[Git][security-tracker-team/security-tracker][master] NFUs

Thu, 05 Mar 2020 02:00:26 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5b9306f1 by Moritz Muehlenhoff at 2020-03-05T10:59:12+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,25 +33,25 @@ CVE-2020-10107
 CVE-2020-10106
        RESERVED
 CVE-2020-10105 (An issue was discovered in Zammad 3.0 through 3.2. It returns 
source c ...)
-       TODO: check
+       - zammad <itp> (bug #841355)
 CVE-2020-10104 (An issue was discovered in Zammad 3.0 through 3.2. After 
authenticatio ...)
-       TODO: check
+       - zammad <itp> (bug #841355)
 CVE-2020-10103 (An XSS issue was discovered in Zammad 3.0 through 3.2. 
Malicious code  ...)
-       TODO: check
+       - zammad <itp> (bug #841355)
 CVE-2020-10102 (An issue was discovered in Zammad 3.0 through 3.2. The Forgot 
Password ...)
-       TODO: check
+       - zammad <itp> (bug #841355)
 CVE-2020-10101 (An issue was discovered in Zammad 3.0 through 3.2. The 
WebSocket serve ...)
-       TODO: check
+       - zammad <itp> (bug #841355)
 CVE-2020-10100 (An issue was discovered in Zammad 3.0 through 3.2. It allows 
for users ...)
-       TODO: check
+       - zammad <itp> (bug #841355)
 CVE-2020-10099 (An XSS issue was discovered in Zammad 3.0 through 3.2. 
Malicious code  ...)
-       TODO: check
+       - zammad <itp> (bug #841355)
 CVE-2020-10098 (An XSS issue was discovered in Zammad 3.0 through 3.2. 
Malicious code  ...)
-       TODO: check
+       - zammad <itp> (bug #841355)
 CVE-2020-10097 (An issue was discovered in Zammad 3.0 through 3.2. It may 
respond with ...)
-       TODO: check
+       - zammad <itp> (bug #841355)
 CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not 
prevent ...)
-       TODO: check
+       - zammad <itp> (bug #841355)
 CVE-2020-10095
        RESERVED
 CVE-2020-10094
@@ -2324,7 +2324,7 @@ CVE-2020-9056
 CVE-2020-9055
        RESERVED
 CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running 
firmware ...)
-       TODO: check
+       NOT-FOR-US: ZyXEL
 CVE-2020-9053
        RESERVED
 CVE-2020-9052
@@ -4404,7 +4404,7 @@ CVE-2020-8129 (An unintended require vulnerability in 
script-manager npm package
 CVE-2020-8128 (An unintended require and server-side request forgery 
vulnerabilities  ...)
        NOT-FOR-US: jsreport
 CVE-2020-8127 (Insufficient validation in cross-origin communication 
(postMessage) in ...)
-       TODO: check
+       NOT-FOR-US: reveal.js
 CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 
1.7.1, an CG ...)
        NOT-FOR-US: Ubiquiti Networks EdgeSwitch
 CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and 
earlie ...)
@@ -4731,7 +4731,7 @@ CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add 
userName XSS. ...)
 CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...)
        NOT-FOR-US: Adive Framework
 CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in 
phpIPAM 1.4 ...)
-       TODO: check
+       NOT-FOR-US: phpIPAM
 CVE-2020-7987
        RESERVED
 CVE-2020-7986
@@ -6677,7 +6677,7 @@ CVE-2020-7132
 CVE-2020-7131
        RESERVED
 CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote 
information discl ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2020-7129
        RESERVED
 CVE-2020-7128
@@ -16550,13 +16550,13 @@ CVE-2020-3195
 CVE-2020-3194
        RESERVED
 CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco 
Prime C ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco 
Prime C ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3191
        RESERVED
 CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR 
Software ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3189
        RESERVED
 CVE-2020-3188
@@ -16566,15 +16566,15 @@ CVE-2020-3187
 CVE-2020-3186
        RESERVED
 CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco 
TelePre ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3184
        RESERVED
 CVE-2020-3183
        RESERVED
 CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol 
configuration of  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco 
Advanc ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3180
        RESERVED
 CVE-2020-3179
@@ -16584,7 +16584,7 @@ CVE-2020-3178
 CVE-2020-3177
        RESERVED
 CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow 
an aut ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS 
Softwar ...)
        NOT-FOR-US: Cisco
 CVE-2020-3174 (A vulnerability in the anycast gateway feature of Cisco NX-OS 
Software ...)
