[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Mon, 09 Mar 2020 13:39:57 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b63cc0ba by Salvatore Bonaccorso at 2020-03-09T21:38:52+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1042,7 +1042,7 @@ CVE-2020-9760
 CVE-2020-9759
        RESERVED
 CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 
8.0.1.3 (He ...)
-       TODO: check
+       NOT-FOR-US: LiveZilla Live Chat
 CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows 
Server-Side  ...)
        NOT-FOR-US: Seomatic component for Craft CMS
 CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows 
insuff ...)
@@ -2815,7 +2815,7 @@ CVE-2020-8989 (In the Voatz application 2020-01-01 for 
Android, the amount of da
 CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 
million d ...)
        NOT-FOR-US: Voatz application for Android
 CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 
2.0.0.178 pr ...)
-       TODO: check
+       NOT-FOR-US: Avast AntiTrack
 CVE-2020-8986
        RESERVED
 CVE-2020-8985
@@ -3591,9 +3591,9 @@ CVE-2020-8637
 CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows 
Remote C ...)
        NOT-FOR-US: OpServices OpMon
 CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets 
insecure per ...)
-       TODO: check
+       NOT-FOR-US: Wing FTP Server
 CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets 
insecure per ...)
-       TODO: check
+       NOT-FOR-US: Wing FTP Server
 CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) 
before 8.8 ...)
        NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
 CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in 
cloudinit/config/cc_ ...)
@@ -10964,7 +10964,7 @@ CVE-2020-5329
 CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an 
unauthorized  ...)
        NOT-FOR-US: EMC
 CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 
contain a Ja ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2020-5326 (Affected Dell Client platforms contain a BIOS Setup 
configuration auth ...)
        NOT-FOR-US: Dell
 CVE-2020-5325
@@ -13976,7 +13976,7 @@ CVE-2020-4086
 CVE-2020-4085
        RESERVED
 CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to 
cross-site scri ...)
-       TODO: check
+       NOT-FOR-US: HCL Connections
 CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information 
leakage. Con ...)
        NOT-FOR-US: HCL Connections
 CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site 
script ...)
@@ -14371,7 +14371,7 @@ CVE-2019-20109
 CVE-2019-20108
        RESERVED
 CVE-2019-20107 (Multiple SQL injection vulnerabilities in TestLink through 
1.9.19 allo ...)
-       TODO: check
+       NOT-FOR-US: TestLink
 CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center 
before ver ...)
        NOT-FOR-US: Atlassian
 CVE-2019-20105
@@ -16011,9 +16011,9 @@ CVE-2019-19775 (The image thumbnailing handler in Zulip 
Server versions 1.9.0 to
 CVE-2019-19774 (An issue was discovered in Zoho ManageEngine EventLog Analyzer 
10.0 SP ...)
        NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
 CVE-2019-19773 (Various Lexmark products have stored XSS in the embedded web 
server us ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2019-19772 (Various Lexmark products have reflected XSS in the embedded 
web server ...)
-       TODO: check
+       NOT-FOR-US: Lexmark
 CVE-2019-19771 (The lodahs package 0.0.1 for Node.js is a Trojan horse, and 
may have b ...)
        NOT-FOR-US: lodahs malicious package on npm
 CVE-2019-19830 (_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote 
authent ...)
@@ -18752,7 +18752,7 @@ CVE-2019-19616 (An Insecure Direct Object Reference 
(IDOR) vulnerability in the
 CVE-2019-19615
        RESERVED
 CVE-2019-19614 (An issue was discovered in Halvotec RAQuest 10.23.10801.0. The 
login p ...)
-       TODO: check
+       NOT-FOR-US: Halvotec RAQuest
 CVE-2019-19613
        RESERVED
 CVE-2019-19612
@@ -19469,57 +19469,57 @@ CVE-2020-2161
 CVE-2020-2160
        RESERVED
 CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers 
with Job ...)
