[Git][security-tracker-team/security-tracker][master] Process several NFUs

Wed, 06 Jan 2021 12:24:14 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a83eb9cc by Salvatore Bonaccorso at 2021-01-06T21:23:16+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18375,11 +18375,11 @@ CVE-2020-27287
 CVE-2020-27286
        RESERVED
 CVE-2020-27285 (The default configuration of Crimson 3.1 (Build versions prior 
to 3119 ...)
-       TODO: check
+       NOT-FOR-US: Crimson
 CVE-2020-27284
        RESERVED
 CVE-2020-27283 (An attacker could send a specially crafted message to Crimson 
3.1 (Bui ...)
-       TODO: check
+       NOT-FOR-US: Crimson
 CVE-2020-27282
        RESERVED
 CVE-2020-27281
@@ -18387,7 +18387,7 @@ CVE-2020-27281
 CVE-2020-27280
        RESERVED
 CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in 
the prot ...)
-       TODO: check
+       NOT-FOR-US: Crimson
 CVE-2020-27278
        RESERVED
 CVE-2020-27277
@@ -58420,13 +58420,13 @@ CVE-2019-20511 (ERPNext 11.1.47 allows 
blog?blog_category= Frame Injection. ...)
 CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on 
Windows ...)
        NOT-FOR-US: Entrust Entelligence Security Provider (ESP)
 CVE-2020-10658 (The Proofpoint Insider Threat Management Server (formerly 
ObserveIT Se ...)
-       TODO: check
+       NOT-FOR-US: Proofpoint Insider Threat Management Server
 CVE-2020-10657 (The Proofpoint Insider Threat Management Server (formerly 
ObserveIT Se ...)
-       TODO: check
+       NOT-FOR-US: Proofpoint Insider Threat Management Server
 CVE-2020-10656 (The Proofpoint Insider Threat Management Server (formerly 
ObserveIT Se ...)
-       TODO: check
+       NOT-FOR-US: Proofpoint Insider Threat Management Server
 CVE-2020-10655 (The Proofpoint Insider Threat Management Server (formerly 
ObserveIT Se ...)
-       TODO: check
+       NOT-FOR-US: Proofpoint Insider Threat Management Server
 CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer 
overflow ...)
        NOT-FOR-US: Ping Identity PingID
 CVE-2020-10653
@@ -62603,7 +62603,7 @@ CVE-2012-6721 (Multiple cross-site request forgery 
(CSRF) vulnerabilities in the
 CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in 
SocialEngine be ...)
        NOT-FOR-US: SocialEngine
 CVE-2020-8884 (rcdsvc in the Proofpoint Insider Threat Management Windows 
Agent (form ...)
-       TODO: check
+       NOT-FOR-US: Proofpoint Insider Threat Management Windows Agent
 CVE-2020-8883 (This vulnerability allows remote attackers to disclose 
sensitive infor ...)
        NOT-FOR-US: Foxit Studio Photo
 CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary 
code o ...)
@@ -64462,7 +64462,7 @@ CVE-2020-8161 (A directory traversal vulnerability 
exists in rack < 2.2.0 tha
        NOTE: Required followup: 
https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa
        NOTE: Test: 
https://github.com/rack/rack/commit/775c836bdd25b63340399fea739532d746860a94
 CVE-2020-8160 (MendixSSO <= 2.1.1 contains endpoints that make use of the 
openid h ...)
-       TODO: check
+       NOT-FOR-US: MendixSSO
 CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < 
v1.2.1 th ...)
        - ruby-actionpack-page-caching 1.2.2-1 (bug #960680)
        [buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue)
@@ -92079,7 +92079,7 @@ CVE-2019-16964 (app/call_centers/cmd.php in the Call 
Center Queue Module in Fusi
 CVE-2019-16963
        RESERVED
 CVE-2019-16962 (Zoho ManageEngine Desktop Central 10.0.430 allows HTML 
injection via a ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2019-16961
        RESERVED
 CVE-2019-16960 (SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template 
file wit ...)
@@ -92095,7 +92095,7 @@ CVE-2019-16956 (SolarWinds Web Help Desk 12.7.0 allows 
XSS via the Request Type
 CVE-2019-16955 (SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG 
documen ...)
        NOT-FOR-US: SolarWinds
 CVE-2019-16954 (SolarWinds Web Help Desk 12.7.0 allows HTML injection via a 
Comment in ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2019-16953
        RESERVED
 CVE-2019-16952



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a83eb9cc47d9df55c60856a1bdfa1a30509ef4c3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a83eb9cc47d9df55c60856a1bdfa1a30509ef4c3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to