting (XSS) 
vulnerability in imagegen.ashx in Perc
 CVE-2013-0740 (Open redirect vulnerability in Dell OpenManage Server 
Administrator (O ...)
        NOT-FOR-US: Dell OpenManage Server Administrator
 CVE-2013-0739 (Chamilo 1.9.4 has XSS due to improper validation of 
user-supplied inpu ...)
-       TODO: check
+       NOT-FOR-US: Chamilo LMS
 CVE-2013-0738 (Chamilo 1.9.4 has Multiple XSS and HTML Injection 
Vulnerabilities: blo ...)
-       TODO: check
+       NOT-FOR-US: Chamilo LMS
 CVE-2013-0737 (Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and 
earlier a ...)
        NOT-FOR-US: BoltWire
 CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the Ming ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b2ccf13c54e4cdefbce90ccd08800fa5fd09455

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1b2ccf13c54e4cdefbce90ccd08800fa5fd09455
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process more NFUs

Reply via email to