[Git][security-tracker-team/security-tracker][master] NFUs

Mon, 27 Apr 2020 07:55:32 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bb662229 by Moritz Muehlenhoff at 2020-04-27T16:55:07+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2020-12272
        RESERVED
 CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 
18.0 bef ...)
-       TODO: check
+       NOT-FOR-US: SFOS
 CVE-2020-12270 (React Native Bluetooth Scan in Bluezone 1.0.0 uses 
six-character alpha ...)
-       TODO: check
+       NOT-FOR-US: Bluezone
 CVE-2020-12269
        RESERVED
 CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec 
before 0.18 h ...)
@@ -39,7 +39,7 @@ CVE-2020-12255
 CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows 
privilege escal ...)
        NOT-FOR-US: Avira Antivirus
 CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to 
admin/menus/menus or a ...)
-       TODO: check
+       NOT-FOR-US: Croogo
 CVE-2020-12253
        RESERVED
 CVE-2020-12252
@@ -290,7 +290,7 @@ CVE-2020-12130 (The AirDisk Pro app 5.5.3 for iOS allows 
XSS via the deleteFile
 CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the 
createFolder para ...)
        NOT-FOR-US: AirDisk Pro app for iOS
 CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory 
traversal rela ...)
-       TODO: check
+       NOT-FOR-US: DONG JOO CHO File Transfer iFamily
 CVE-2020-12127
        RESERVED
 CVE-2020-12126
@@ -416,7 +416,7 @@ CVE-2020-12073 (The responsive-add-ons plugin before 2.2.7 
for WordPress has inc
 CVE-2020-12072
        RESERVED
 CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post 
content. ...)
-       TODO: check
+       NOT-FOR-US: Anchor
 CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for 
Wordpress suff ...)
        NOT-FOR-US: Advanced Woo Search plugin for WordPress
 CVE-2020-12069
@@ -709,7 +709,7 @@ CVE-2020-11940 (In nDPI through 3.2 Stable, an 
out-of-bounds read in concat_hash
 CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has 
multiple KE ...)
        TODO: check
 CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project 
administrator ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2020-11937
        RESERVED
 CVE-2020-11936
@@ -1631,7 +1631,7 @@ CVE-2020-11808
 CVE-2020-11807
        RESERVED
 CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) 
through ...)
-       TODO: check
+       NOT-FOR-US: MailStore Outlook Add-in
 CVE-2020-11805
        RESERVED
 CVE-2020-11804
@@ -1653,9 +1653,9 @@ CVE-2020-11798
 CVE-2020-11797
        RESERVED
 CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password 
authentication imp ...)
-       TODO: check
+       NOT-FOR-US: JetBrains Space
 CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout 
period was  ...)
-       TODO: check
+       NOT-FOR-US: JetBrains Space
 CVE-2020-11794
        RESERVED
 CVE-2020-11793 (A use-after-free issue exists in WebKitGTK before 2.28.1 and 
WPE WebKi ...)
@@ -2165,23 +2165,23 @@ CVE-2020-11695
 CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple 
Notarizatio ...)
        - pycharm <itp> (bug #742394)
 CVE-2020-11693 (JetBrains YouTrack before 2020.1.659 was vulnerable to DoS 
that could  ...)
-       TODO: check
+       NOT-FOR-US: JetBrains YouTrack
 CVE-2020-11692 (In JetBrains YouTrack before 2020.1.659, DB export was 
accessible to r ...)
-       TODO: check
+       NOT-FOR-US: JetBrains YouTrack
 CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, content spoofing in the 
Hub OAut ...)
-       TODO: check
+       NOT-FOR-US: JetBrains Hub
 CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server 
could be  ...)
        TODO: check
 CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without 
appropriate perm ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state 
is kept a ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2020-11687 (In JetBrains TeamCity before 2019.2.2, password values were 
shown in a ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2020-11686 (In JetBrains TeamCity before 2019.1.4, a project administrator 
was abl ...)
-       TODO: check
+       NOT-FOR-US: JetBrains TeamCity
 CVE-2020-11685 (In JetBrains GoLand before 2019.3.2, the plugin repository was 
accesse ...)
