[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Wed, 01 Apr 2020 08:33:05 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
80e0571c by Salvatore Bonaccorso at 2020-04-01T17:32:00+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62,7 +62,7 @@ CVE-2020-11416
 CVE-2020-11415
        RESERVED
 CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight 
before  ...)
-       TODO: check
+       NOT-FOR-US: Progress Telerik UI
 CVE-2020-11413
        RESERVED
 CVE-2020-11412
@@ -9605,7 +9605,7 @@ CVE-2020-7265
 CVE-2020-7264
        RESERVED
 CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in 
ENS for W ...)
-       TODO: check
+       NOT-FOR-US: ENS for Windows
 CVE-2020-7262
        RESERVED
 CVE-2020-7261
@@ -12608,7 +12608,7 @@ CVE-2020-6010
 CVE-2020-6009
        RESERVED
 CVE-2020-6008 (LifterLMS Wordpress plugin version below 3.37.15 is vulnerable 
to arbi ...)
-       TODO: check
+       NOT-FOR-US: LifterLMS Wordpress plugin
 CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 
1935144020 ...)
        NOT-FOR-US: Philips Hue Bridge model
 CVE-2020-6006
@@ -14147,7 +14147,7 @@ CVE-2020-5294
 CVE-2020-5293
        RESERVED
 CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL 
Injection vuln ...)
-       TODO: check
+       NOT-FOR-US: Leantime
 CVE-2020-5290
        RESERVED
 CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to 
"guess and  ...)
@@ -45898,7 +45898,7 @@ CVE-2019-13497 (One Identity Cloud Access Manager 
before 8.1.4 Hotfix 1 allows C
 CVE-2019-13496 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows 
OTP byp ...)
        NOT-FOR-US: One Identity Cloud Access Manager
 CVE-2019-13495 (In firmware version 4.50 of Zyxel XGS2210-52HP, multiple 
stored cross- ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x 
before 10.0. ...)
        NOT-FOR-US: Castle Rock SNMPc
 CVE-2019-13493 (In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media 
Library ...)
@@ -53477,7 +53477,7 @@ CVE-2019-10810
 CVE-2019-10809
        RESERVED
 CVE-2019-10808 (utilitify prior to 1.0.3 allows modification of object 
properties. The ...)
-       TODO: check
+       NOT-FOR-US: utilitify
 CVE-2019-10807 (Blamer versions prior to 1.0.1 allows execution of arbitrary 
commands. ...)
        TODO: check
 CVE-2019-10806 (vega-util prior to 1.13.1 allows manipulation of object 
prototype. The ...)
@@ -53904,7 +53904,7 @@ CVE-2019-10684 
(Application/Admin/Controller/ConfigController.class.php in 74cms
 CVE-2019-10683
        RESERVED
 CVE-2019-10682 (django-nopassword before 5.0.0 stores cleartext secrets in the 
databas ...)
-       TODO: check
+       NOT-FOR-US: django-nopassword
 CVE-2019-10681
        RESERVED
 CVE-2019-10680
@@ -77863,7 +77863,7 @@ CVE-2019-2313
 CVE-2019-2312 (When handling the vendor command there exists a potential 
buffer overf ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-2311 (Possible buffer overflow in WLAN handler due to lack of 
validation of  ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-2310 (Out of bound read would occur while trying to read action 
category and ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2019-2309 (While storing calibrated data from firmware in cache, An 
integer overf ...)
@@ -77885,7 +77885,7 @@ CVE-2019-2302 (While processing vendor command which 
contains corrupted channel
 CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not 
in ran ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-2300 (Possible buffer overflow in WLAN handler due to lack of 
validation of  ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2019-2299 (An out-of-bound write can be triggered by a specially-crafted 
command  ...)
        NOT-FOR-US: Snapdragon
 CVE-2019-2298 (Protection is missing while accessing md sessions info via 
macro which ...)
@@ -85703,7 +85703,7 @@ CVE-2018-18896
 CVE-2018-18895
        REJECTED
 CVE-2018-18894 (Certain older Lexmark devices (C, M, X, and 6500e before 
2018-12-18) c ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, 
related to co ...)
        NOT-FOR-US: Jinjava
 CVE-2018-18892 (MiniCMS 1.10 allows execution of arbitrary PHP code via the 
install.ph ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80e0571c7fe35796786fae1a516a6dd3d22c066c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80e0571c7fe35796786fae1a516a6dd3d22c066c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to