[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Mon, 20 Apr 2020 09:31:36 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9ab4df7b by Moritz Muehlenhoff at 2020-04-20T18:30:58+02:00
NFUs
new ming issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2020-11916
 CVE-2020-11915
        RESERVED
 CVE-2019-20786 (handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 
lacks a chec ...)
-       TODO: check
+       NOT-FOR-US: Pion DTLS
 CVE-2020-11914
        RESERVED
 CVE-2020-11913
@@ -71,9 +71,11 @@ CVE-2020-11897
 CVE-2020-11896
        RESERVED
 CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 
bytes) i ...)
-       TODO: check
+       - ming <removed>
+       NOTE: https://github.com/libming/libming/issues/197
 CVE-2020-11894 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 
bytes) i ...)
-       TODO: check
+       - ming <removed>
+       NOTE: https://github.com/libming/libming/issues/196
 CVE-2020-11893
        RESERVED
 CVE-2020-11892
@@ -95,7 +97,7 @@ CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has 
an XXE vulnerabilit
 CVE-2020-11884
        RESERVED
 CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and 
storefront-api throug ...)
-       TODO: check
+       NOT-FOR-US: Divante vue-storefront-api
 CVE-2020-11882
        RESERVED
 CVE-2020-11881
@@ -125,7 +127,7 @@ CVE-2020-11874 (An issue was discovered on LG mobile 
devices with Android OS 8.0
 CVE-2020-11873 (An issue was discovered on LG mobile devices with Android OS 
7.2, 8.0, ...)
        NOT-FOR-US: LG mobile devices
 CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow 
fabrication ...)
-       TODO: check
+       NOT-FOR-US: OpenTrace
 CVE-2020-11871
        RESERVED
 CVE-2020-11870
@@ -257,7 +259,7 @@ CVE-2020-11828
 CVE-2020-11827
        RESERVED
 CVE-2020-11826 (Users can lock their notes with a password in Memono version 
3.8. Thus ...)
-       TODO: check
+       NOT-FOR-US: Memono
 CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token 
against CSRF ...)
        - dolibarr <removed>
 CVE-2020-11824
@@ -795,7 +797,7 @@ CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via 
index.php?action=u and
 CVE-2020-11711
        RESERVED
 CVE-2020-11710 (An issue was discovered in docker-kong (for Kong) through 
2.0.3. The a ...)
-       TODO: check
+       NOT-FOR-US: docker-kong
 CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters 
passed in ...)
        TODO: check
 CVE-2020-11708 (An issue was discovered in ProVide (formerly zFTPServer) 
through 13.1. ...)
@@ -2607,13 +2609,13 @@ CVE-2020-11007 (In Shopizer before version 2.11.0, 
using API or Controller based
 CVE-2020-11006
        RESERVED
 CVE-2020-11005 (The WindowsHello open source library (NuGet 
HaemmerElectronics.SeppPen ...)
-       TODO: check
+       NOT-FOR-US: WindowsHello
 CVE-2020-11004
        RESERVED
 CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or 
CSRF vuln ...)
        NOT-FOR-US: Oasis (not the same as src:oasis)
 CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a 
remote co ...)
-       TODO: check
+       NOT-FOR-US: dropwizard-validation
 CVE-2020-11001 (In Wagtail before versions 2.8.1 and 2.7.2, a cross-site 
scripting (XS ...)
        NOT-FOR-US: Wagtail
 CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps 
that re ...)
@@ -2769,7 +2771,7 @@ CVE-2020-10949
 CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or 
alienform.cgi) ...)
        NOT-FOR-US: Jon Hedley AlienForm2
 CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint 
for Soph ...)
-       TODO: check
+       NOT-FOR-US: Sophos
 CVE-2020-10946
        RESERVED
 CVE-2020-10945
@@ -3283,9 +3285,9 @@ CVE-2020-10816
 CVE-2020-10815
        RESERVED
 CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows 
an attack ...)
-       TODO: check
+       NOT-FOR-US: Code::Blocks
 CVE-2020-10813 (A buffer overflow vulnerability in FTPDMIN 0.96 allows 
attackers to cr ...)
-       TODO: check
+       NOT-FOR-US: FTPDMIN
 CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer 
derefer ...)
        - hdf5 <undetermined>
        NOTE: 
https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4
@@ -4331,7 +4333,7 @@ CVE-2020-10379
 CVE-2020-10378
        RESERVED
 CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect 
Client before ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote 
attackers to ...)
        NOT-FOR-US: Technicolor
 CVE-2020-10375
@@ -4689,7 +4691,7 @@ CVE-2020-10213 (An issue was discovered on D-Link DIR-825 
Rev.B 2.10 devices. Th
 CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows 
SSRF via ...)
        NOT-FOR-US: Responsive FileManager
 CVE-2020-10211 (A remote code execution vulnerability in UCB component of 
Mitel MiVoic ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2020-10210
        RESERVED
 CVE-2020-10209
@@ -11848,19 +11850,19 @@ CVE-2020-7087
 CVE-2020-7086
        RESERVED
 CVE-2020-7085 (A heap overflow vulnerability in the Autodesk FBX-SDK versions 
2019.2  ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2020-7084 (A NULL pointer dereference vulnerability in the Autodesk 
FBX-SDK versi ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2020-7083 (An intager overflow vulnerability in the Autodesk FBX-SDK 
versions 201 ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2020-7082 (A use-after-free vulnerability in the Autodesk FBX-SDK versions 
2019.0 ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2020-7081 (A type confusion vulnerability in the Autodesk FBX-SDK versions 
2019.0 ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2020-7080 (A buffer overflow vulnerability in the Autodesk FBX-SDK 
versions 2019. ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2020-7079 (An improper signature validation vulnerability in Autodesk 
Dynamo BIM  ...)