-       TODO: check
+       NOT-FOR-US: JetBrains GoLand
 CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) 
and KK ...)
        NOT-FOR-US: Samsung mobile devices
 CVE-2015-9546 (An issue was discovered on Samsung mobile devices with KK(4.4) 
and lat ...)
@@ -3078,7 +3078,7 @@ CVE-2020-11418
 CVE-2020-11417
        RESERVED
 CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats. 
...)
-       TODO: check
+       NOT-FOR-US: JetBrains Space
 CVE-2020-11415
        RESERVED
 CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight 
before  ...)
@@ -3954,7 +3954,7 @@ CVE-2020-11006
 CVE-2020-11005 (The WindowsHello open source library (NuGet 
HaemmerElectronics.SeppPen ...)
        NOT-FOR-US: WindowsHello
 CVE-2020-11004 (SQL Injection was discovered in Admidio before version 3.3.13. 
The mai ...)
-       TODO: check
+       NOT-FOR-US: Admidio
 CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or 
CSRF vuln ...)
        NOT-FOR-US: Oasis (not the same as src:oasis)
 CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a 
remote co ...)
@@ -9142,7 +9142,7 @@ CVE-2020-8869
 CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary 
code o ...)
        NOT-FOR-US: Quest Foglight Evolve
 CVE-2020-8867 (This vulnerability allows remote attackers to create a 
denial-of-servi ...)
-       TODO: check
+       NOT-FOR-US: OPC Foundation UA .NET Standard
 CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary 
files o ...)
        {DLA-2162-1}
        - php-horde-form <unfixed> (bug #955020)
@@ -9256,7 +9256,7 @@ CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 
18.04 LTS for CVE-2019-146
        NOTE: state on context switch"). But there is need to apply as well the 
prerequistite
        NOTE: d2b4b97933f5 ("drm/i915: Record the default hw state after reset 
upon load").
 CVE-2020-8831 (Apport creates a world writable lock file with root ownership 
in the w ...)
-       TODO: check
+       NOT-FOR-US: Apport
 CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview 
Player 11 ...)
        NOT-FOR-US: Prismview
 CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB 
parameters ove ...)
@@ -9343,9 +9343,9 @@ CVE-2020-8800 (SuiteCRM through 7.11.11 allows 
EmailsControllerActionGetFromFiel
 CVE-2020-8799
        RESERVED
 CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers 
to cha ...)
-       TODO: check
+       NOT-FOR-US: Juplink
 CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root 
access to ...)
-       TODO: check
+       NOT-FOR-US: Juplink
 CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx 
before  ...)
        NOT-FOR-US: Biscom Secure File Transfer (SFT)
 CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, 
sharing a gro ...)
@@ -12001,9 +12001,9 @@ CVE-2020-7645
 CVE-2020-7644
        RESERVED
 CVE-2020-7643 (paypal-adaptive through 0.4.2 manipulation of JavaScript 
objects resul ...)
-       TODO: check
+       NOT-FOR-US: Node paypal-adaptive
 CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious 
JavaScript. The  ...)
-       TODO: check
+       NOT-FOR-US: Node lazysizes 
 CVE-2020-7641
        RESERVED
 CVE-2020-7640
@@ -12325,13 +12325,13 @@ CVE-2020-7492
 CVE-2020-7491
        RESERVED
 CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo 
Designe ...)
-       TODO: check
+       NOT-FOR-US: Schneider
 CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output 
Used b ...)
-       TODO: check
+       NOT-FOR-US: Schneider
 CVE-2020-7488 (A CWE-319: Cleartext Transmission of Sensitive Information 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: Schneider
 CVE-2020-7487 (A CWE-345: Insufficient Verification of Data Authenticity 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Schneider
 CVE-2020-7486 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could 
cause TC ...)
        NOT-FOR-US: Schneider Electric
 CVE-2020-7485 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support 
account in th ...)
@@ -12628,7 +12628,7 @@ CVE-2020-7352
 CVE-2020-7351
        RESERVED
 CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from 
an ins ...)
