[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Wed, 17 Jun 2020 01:46:21 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ee5f2657 by Salvatore Bonaccorso at 2020-06-17T10:45:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1400,11 +1400,11 @@ CVE-2020-13654
 CVE-2020-13653
        RESERVED
 CVE-2020-13652 (An issue was discovered in DigDash 2018R2 before p20200528, 
2019R1 bef ...)
-       TODO: check
+       NOT-FOR-US: DigDash
 CVE-2020-13651 (An issue was discovered in DigDash 2018R2 before p20200528, 
2019R1 bef ...)
-       TODO: check
+       NOT-FOR-US: DigDash
 CVE-2020-13650 (An issue was discovered in DigDash 2018R2 before p20200210 and 
2019R1  ...)
-       TODO: check
+       NOT-FOR-US: DigDash
 CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors 
during c ...)
        NOT-FOR-US: JerryScript
 CVE-2020-13648
@@ -2507,7 +2507,7 @@ CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 
3.0.10, and 2.6.0 to 2.6.1
 CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way 
that allo ...)
        NOT-FOR-US: em-imap
 CVE-2020-13162 (A time-of-check time-of-use vulnerability in 
PulseSecureService.exe in ...)
-       TODO: check
+       NOT-FOR-US: Pulse Secure Client
 CVE-2020-13161
        RESERVED
 CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string 
vulnerab ...)
@@ -2532,7 +2532,7 @@ CVE-2020-13152 (A remote user can create a specially 
crafted M3U file, media pla
 CVE-2020-13151
        RESERVED
 CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 
90 secon ...)
-       TODO: check
+       NOT-FOR-US: D-link
 CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" 
folder in Dr ...)
        NOT-FOR-US: Dragon Center
 CVE-2020-13148
@@ -5306,7 +5306,7 @@ CVE-2020-12021
 CVE-2020-12020
        RESERVED
 CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a 
stack-based  ...)
-       TODO: check
+       NOT-FOR-US: WebAccess Node
 CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 
9.0.0. An o ...)
        NOT-FOR-US: Advantech WebAccess Node
 CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, 
all firmw ...)
@@ -13056,9 +13056,9 @@ CVE-2020-9433 (openssl_x509_check_email in lua-openssl 
0.7.7-1 mishandles X.509
 CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 
certif ...)
        NOT-FOR-US: lua-openssl (different from lua-luaossl)
 CVE-2020-9427 (OX Guard 2.10.3 and earlier allows SSRF. ...)
-       TODO: check
+       NOT-FOR-US: OX Guard
 CVE-2020-9426 (OX Guard 2.10.3 and earlier allows XSS. ...)
-       TODO: check
+       NOT-FOR-US: OX Guard
 CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig 
before 3.9 ...)
        NOT-FOR-US: rConfig
 CVE-2020-9424
@@ -13429,7 +13429,7 @@ CVE-2020-9298
 CVE-2020-9297
        RESERVED
 CVE-2020-9296 (Netflix Conductor uses Java Bean Validation (JSR 380) custom 
constrain ...)
-       TODO: check
+       NOT-FOR-US: Netflix Conductor
 CVE-2020-9295
        RESERVED
 CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 
6.0.7, 6 ...)
@@ -13443,7 +13443,7 @@ CVE-2020-9291 (An Insecure Temporary File vulnerability 
in FortiClient for Windo
 CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows 
online  ...)
        NOT-FOR-US: Fortiguard
 CVE-2020-9289 (Use of a hard-coded cryptographic key to encrypt password data 
in CLI  ...)
-       TODO: check
+       NOT-FOR-US: Fortiguard
 CVE-2020-9288
        RESERVED
 CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online 
installe ...)
@@ -13917,9 +13917,9 @@ CVE-2020-9078
 CVE-2020-9077
        RESERVED
 CVE-2020-9076 (HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions 
earlier ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2020-9075 (Huawei products Secospace USG6300;USG6300E with versions of 
V500R001C3 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2020-9074 (Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an 
imprope ...)
        NOT-FOR-US: Huawei
 CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 
10.0.0.156(C00E156R1 ...)
@@ -15195,13 +15195,13 @@ CVE-2020-8546
 CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...)
        NOT-FOR-US: AIL framework
 CVE-2020-8544 (OX App Suite through 7.10.3 allows SSRF. ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2020-8543 (OX App Suite through 7.10.3 has Improper Input Validation. ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2020-8542 (OX App Suite through 7.10.3 allows XSS. ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2020-8541 (OX App Suite through 7.10.3 allows XXE attacks. ...)
-       TODO: check
+       NOT-FOR-US: OX App Suite
 CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine 
Deskto ...)
        NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2020-8539
@@ -22736,7 +22736,7 @@ CVE-2020-5360
 CVE-2020-5359
        RESERVED
 CVE-2020-5358 (Dell Encryption versions prior to 10.7 and Dell Endpoint 
Security Suit ...)
-       TODO: check
+       NOT-FOR-US: Dell Encryption
 CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer 
and Comme ...)
        NOT-FOR-US: Dell
 CVE-2020-5356
@@ -22864,7 +22864,7 @@ CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post 
using parameters display na
 CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name 
field of  ...)
        NOT-FOR-US: Codoforum
 CVE-2020-5304 (The dashboard in WhiteSource Application Vulnerability 
Management (AVM ...)
-       TODO: check
+       NOT-FOR-US: WhiteSource Application Vulnerability Management (AVM)
 CVE-2020-5303 (Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a 
denial-o ...)
        NOT-FOR-US: Tendermint
 CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), 
had a b ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5f26577d2f57f1b4c511c637bed838f50048e3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5f26577d2f57f1b4c511c637bed838f50048e3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to