Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f44a8b6b by Salvatore Bonaccorso at 2020-11-16T21:40:24+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -333,7 +333,7 @@ CVE-2020-28725
 CVE-2020-28724
        RESERVED
 CVE-2020-28723 (Memory leak in IPv6Param::setAddress in CloudAvid PParam 
1.3.1. ...)
-       TODO: check
+       NOT-FOR-US: CloudAvid
 CVE-2020-28722
        RESERVED
 CVE-2020-28721
@@ -395,7 +395,7 @@ CVE-2020-28694
 CVE-2020-28693
        RESERVED
 CVE-2020-28692 (In Gila CMS 1.16.0, an attacker can upload a shell to tmp 
directy and  ...)
-       TODO: check
+       NOT-FOR-US: Gila CMS
 CVE-2020-28691
        RESERVED
 CVE-2020-28690
@@ -4558,13 +4558,13 @@ CVE-2020-27993 (Hrsale 2.0.0 allows 
download?type=files&filename=../ directo
 CVE-2020-27992 (Dr.Fone 3.0.0 allows local users to gain privileges via a 
Trojan horse ...)
        NOT-FOR-US: Dr.Fone
 CVE-2020-27991 (Nagios XI before 5.7.5 is vulnerable to XSS in Account 
Information (Em ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2020-27990 (Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment 
tool (ad ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2020-27989 (Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools 
(Edit D ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2020-27988 (Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users 
(Username  ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2020-27987
        RESERVED
 CVE-2020-27986 (** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers 
to discov ...)
@@ -5898,11 +5898,11 @@ CVE-2020-27631
 CVE-2020-27630
        RESERVED
 CVE-2020-27629 (In JetBrains TeamCity before 2020.1.5, secure dependency 
parameters co ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2020-27628 (In JetBrains TeamCity before 2020.1.5, the Guest user had 
access to au ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2020-27627 (JetBrains TeamCity before 2020.1.2 was vulnerable to URL 
injection. ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2020-27626 (JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. 
...)
        TODO: check
 CVE-2020-27625 (In JetBrains YouTrack before 2020.3.888, notifications might 
have ment ...)
@@ -6290,7 +6290,7 @@ CVE-2020-27461
 CVE-2020-27460
        RESERVED
 CVE-2020-27459 (Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when 
inserting a ...)
-       TODO: check
+       NOT-FOR-US: Chronoforeum
 CVE-2020-27458
        RESERVED
 CVE-2020-27457
@@ -6362,9 +6362,9 @@ CVE-2020-27425
 CVE-2020-27424
        RESERVED
 CVE-2020-27423 (Anuko Time Tracker v1.19.23.5311 lacks rate limit on the 
password rese ...)
-       TODO: check
+       NOT-FOR-US: Anuko Time Tracker
 CVE-2020-27422 (In Anuko Time Tracker v1.19.23.5311, the password reset link 
emailed t ...)
-       TODO: check
+       NOT-FOR-US: Anuko Time Tracker
 CVE-2020-27421
        RESERVED
 CVE-2020-27420
@@ -6831,7 +6831,7 @@ CVE-2020-27193 (A cross-site scripting (XSS) 
vulnerability in the Color Dialog p
 CVE-2020-27192
        RESERVED
 CVE-2020-27191 (LionWiki before 3.2.12 allows an unauthenticated user to read 
files as ...)
-       TODO: check
+       NOT-FOR-US: LionWiki
 CVE-2020-27194 (An issue was discovered in the Linux kernel before 5.8.15. 
scalar32_mi ...)
        - linux 5.9.1-1
        [buster] - linux <not-affected> (Vulnerable code not present)
@@ -8295,11 +8295,11 @@ CVE-2020-26512
 CVE-2020-26511 (The wpo365-login plugin before v11.7 for WordPress allows use 
of a sym ...)
        NOT-FOR-US: wpo365-login plugin for WordPress
 CVE-2020-26510 (Airleader Master &lt;= 6.21 devices have default credentials 
that can  ...)
-       TODO: check
+       NOT-FOR-US: Airleader Master
 CVE-2020-26509 (Airleader Master and Easy &lt;= 6.21 devices have default 
credentials  ...)
-       TODO: check
+       NOT-FOR-US: Airleader Master and Easy
 CVE-2020-26508 (The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 
devices all ...)
-       TODO: check
+       NOT-FOR-US: Canon devices
 CVE-2020-26507 (A CSV Injection (also known as Formula Injection) 
vulnerability in the ...)
        NOT-FOR-US: Marmind web application
 CVE-2020-26506 (An Authorization Bypass vulnerability in the Marmind web 
application w ...)
@@ -9486,7 +9486,7 @@ CVE-2020-25954
 CVE-2020-25953
        RESERVED
 CVE-2020-25952 (SQL injection vulnerability in PHPGurukul User Registration 
&amp; Logi ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul
 CVE-2020-25951
        RESERVED
 CVE-2020-25950



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f44a8b6b894706328c8c02805c1a83cd68a94bdc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f44a8b6b894706328c8c02805c1a83cd68a94bdc
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to