-       TODO: check
+       NOT-FOR-US: Jenkins CryptoMove Plugin
 CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its 
YAML pa ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Literate Plugin
 CVE-2020-2157 (Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits 
configured c ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Skytap Cloud CI Plugin
 CVE-2020-2156 (Jenkins DeployHub Plugin 8.0.14 and earlier transmits 
configured crede ...)
-       TODO: check
+       NOT-FOR-US: Jenkins DeployHub Plugin
 CVE-2020-2155 (Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits 
configur ...)
-       TODO: check
+       NOT-FOR-US: Jenkins OpenShift Deployer Plugin
 CVE-2020-2154 (Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier 
stores  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Zephyr for JIRA Test Management Plugin
 CVE-2020-2153 (Jenkins Backlog Plugin 2.4 and earlier transmits configured 
credential ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Backlog Plugin
 CVE-2020-2152 (Jenkins Subversion Release Manager Plugin 1.2 and earlier does 
not esc ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Subversion Release Manager Plugin
 CVE-2020-2151 (Jenkins Quality Gates Plugin 2.5 and earlier transmits 
configured cred ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Quality Gates Plugin
 CVE-2020-2150 (Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits 
configu ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Sonar Quality Gates Plugin
 CVE-2020-2149 (Jenkins Repository Connector Plugin 1.2.6 and earlier transmits 
config ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Repository Connector Plugin
 CVE-2020-2148 (A missing permission check in Jenkins Mac Plugin 1.1.0 and 
earlier all ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Mac Plugin
 CVE-2020-2147 (A cross-site request forgery vulnerability in Jenkins Mac 
Plugin 1.1.0 ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Mac Plugin
 CVE-2020-2146 (Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host 
keys w ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Mac Plugin
 CVE-2020-2145 (Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and 
earlier sto ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Zephyr Enterprise Test Management Plugin
 CVE-2020-2144 (Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its 
XML pa ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Rundeck Plugin
 CVE-2020-2143 (Jenkins Logstash Plugin 2.3.1 and earlier transmits configured 
credent ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Logstash Plugin
 CVE-2020-2142 (A missing permission check in Jenkins P4 Plugin 1.10.10 and 
earlier al ...)
-       TODO: check
+       NOT-FOR-US: Jenkins P4 Plugin
 CVE-2020-2141 (A cross-site request forgery vulnerability in Jenkins P4 Plugin 
1.10.1 ...)
-       TODO: check
+       NOT-FOR-US: Jenkins P4 Plugin
 CVE-2020-2140 (Jenkins Audit Trail Plugin 3.2 and earlier does not escape the 
error m ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Audit Trail Plugin
 CVE-2020-2139 (An arbitrary file write vulnerability in Jenkins Cobertura 
Plugin 1.15 ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Cobertura Plugin
 CVE-2020-2138 (Jenkins Cobertura Plugin 1.15 and earlier does not configure 
its XML p ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Cobertura Plugin
 CVE-2020-2137 (Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize 
HTML f ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Timestamper Plugin
 CVE-2020-2136 (Jenkins Git Plugin 4.2.0 and earlier does not escape the error 
message ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Git Plugin
 CVE-2020-2135 (Sandbox protection in Jenkins Script Security Plugin 1.70 and 
earlier  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Script Security Plugin
 CVE-2020-2134 (Sandbox protection in Jenkins Script Security Plugin 1.70 and 
earlier  ...)
-       TODO: check
+       NOT-FOR-US: Jenkins Script Security Plugin
 CVE-2020-2133 (Jenkins Applatix Plugin 1.1 and earlier stores a password 
unencrypted  ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2020-2132 (Jenkins Parasoft Environment Manager Plugin 2.14 and earlier 
stores a  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b63cc0ba007ee1d6c9dd3d54ca4f118f56848aba

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b63cc0ba007ee1d6c9dd3d54ca4f118f56848aba
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to