-       TODO: check
+       NOT-FOR-US: Autodesk
 CVE-2020-7078
        RESERVED
 CVE-2020-7077
@@ -15051,7 +15053,7 @@ CVE-2020-5739 (Grandstream GXP1600 series firmware 
1.0.4.152 and below is vulner
 CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is 
vulnerable  ...)
        NOT-FOR-US: Grandstream
 CVE-2020-5737 (Stored XSS in Tenable.Sc before 5.14.0 could allow an 
authenticated re ...)
-       TODO: check
+       NOT-FOR-US: Tenable.Sc
 CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer 
dereference o ...)
        NOT-FOR-US: Amcrest
 CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer 
overflo ...)
@@ -15059,17 +15061,17 @@ CVE-2020-5735 (Amcrest cameras and NVR are vulnerable 
to a stack-based buffer ov
 CVE-2020-5734 (Classic buffer overflow in SolarWinds Dameware allows a remote, 
unauth ...)
        NOT-FOR-US: SolarWinds
 CVE-2020-5733 (In OpenMRS 2.9 and prior, the export functionality of the Data 
Exchang ...)
-       TODO: check
+       NOT-FOR-US: OpenMRS
 CVE-2020-5732 (In OpenMRS 2.9 and prior, he import functionality of the Data 
Exchange ...)
-       TODO: check
+       NOT-FOR-US: OpenMRS
 CVE-2020-5731 (In OpenMRS 2.9 and prior, the app parameter for the 
ActiveVisit's page ...)
-       TODO: check
+       NOT-FOR-US: OpenMRS
 CVE-2020-5730 (In OpenMRS 2.9 and prior, the sessionLocation parameter for the 
login  ...)
-       TODO: check
+       NOT-FOR-US: OpenMRS
 CVE-2020-5729 (In OpenMRS 2.9 and prior, the UI Framework Error Page reflects 
arbitra ...)
-       TODO: check
+       NOT-FOR-US: OpenMRS
 CVE-2020-5728 (OpenMRS 2.9 and prior copies "Referrer" header values into an 
html ele ...)
-       TODO: check
+       NOT-FOR-US: OpenMRS
 CVE-2020-5727
        RESERVED
 CVE-2020-5726 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable 
to an SQ ...)
@@ -16022,7 +16024,7 @@ CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin 
dashboard via a name fiel
 CVE-2020-5304
        RESERVED
 CVE-2020-5303 (Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a 
denial-o ...)
-       TODO: check
+       NOT-FOR-US: Tendermint
 CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), 
had a b ...)
        NOT-FOR-US: MH-WikiBot
 CVE-2020-5301 [Fix source code disclosure on case-insensitive file systems. 
See SSPSA 202004-01.]
@@ -20707,9 +20709,9 @@ CVE-2020-3655
 CVE-2020-3654
        RESERVED
 CVE-2020-3653 (Possible buffer over-read in windows wlan driver function due 
to lack  ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2020-3652 (Possible buffer over-read issue in windows x86 wlan driver 
function wh ...)
-       TODO: check
+       NOT-FOR-US: Snapdragon
 CVE-2020-3651 (Active command timeout since WM status change cmd is not 
removed from  ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3650
@@ -26054,7 +26056,7 @@ CVE-2020-1765 (An improper control of parameters allows 
the spoofing of the from
        NOTE: 
https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 
(OTRS6)
        NOTE: 
https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 
(OTRS5)
 CVE-2019-19394 (Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 
3.12.x bef ...)
-       TODO: check
+       NOT-FOR-US: CFEngine Enterprise
 CVE-2019-19393
        RESERVED
 CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN 
(formerly Dot ...)
@@ -30720,11 +30722,11 @@ CVE-2019-18572 (The RSA Identity Governance and 
Lifecycle and RSA Via Lifecycle
 CVE-2019-18571 (The RSA Identity Governance and Lifecycle and RSA Via 
Lifecycle and Go ...)
        NOT-FOR-US: RSA
 CVE-2020-0600 (Improper buffer restrictions in firmware for some Intel(R) NUC 
may all ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-0599
        RESERVED
 CVE-2020-0598 (Uncontrolled search path in the installer for the Intel(R) 
Binary Conf ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-0597
        RESERVED
 CVE-2020-0596
@@ -30764,11 +30766,11 @@ CVE-2020-0580
 CVE-2020-0579
        RESERVED
 CVE-2020-0578 (Improper conditions check for Intel(R) Modular Server 
MFS2600KISPP Com ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-0577 (Insufficient control flow for Intel(R) Modular Server 
MFS2600KISPP Com ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-0576 (Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute 
Module ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-0575
        RESERVED
 CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 
FPGA all ...)
@@ -30795,7 +30797,7 @@ CVE-2020-0569
        NOTE: Patch for 5.6.0 through 5.13.2: 
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404
        NOTE: Patch for 5.0.0 through 5.5.1: 
https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d
 CVE-2020-0568 (Race condition in the Intel(R) Driver and Support Assistant 
before ver ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before 
version  ...)
        NOT-FOR-US: Intel graphics driver for Windows
 CVE-2020-0566



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ab4df7bc62bead1d4eaa2acc0c73379c02d395f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ab4df7bc62bead1d4eaa2acc0c73379c02d395f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to