[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Thu, 14 May 2020 08:45:08 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cbd1181f by Moritz Muehlenhoff at 2020-05-14T17:44:10+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -338,13 +338,13 @@ CVE-2020-12702
 CVE-2020-12701
        RESERVED
 CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows 
Information D ...)
-       TODO: check
+       NOT-FOR-US: Typo3 extension
 CVE-2020-12699 (The direct_mail extension through 5.2.3 for TYPO3 has an Open 
Redirect ...)
-       TODO: check
+       NOT-FOR-US: Typo3 extension
 CVE-2020-12698 (The direct_mail extension through 5.2.3 for TYPO3 has Broken 
Access Co ...)
-       TODO: check
+       NOT-FOR-US: Typo3 extension
 CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows 
Denial of Ser ...)
-       TODO: check
+       NOT-FOR-US: Typo3 extension
 CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a 
URL. ...)
        NOT-FOR-US: iframe plugin for WordPress
 CVE-2020-12695
@@ -962,7 +962,7 @@ CVE-2020-12429 (Online Course Registration 2.0 has multiple 
SQL injections that
 CVE-2020-12428
        RESERVED
 CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 
for MyClou ...)
-       TODO: check
+       NOT-FOR-US: Western Digital
 CVE-2020-12426
        RESERVED
 CVE-2020-12425
@@ -2135,7 +2135,7 @@ CVE-2020-11934
 CVE-2020-11933
        RESERVED
 CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu 
Server logge ...)
-       TODO: check
+       NOT-FOR-US: Subiquity installer for Ubuntu
 CVE-2020-11931
        RESERVED
        NOT-FOR-US: Ubuntu snap packaging of Pulseaudio
@@ -5298,21 +5298,21 @@ CVE-2020-11072 (In SLP Validate (npm package 
slp-validate) before version 1.2.1,
 CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a 
vulnerability w ...)
        TODO: check
 CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site 
scripting vulne ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2020-11069 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, 
it has be ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2020-11068
        RESERVED
 CVE-2020-11067 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, 
it has be ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2020-11066 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 
9.5.17 and g ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2020-11065 (In TYPO3 CMS greater than or equal to 9.5.12 and less than 
9.5.17, and ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2020-11064 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 
9.5.17 and g ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2020-11063 (In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been 
discovered that t ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS 
occur in ...)
        - glpi <removed> (unimportant)
        NOTE: 
https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h
@@ -5334,7 +5334,7 @@ CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a 
stream out-of-bounds se
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf
        NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011
 CVE-2020-11057 (In XWiki Platform 7.2 through 11.10.2, registered users 
without script ...)
-       TODO: check
+       NOT-FOR-US: XWiki
 CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side 
Templat ...)
        NOT-FOR-US: Sprout Forms
 CVE-2020-11055 (In BookStack greater than or equal to 0.18.0 and less than 
0.29.2, the ...)
@@ -6746,7 +6746,7 @@ CVE-2020-10656
 CVE-2020-10655
        RESERVED
 CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer 
overflow ...)
-       TODO: check
+       NOT-FOR-US: Ping Identity PingID
 CVE-2020-10653
        RESERVED
 CVE-2020-10652
@@ -8639,25 +8639,25 @@ CVE-2020-9768 (A use after free issue was addressed 
with improved memory managem
 CVE-2020-9767
        RESERVED
 CVE-2020-10028 (Multiple syscalls with insufficient argument validation See 
NCC-ZEP-00 ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10027 (An attacker who has obtained code execution within a user 
thread is ab ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10026
        REJECTED
 CVE-2020-10025
        REJECTED
 CVE-2020-10024 (The arm platform-specific code uses a signed integer 
comparison when v ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10023 (The shell subsystem contains a buffer overflow, whereby an 
adversary w ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10022 (A malformed JSON payload that is received from an UpdateHub 
server may ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10021 (Out-of-bounds Write in the USB Mass Storage memoryWrite 
handler with u ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10020
        REJECTED
 CVE-2020-10019 (USB DFU has a potential buffer overflow where the requested 
length (wL ...)
-       TODO: check
+       NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which 
are the  ...)
        {DSA-4641-1}
        - webkit2gtk 2.28.0-2
@@ -9271,9 +9271,9 @@ CVE-2020-9504
 CVE-2020-9503
        RESERVED
 CVE-2020-9502 (Some Dahua products with Build time before December 2019 have 
Session  ...)
-       TODO: check
+       NOT-FOR-US: Dahua
 CVE-2020-9501 (Attackers can obtain Cloud Key information from the Dahua Web 
P2P cont ...)
-       TODO: check
+       NOT-FOR-US: Dahua
 CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. 
After t ...)
