[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Fri, 27 Mar 2020 06:28:37 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
53661ef8 by Moritz Muehlenhoff at 2020-03-27T14:27:43+01:00
NFUs
new issue in embedded code in chromium

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4900,7 +4900,7 @@ CVE-2020-8925
 CVE-2020-8924
        RESERVED
 CVE-2020-8923 (An improper HTML sanitization in Dart versions up to and 
including 2.7 ...)
-       TODO: check
+       NOT-FOR-US: Dart (different from src:dart)
 CVE-2020-8922
        RESERVED
 CVE-2020-8921
@@ -4926,7 +4926,8 @@ CVE-2020-8912
 CVE-2020-8911
        RESERVED
 CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library 
versions ...)
-       TODO: check
+       - chromium <unfixed>
+       NOTE: 
https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9
 CVE-2020-8909
        RESERVED
 CVE-2020-8908
@@ -13196,7 +13197,7 @@ CVE-2020-5282 (In Nick Chan Bot before version 
1.0.0-beta there is a vulnerabili
 CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify 
configur ...)
        NOT-FOR-US: Perun
 CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local 
file i ...)
-       TODO: check
+       NOT-FOR-US: http4s
 CVE-2020-5279
        RESERVED
 CVE-2020-5278
@@ -13275,7 +13276,7 @@ CVE-2020-5253 (NetHack before version 3.6.0 allowed 
malicious use of escaping of
        NOTE: 
https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m
        NOTE: 
https://github.com/NetHack/NetHack/commit/612755bfb5c412079795c68ba392df5d93874ed8
 CVE-2020-5252 (The command-line "safety" package for Python has a potential 
security  ...)
-       TODO: check
+       NOT-FOR-US: safety Python module
 CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the 
users obj ...)
        NOT-FOR-US: parser-server
 CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits 
their addr ...)
@@ -23075,7 +23076,7 @@ CVE-2019-19366 (A cross-site scripting (XSS) 
vulnerability in app/xml_cdr/xml_cd
 CVE-2019-19365
        RESERVED
 CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default 
configurat ...)
-       TODO: check
+       NOT-FOR-US: Kiali
 CVE-2020-1763
        RESERVED
 CVE-2020-1762
@@ -23429,7 +23430,7 @@ CVE-2019-19326
 CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 
allows  ...)
        NOT-FOR-US: SilverStripe
 CVE-2019-19324 (Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported 
algorithms ...)
-       TODO: check
+       NOT-FOR-US: Xmidt cjwt
 CVE-2019-19323
        RESERVED
 CVE-2019-19322
@@ -23954,7 +23955,7 @@ CVE-2019-19129 (Afterlogic WebMail Pro 8.3.11, and 
WebMail in Afterlogic Aurora
 CVE-2019-19128
        RESERVED
 CVE-2019-19127 (An authentication bypass vulnerability is present in the 
standalone SI ...)
-       TODO: check
+       NOT-FOR-US: Tribal SITS
 CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc) 
before 2.31  ...)
        - glibc 2.29-8 (bug #945250)
        [buster] - glibc <no-dsa> (Minor issue)
@@ -27707,11 +27708,11 @@ CVE-2020-0569
 CVE-2020-0568
        RESERVED
 CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before 
version  ...)
-       TODO: check
+       NOT-FOR-US: Intel graphics driver for Windows
 CVE-2020-0566
        RESERVED
 CVE-2020-0565 (Uncontrolled search path in Intel(R) Graphics Drivers before 
version 2 ...)
-       TODO: check
+       NOT-FOR-US: Intel graphics driver for Windows
 CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for 
Windows be ...)
        NOT-FOR-US: Intel
 CVE-2020-0563 (Improper permissions in the installer for Intel(R) MPSS before 
version ...)
@@ -27864,13 +27865,13 @@ CVE-2020-0506 (Improper initialization in Intel(R) 
Graphics Drivers before versi
 CVE-2020-0505 (Improper conditions check in Intel(R) Graphics Drivers before 
versions ...)
        NOT-FOR-US: Intel Graphics drivers for Windows
 CVE-2020-0504 (Buffer overflow in Intel(R) Graphics Drivers before versions 
15.40.44. ...)
-       TODO: check
+       NOT-FOR-US: Intel Graphics drivers for Windows
 CVE-2020-0503 (Improper access control in Intel(R) Graphics Drivers before 
version 26 ...)
-       TODO: check
+       NOT-FOR-US: Intel Graphics drivers for Windows
 CVE-2020-0502 (Improper access control in Intel(R) Graphics Drivers before 
version 26 ...)
-       TODO: check
+       NOT-FOR-US: Intel Graphics drivers for Windows
 CVE-2020-0501 (Buffer overflow in Intel(R) Graphics Drivers before version 
26.20.100. ...)
-       TODO: check
+       NOT-FOR-US: Intel Graphics drivers for Windows
 CVE-2019-18570
        RESERVED
 CVE-2019-18569
@@ -28658,7 +28659,7 @@ CVE-2019-18244 (OSIsoft PI Vision, PI Vision 2017 R2, 
PI Vision 2017 R2 SP1, PI
 CVE-2019-18243
        RESERVED
 CVE-2019-18242 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, 
and IOxpre ...)
