[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Tue, 17 Mar 2020 01:50:27 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b7a712a5 by Salvatore Bonaccorso at 2020-03-17T09:49:04+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1307,7 +1307,7 @@ CVE-2019-20493
 CVE-2019-20492
        RESERVED
 CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual 
mail accoun ...)
-       TODO: check
+       NOT-FOR-US: cPanel
 CVE-2019-20490
        RESERVED
 CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due 
to broke ...)
@@ -2529,9 +2529,9 @@ CVE-2020-9474
 CVE-2020-9473
        RESERVED
 CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and 
consequentl ...)
-       TODO: check
+       NOT-FOR-US: Umbraco CMS
 CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and 
consequen ...)
-       TODO: check
+       NOT-FOR-US: Umbraco
 CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before 
February 2020. ...)
        NOT-FOR-US: Wing FTP Server
 CVE-2020-9469
@@ -2853,9 +2853,9 @@ CVE-2020-9349
 CVE-2020-9348
        RESERVED
 CVE-2020-9347 (Zoho ManageEngine Password Manager Pro through 10.x has a CSV 
Excel Ma ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no 
protectio ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2020-9345
        RESERVED
 CVE-2020-9344
@@ -4158,15 +4158,15 @@ CVE-2020-8789
 CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS 
(and HT ...)
        NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer
 CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions 
prior to ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2020-8786 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions 
prior to ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2020-8785 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions 
prior to ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions 
prior to ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions 
prior to ...)
-       TODO: check
+       NOT-FOR-US: SuiteCRM
 CVE-2019-20450
        RESERVED
 CVE-2019-20449
@@ -5962,7 +5962,7 @@ CVE-2019-20421 (In Jp2Image::readMetadata() in 
jp2image.cpp in Exiv2 0.27.2, an
        NOTE: 
https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8
        NOTE: https://github.com/Exiv2/exiv2/issues/1011
 CVE-2020-7982 (An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 
19.07.0, and ...)
-       TODO: check
+       NOT-FOR-US: OpenWrt
 CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL 
injection whe ...)
        - ruby-geocoder 1.5.1-3 (bug #949870)
        NOTE: 
https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613
@@ -6140,7 +6140,7 @@ CVE-2019-20409
 CVE-2019-20408
        RESERVED
 CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira 
Software ...)
-       TODO: check
+       NOT-FOR-US: Atlassian Jira
 CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows 
operating s ...)
        NOT-FOR-US: Atlassian
 CVE-2019-20405 (The JMX monitoring flag in Atlassian Jira Server and Data 
Center befor ...)
@@ -6172,7 +6172,7 @@ CVE-2020-7918
 CVE-2020-7917
        RESERVED
 CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 
3.2.6.5 ...)
-       TODO: check
+       NOT-FOR-US: LearnPress plugin for WordPress
 CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion 
SAI fie ...)
        NOT-FOR-US: Eaton devices
 CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin 
misconfigur ...)
@@ -7589,7 +7589,7 @@ CVE-2020-7250
 CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID 
field on th ...)
        NOT-FOR-US: SMC D3G0804W devices
 CVE-2020-7248 (libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a 
tagged ...)
-       TODO: check
+       NOT-FOR-US: libubox in OpenWrt
 CVE-2020-XXXX [opensmtpd DoS via opportunistic TLS downgrade]
        - opensmtpd 6.6.2p1-1 (bug #950121)
        [stretch] - opensmtpd 6.0.2p1-2+deb9u2
@@ -10159,7 +10159,7 @@ CVE-2019-20362 (In Teradici PCoIP Agent before 19.08.1 
and PCoIP Client before 1
 CVE-2020-6176
        RESERVED
 CVE-2020-6175 (Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has 
Missin ...)
-       TODO: check
+       NOT-FOR-US: Citrix
 CVE-2020-6174 (TUF (aka The Update Framework) through 0.12.1 has Improper 
Verificatio ...)
        - python-tuf <itp> (bug #934151)
 CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows 
Uncontrolle ...)
@@ -12760,7 +12760,7 @@ CVE-2019-20193
 CVE-2019-20192
        RESERVED
 CVE-2019-20191 (Oxygen XML Editor 21.1.1 allows XXE to read any file. ...)
-       TODO: check
+       NOT-FOR-US: Oxygen XML Editor
 CVE-2019-20190
        RESERVED
 CVE-2019-20189
@@ -15389,7 +15389,7 @@ CVE-2019-20107 (Multiple SQL injection vulnerabilities 
in TestLink through 1.9.1
 CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center 
before ver ...)
        NOT-FOR-US: Atlassian
 CVE-2019-20105 (The EditApplinkServlet resource in the Atlassian Application 
Links plu ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2019-20104 (The OpenID client application in Atlassian Crowd before 
version 3.6.2, ...)
        NOT-FOR-US: Atlassian
 CVE-2019-20103
@@ -15842,7 +15842,7 @@ CVE-2019-19947 (In the Linux kernel through 5.4.6, 
there are information leaks o
 CVE-2019-19946 (The API in Dradis Pro 3.4.1 allows any user to extract the 
content of  ...)
        NOT-FOR-US: Dradis Pro
 CVE-2019-19945 (uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 
has an  ...)
-       TODO: check
+       NOT-FOR-US: uhttpd in OpenWrt
 CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in 
mms/asn1/ber_decode.c ...)
        NOT-FOR-US: libIEC61850
 CVE-2019-19943 (The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web 
Server 3.3 ...)
@@ -15858,7 +15858,7 @@ CVE-2019-19939
 CVE-2019-19938
        RESERVED
 CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to 
restrict eithe ...)
-       TODO: check
+       NOT-FOR-US: JFrog Artifactory
 CVE-2019-19936
        RESERVED
 CVE-2019-19935
@@ -23425,7 +23425,7 @@ CVE-2019-18919
 CVE-2019-18918
        RESERVED
 CVE-2019-18917 (A potential security vulnerability has been identified for 
certain HP  ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2019-18916
        RESERVED
 CVE-2019-18915 (A potential security vulnerability has been identified with 
certain ve ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7a712a53866d7cd1926f72b10d12d9357c6392e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7a712a53866d7cd1926f72b10d12d9357c6392e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to