[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Thu, 19 Mar 2020 02:00:13 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d2ceff49 by Salvatore Bonaccorso at 2020-03-19T09:59:17+01:00
Process NFUs

- - - - -
0e2ffc26 by Salvatore Bonaccorso at 2020-03-19T09:59:19+01:00
Add CVE-2019-2045{2,3}/ajaxplorer (pydio), itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -687,7 +687,7 @@ CVE-2020-10367
 CVE-2020-10366
        RESERVED
 CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc 
populates the ...)
-       TODO: check
+       NOT-FOR-US: LogicalDoc
 CVE-2020-10364
        RESERVED
 CVE-2020-10363
@@ -2698,7 +2698,7 @@ CVE-2020-9445
 CVE-2020-9444
        RESERVED
 CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an 
Electron web ...)
-       TODO: check
+       NOT-FOR-US: Zulip Desktop (different from itp'ed zulip-server)
 CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions 
for %PRO ...)
        NOT-FOR-US: OpenVPN Connect on Windows
 CVE-2020-9441
@@ -2730,7 +2730,7 @@ CVE-2020-9425
 CVE-2020-9424
        RESERVED
 CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload 
arbitrary fi ...)
-       TODO: check
+       NOT-FOR-US: LogicalDoc
 CVE-2020-9422
        RESERVED
 CVE-2020-9421
@@ -4021,9 +4021,9 @@ CVE-2020-8886
 CVE-2020-8885
        RESERVED
 CVE-2019-20453 (A problem was found in Pydio Core before 8.2.4 and Pydio 
Enterprise be ...)
-       TODO: check
+       - ajaxplorer <itp> (bug #668381)
 CVE-2019-20452 (A problem was found in Pydio Core before 8.2.4 and Pydio 
Enterprise be ...)
-       TODO: check
+       - ajaxplorer <itp> (bug #668381)
 CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the (1)  ...)
        NOT-FOR-US: SocialEngine
 CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in 
SocialEngine be ...)
@@ -7678,11 +7678,11 @@ CVE-2020-7260
 CVE-2020-7259
        RESERVED
 CVE-2020-7258 (Cross site scripting vulnerability in McAfee Network Security 
Manageme ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2020-7257
        RESERVED
 CVE-2020-7256 (Cross site scripting vulnerability in McAfee Network Security 
Manageme ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2020-7255
        RESERVED
 CVE-2020-7254 (Privilege Escalation vulnerability in the command line 
interface in Mc ...)
@@ -8337,7 +8337,7 @@ CVE-2020-7004
 CVE-2020-7003
        RESERVED
 CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and 
prior.  ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2020-7001
        RESERVED
 CVE-2020-7000
@@ -8389,7 +8389,7 @@ CVE-2020-6978
 CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in 
the Ki ...)
        NOT-FOR-US: GE
 CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and 
prior.  ...)
-       TODO: check
+       NOT-FOR-US: Delta Industrial Automation CNCSoft ScreenEditor
 CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 
1.4.3 (820 ...)
        NOT-FOR-US: Digi International ConnectPort LTS 32 MEI
 CVE-2020-6974
@@ -9187,7 +9187,7 @@ CVE-2020-6648
 CVE-2020-6647
        RESERVED
 CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb 
allows a ...)
-       TODO: check
+       NOT-FOR-US: Fortiguard
 CVE-2020-6645
        RESERVED
 CVE-2020-6644
@@ -15393,9 +15393,9 @@ CVE-2020-3953
 CVE-2020-3952
        RESERVED
 CVE-2020-3951 (VMware Workstation (15.x before 15.5.2) and Horizon Client for 
Windows ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2020-3950 (VMware Fusion (11.x before 11.5.2), VMware Remote Console for 
Mac (11. ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2020-3949
        RESERVED
 CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 
15.5.2) and ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ddafc1771ed8099bb83e24c10815d4594dc3ac86...0e2ffc26ec915b96ac14d8cc49bb642a0933ff67

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ddafc1771ed8099bb83e24c10815d4594dc3ac86...0e2ffc26ec915b96ac14d8cc49bb642a0933ff67
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to