@@ -16608,7 +16608,7 @@ CVE-2020-3166 (A vulnerability in the CLI of Cisco FXOS 
Software could allow an
 CVE-2020-3165 (A vulnerability in the implementation of Border Gateway 
Protocol (BGP) ...)
        NOT-FOR-US: Cisco
 CVE-2020-3164 (A vulnerability in the web-based management interface of Cisco 
AsyncOS ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified 
Contact Cente ...)
        NOT-FOR-US: Cisco
 CVE-2020-3162
@@ -16622,11 +16622,11 @@ CVE-2020-3159 (A vulnerability in the web-based 
management interface of Cisco Fi
 CVE-2020-3158 (A vulnerability in the High Availability (HA) service of Cisco 
Smart S ...)
        NOT-FOR-US: Cisco
 CVE-2020-3157 (A vulnerability in the web-based management interface of Cisco 
Identit ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3156 (A vulnerability in the logging component of Cisco Identity 
Services En ...)
        NOT-FOR-US: Cisco
 CVE-2020-3155 (A vulnerability in the SSL implementation of the Cisco 
Intelligent Pro ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3154 (A vulnerability in the web UI of Cisco Cloud Web Security (CWS) 
could  ...)
        NOT-FOR-US: Cisco
 CVE-2020-3153 (A vulnerability in the installer component of Cisco AnyConnect 
Secure  ...)
@@ -16640,7 +16640,7 @@ CVE-2020-3150
 CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco 
Identit ...)
        NOT-FOR-US: Cisco
 CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime 
Network Regi ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches 
could a ...)
        NOT-FOR-US: Cisco
 CVE-2020-3146
@@ -16680,9 +16680,9 @@ CVE-2020-3130
 CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco 
Unity C ...)
        NOT-FOR-US: Cisco
 CVE-2020-3128 (Multiple vulnerabilities in Cisco Webex Network Recording 
Player for M ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording 
Player for M ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-3126
        RESERVED
 CVE-2020-3125
@@ -21262,15 +21262,15 @@ CVE-2019-19227 (In the AppleTalk subsystem in the 
Linux kernel before 5.1, there
        [stretch] - linux 4.9.210-1
        NOTE: 
https://git.kernel.org/linus/9804501fa1228048857910a6bf23e085aade37cc
 CVE-2019-19226 (A Broken Access Control vulnerability in the D-Link DSL-2680 
web admin ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-19225 (A Broken Access Control vulnerability in the D-Link DSL-2680 
web admin ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-19224 (A Broken Access Control vulnerability in the D-Link DSL-2680 
web admin ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-19223 (A Broken Access Control vulnerability in the D-Link DSL-2680 
web admin ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-19222 (A Stored XSS issue in the D-Link DSL-2680 web administration 
interface ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2019-19221 (In Libarchive 3.4.0, archive_wstring_append_from_mbs in 
archive_string ...)
        - libarchive <unfixed> (bug #945287)
        [buster] - libarchive <no-dsa> (Minor issue)
@@ -28400,9 +28400,9 @@ CVE-2019-17646
 CVE-2019-17645
        RESERVED
 CVE-2019-17644 (An issue was discovered in Centreon before 2.8-30, 18.10-8, 
19.04-5, a ...)
-       TODO: check
+       - centreon-web <itp> (bug #913903)
 CVE-2019-17643 (An issue was discovered in Centreon before 2.8-30,18.10-8, 
19.04-5, an ...)
-       TODO: check
+       - centreon-web <itp> (bug #913903)
 CVE-2019-17642
        RESERVED
 CVE-2019-17641
@@ -69188,7 +69188,7 @@ CVE-2019-3701 (An issue was discovered in 
can_can_gw_rcv in net/can/gw.c in the
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1120386
        NOTE: https://marc.info/?l=linux-netdev&m=154651842302479&w=2
 CVE-2019-3700 (yast2-security didn't use secure defaults to protect passwords. 
This b ...)
-       TODO: check
+       NOT-FOR-US: yast2
 CVE-2019-3699 (UNIX Symbolic Link (Symlink) Following vulnerability in the 
packaging  ...)
        NOT-FOR-US: SUSE specific privoxy issue
 CVE-2019-3698 (UNIX Symbolic Link (Symlink) Following vulnerability in the 
cronjob sh ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b9306f1caf3d00c36f7989e237f06092d9995d3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b9306f1caf3d00c36f7989e237f06092d9995d3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to