[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Thu, 11 Jun 2020 13:20:26 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
02ec6e09 by Salvatore Bonaccorso at 2020-06-11T22:19:45+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,7 +51,7 @@ CVE-2020-14014
 CVE-2020-14013
        RESERVED
 CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a 
Knowledgebase C ...)
-       TODO: check
+       NOT-FOR-US: osTicket
 CVE-2020-14011
        RESERVED
 CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected 
XSS via t ...)
@@ -79,11 +79,11 @@ CVE-2020-14000
 CVE-2020-13999
        RESERVED
 CVE-2020-13998 (** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, 
when 2FA  ...)
-       TODO: check
+       NOT-FOR-US: Citrix
 CVE-2020-13997
        RESERVED
 CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL 
injection at ...)
-       TODO: check
+       NOT-FOR-US: J2Store plugin for Joomla!
 CVE-2020-13995
        RESERVED
 CVE-2020-13994
@@ -256,7 +256,7 @@ CVE-2020-13913
 CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows 
local users  ...)
        NOT-FOR-US: SolarWinds Advanced Monitoring Agent
 CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger 
XSS via a ...)
-       TODO: check
+       NOT-FOR-US: Your Online Shop
 CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds 
read in nf ...)
        NOT-FOR-US: Pengutronix Barebox
 CVE-2020-13909 (The Ignition page before 2.0.5 for Laravel mishandles globals, 
_get, _ ...)
@@ -266,9 +266,9 @@ CVE-2020-13908
 CVE-2020-13907
        RESERVED
 CVE-2020-13906 (IrfanView 4.54 allows a user-mode write access violation 
starting at F ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation 
starting at F ...)
-       TODO: check
+       NOT-FOR-US: IrfanView
 CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF 
duration in an  ...)
        - ffmpeg <unfixed>
        NOTE: 
https://patchwork.ffmpeg.org/project/ffmpeg/patch/[email protected]/
@@ -343,7 +343,7 @@ CVE-2020-13874
 CVE-2020-13873
        RESERVED
 CVE-2020-13872 (Royal TS before 5 has a 0.0.0.0 listener, which makes it 
easier for at ...)
-       TODO: check
+       NOT-FOR-US: Royal TS
 CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in 
select.c bec ...)
        - sqlite3 3.32.2-2
        NOTE: Fixed by: https://www.sqlite.org/src/info/79eff1d0383179c4
@@ -381,17 +381,17 @@ CVE-2020-13857
 CVE-2020-13856
        RESERVED
 CVE-2020-13855 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading 
to remot ...)
-       TODO: check
+       NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13854 (Artica Pandora FMS 7.44 allows privilege escalation. ...)
-       TODO: check
+       NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13853 (Artica Pandora FMS 7.44 has persistent XSS in the Messages 
feature. ...)
-       TODO: check
+       NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13852 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading 
to remot ...)
-       TODO: check
+       NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13851 (Artica Pandora FMS 7.44 allows remote command execution via 
the events ...)
-       TODO: check
+       NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13850 (Artica Pandora FMS 7.44 has inadequate access controls on a 
web folder ...)
-       TODO: check
+       NOT-FOR-US: Artica Pandora FMS
 CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout 
value of 1. ...)
        TODO: check
 CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows 
remote attac ...)
@@ -1392,9 +1392,9 @@ CVE-2020-13447
 CVE-2020-13446
        RESERVED
 CVE-2020-13445 (In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix 
pack 92, ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2020-13444 (Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before 
fix pack 9 ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2020-13443
        RESERVED
 CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in 
DEXT5 t ...)
@@ -1874,7 +1874,7 @@ CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 
allows users with the 'Set
 CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded 
.html file ...)
        - dolibarr <removed>
 CVE-2020-13238 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2020-13237
        RESERVED
 CVE-2020-13236
@@ -1907,7 +1907,7 @@ CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site 
scripting (XSS) vulnera
 CVE-2020-13224
        RESERVED
 CVE-2020-13223 (HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 
before 1. ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault
 CVE-2020-13222
        RESERVED
 CVE-2020-13221
@@ -2742,7 +2742,7 @@ CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 
allows an administrator
 CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or 
overwrite e ...)
        NOT-FOR-US: Pydio Cells
 CVE-2020-12850 (The following vulnerability applies only to the Pydio Cells 
Enterprise ...)
-       TODO: check
+       NOT-FOR-US: Pydio Cells
 CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to 
the web ...)
        NOT-FOR-US: Pydio Cells
 CVE-2020-12848 (In Pydio Cells 2.0.4, once an authenticated user shares a file 
selecti ...)
@@ -3004,7 +3004,7 @@ CVE-2020-12759
 CVE-2020-12758
        RESERVED
 CVE-2020-12757 (HashiCorp Vault and Vault Enterprise 1.4.x before 1.4.2 has 
Incorrect  ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault
 CVE-2020-12756
        RESERVED
 CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE 
kio-extras t ...)
@@ -3105,9 +3105,9 @@ CVE-2020-12716
 CVE-2020-12715
        RESERVED
 CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway 
Virtual Applia ...)
-       TODO: check
+       NOT-FOR-US: CipherMail
 CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and 
Profession ...)
-       TODO: check
+       NOT-FOR-US: CipherMail
 CVE-2020-12712 (A vulnerability based on insecure user/password encryption in 
the JOE  ...)
        TODO: check
 CVE-2020-12711
@@ -5959,7 +5959,7 @@ CVE-2020-11800
 CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate 
privile ...)
        NOT-FOR-US: Z-Cron
 CVE-2020-11798 (A Directory Traversal vulnerability in the web conference 
component of ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2020-11797
        RESERVED
 CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password 
authentication imp ...)
@@ -24774,7 +24774,7 @@ CVE-2020-4382
 CVE-2020-4381
        RESERVED
 CVE-2020-4380 (IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site 
scripting.  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than 
expected c ...)
        NOT-FOR-US: IBM
 CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a 
privileged au ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02ec6e0970eed956a3493d96a06e578a98318718

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02ec6e0970eed956a3493d96a06e578a98318718
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to