[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Tue, 24 Nov 2020 12:31:15 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0865909c by Salvatore Bonaccorso at 2020-11-24T21:29:43+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -89,7 +89,7 @@ CVE-2020-29008
 CVE-2020-29007
        RESERVED
 CVE-2020-29006 (MISP before 2.4.135 lacks an ACL check, related to 
app/Controller/Gala ...)
-       TODO: check
+       NOT-FOR-US: MISP
 CVE-2020-29005
        RESERVED
 CVE-2020-29004
@@ -113,7 +113,7 @@ CVE-2020-28996
 CVE-2020-28995
        RESERVED
 CVE-2020-28994 (A SQL injection vulnerability was discovered in Karenderia 
Multiple Re ...)
-       TODO: check
+       NOT-FOR-US: Karenderia Multiple Restaurant System
 CVE-2020-28993
        RESERVED
 CVE-2020-28992
@@ -694,7 +694,7 @@ CVE-2020-28728
 CVE-2020-28727
        RESERVED
 CVE-2020-28726 (Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 
parameter  ...)
-       TODO: check
+       NOT-FOR-US: SeedDMS
 CVE-2020-28725
        RESERVED
 CVE-2020-28724 (Open redirect vulnerability in werkzeug before 0.11.6 via a 
double sla ...)
@@ -4176,15 +4176,15 @@ CVE-2021-0301
 CVE-2020-28335
        RESERVED
 CVE-2020-28334 (Barco wePresent WiPG-1600W devices use Hard-coded Credentials 
(issue 2 ...)
-       TODO: check
+       NOT-FOR-US: Barco wePresent WiPG-1600W devices
 CVE-2020-28333 (Barco wePresent WiPG-1600W devices allow Authentication 
Bypass. Affect ...)
-       TODO: check
+       NOT-FOR-US: Barco wePresent WiPG-1600W devices
 CVE-2020-28332 (Barco wePresent WiPG-1600W devices download code without an 
Integrity  ...)
-       TODO: check
+       NOT-FOR-US: Barco wePresent WiPG-1600W devices
 CVE-2020-28331 (Barco wePresent WiPG-1600W devices have Improper Access 
Control. Affec ...)
-       TODO: check
+       NOT-FOR-US: Barco wePresent WiPG-1600W devices
 CVE-2020-28330 (Barco wePresent WiPG-1600W devices have Unprotected Transport 
of Crede ...)
-       TODO: check
+       NOT-FOR-US: Barco wePresent WiPG-1600W devices
 CVE-2020-28329
        RESERVED
 CVE-2020-28328 (SuiteCRM before 7.11.17 is vulnerable to remote code execution 
via the ...)
@@ -11217,13 +11217,13 @@ CVE-2020-25477
 CVE-2020-25476
        RESERVED
 CVE-2020-25475 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL 
Injectio ...)
-       TODO: check
+       NOT-FOR-US: SimplePHPscripts News Script PHP Pro
 CVE-2020-25474 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a 
Cross Site S ...)
-       TODO: check
+       NOT-FOR-US: SimplePHPscripts News Script PHP Pro
 CVE-2020-25473 (SimplePHPscripts News Script PHP Pro 2.3 does not properly set 
the Htt ...)
-       TODO: check
+       NOT-FOR-US: SimplePHPscripts News Script PHP Pro
 CVE-2020-25472 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a 
Cross Site R ...)
-       TODO: check
+       NOT-FOR-US: SimplePHPscripts News Script PHP Pro
 CVE-2020-25471
        RESERVED
 CVE-2020-25470 (AntSword 2.1.8.1 contains a cross-site scripting (XSS) 
vulnerability i ...)
@@ -12680,7 +12680,7 @@ CVE-2020-24817
 CVE-2020-24816
        RESERVED
 CVE-2020-24815 (A Server-Side Request Forgery (SSRF) affecting the PDF 
generation in M ...)
-       TODO: check
+       NOT-FOR-US: MicroStrategy
 CVE-2020-24814
        RESERVED
 CVE-2020-24813
@@ -37371,7 +37371,7 @@ CVE-2020-13622 (JerryScript 2.2.0 allows attackers to 
cause a denial of service
 CVE-2020-13621
        RESERVED
 CVE-2020-13620 (Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 
allow CSRF ...)
-       TODO: check
+       NOT-FOR-US: Fastweb FASTGate GPON FGA2130FWB devices
 CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows 
an attack ...)
        NOT-FOR-US: Locutus PHP
 CVE-2020-13618
@@ -53301,7 +53301,7 @@ CVE-2020-7928 (A user authorized to perform database 
queries may trigger a read
        - mongodb <removed>
        NOTE: https://jira.mongodb.org/browse/SERVER-49404
 CVE-2020-7927 (Specially crafted API calls may allow an authenticated user who 
holds  ...)
-       TODO: check
+       NOT-FOR-US: MongoDB Ops Manager
 CVE-2020-7926 (A user authorized to perform database queries may cause denial 
of serv ...)
        - mongodb <removed>
        NOTE: https://jira.mongodb.org/browse/SERVER-50170
@@ -54616,7 +54616,7 @@ CVE-2020-7380
 CVE-2020-7379
        RESERVED
 CVE-2020-7378 (CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers 
from an  ...)
-       TODO: check
+       NOT-FOR-US: CRIXP OpenCRX
 CVE-2020-7377 (The Metasploit Framework module 
"auxiliary/admin/http/telpho10_credent ...)
        NOT-FOR-US: Metasploit Framework module
 CVE-2020-7376 (The Metasploit Framework module "post/osx/gather/enum_osx 
module" is a ...)
@@ -63017,13 +63017,13 @@ CVE-2020-4005 (VMware ESXi (7.0 before 
ESXi70U1b-17168206, 6.7 before ESXi670-20
 CVE-2020-4004 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before 
ESXi670-2020111 ...)
        NOT-FOR-US: VMware
 CVE-2020-4003 (VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior 
to 3.4 ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2020-4002 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 
3.4.4, ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2020-4001 (The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default 
passwords  ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2020-4000 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 
3.4.4, ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2020-3999
        RESERVED
 CVE-2020-3998 (VMware Horizon Client for Windows (5.x prior to 5.5.0) contains 
an inf ...)
@@ -63054,9 +63054,9 @@ CVE-2020-3987 (VMware Workstation (15.x) and Horizon 
Client for Windows (5.x bef
 CVE-2020-3986 (VMware Workstation (15.x) and Horizon Client for Windows (5.x 
before 5 ...)
        NOT-FOR-US: VMware
 CVE-2020-3985 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior 
to 3.4 ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2020-3984 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior 
to 3.4 ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2020-3983
        RESERVED
 CVE-2020-3982 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before 
ESXi670-20 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0865909cfc8fa2c58cfaf11bfbd3e2947f7817ae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0865909cfc8fa2c58cfaf11bfbd3e2947f7817ae
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to