[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Thu, 19 Mar 2020 13:26:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6e0eb05f by Salvatore Bonaccorso at 2020-03-19T21:25:44+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2020-10679
        RESERVED
 CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running 
on-premises A ...)
-       TODO: check
+       NOT-FOR-US: Octopus Deploy
 CVE-2020-10677
        RESERVED
 CVE-2020-10676
@@ -13,15 +13,15 @@ CVE-2020-10673 (FasterXML jackson-databind 2.x before 
2.9.10.4 mishandles the in
 CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the 
interact ...)
        TODO: check
 CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's web application 
is missi ...)
-       TODO: check
+       NOT-FOR-US: Canon
 CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500 
4.0.0.0 pri ...)
-       TODO: check
+       NOT-FOR-US: Canon
 CVE-2020-10669
        RESERVED
 CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 
4.0.0.0 pri ...)
-       TODO: check
+       NOT-FOR-US: Canon
 CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 
4.0.0.0 pri ...)
-       TODO: check
+       NOT-FOR-US: Canon
 CVE-2020-10666
        RESERVED
 CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary 
OS comman ...)
@@ -44,35 +44,35 @@ CVE-2019-20529 (In 
core/doctype/prepared_report/prepared_report.py in Frappe 11
 CVE-2019-20528 (Ignite Realtime Openfire 4.4.1 allows XSS via the 
setup/setup-datasour ...)
        NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-20527 (Ignite Realtime Openfire 4.4.1 allows XSS via the 
setup/setup-datasour ...)
-       TODO: check
+       NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-20526 (Ignite Realtime Openfire 4.4.1 allows XSS via the 
setup/setup-datasour ...)
-       TODO: check
+       NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-20525 (Ignite Realtime Openfire 4.4.1 allows XSS via the 
setup/setup-datasour ...)
-       TODO: check
+       NOT-FOR-US: Ignite Realtime Openfire
 CVE-2019-20524 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index 
Banner param ...)
-       TODO: check
+       NOT-FOR-US: ilchCMS
 CVE-2019-20523 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name 
paramet ...)
-       TODO: check
+       NOT-FOR-US: ilchCMS
 CVE-2019-20522 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link 
paramet ...)
-       TODO: check
+       NOT-FOR-US: ilchCMS
 CVE-2019-20521 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the 
api/ URI ...)
-       TODO: check
+       NOT-FOR-US: ERPNext
 CVE-2019-20520 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the 
api/meth ...)
-       TODO: check
+       NOT-FOR-US: ERPNext
 CVE-2019-20519 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the 
user/ UR ...)
-       TODO: check
+       NOT-FOR-US: ERPNext
 CVE-2019-20518 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the 
project/ ...)
-       TODO: check
+       NOT-FOR-US: ERPNext
 CVE-2019-20517 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the 
contact/ ...)
-       TODO: check
+       NOT-FOR-US: ERPNext
 CVE-2019-20516 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the 
blog/ UR ...)
-       TODO: check
+       NOT-FOR-US: ERPNext
 CVE-2019-20515 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the 
addresse ...)
-       TODO: check
+       NOT-FOR-US: ERPNext
 CVE-2019-20514 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the 
address/ ...)
-       TODO: check
+       NOT-FOR-US: ERPNext
 CVE-2019-20513 (Open edX Ironwood.1 allows support/certificates?user= 
reflected XSS. ...)
-       TODO: check
+       NOT-FOR-US: Open edX Ironwood.1
 CVE-2019-20512 (Open edX Ironwood.1 allows support/certificates?course_id= 
reflected X ...)
        NOT-FOR-US: Open edX Ironwood.1
 CVE-2019-20511 (ERPNext 11.1.47 allows blog?blog_category= Frame Injection. 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e0eb05f4719006983c3413ee0c51f7054507829

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e0eb05f4719006983c3413ee0c51f7054507829
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to