[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Sat, 04 Jan 2020 01:41:26 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7b06d939 by Salvatore Bonaccorso at 2020-01-04T10:40:09+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There 
are non ...)
-       TODO: check
+       NOT-FOR-US: Baidu Rust SGX SDK
 CVE-2020-5498
        RESERVED
 CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect 
throug ...)
-       TODO: check
+       NOT-FOR-US: MITREid Connect
 CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the 
Type2NotDef ...)
        TODO: check
 CVE-2020-5495
@@ -9468,7 +9468,7 @@ CVE-2020-1873
 CVE-2020-1872
        RESERVED
 CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; 
V500R00 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2020-1870
        RESERVED
 CVE-2020-1869
@@ -9640,7 +9640,7 @@ CVE-2020-1787
 CVE-2020-1786
        RESERVED
 CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial 
of ser ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-19466 (SCEditor 2.1.3 allows XSS. ...)
        NOT-FOR-US: SCEditor
 CVE-2019-19465
@@ -9700,7 +9700,7 @@ CVE-2019-19443
 CVE-2019-19442
        RESERVED
 CVE-2019-19441 (HUAWEI P30 smart phones with versions earlier than 
10.0.0.166(C00E66R1 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-19440
        RESERVED
 CVE-2019-19439
@@ -35051,9 +35051,9 @@ CVE-2019-11996 (Potential security vulnerabilities have 
been identified with HPE
 CVE-2019-11995 (Security vulnerabilities in HPE UIoT version 1.2.4.2 could 
allow unaut ...)
        NOT-FOR-US: HPE UIoT
 CVE-2019-11994 (A security vulnerability has been identified in HPE SimpliVity 
380 Gen ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2019-11993 (A security vulnerability has been identified in HPE SimpliVity 
380 Gen ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2019-11992 (A security vulnerability in HPE OneView for VMware vCenter 9.5 
could b ...)
        NOT-FOR-US: HPE OneView for VMware vCenter
 CVE-2019-11991 (HPE has identified a vulnerability in HPE 3PAR Service 
Processor (SP)  ...)
@@ -42995,17 +42995,17 @@ CVE-2019-9543 (An issue was discovered in Poppler 
0.74.0. A recursive function c
        [jessie] - poppler <postponed> (Minor issue; revisit when fixed 
upstream)
        NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/730
 CVE-2019-9542 (: Improper Neutralization of Input During Web Page Generation 
('Cross- ...)
-       TODO: check
+       NOT-FOR-US: Telos Automated Message Handling System
 CVE-2019-9541 (: Information Exposure vulnerability in itemlookup.asp of Telos 
Automa ...)
-       TODO: check
+       NOT-FOR-US: Telos Automated Message Handling System
 CVE-2019-9540 (: Improper Neutralization of Input During Web Page Generation 
('Cross- ...)
-       TODO: check
+       NOT-FOR-US: Telos Automated Message Handling System
 CVE-2019-9539 (: Improper Neutralization of Input During Web Page Generation 
('Cross- ...)
-       TODO: check
+       NOT-FOR-US: Telos Automated Message Handling System
 CVE-2019-9538 (: Improper Neutralization of Input During Web Page Generation 
('Cross- ...)
-       TODO: check
+       NOT-FOR-US: Telos Automated Message Handling System
 CVE-2019-9537 (: Improper Neutralization of Input During Web Page Generation 
('Cross- ...)
-       TODO: check
+       NOT-FOR-US: Telos Automated Message Handling System
 CVE-2019-9536 (Apple iPhone 3GS bootrom malloc implementation returns a 
non-NULL poin ...)
        NOT-FOR-US: Apple iPhone 3GS
 CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with 
tmux's c ...)
@@ -54016,7 +54016,7 @@ CVE-2019-5306 (There is a Factory Reset Protection 
(FRP) bypass security vulnera
 CVE-2019-5305 (The image processing module of some Huawei Mate 10 smartphones 
version ...)
        NOT-FOR-US: Huawei
 CVE-2019-5304 (Some Huawei products have a buffer error vulnerability. An 
unauthentic ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-5303
        RESERVED
 CVE-2019-5302
@@ -57509,7 +57509,7 @@ CVE-2019-3770
 CVE-2019-3769
        RESERVED
 CVE-2019-3768 (RSA Authentication Manager versions prior to 8.4 P7 contain an 
XML Ent ...)
-       TODO: check
+       NOT-FOR-US: RSA Authentication Manager
 CVE-2019-3767 (Dell ImageAssist versions prior to 8.7.15 contain an 
information discl ...)
        NOT-FOR-US: Dell ImageAssist
 CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper 
restriction ...)
@@ -233845,7 +233845,7 @@ CVE-2014-8519 (Unspecified vulnerability in McAfee 
Network Data Loss Prevention
 CVE-2014-8518 (The (1) Removable Media and (2) CD and DVD encryption offsite 
access o ...)
        NOT-FOR-US: McAfee
 CVE-2014-8516 (Unrestricted file upload vulnerability in Visual Mining 
NetCharts Serv ...)
-       TODO: check
+       NOT-FOR-US: Visual Mining NetCharts Server
 CVE-2014-8515 (The web interface in BitTorrent allows remote attackers to 
execute arb ...)
        NOT-FOR-US: uTorrent
 CVE-2014-8514 (Buffer overflow in an ActiveX control in MDraw30.ocx in 
Schneider Elec ...)
@@ -234344,7 +234344,7 @@ CVE-2014-8339 (SQL injection vulnerability in 
midroll.php in Nuevolab Nuevoplaye
 CVE-2014-8338
        RESERVED
 CVE-2014-8337 (Unrestricted file upload vulnerability in 
includes/classes/uploadify-v ...)
-       TODO: check
+       NOT-FOR-US: HelpDEZk
 CVE-2014-8336 (The "Sql Run Query" panel in WP-DBManager (aka Database 
Manager) plugi ...)
        NOT-FOR-US: WP-DBManager plugin for WordPress
 CVE-2014-8335 ((1) wp-dbmanager.php and (2) database-manage.php in the 
WP-DBManager ( ...)
@@ -242196,7 +242196,7 @@ CVE-2014-5142
 CVE-2014-5141
        RESERVED
 CVE-2014-5140 (The bindReplace function in the query factory in 
includes/classes/data ...)
-       TODO: check
+       NOT-FOR-US: Loaded Commerce
 CVE-2014-5139 (The ssl_set_client_disabled function in t1_lib.c in OpenSSL 
1.0.1 befo ...)
        {DSA-2998-1}
        - openssl 1.0.1i-1
@@ -244495,7 +244495,7 @@ CVE-2014-4198
 CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems 
(BSS) RBS  ...)
        NOT-FOR-US: Bank Soft Systems
 CVE-2014-4196 (Cross-site scripting (XSS) vulnerability in bsi.dll in Bank 
Soft Syste ...)
-       TODO: check
+       NOT-FOR-US: Bank Soft Systems (BSS) RBS BS-Client
 CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in 
zero_view_article.php in Z ...)
        NOT-FOR-US: ZeroCMS
 CVE-2014-4194 (SQL injection vulnerability in zero_transact_article.php in 
ZeroCMS 1. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b06d93972650cd10f75e95246390959b85cc0de

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b06d93972650cd10f75e95246390959b85cc0de
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to