[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Fri, 02 Oct 2020 01:25:28 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
52f07ea7 by Salvatore Bonaccorso at 2020-10-02T10:23:45+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2020-26526
 CVE-2020-26525
        RESERVED
 CVE-2020-26524 (CodeLathe FileCloud before 20.2.0.11915 allows username 
enumeration. ...)
-       TODO: check
+       NOT-FOR-US: CodeLathe FileCloud
 CVE-2020-26523 (Froala Editor before 3.2.2 allows XSS via pasted content. ...)
-       TODO: check
+       NOT-FOR-US: Froala Editor
 CVE-2020-26522
        RESERVED
 CVE-2020-26521
@@ -17,7 +17,7 @@ CVE-2020-26520
 CVE-2020-26519 (fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during 
pixmap si ...)
        TODO: check
 CVE-2020-26518 (Artica Pandora FMS before 743 allows unauthenticated attackers 
to cond ...)
-       TODO: check
+       NOT-FOR-US: Artica Pandora FMS
 CVE-2020-26517
        RESERVED
 CVE-2020-26516
@@ -22798,7 +22798,7 @@ CVE-2019-20904
 CVE-2019-20903 (The hyperlinks functionality in atlaskit/editor-core in before 
version ...)
        TODO: check
 CVE-2019-20902 (Upgrading Crowd via XML Data Transfer can reactivate a 
disabled user f ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2019-20901 (The login.jsp resource in Jira before version 8.5.2, and from 
version  ...)
        NOT-FOR-US: Atlassian
 CVE-2019-20900 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
@@ -26412,7 +26412,7 @@ CVE-2020-14225
 CVE-2020-14224
        RESERVED
 CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to 
cross-site scri ...)
-       TODO: check
+       NOT-FOR-US: HCL Digital Experience
 CVE-2020-14222
        RESERVED
 CVE-2020-14221
@@ -27184,7 +27184,7 @@ CVE-2020-13941 (Reported in SOLR-14515 (private) and 
fixed in SOLR-14561 (public
        NOTE: https://issues.apache.org/jira/browse/SOLR-14561
        NOTE: 
https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2
 CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service 
manager and v ...)
-       TODO: check
+       NOT-FOR-US: Apache NiFi
 CVE-2020-13939
        RESERVED
 CVE-2020-13938
@@ -29836,9 +29836,9 @@ CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 
and/or 2.0.7 loads obsolet
 CVE-2020-12871
        RESERVED
 CVE-2020-12870 (RainbowFish PacsOne Server 6.8.4 allows SQL injection on the 
username  ...)
-       TODO: check
+       NOT-FOR-US: RainbowFish PacsOne Server
 CVE-2020-12869 (RainbowFish PacsOne Server 6.8.4 allows XSS. ...)
-       TODO: check
+       NOT-FOR-US: RainbowFish PacsOne Server
 CVE-2020-12868
        RESERVED
 CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE 
Backends be ...)
@@ -30306,7 +30306,7 @@ CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 
1.1 for iOS allows a remot
 CVE-2020-12716
        RESERVED
 CVE-2020-12715 (RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. 
...)
-       TODO: check
+       NOT-FOR-US: RainbowFish PacsOne Server
 CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway 
Virtual Applia ...)
        NOT-FOR-US: CipherMail
 CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and 
Profession ...)
@@ -39987,7 +39987,7 @@ CVE-2020-9493
 CVE-2020-9492
        RESERVED
 CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were 
protected by  ...)
-       TODO: check
+       NOT-FOR-US: Apache NiFi
 CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially 
crafted valu ...)
        {DSA-4757-1}
        - apache2 2.4.46-1
@@ -40012,9 +40012,9 @@ CVE-2020-9488 (Improper validation of certificate with 
host mismatch in Apache L
        NOTE: 
https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b
 (release-2.x)
        NOTE: 
https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb
 (master)
 CVE-2020-9487 (In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token 
(one-time pass ...)
-       TODO: check
+       NOT-FOR-US: Apache NiFi
 CVE-2020-9486 (In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution 
engine p ...)
-       TODO: check
+       NOT-FOR-US: Apache NiFi
 CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and 
below. A sto ...)
        - airflow <itp> (bug #819700)
 CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 
9.0.0.M1 to  ...)
@@ -43416,7 +43416,7 @@ CVE-2020-8111
 CVE-2020-8110
        RESERVED
 CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that 
results ...)
-       TODO: check
+       NOT-FOR-US: Bitdefender
 CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint 
Security ...)
        NOT-FOR-US: Bitdefender
 CVE-2020-8107
@@ -47007,7 +47007,7 @@ CVE-2020-6656
 CVE-2020-6655
        RESERVED
 CVE-2020-6654 (A DLL Hijacking vulnerability in Eaton's 9000x Programming and 
Configu ...)
-       TODO: check
+       NOT-FOR-US: Eaton
 CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 &amp; prior stores the 
user l ...)
        NOT-FOR-US: Eaton
 CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's 
Intelligent Po ...)
@@ -49272,17 +49272,17 @@ CVE-2020-5791
 CVE-2020-5790
        RESERVED
 CVE-2020-5789 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 
allows ...)
-       TODO: check
+       NOT-FOR-US: Teltonika
 CVE-2020-5788 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 
allows ...)
-       TODO: check
+       NOT-FOR-US: Teltonika
 CVE-2020-5787 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 
allows ...)
-       TODO: check
+       NOT-FOR-US: Teltonika
 CVE-2020-5786 (Cross-site request forgery in Teltonika firmware 
TRB2_R_00.02.04.3 all ...)
-       TODO: check
+       NOT-FOR-US: Teltonika
 CVE-2020-5785 (Insufficient output sanitization in Teltonika firmware 
TRB2_R_00.02.04 ...)
-       TODO: check
+       NOT-FOR-US: Teltonika
 CVE-2020-5784 (Server-Side Request Forgery in Teltonika firmware 
TRB2_R_00.02.04.3 al ...)
-       TODO: check
+       NOT-FOR-US: Teltonika
 CVE-2020-5783 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality 
does n ...)
        NOT-FOR-US: IgniteNet HeliOS GLinq
 CVE-2020-5782 (In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and 
sets the ...)
@@ -50162,7 +50162,7 @@ CVE-2020-5389
 CVE-2020-5388
        RESERVED
 CVE-2020-5387 (Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an 
Improper Ex ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of 
Resource  ...)
        NOT-FOR-US: EMC
 CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint 
Security Suit ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f07ea74552c76cbc7fb5d57be046c6882b9e22

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52f07ea74552c76cbc7fb5d57be046c6882b9e22
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to