-       TODO: check
+       NOT-FOR-US: Moxa
 CVE-2019-18241 (In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub 
all ver ...)
        NOT-FOR-US: Philips
 CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based 
buffer o ...)
@@ -29603,11 +29604,11 @@ CVE-2020-0090
 CVE-2020-0089
        RESERVED
 CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a 
possible re ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a 
possible s ...)
        NOT-FOR-US: Android
 CVE-2020-0086 (In readCString of Parcel.cpp, there is a possible out of bounds 
write  ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2020-0085 (In setBluetoothTethering of PanService.java, there is a 
possible permi ...)
        NOT-FOR-US: Android
 CVE-2020-0084 (In several functions of NotificationManagerService.java, there 
are mis ...)
@@ -30863,7 +30864,7 @@ CVE-2019-17656
 CVE-2019-17655
        RESERVED
 CVE-2019-17654 (An Insufficient Verification of Data Authenticity 
vulnerability in For ...)
-       TODO: check
+       NOT-FOR-US: Fortiguard
 CVE-2019-17653 (A Cross-Site Request Forgery (CSRF) vulnerability in the user 
interfac ...)
        NOT-FOR-US: Fortiguard
 CVE-2019-17652 (A stack buffer overflow vulnerability in FortiClient for Linux 
6.2.1 a ...)
@@ -32047,7 +32048,7 @@ CVE-2019-17278
 CVE-2019-17277
        RESERVED
 CVE-2019-17276 (OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 
prior to ...)
-       TODO: check
+       NOT-FOR-US: OnCommand
 CVE-2019-17275 (OnCommand Cloud Manager versions prior to 3.8.0 are 
susceptible to arb ...)
        NOT-FOR-US: OnCommand Cloud Manager
 CVE-2019-17274 (NetApp FAS 8300/8700 and AFF A400 Baseboard Management 
Controller (BMC ...)
@@ -37142,7 +37143,7 @@ CVE-2019-15512
 CVE-2019-15511 (An exploitable local privilege escalation vulnerability exists 
in the  ...)
        NOT-FOR-US: GOG Galaxy
 CVE-2019-15510 (ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop 
Central 1 ...)
-       TODO: check
+       NOT-FOR-US: Zoho
 CVE-2019-15509
        RESERVED
 CVE-2019-15508 (In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web 
request proxy  ...)
@@ -47850,7 +47851,7 @@ CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 
8.5.0 to 8.5.47, 7.0.0 an
 CVE-2019-12417 (A malicious admin user could edit the state of objects in the 
Airflow  ...)
        - airflow <itp> (bug #819700)
 CVE-2019-12416 (we got reports for 2 injection attacks against the DeltaSpike 
windowha ...)
-       TODO: check
+       NOT-FOR-US: DeltaSpike
 CVE-2019-12415 (In Apache POI up to 4.1.0, when using the tool XSSFExportToXml 
to conv ...)
        - libapache-poi-java <unfixed> (bug #943565)
        [buster] - libapache-poi-java <no-dsa> (Minor issue)
@@ -49985,9 +49986,9 @@ CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das 
U-Boot v2014.04 through v2019
        [jessie] - u-boot <ignored> (Minor issue)
        NOTE: https://patchwork.ozlabs.org/patch/1092945
 CVE-2019-11689 (An issue was discovered in ASUSTOR exFAT Driver through 
1.0.0.r20. Whe ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR
 CVE-2019-11688 (An issue was discovered in ASUSTOR exFAT Driver through 
1.0.0.r20. Whe ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR
 CVE-2019-11687 (An issue was discovered in the DICOM Part 10 File Format in 
the NEMA D ...)
        NOT-FOR-US: DICOM
 CVE-2019-11686 (Western Digital SanDisk X300, X300s, X400, and X600 devices: A 
vulnera ...)
@@ -50308,7 +50309,7 @@ CVE-2019-11576 (Gitea before 1.8.0 allows 1FA for user 
accounts that have comple
 CVE-2019-11575
        RESERVED
 CVE-2019-11574 (An issue was discovered in Simple Machines Forum (SMF) before 
release  ...)
-       TODO: check
+       NOT-FOR-US: Simple Machines Forum
 CVE-2019-11573
        RESERVED
 CVE-2019-11572
@@ -50887,7 +50888,7 @@ CVE-2019-11363 (A SQL injection vulnerability in Snare 
Central before 7.4.5 allo
 CVE-2019-11362 (app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 
has SQL  ...)
        NOT-FOR-US: ROCBOSS
 CVE-2019-11361 (Zoho ManageEngine Remote Access Plus 10.0.258 does not 
validate user p ...)
-       TODO: check
+       NOT-FOR-US: Zoho
 CVE-2016-10748
        RESERVED
 CVE-2016-10747



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53661ef8b4457476afb89e803246e8aa04948eb4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53661ef8b4457476afb89e803246e8aa04948eb4
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to