        NOT-FOR-US: Dahua
 CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After 
the su ...)
@@ -17835,9 +17835,9 @@ CVE-2020-5897 (In versions 7.1.5-7.1.9, there is 
use-after-free memory vulnerabi
 CVE-2020-5896 (On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows 
Installer Se ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2020-5895 (On NGINX Controller versions 3.1.0-3.3.0, AVRD uses 
world-readable and ...)
-       TODO: check
+       NOT-FOR-US: NGINX Controller
 CVE-2020-5894 (On versions 3.0.0-3.3.0, the NGINX Controller webserver does 
not inval ...)
-       TODO: check
+       NOT-FOR-US: NGINX Controller
 CVE-2020-5893 (In versions 7.1.5-7.1.8, when a user connects to a VPN using 
BIG-IP Ed ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2020-5892 (In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in 
BIG-IP A ...)
@@ -17949,17 +17949,17 @@ CVE-2020-5840 (An issue was discovered in HashBrown 
CMS before 1.3.2. Server/Ent
 CVE-2020-5839
        RESERVED
 CVE-2020-5838 (Symantec IT Analytics, prior to 2.9.1, may be susceptible to a 
cross-s ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect 
file perm ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2020-5836 (Symantec Endpoint Protection, prior to 14.3, can potentially 
reset the ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2020-5835 (Symantec Endpoint Protection Manager, prior to 14.3, has a race 
condit ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2020-5834 (Symantec Endpoint Protection Manager, prior to 14.3, may be 
susceptibl ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2020-5833 (Symantec Endpoint Protection Manager, prior to 14.3, may be 
susceptibl ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2020-5832 (Symantec Data Center Security Manager Component, prior to 6.8.2 
(aka 6 ...)
        NOT-FOR-US: Symantec
 CVE-2020-5831 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 
MP1, ma ...)
@@ -18549,7 +18549,7 @@ CVE-2020-5540
 CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and 
Ver.3.0 do no ...)
        NOT-FOR-US: GRANDIT
 CVE-2020-5538 (Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier 
allows  ...)
-       TODO: check
+       NOT-FOR-US: PALLET CONTROL
 CVE-2020-5537
        RESERVED
 CVE-2020-5536 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an 
attacke ...)
@@ -18866,7 +18866,7 @@ CVE-2020-5411
 CVE-2020-5410
        RESERVED
 CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows 
redirects to u ...)
-       TODO: check
+       NOT-FOR-US: Pivotal
 CVE-2020-5408
        RESERVED
 CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior 
to 5.3.2 ...)
@@ -28081,27 +28081,27 @@ CVE-2020-2020
 CVE-2020-2019
        RESERVED
 CVE-2020-2018 (An authentication bypass vulnerability in Palo Alto Networks 
PAN-OS Pa ...)
-       TODO: check
+       NOT-FOR-US: PAN-OS
 CVE-2020-2017 (A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS 
and Pa ...)
-       TODO: check
+       NOT-FOR-US: PAN-OS
 CVE-2020-2016 (A race condition due to insecure creation of a file in a 
temporary dir ...)
-       TODO: check
+       NOT-FOR-US: PAN-OS
 CVE-2020-2015 (A buffer overflow vulnerability in the PAN-OS management server 
allows ...)
-       TODO: check
+       NOT-FOR-US: PAN-OS
 CVE-2020-2014 (An OS Command Injection vulnerability in PAN-OS management 
server allo ...)
-       TODO: check
+       NOT-FOR-US: PAN-OS
 CVE-2020-2013 (A cleartext transmission of sensitive information vulnerability 
in Pal ...)
-       TODO: check
+       NOT-FOR-US: PAN-OS
 CVE-2020-2012 (Improper restriction of XML external entity reference ('XXE') 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: PAN-OS
 CVE-2020-2011 (An improper input validation vulnerability in the configuration 
daemon ...)
-       TODO: check
+       NOT-FOR-US: PAN-OS
 CVE-2020-2010 (An OS command injection vulnerability in PAN-OS management 
interface a ...)
-       TODO: check
+       NOT-FOR-US: PAN-OS
 CVE-2020-2009 (An external control of filename vulnerability in the SD WAN 
component  ...)
-       TODO: check
+       NOT-FOR-US: PAN-OS
 CVE-2020-2008 (An OS command injection and external control of filename 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: PAN-OS
 CVE-2020-2007 (An OS command injection vulnerability in the management server 
compone ...)
        TODO: check
 CVE-2020-2006 (A stack-based buffer overflow vulnerability in the management 
server c ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbd1181f8efc19025bfd446768fd05340063ecca

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbd1181f8efc19025bfd446768fd05340063ecca
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to