Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
44665b76 by Moritz Muehlenhoff at 2020-05-26T13:04:44+02:00
NFUs
mark one issue as generic Bluetooth protocol, it's not specific to Linux
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2020-13487
RESERVED
CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows
malicious red ...)
- TODO: check
+ NOT-FOR-US: Craft CMS plugin
CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP
Whitelist ...)
- TODO: check
+ NOT-FOR-US: Craft CMS plugin
CVE-2020-13484
RESERVED
CVE-2020-13483
RESERVED
CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an
insecure way ...)
- TODO: check
+ NOT-FOR-US: EM-HTTP-Request
CVE-2020-13481
RESERVED
CVE-2020-13480
@@ -9381,8 +9381,7 @@ CVE-2020-10137
CVE-2020-10136
RESERVED
CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication
in Blueto ...)
- - linux <unfixed>
- TODO: check, the CVE was specifically associated with kernel part
+ NOTE: Bluetooth protocol issue
CVE-2020-10134 (Pairing in Bluetooth® Core v5.2 and earlier may permit an
unauthe ...)
NOTE: Bluetooth protocol issue
CVE-2020-10133
@@ -10231,7 +10230,7 @@ CVE-2020-9755
CVE-2020-9754
RESERVED
CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support
signatur ...)
- TODO: check
+ NOT-FOR-US: Whale Browser
CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can
move a lo ...)
NOT-FOR-US: Naver Cloud Explorer
CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to
download an ...)
@@ -11013,9 +11012,9 @@ CVE-2020-9412
CVE-2020-9411
RESERVED
CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO
JasperRe ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO
JasperR ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
NOT-FOR-US: TIBCO
CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain
sensitive ...)
@@ -11814,7 +11813,7 @@ CVE-2020-9071
CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than
10.0.0.205( ...)
NOT-FOR-US: Huawei
CVE-2020-9069 (There is an information leakage vulnerability in some Huawei
products. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900,
V200R007C00 ...)
NOT-FOR-US: Huawei
CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei
products. The ...)
@@ -11862,7 +11861,7 @@ CVE-2020-9047
CVE-2020-9046
RESERVED
CVE-2020-9045 (During installation or upgrade to Software House C•CURE
9000 v2. ...)
- TODO: check
+ NOT-FOR-US: Software House
CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web
Services ...)
NOT-FOR-US: Johnson Controls
CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows
disclosure of t ...)
@@ -12527,7 +12526,7 @@ CVE-2020-8791 (The OKLOK (3.1.1) mobile companion app
for Fingerprint Bluetooth
CVE-2020-8790 (The OKLOK (3.1.1) mobile companion app for Fingerprint
Bluetooth Padlo ...)
NOT-FOR-US: OKLOK
CVE-2020-8789 (Composr 10.0.30 allows Persistent XSS via a Usergroup name
under the S ...)
- TODO: check
+ NOT-FOR-US: Composr
CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS
(and HT ...)
NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer
CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions
prior to ...)
@@ -13015,7 +13014,7 @@ CVE-2020-8574
CVE-2020-8573
RESERVED
CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Element OS
CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0
through 11 ...)
NOT-FOR-US: StorageGRID
CVE-2020-8570
@@ -14839,7 +14838,7 @@ CVE-2020-7815
CVE-2020-7814
RESERVED
CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70
and prio ...)
- TODO: check
+ NOT-FOR-US: Kaoni
CVE-2020-7812
RESERVED
CVE-2020-7811
@@ -14849,7 +14848,7 @@ CVE-2020-7810
CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model
(DOM) ...)
NOT-FOR-US: ALSong
CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update
processin ...)
- TODO: check
+ NOT-FOR-US: RAONWIZ K Upload
CVE-2020-7807
RESERVED
CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an
arbitrary cod ...)
