[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Thu, 02 Apr 2020 13:30:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3cc8da9c by Salvatore Bonaccorso at 2020-04-02T22:29:43+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80,7 +80,7 @@ CVE-2020-11460
 CVE-2020-11459
        RESERVED
 CVE-2020-11458 (app/Model/feed.php in MISP before 2.4.124 allows 
administrators to cho ...)
-       TODO: check
+       NOT-FOR-US: MISP
 CVE-2020-11457 (pfSense before 2.4.5 has stored XSS in 
system_usermanager_addprivs.php ...)
        NOT-FOR-US: pfSense
 CVE-2020-11456 (LimeSurvey before 4.1.12+200324 has stored XSS in 
application/views/ad ...)
@@ -88,15 +88,15 @@ CVE-2020-11456 (LimeSurvey before 4.1.12+200324 has stored 
XSS in application/vi
 CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains a path traversal 
vulnerabilit ...)
        - limesurvey <itp> (bug #472802)
 CVE-2020-11454 (Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML 
Contain ...)
-       TODO: check
+       NOT-FOR-US: Microstrategy Web
 CVE-2020-11453 (Microstrategy Web 10.4 is vulnerable to Server-Side Request 
Forgery in ...)
-       TODO: check
+       NOT-FOR-US: Microstrategy Web
 CVE-2020-11452 (Microstrategy Web 10.4 includes functionality to allow users 
to import ...)
-       TODO: check
+       NOT-FOR-US: Microstrategy Web
 CVE-2020-11451 (The Upload Visualization plugin in the Microstrategy Web 10.4 
admin pa ...)
-       TODO: check
+       NOT-FOR-US: Microstrategy Web
 CVE-2020-11450 (Microstrategy Web 10.4 exposes the JVM configuration, CPU 
architecture ...)
-       TODO: check
+       NOT-FOR-US: Microstrategy Web
 CVE-2020-11449 (An issue was discovered on Technicolor TC7337 8.89.17 devices. 
An atta ...)
        NOT-FOR-US: Technicolor devices
 CVE-2020-11448
@@ -108,7 +108,7 @@ CVE-2020-11446
 CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote 
attackers to byp ...)
        NOT-FOR-US: TP-Link
 CVE-2020-11444 (Sonatype Nexus Repository Manager 3.x up to and including 
3.21.2 has I ...)
-       TODO: check
+       NOT-FOR-US: Sonatype Nexus Repository Manager
 CVE-2020-11443
        RESERVED
 CVE-2020-11442
@@ -4981,7 +4981,7 @@ CVE-2020-9351 (An issue was discovered in SmartClient 
12.0. If an unauthenticate
 CVE-2020-9350 (Graph Builder in SAS Visual Analytics 8.5 allows XSS via a 
graph templ ...)
        NOT-FOR-US: Graph Builder in SAS Visual Analytics
 CVE-2020-9349 (The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with 
firmwar ...)
-       TODO: check
+       NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP
 CVE-2020-9348
        RESERVED
 CVE-2020-9347 (** DISPUTED ** Zoho ManageEngine Password Manager Pro through 
10.x has ...)
@@ -7151,7 +7151,7 @@ CVE-2020-8425 (Cups Easy (Purchase &amp; Inventory) 1.0 
is vulnerable to CSRF th
 CVE-2020-8424 (Cups Easy (Purchase &amp; Inventory) 1.0 is vulnerable to CSRF 
that le ...)
        NOT-FOR-US: Cups Easy (Purchase & Inventory)
 CVE-2020-8423 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 
(firmwa ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2020-8422 (An authorization issue was discovered in the Credential Manager 
featur ...)
        NOT-FOR-US: Zoho ManageEngine
 CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate 
escaping  ...)
@@ -10729,7 +10729,7 @@ CVE-2020-6854 (A cross-site scripting (XSS) 
vulnerability in the JOC Cockpit com
 CVE-2020-6853
        RESERVED
 CVE-2020-6852 (CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with 
firmware 3. ...)
-       TODO: check
+       NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP
 CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in 
opj_t1_clbl ...)
        {DLA-2081-1}
        - openjpeg2 <unfixed> (bug #950000)
@@ -100320,7 +100320,7 @@ CVE-2018-13373
 CVE-2018-13372
        RESERVED
 CVE-2018-13371 (An external control of system vulnerability in FortiOS may 
allow an au ...)
-       TODO: check
+       NOT-FOR-US: Fortiguard
 CVE-2018-13370
        RESERVED
 CVE-2018-13369



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc8da9c747c9cd71f192a2e5a6ba1dbbc065f7d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cc8da9c747c9cd71f192a2e5a6ba1dbbc065f7d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to