[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Mon, 22 Jun 2020 22:56:23 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8a134559 by Salvatore Bonaccorso at 2020-06-23T07:55:13+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2020-14983
 CVE-2020-14982
        RESERVED
 CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 
for iOS ha ...)
-       TODO: check
+       NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS
 CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android 
has Miss ...)
-       TODO: check
+       NOT-FOR-US: Sophos Secure Email application for Android
 CVE-2020-14979
        RESERVED
 CVE-2020-14978
@@ -19,21 +19,21 @@ CVE-2020-14975
 CVE-2020-14974
        RESERVED
 CVE-2020-14973 (The loginForm within the general/login.php webpage in 
webTareas 2.0p8  ...)
-       TODO: check
+       NOT-FOR-US: webTareas
 CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay 
Online  ...)
-       TODO: check
+       NOT-FOR-US: Sourcecodester Pisay Online E-Learning System
 CVE-2020-14971
        RESERVED
 CVE-2020-14970
        RESERVED
 CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on 
attribu ...)
-       TODO: check
+       NOT-FOR-US: MISP
 CVE-2020-14968 (An issue was discovered in the jsrsasign package before 8.0.17 
for Nod ...)
-       TODO: check
+       NOT-FOR-US: jsrsasign
 CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18 
for Nod ...)
-       TODO: check
+       NOT-FOR-US: jsrsasign
 CVE-2020-14966 (An issue was discovered in the jsrsasign package through 
8.0.18 for No ...)
-       TODO: check
+       NOT-FOR-US: jsrsasign
 CVE-2020-14965
        RESERVED
 CVE-2020-14964
@@ -1048,7 +1048,7 @@ CVE-2020-14463
 CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box. ...)
        TODO: check
 CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory 
Traversa ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0, 
5.18.1, 5. ...)
        NOT-FOR-US: Mattermost
 CVE-2020-14459 (An issue was discovered in Mattermost Server before 5.19.0. 
Attackers  ...)
@@ -1904,11 +1904,11 @@ CVE-2020-14206
 CVE-2020-14205
        RESERVED
 CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the 
administration portal ...)
-       TODO: check
+       NOT-FOR-US: WebFOCUS Business Intelligence
 CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site 
Request F ...)
-       TODO: check
+       NOT-FOR-US: WebFOCUS Business Intelligence
 CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via 
arbitrar ...)
-       TODO: check
+       NOT-FOR-US: WebFOCUS Business Intelligence
 CVE-2020-14201
        RESERVED
 CVE-2020-14200
@@ -2282,7 +2282,7 @@ CVE-2020-14051
 CVE-2020-14050
        RESERVED
 CVE-2020-14049 (Viber for Windows up to 13.2.0.39 does not properly quote its 
custom U ...)
-       TODO: check
+       NOT-FOR-US: Viber
 CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 
allows remo ...)
        NOT-FOR-US: Zoho
 CVE-2020-14047
@@ -2661,9 +2661,9 @@ CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for 
Bootstrap allows XSS vi
 CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 
allows XSS. ...)
        NOT-FOR-US: Bludit
 CVE-2020-13888 (Kordil EDMS through 2.2.60rc3 allows stored XSS in 
users_edit.php, use ...)
-       TODO: check
+       NOT-FOR-US: Kordil EDMS
 CVE-2020-13887 (documents_add.php in Kordil EDMS through 2.2.60rc3 allows 
Remote Comma ...)
-       TODO: check
+       NOT-FOR-US: Kordil EDMS
 CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) 
module befor ...)
        - libcrypt-perl-perl <itp> (bug #907353)
        NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14
@@ -3363,13 +3363,13 @@ CVE-2020-13642 (An issue was discovered in the 
SiteOrigin Page Builder plugin be
 CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace 
plugin befor ...)
        NOT-FOR-US: Real-Time Find and Replace plugin for WordPress
 CVE-2020-13640 (A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 
and earlie ...)
-       TODO: check
+       NOT-FOR-US: gVectors wpDiscuz plugin for WordPress
 CVE-2020-13639
        RESERVED
 CVE-2020-13638
        RESERVED
 CVE-2020-13637 (An issue was discovered in the stashcat app through 3.9.2 for 
macOS, W ...)
-       TODO: check
+       NOT-FOR-US: stashcat app
 CVE-2020-13636
        RESERVED
 CVE-2020-13635
@@ -3709,7 +3709,7 @@ CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library 
eventmachine in an insecu
 CVE-2020-13481
        RESERVED
 CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection 
via the ...)
-       TODO: check
+       NOT-FOR-US: Verint Workforce Optimization (WFO)
 CVE-2020-13479
        RESERVED
 CVE-2020-13478
@@ -3831,9 +3831,9 @@ CVE-2020-13428 (A heap-based buffer overflow in the 
hxxx_AnnexB_to_xVC function
        NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11
        NOTE: 
http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
 CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in 
admin/users.php?source=add_user v ...)
-       TODO: check
+       NOT-FOR-US: Victor CMS
 CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a 
Cross-Site Reques ...)
-       TODO: check
+       NOT-FOR-US: Multi-Scheduler plugin for WordPress
 CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger 
the Beep  ...)
        NOT-FOR-US: TrackR
 CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows 
Authenticated Lo ...)
@@ -4436,9 +4436,9 @@ CVE-2020-13161
 CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string 
vulnerab ...)
        NOT-FOR-US: AnyDesk
 CVE-2020-13159 (Artica Proxy before 4.30.000000 Community Edition allows OS 
command in ...)
-       TODO: check
+       NOT-FOR-US: Artica Proxy
 CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows 
Directory Tra ...)
-       TODO: check
+       NOT-FOR-US: Artica Proxy
 CVE-2020-13157
        RESERVED
 CVE-2020-13156



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a134559ed88c986a1924a231d2567b67fbf9b86

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a134559ed88c986a1924a231d2567b67fbf9b86
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to