@@ -16288,11 +16287,11 @@ CVE-2020-7141
CVE-2020-7140
RESERVED
CVE-2020-7139 (Potential remote access security vulnerabilities have been
identified ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7138 (Potential remote code execution security vulnerabilities have
been ide ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7137 (A validation issue in HPE Superdome Flex's RMC component may
allow loc ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7136 (A security vulnerability in HPE Smart Update Manager (SUM)
prior to ve ...)
NOT-FOR-US: HPE Smart Update Manager (SUM)
CVE-2020-7135 (A potential security vulnerability has been identified in the
disk dri ...)
@@ -17663,7 +17662,7 @@ CVE-2020-6617 (stb stb_truetype.h through 1.22 has an
assertion failure in stbtt
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/867
CVE-2020-6616 (Some Broadcom chips mishandle Bluetooth random-number
generation becau ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in
dwg_dyna ...)
- libredwg <itp> (bug #595191)
CVE-2020-6614 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in
bfr_read ...)
@@ -18928,7 +18927,7 @@ CVE-2020-6093 (An exploitable information disclosure
vulnerability exists in the
CVE-2020-6092 (An exploitable code execution vulnerability exists in the way
Nitro Pr ...)
NOT-FOR-US: Nitro Pro
CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in
the ESPON ...)
- TODO: check
+ NOT-FOR-US: EPSON
CVE-2020-6090
RESERVED
CVE-2020-6089
@@ -19662,7 +19661,7 @@ CVE-2020-5754
CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS
v3.8.1.5 and u ...)
TODO: check
CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3
allows a ...)
- TODO: check
+ NOT-FOR-US: Druva inSync Windows Client
CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, aut ...)
NOT-FOR-US: TCExam
CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, una ...)
@@ -20008,7 +20007,7 @@ CVE-2020-5581
CVE-2020-5580
RESERVED
CVE-2020-5579 (SQL injection vulnerability in the Paid Memberships versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Paid Memberships
CVE-2020-5578
RESERVED
CVE-2020-5577 (Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier
(Movabl ...)
@@ -20092,7 +20091,7 @@ CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1,
Ver.2.2, Ver.2.3, and Ver.3.0
CVE-2020-5538 (Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier
allows ...)
NOT-FOR-US: PALLET CONTROL
CVE-2020-5537 (Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code
executi ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2020-5536 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an
attacke ...)
NOT-FOR-US: OpenBlocks IoT VX2
CVE-2020-5535 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an
attacke ...)
@@ -23929,7 +23928,7 @@ CVE-2020-3958
CVE-2020-3957
RESERVED
CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before
9.7.0.5, ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7
without patch ...)
NOT-FOR-US: VMware
CVE-2020-3954 (Open Redirect vulnerability exists in VMware vRealize Log
Insight prio ...)
@@ -26323,9 +26322,9 @@ CVE-2020-3346
CVE-2020-3345
RESERVED
CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector
Software an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3343 (A vulnerability in Cisco AMP for Endpoints Linux Connector
Software an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3342
RESERVED
CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam
AntiVirus (C ...)
@@ -26391,7 +26390,7 @@ CVE-2020-3316
CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the
Snort d ...)
NOT-FOR-US: Cisco
CVE-2020-3314 (A vulnerability in the file scan process of Cisco AMP for
Endpoints Ma ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3313 (A vulnerability in the web UI of Cisco Firepower Management
Center (FM ...)
NOT-FOR-US: Cisco
CVE-2020-3312 (A vulnerability in the application policy configuration of
Cisco Firep ...)
@@ -26459,7 +26458,7 @@ CVE-2020-3282
CVE-2020-3281
RESERVED
CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of
Cisco Unifi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3279
RESERVED
CVE-2020-3278
@@ -26475,7 +26474,7 @@ CVE-2020-3274
CVE-2020-3273 (A vulnerability in the 802.11 Generic Advertisement Service
(GAS) fram ...)
NOT-FOR-US: Cisco
CVE-2020-3272 (A vulnerability in the DHCP server of Cisco Prime Network
Registrar co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3271
RESERVED
CVE-2020-3270
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44665b76478c4578a8b91a79501140875691def6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44665b76478c4578a8b91a79501140875691def6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
