[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Mon, 31 Aug 2020 14:27:17 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
04909edc by Salvatore Bonaccorso at 2020-08-31T23:26:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -516,7 +516,7 @@ CVE-2020-24788
 CVE-2020-24787
        RESERVED
 CVE-2020-24786 (An issue was discovered in Zoho ManageEngine Exchange Reporter 
Plus be ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2020-24785
        RESERVED
 CVE-2020-24784
@@ -1397,7 +1397,7 @@ CVE-2020-24365
 CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via 
the note ...)
        NOT-FOR-US: MineTime
 CVE-2020-24363 (TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an 
unauthenticat ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next 
plugin befor ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2020-24362
@@ -1418,7 +1418,7 @@ CVE-2020-24356
 CVE-2020-24355
        RESERVED
 CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and 
possibl ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-24353
        RESERVED
 CVE-2020-24352
@@ -1925,7 +1925,7 @@ CVE-2020-24117
 CVE-2020-24116
        RESERVED
 CVE-2020-24115 (In projectworlds Online Book Store 1.0 Use of Hard-coded 
Credentials i ...)
-       TODO: check
+       NOT-FOR-US: projectworlds Online Book Store
 CVE-2020-24114
        RESERVED
 CVE-2020-24113
@@ -1947,7 +1947,7 @@ CVE-2020-24106
 CVE-2020-24105
        RESERVED
 CVE-2020-24104 (XSS on the PIX-Link Repeater/Router LV-WR07 with firmware 
v28K.Router. ...)
-       TODO: check
+       NOT-FOR-US: PIX-Link Repeater/Router LV-WR07
 CVE-2020-24103
        RESERVED
 CVE-2020-24102
@@ -8899,13 +8899,13 @@ CVE-2020-20630
 CVE-2020-20629
        RESERVED
 CVE-2020-20628 (controller/controller-comments.php in WP GDPR plugin through 
2.1.1 has ...)
-       TODO: check
+       NOT-FOR-US: WP GDPR plugin
 CVE-2020-20627 (The includes/gateways/stripe/includes/admin/admin-actions.php 
in GiveW ...)
        NOT-FOR-US: includes/gateways/stripe/includes/admin/admin-actions.php 
in GiveWP plugin for WordPress
 CVE-2020-20626 (lara-google-analytics.php in Lara Google Analytics plugin 
through 2.0. ...)
-       TODO: check
+       NOT-FOR-US: Lara Google Analytics plugin for WordPress
 CVE-2020-20625 (Sliced Invoices plugin for WordPress 3.8.2 and earlier allows 
unauthen ...)
-       TODO: check
+       NOT-FOR-US: Sliced Invoices plugin for WordPress
 CVE-2020-20624
        RESERVED
 CVE-2020-20623
@@ -15251,7 +15251,7 @@ CVE-2020-17467
 CVE-2020-17466 (Turcom TRCwifiZone through 2020-08-10 allows authentication 
bypass by  ...)
        NOT-FOR-US: Turcom TRCwifiZone
 CVE-2020-17465 (Dashboards and progressiveProfileForms in ForgeRock Identity 
Manager b ...)
-       TODO: check
+       NOT-FOR-US: Dashboards and progressiveProfileForms in ForgeRock 
Identity Manager
 CVE-2020-17464
        REJECTED
 CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to 
/pages/it ...)
@@ -19118,7 +19118,7 @@ CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 
8.1.0, when built with CGI su
 CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server 
before 5.1.2  ...)
        NOT-FOR-US: Embedthis GoAhead
 CVE-2020-15687 (Missing access control restrictions in the Hypervisor 
component of the ...)
-       TODO: check
+       NOT-FOR-US: ACRN Project
 CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the 
Linux ker ...)
        - linux 5.2.6-1
        [buster] - linux 4.19.132-1
@@ -24935,25 +24935,25 @@ CVE-2020-13474
 CVE-2020-13473
        RESERVED
 CVE-2020-13472 (The flash memory readout protection in Gigadevice GD32F103 
devices all ...)
-       TODO: check
+       NOT-FOR-US: Gigadevice GD32F103 devices
 CVE-2020-13471 (Apex Microelectronics APM32F103 devices allow physical 
attackers to ex ...)
-       TODO: check
+       NOT-FOR-US: Apex Microelectronics APM32F103 devices
 CVE-2020-13470 (Gigadevice GD32F103 and GD32F130 devices allow physical 
attackers to e ...)
-       TODO: check
+       NOT-FOR-US: Gigadevice GD32F103 and GD32F130 devices
 CVE-2020-13469 (The flash memory readout protection in Gigadevice GD32VF103 
devices al ...)
-       TODO: check
+       NOT-FOR-US: Gigadevice GD32VF103 devices
 CVE-2020-13468 (Gigadevice GD32F130 devices allow physical attackers to 
escalate their ...)
-       TODO: check
+       NOT-FOR-US: Gigadevice GD32F130 devices
 CVE-2020-13467 (The flash memory readout protection in China Key Systems &amp; 
Integra ...)
-       TODO: check
+       NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices
 CVE-2020-13466 (STMicroelectronics STM32F103 devices through 2020-05-20 allow 
physical ...)
-       TODO: check
+       NOT-FOR-US: STMicroelectronics STM32F103 devices
 CVE-2020-13465 (The security protection in Gigadevice GD32F103 devices allows 
physical ...)
-       TODO: check
+       NOT-FOR-US: Gigadevice GD32F103 devices
 CVE-2020-13464 (The flash memory readout protection in China Key Systems &amp; 
Integra ...)
-       TODO: check
+       NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices
 CVE-2020-13463 (The flash memory readout protection in Apex Microelectronics 
APM32F103 ...)
-       TODO: check
+       NOT-FOR-US: Apex Microelectronics APM32F103 devices
 CVE-2020-13462
        RESERVED
 CVE-2020-13461
@@ -27018,13 +27018,13 @@ CVE-2020-12648 (A cross-site scripting (XSS) 
vulnerability in TinyMCE 5.2.1 and
 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 
59.1a.9, and 6 ...)
        NOT-FOR-US: Unisys ALGOL Compiler
 CVE-2020-12646 (OX App Suite 7.10.3 and earlier allows XSS via 
text/x-javascript, text ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2020-12645 (OX App Suite 7.10.1 to 7.10.3 has improper input validation 
for rate l ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2020-12644 (OX App Suite 7.10.3 and earlier allows SSRF, related to the 
mail accou ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2020-12643 (OX App Suite 7.10.3 and earlier has Incorrect Access Control 
via an /a ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x 
before 5. ...)
        NOT-FOR-US: Report Portal
 CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows 
attackers to  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04909edc914e6d9117256cb7da720b7b2fd54dda

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04909edc914e6d9117256cb7da720b7b2fd54dda
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to