[Git][security-tracker-team/security-tracker][master] Process some NFUs

Mon, 04 Jul 2022 01:35:20 -0700 


Neil Williams pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ebca431c by Neil Williams at 2022-07-04T09:34:51+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -604,7 +604,7 @@ CVE-2017-20125 (A vulnerability classified as critical was 
found in Online Hotel
 CVE-2017-20124 (A vulnerability classified as critical has been found in 
Online Hotel  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2017-20123 (A vulnerability was found in Viscosity 1.6.7. It has been 
classified a ...)
-       TODO: check
+       NOT-FOR-US: Viscosity on Windows and macOS
 CVE-2017-20122 (A vulnerability classified as problematic was found in Bitrix 
Site Man ...)
        NOT-FOR-US: Bitrix Site Manager
 CVE-2022-34734
@@ -115345,7 +115345,7 @@ CVE-2020-28867
 CVE-2020-28866
        RESERVED
 CVE-2020-28865 (An issue was discovered in PowerJob through 3.2.2, allows 
attackers to ...)
-       TODO: check
+       NOT-FOR-US: PowerJob
 CVE-2020-28864 (Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server 
to caus ...)
        NOT-FOR-US: WinSCP
 CVE-2020-28863
@@ -122274,7 +122274,7 @@ CVE-2020-27511 (An issue was discovered in the 
stripTags and unescapeHTML compon
 CVE-2020-27510
        RESERVED
 CVE-2020-27509 (Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up 
to 5.6.11 ...)
-       TODO: check
+       NOT-FOR-US: Galaxkey
 CVE-2020-27508 (In two-factor authentication, the system also sending 2fa 
secret key i ...)
        NOT-FOR-US: Frappe Framework
 CVE-2020-27507
@@ -123737,7 +123737,7 @@ CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has 
an API backdoor that is hard
 CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command 
injection. An  ...)
        NOT-FOR-US: Ruckus
 CVE-2020-26877 (ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect 
URI in a ...)
-       TODO: check
+       NOT-FOR-US: ApiFest OAuth 2.0
 CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows 
remote attac ...)
        NOT-FOR-US: WordPress plugin
 CVE-2020-26875
@@ -127326,7 +127326,7 @@ CVE-2020-25461 (Invalid Memory Access in the 
fxProxyGetter function in moddable/
 CVE-2020-25460
        RESERVED
 CVE-2020-25459 (An issue was discovered in function sync_tree in 
hetero_decision_tree_ ...)
-       TODO: check
+       NOT-FOR-US: FederatedAI/FATE
 CVE-2020-25458
        RESERVED
 CVE-2020-25457
@@ -136856,7 +136856,7 @@ CVE-2020-21163
 CVE-2020-21162
        RESERVED
 CVE-2020-21161 (Cross Site Scripting (XSS) vulnerability in Ruckus Wireless 
ZoneDirect ...)
-       TODO: check
+       NOT-FOR-US: Ruckus
 CVE-2020-21160
        RESERVED
 CVE-2020-21159
@@ -137099,7 +137099,7 @@ CVE-2020-21048 (An issue in the dither.c component of 
libsixel prior to v1.8.4 a
 CVE-2020-21047
        RESERVED
 CVE-2020-21046 (A local privilege escalation vulnerability was identified 
within the " ...)
-       TODO: check
+       NOT-FOR-US: EagleGet for Windows
 CVE-2020-21045
        RESERVED
 CVE-2020-21044
@@ -139469,9 +139469,9 @@ CVE-2020-19899
 CVE-2020-19898
        RESERVED
 CVE-2020-19897 (A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 
allows remot ...)
-       TODO: check
+       NOT-FOR-US: Wuzhicms
 CVE-2020-19896 (File inclusion vulnerability in Minicms v1.9 allows remote 
attackers t ...)
-       TODO: check
+       NOT-FOR-US: MiniCMS
 CVE-2020-19895
        RESERVED
 CVE-2020-19894
@@ -166211,7 +166211,7 @@ CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior 
exposes IOCTL and allows i
 CVE-2020-9755
        RESERVED
 CVE-2020-9754 (NAVER Whale browser mobile app before 1.10.6.2 allows the 
attacker to  ...)
-       TODO: check
+       NOT-FOR-US: Whale Browser
 CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support 
signatur ...)
        NOT-FOR-US: Whale Browser
 CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can 
move a lo ...)
@@ -177990,7 +177990,7 @@ CVE-2020-5182 (The J-BusinessDirectory extension 
before 5.2.9 for Joomla! allows
 CVE-2020-5181
        RESERVED
 CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged 
user to se ...)
-       NOT-FOR-US: Viscosity on Widnows and macOS
+       NOT-FOR-US: Viscosity on Windows and macOS
 CVE-2019-20224 (netflow_get_stats in functions_netflow.php in Pandora FMS 
7.0NG allows ...)
        NOT-FOR-US: Pandora FMS
 CVE-2019-20223 (In Support Incident Tracker (SiT!) 3.67, the id parameter is 
affected  ...)
@@ -425351,7 +425351,8 @@ CVE-2014-3650 (Multiple persistent cross-site 
scripting (XSS) flaws were found i
 CVE-2014-3649 (JBoss AeroGear has reflected XSS via the password field ...)
        NOT-FOR-US: JBoss AeroGear
 CVE-2014-3648 (The simplepush server iterates through the application 
installations a ...)
-       TODO: check
+       NOTE: https://issues.redhat.com/browse/AEROGEAR-6091 (private)
+       TODO: check, if more information becomes available.
 CVE-2014-3647 (arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel 
throug ...)
        {DSA-3060-1}
        - linux 3.16.7-1
@@ -443623,7 +443624,7 @@ CVE-2013-4172 (The Red Hat CloudForms Management 
Engine 5.1 allow remote adminis
 CVE-2013-4171 (Multiple cross-site scripting (XSS) vulnerabilities in Apache 
Roller b ...)
        NOT-FOR-US: Apache Roller
 CVE-2013-4170 (In general, Ember.js escapes or strips any user-supplied 
content befor ...)
-       TODO: check
+       NOT-FOR-US: ember.js
 CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to 
change ...)
        - gdm <removed> (unimportant)
        - gdm3 <not-affected> (Only affected older gdm < 2.21.1)
@@ -443734,7 +443735,8 @@ CVE-2013-4146
 CVE-2013-4145
        REJECTED
 CVE-2013-4144 (There is an object injection vulnerability in swfupload plugin 
for wor ...)
-       TODO: check
+       - libjs-swfupload <removed>
+       NOTE: https://github.com/wordpress/secure-swfupload/issues/1
 CVE-2013-4143 (The (1) checkPasswd and (2) checkGroupXlockPasswds functions in 
xlockm ...)
        - xlockmore <removed>
        NOTE: http://openwall.com/lists/oss-security/2013/07/16/8
@@ -449629,7 +449631,7 @@ CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 
2.2.4 does not properly val
        [squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is 
EOLed)
        NOTE: https://www.openwall.com/lists/oss-security/2013/03/25/7
 CVE-2013-1891 (In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code 
in filem ...)
-       TODO: check
+       NOT-FOR-US: OpenCart
 CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 
Server ...)
        - owncloud <not-affected> (only affecting 5.0 branch)
 CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly handles file descriptors 
which allow ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebca431c2a12a86e255d31a18a3eccb503b4daef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebca431c2a12a86e255d31a18a3eccb503b4daef
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to