-       TODO: check
+       NOT-FOR-US: Rapid7 Metasploit Framework
 CVE-2020-7349
        RESERVED
 CVE-2020-7348
@@ -13116,13 +13116,13 @@ CVE-2020-7136
 CVE-2020-7135
        RESERVED
 CVE-2020-7134 (A remote access to sensitive data vulnerability was discovered 
in HPE  ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2020-7133 (A unauthorized remote access vulnerability was discovered in 
HPE IOT + ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2020-7132 (A potential security vulnerability has been identified in HPE 
Onboard  ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2020-7131 (This document describes a security vulnerability in Blade 
Maintenance  ...)
-       TODO: check
+       NOT-FOR-US: HPE
 CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote 
information discl ...)
        NOT-FOR-US: HPE
 CVE-2020-7129
@@ -13348,7 +13348,7 @@ CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 
build 180903 Web Version send
 CVE-2020-7056
        RESERVED
 CVE-2020-7055 (An issue was discovered in Elementor 2.7.4. Arbitrary file 
upload is p ...)
-       TODO: check
+       NOT-FOR-US: Elementor
 CVE-2020-7054 (MmsValue_decodeMmsData in 
mms/iso_mms/server/mms_access_result.c in li ...)
        NOT-FOR-US: libIEC61850
 CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 
longterm t ...)
@@ -16164,19 +16164,19 @@ CVE-2020-5872
 CVE-2020-5871
        RESERVED
 CVE-2020-5870 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization 
mechanis ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2020-5869 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization 
is not s ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2020-5868 (In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been 
discover ...)
-       TODO: check
+       NOT-FOR-US: F5
 CVE-2020-5867 (In versions prior to 3.3.0, the NGINX Controller Agent 
installer scrip ...)
-       TODO: check
+       NOT-FOR-US: NGINX Controller
 CVE-2020-5866 (In versions of NGINX Controller prior to 3.3.0, the helper.sh 
script,  ...)
-       TODO: check
+       NOT-FOR-US: NGINX Controller
 CVE-2020-5865 (In versions prior to 3.3.0, the NGINX Controller is configured 
to comm ...)
-       TODO: check
+       NOT-FOR-US: NGINX Controller
 CVE-2020-5864 (In versions of NGINX Controller prior to 3.2.0, communication 
between  ...)
-       TODO: check
+       NOT-FOR-US: NGINX Controller
 CVE-2020-5863 (In NGINX Controller versions prior to 3.2.0, an unauthenticated 
attack ...)
        NOT-FOR-US: NGINX Controller
 CVE-2020-5862 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 
14.1.0-14.1.2.2, under ...)
@@ -16424,7 +16424,7 @@ CVE-2020-5742
 CVE-2020-5741
        RESERVED
 CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows 
allows a loc ...)
-       TODO: check
+       NOT-FOR-US: Plex Media Server
 CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is 
vulnerable  ...)
        NOT-FOR-US: Grandstream
 CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is 
vulnerable  ...)
@@ -16762,7 +16762,7 @@ CVE-2020-5573
 CVE-2020-5572
        RESERVED
 CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and 
earlier, AQ ...)
-       TODO: check
+       NOT-FOR-US: SHARP AQUOS
 CVE-2020-5570
        RESERVED
 CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password 
tool (for ...)
@@ -20398,7 +20398,7 @@ CVE-2020-4087
 CVE-2020-4086
        RESERVED
 CVE-2020-4085 ("HCL Connections is vulnerable to possible information leakage 
and cou ...)
-       TODO: check
+       NOT-FOR-US: HCL Connections
 CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to 
cross-site scri ...)
        NOT-FOR-US: HCL Connections
 CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information 
leakage. Con ...)
@@ -26707,6 +26707,7 @@ CVE-2020-1953 (Apache Commons Configuration uses a 
third-party library to parse
        NOTE: https://www.openwall.com/lists/oss-security/2020/03/13/1
 CVE-2020-1952
        RESERVED
+       NOT-FOR-US: Apache IoTDB
 CVE-2020-1951 (A carefully crafted or corrupt PSD file can cause an infinite 
loop in  ...)
        {DLA-2161-1}
        - tika <unfixed> (bug #954302)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb6622298bb155bded2e925af6d4b9ddc87b3ad2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb6622298bb155bded2e925af6d4b9ddc87b3ad2
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to