[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Tue, 09 Jun 2020 13:59:48 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c26f08db by Salvatore Bonaccorso at 2020-06-09T22:58:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote 
authenticated user
 CVE-2020-13979
        RESERVED
 CVE-2020-13978 (** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who 
already has a ...)
-       TODO: check
+       NOT-FOR-US: Monstra CMS
 CVE-2020-13977 (Nagios 4.4.5 allows an attacker, who already has 
administrative access ...)
        TODO: check
 CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 
16214. The Di ...)
-       TODO: check
+       NOT-FOR-US: DD-WRT
 CVE-2020-13975
        RESERVED
 CVE-2020-13974 (An issue was discovered in the Linux kernel through 5.7.1. 
drivers/tty ...)
@@ -1917,7 +1917,7 @@ CVE-2020-13162
 CVE-2020-13161
        RESERVED
 CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: AnyDesk
 CVE-2020-13159
        RESERVED
 CVE-2020-13158
@@ -7200,7 +7200,7 @@ CVE-2020-11494 (An issue was discovered in slc_bump in 
drivers/net/can/slcan.c i
 CVE-2020-11493
        RESERVED
 CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on 
Windows.  ...)
-       TODO: check
+       NOT-FOR-US: Docker Desktop on Windows
 CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote 
authenticat ...)
        NOT-FOR-US: Zen Load Balancer
 CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote 
authent ...)
@@ -12358,7 +12358,7 @@ CVE-2020-9464 (A Denial-of-Service vulnerability exists 
in BECKHOFF Ethernet TCP
 CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute 
arbitrary  ...)
        - centreon-web <itp> (bug #913903)
 CVE-2020-9462 (An issue was discovered in all Athom Homey and Homey Pro 
devices up to ...)
-       TODO: check
+       NOT-FOR-US: Athom
 CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an 
authenticated us ...)
        NOT-FOR-US: Octech Oempro
 CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated 
user. The ...)
@@ -13242,7 +13242,7 @@ CVE-2020-9101
 CVE-2020-9100
        RESERVED
 CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; 
NIP6800; Se ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 
has an ...)
        NOT-FOR-US: Huawei
 CVE-2020-9097
@@ -13600,7 +13600,7 @@ CVE-2020-8955 (irc_mode_channel_update in 
plugins/irc/irc-mode.c in WeeChat thro
        [stretch] - weechat <no-dsa> (Minor issue)
        NOTE: 
https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da
 CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme 
Hijacking.[a link  ...)
-       TODO: check
+       NOT-FOR-US: OpenSearch Web browser
 CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP 
authentication by ...)
        NOT-FOR-US: OpenVPN Access Server
 CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the 
logout.jsp ti ...)
@@ -20440,9 +20440,9 @@ CVE-2020-6112
 CVE-2020-6111
        RESERVED
 CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in 
the way  ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom 
client, ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2020-6108
        RESERVED
 CVE-2020-6107
@@ -21547,7 +21547,7 @@ CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 
1.10.8, 1.8.0 to 1.8.23, 1.7
 CVE-2020-5590
        RESERVED
 CVE-2020-5589 (Multiple SONY Wireless Headphones have vulnerability that 
someone with ...)
-       TODO: check
+       NOT-FOR-US: SONY
 CVE-2020-5588
        RESERVED
 CVE-2020-5587
@@ -25318,9 +25318,9 @@ CVE-2020-4043
 CVE-2020-4042
        RESERVED
 CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded 
files was v ...)
-       TODO: check
+       NOT-FOR-US: Bolt CMS
 CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the 
preview ge ...)
-       TODO: check
+       NOT-FOR-US: Bolt CMS
 CVE-2020-4039
        RESERVED
 CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before 
versio ...)
@@ -32263,7 +32263,7 @@ CVE-2019-19414 (There is an integer overflow 
vulnerability in LDAP server of som
 CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of 
some Huaw ...)
        NOT-FOR-US: Huawei
 CVE-2019-19412 (Some Huawei smart phones have a Factory Reset Protection (FRP) 
bypass  ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, 
V500R00 ...)
        NOT-FOR-US: Huawei
 CVE-2019-19410
@@ -44048,9 +44048,9 @@ CVE-2019-16387 (** DISPUTED ** PEGA Platform 8.3.0 is 
vulnerable to a direct prw
 CVE-2019-16386 (** DISPUTED ** PEGA Platform 7.x and 8.x is vulnerable to 
Information  ...)
        NOT-FOR-US: PEGA Platform
 CVE-2019-16385 (Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response 
splitting vi ...)
-       TODO: check
+       NOT-FOR-US: Cybele Thinfinity VirtualUI
 CVE-2019-16384 (Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal 
that ca ...)
-       TODO: check
+       NOT-FOR-US: Cybele Thinfinity VirtualUI
 CVE-2019-16383 (MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 
before 10.2 ...)
        NOT-FOR-US: Progress MOVEit Transfer
 CVE-2019-16382 (An issue was discovered in Ivanti Workspace Control 
10.3.110.0. One is ...)
@@ -44906,7 +44906,7 @@ CVE-2019-16152 (A Denial of service (DoS) vulnerability 
in FortiClient for Linux
 CVE-2019-16151
        RESERVED
 CVE-2019-16150 (Use of a hard-coded cryptographic key to encrypt security 
sensitive da ...)
-       TODO: check
+       NOT-FOR-US: Fortiguard
 CVE-2019-16149
        RESERVED
 CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c 
can cras ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c26f08dbe36cf0f4c1c821778eaf2c35a9b528f6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c26f08dbe36cf0f4c1c821778eaf2c35a9b528f6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to