[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Tue, 28 Apr 2020 14:20:23 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0e790657 by Salvatore Bonaccorso at 2020-04-28T23:19:22+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -772,7 +772,7 @@ CVE-2020-12137 (GNU Mailman 2.x before 2.1.30 uses the .obj 
extension for scrubb
 CVE-2020-12079 (Beaker before 0.8.9 allows a sandbox escape, enabling system 
access an ...)
        TODO: check
 CVE-2020-12078 (An issue was discovered in Open-AudIT 3.3.1. There is shell 
metacharac ...)
-       TODO: check
+       NOT-FOR-US: Open-AudIT
 CVE-2020-12077 (The mappress-google-maps-for-wordpress plugin before 2.53.9 
for WordPr ...)
        NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress
 CVE-2020-12076 (The data-tables-generator-by-supsystic plugin before 1.9.92 
for WordPr ...)
@@ -6784,7 +6784,7 @@ CVE-2020-10095
 CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x 
before LW7 ...)
        TODO: check
 CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910 
series in ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting 
vulnerab ...)
        - gitlab <not-affected> (Only affects Gitlab 12.1 and later)
        NOTE: 
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
@@ -17212,23 +17212,23 @@ CVE-2020-5572
 CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and 
earlier, AQ ...)
        NOT-FOR-US: SHARP AQUOS
 CVE-2020-5570 (Cross-site scripting vulnerability in Sales Force Assistant 
version 11 ...)
-       TODO: check
+       NOT-FOR-US: Sales Force Assistant
 CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password 
tool (for ...)
        NOT-FOR-US: HDD Password tool (CANVIO)
 CVE-2020-5568 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 
5.0.0 all ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Garoon
 CVE-2020-5567 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 
4.10.3 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Garoon
 CVE-2020-5566 (Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 
4.10.3  ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Garoon
 CVE-2020-5565 (Improper input validation vulnerability in Cybozu Garoon 4.0.0 
to 4.10 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Garoon
 CVE-2020-5564 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 
4.10.3 al ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Garoon
 CVE-2020-5563 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 
4.10.3 ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Garoon
 CVE-2020-5562 (Server-side request forgery (SSRF) vulnerability in Cybozu 
Garoon 4.6. ...)
-       TODO: check
+       NOT-FOR-US: Cybozu Garoon
 CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute 
arbitrary OS ...)
        NOT-FOR-US: Keijiban Tsumiki
 CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute 
arbitrary OS c ...)
@@ -21536,7 +21536,7 @@ CVE-2019-20004 (An issue was discovered on Intelbras 
IWR 3000N 1.8.7 devices. Wh
 CVE-2019-20003 (Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 
allows Stored ...)
        NOT-FOR-US: Feldtech easescreen Crystal 9.0 Web-Services
 CVE-2019-20002 (Formula Injection exists in the export feature in SolarWinds 
WebHelpDe ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds WebHelpDesk
 CVE-2019-20001
        RESERVED
 CVE-2019-20000 (The malware scan function in BullGuard Premium Protection 
20.0.371.8 h ...)
@@ -42881,7 +42881,7 @@ CVE-2019-15236
 CVE-2019-15235 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 
allows an att ...)
        NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
 CVE-2019-15234 (SHAREit through 4.0.6.177 does not check the full message 
length from  ...)
-       TODO: check
+       NOT-FOR-US: SHAREit
 CVE-2019-15233 (The Live:Text Box macro in the Old Street Live Input Macros 
app before ...)
        NOT-FOR-US: Old Street Live Input Macros app for Confluence
 CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because 
GenericMediaSer ...)
@@ -43985,7 +43985,7 @@ CVE-2019-14942 [Insecure Cookie Handling on GitLab 
Pages]
        - gitlab 12.6.8-3 (bug #934708)
        NOTE: 
https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
 CVE-2019-14941 (SHAREit through 4.0.6.177 does not check the body length from 
the rece ...)
-       TODO: check
+       NOT-FOR-US: SHAREit
 CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a 
user of  ...)
        NOT-FOR-US: Storage Performance Development Kit
 CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 
2.17.1 for N ...)
@@ -62992,7 +62992,7 @@ CVE-2019-9185 (Controller/Async/FilesystemManager.php 
in the filemanager in Bolt
 CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 
3.3.7 for ...)
        NOT-FOR-US: J2Store plugin for Joomla!
 CVE-2019-9183 (An issue was discovered in Contiki-NG through 4.3 and Contiki 
through  ...)
-       TODO: check
+       NOT-FOR-US: Contiki-NG
 CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a 
/admin015/save.php?act=e ...)
        NOT-FOR-US: ZZZCMS
 CVE-2019-9181 (SchoolCMS version 2.3.1 allows file upload via the logo upload 
feature ...)
@@ -65351,7 +65351,7 @@ CVE-2019-8361 (PHP Scripts Mall Responsive Video News 
Script has XSS via the Sea
 CVE-2019-8360 (Themerig Find a Place CMS Directory 1.5 has SQL Injection via 
the find ...)
        NOT-FOR-US: Themerig Find a Place CMS Directory
 CVE-2019-8359 (An issue was discovered in Contiki-NG through 4.3 and Contiki 
through  ...)
-       TODO: check
+       NOT-FOR-US: Contiki-NG
 CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do 
directory t ...)
        NOT-FOR-US: Hiawatha
 CVE-2019-8357 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in 
effect_i_dsp.c  ...)
@@ -69075,7 +69075,7 @@ CVE-2019-6861
 CVE-2019-6860
        RESERVED
 CVE-2019-6859 (A CWE-798: Use of Hardcoded Credentials vulnerability exists in 
Modico ...)
-       TODO: check
+       NOT-FOR-US: Modicon
 CVE-2019-6858 (A CWE-427:Uncontrolled Search Path Element vulnerability exists 
in MSX ...)
        NOT-FOR-US: MSX Configurator
 CVE-2019-6857 (A CWE-754: Improper Check for Unusual or Exceptional Conditions 
vulner ...)
@@ -73074,9 +73074,9 @@ CVE-2019-5305 (The image processing module of some 
Huawei Mate 10 smartphones ve
 CVE-2019-5304 (Some Huawei products have a buffer error vulnerability. An 
unauthentic ...)
        NOT-FOR-US: Huawei
 CVE-2019-5303 (There are two denial of service vulnerabilities on some Huawei 
smartph ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5302 (There are two denial of service vulnerabilities on some Huawei 
smartph ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5301 (Huawei smart phones Honor V20 with the versions before 
9.0.1.161(C00E1 ...)
        NOT-FOR-US: Huawei
 CVE-2019-5300 (There is a digital signature verification bypass vulnerability 
in AR12 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e790657953224c2dc88b5202156287813e0ea0d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e790657953224c2dc88b5202156287813e0ea0d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to