[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu, 10 Sep 2020 13:17:11 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3555450e by Salvatore Bonaccorso at 2020-09-10T22:16:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1032,7 +1032,7 @@ CVE-2020-24741
 CVE-2020-24740
        RESERVED
 CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the 
background deleti ...)
-       TODO: check
+       NOT-FOR-US: idreamsoft iCMS
 CVE-2020-24738
        RESERVED
 CVE-2020-24737
@@ -1374,7 +1374,7 @@ CVE-2020-24583 (An issue was discovered in Django 2.2 
before 2.2.16, 3.0 before
        NOTE: 
https://github.com/django/django/commit/08892bffd275c79ee1f8f67639eb170aaaf1181e
 (3.0.10)
        NOTE: 
https://github.com/django/django/commit/375657a71c889c588f723469bd868bd1d40c369f
 (2.2.16)
 CVE-2020-24582 (Zulip Desktop before 5.4.3 allows XSS because string escaping 
is misha ...)
-       TODO: check
+       NOT-FOR-US: Zulip Desktop
 CVE-2020-24581
        RESERVED
 CVE-2020-24580
@@ -1449,7 +1449,7 @@ CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 
allows XSS because tex
        NOTE: https://github.com/golang/go/issues/41165 (1.15 backport)
        NOTE: 
https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting
 CVE-2020-24552 (Atop Technology industrial 3G/4G gateway contains Command 
Injection vu ...)
-       TODO: check
+       NOT-FOR-US: Atop Technology industrial 3G/4G gateway
 CVE-2020-24551
        RESERVED
 CVE-2020-24550
@@ -15820,7 +15820,7 @@ CVE-2020-17410
 CVE-2020-17409
        RESERVED
 CVE-2020-17408 (This vulnerability allows remote attackers to disclose 
sensitive infor ...)
-       TODO: check
+       NOT-FOR-US: NEC
 CVE-2020-17407
        RESERVED
 CVE-2020-17406
@@ -21213,7 +21213,7 @@ CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 
4.3.x before 4.3.101 allow
        NOTE: 
https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
        NOTE: https://bugs.ntp.org/show_bug.cgi?id=3661
 CVE-2020-15024 (An issue was discovered in the Login Password feature of the 
Password  ...)
-       TODO: check
+       NOT-FOR-US: Avast Antivirus
 CVE-2020-15023
        RESERVED
 CVE-2020-15022
@@ -49423,7 +49423,7 @@ CVE-2020-4580
 CVE-2020-4579
        RESERVED
 CVE-2020-4578 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2020-4577
        RESERVED
 CVE-2020-4576



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3555450ec66bc4e8436109932aa14dd537936d24

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3555450ec66bc4e8436109932aa14dd537936d24
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to