[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Wed, 29 Jul 2020 21:45:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bbd86429 by Salvatore Bonaccorso at 2020-07-30T06:38:44+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -76,7 +76,7 @@ CVE-2020-16097
 CVE-2020-16096
        RESERVED
 CVE-2020-16095 (The dlf (aka Kitodo.Presentation) extension before 3.1.2 for 
TYPO3 all ...)
-       TODO: check
+       NOT-FOR-US: dlf for TYPO3
 CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a 
malicious  ...)
        - claws-mail <unfixed>
        NOTE: 
https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
@@ -1294,7 +1294,7 @@ CVE-2020-15590
 CVE-2020-15589
        RESERVED
 CVE-2020-15588 (An issue was discovered in the client side of Zoho 
ManageEngine Deskto ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2020-15587
        RESERVED
 CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in 
some net ...)
@@ -1717,7 +1717,7 @@ CVE-2020-15410
 CVE-2020-15409
        RESERVED
 CVE-2020-15408 (An issue was discovered in Pulse Secure Pulse Connect Secure 
before 9. ...)
-       TODO: check
+       NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2020-15407
        RESERVED
 CVE-2020-15406
@@ -2392,9 +2392,9 @@ CVE-2020-15101 (In freewvs before 0.1.1, a directory 
structure of more than 1000
 CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that 
freewvs ...)
        NOT-FOR-US: freewvs
 CVE-2020-15099 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 
9.5.20, and  ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2020-15098 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 
9.5.20, and  ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2020-15097
        RESERVED
 CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 
9.0.0-beta21, the ...)
@@ -2421,7 +2421,7 @@ CVE-2020-15088
 CVE-2020-15087 (In Presto before version 337, authenticated users can bypass 
authoriza ...)
        NOT-FOR-US: Presto query engine, different from src:presto
 CVE-2020-15086 (In TYPO3 installations with the "mediace" extension from 
version 7.6.2 ...)
-       TODO: check
+       NOT-FOR-US: TYPO3
 CVE-2020-15085 (In Saleor Storefront before version 2.10.3, request data used 
to authe ...)
        NOT-FOR-US: Saleor Storefront
 CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3, 
the algor ...)
@@ -3718,21 +3718,21 @@ CVE-2020-14495
 CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an 
authentication  ...)
        NOT-FOR-US: OpenClinic GA
 CVE-2020-14493 (A low-privilege user may use SQL syntax to write arbitrary 
files to th ...)
-       TODO: check
+       NOT-FOR-US: OpenClinic
 CVE-2020-14492 (OpenClinic GA 5.09.02 and 5.89.05b does not properly 
neutralize user-c ...)
-       TODO: check
+       NOT-FOR-US: OpenClinic
 CVE-2020-14491 (OpenClinic GA versions 5.09.02 and 5.89.05b do not properly 
check perm ...)
        NOT-FOR-US: OpenClinic GA
 CVE-2020-14490 (OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local 
files spec ...)
-       TODO: check
+       NOT-FOR-US: OpenClinic
 CVE-2020-14489 (OpenClinic GA 5.09.02 and 5.89.05b stores passwords using 
inadequate h ...)
-       TODO: check
+       NOT-FOR-US: OpenClinic
 CVE-2020-14488 (OpenClinic GA 5.09.02 and 5.89.05b does not properly verify 
uploaded f ...)
-       TODO: check
+       NOT-FOR-US: OpenClinic
 CVE-2020-14487 (OpenClinic GA 5.09.02 contains a hidden default user account 
that may  ...)
-       TODO: check
+       NOT-FOR-US: OpenClinic
 CVE-2020-14486 (An attacker may bypass permission/authorization checks in 
OpenClinic G ...)
-       TODO: check
+       NOT-FOR-US: OpenClinic
 CVE-2020-14485 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an 
attacker to b ...)
        NOT-FOR-US: OpenClinic GA
 CVE-2020-14484 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an 
attacker to b ...)
@@ -5303,7 +5303,7 @@ CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in 
libEMF (aka ECMA-234 Metafil
 CVE-2020-13998 (** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is 
enabled ...)
        NOT-FOR-US: Citrix
 CVE-2020-13997 (In Shopware before 6.2.3, the database password is leaked to 
an unauth ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL 
injection at ...)
        NOT-FOR-US: J2Store plugin for Joomla!
 CVE-2020-13995
@@ -5359,9 +5359,9 @@ CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows 
XSS. An attacker who co
 CVE-2020-13972
        RESERVED
 CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to 
use the M ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request 
Forgery ( ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2020-13969
        RESERVED
 CVE-2020-13968
@@ -5478,17 +5478,17 @@ CVE-2020-13920
 CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 
200.7.10.102.92 allow ...)
        TODO: check
 CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed 
through  ...)
-       TODO: check
+       NOT-FOR-US: Ruckus Wireless Unleashed
 CVE-2020-13917 (rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows 
a remot ...)
-       TODO: check
+       NOT-FOR-US: Ruckus Wireless Unleashed
 CVE-2020-13916 (A stack buffer overflow in webs in Ruckus Wireless Unleashed 
through 2 ...)
-       TODO: check
+       NOT-FOR-US: Ruckus Wireless Unleashed
 CVE-2020-13915 (Insecure permissions in emfd/libemf in Ruckus Wireless 
Unleashed throu ...)
-       TODO: check
+       NOT-FOR-US: Ruckus Wireless Unleashed
 CVE-2020-13914 (webs in Ruckus Wireless Unleashed through 200.7.10.102.92 
allows a rem ...)
-       TODO: check
+       NOT-FOR-US: Ruckus Wireless Unleashed
 CVE-2020-13913 (An XSS issue in emfd in Ruckus Wireless Unleashed through 
200.7.10.102 ...)
-       TODO: check
+       NOT-FOR-US: Ruckus Wireless Unleashed
 CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows 
local users  ...)
        NOT-FOR-US: SolarWinds Advanced Monitoring Agent
 CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger 
XSS via a ...)
@@ -6121,7 +6121,7 @@ CVE-2020-13701
 CVE-2020-13700 (An issue was discovered in the acf-to-rest-api plugin through 
3.1.0 fo ...)
        NOT-FOR-US: acf-to-rest-api plugin for WordPress
 CVE-2020-13699 (TeamViewer Desktop for Windows before 15.8.3 does not properly 
quote i ...)
-       TODO: check
+       NOT-FOR-US: TeamViewer Desktop
 CVE-2020-13698
        RESERVED
 CVE-2020-13697
@@ -7957,7 +7957,7 @@ CVE-2020-12882 (Submitty through 20.04.01 allows XSS via 
upload of an SVG docume
 CVE-2020-12881
        RESERVED
 CVE-2020-12880 (An issue was discovered in Pulse Policy Secure (PPS) and Pulse 
Connect ...)
-       TODO: check
+       NOT-FOR-US: Pulse
 CVE-2020-12879
        RESERVED
 CVE-2020-12878
@@ -12780,11 +12780,11 @@ CVE-2020-11478
 CVE-2020-11477
        RESERVED
 CVE-2020-11476 (Concrete5 before 8.5.3 allows Unrestricted Upload of File with 
Dangero ...)
-       TODO: check
+       NOT-FOR-US: Concrete5
 CVE-2020-11475
        RESERVED
 CVE-2020-11474 (NCP Secure Enterprise Client before 10.15 r47589 allows a 
symbolic lin ...)
-       TODO: check
+       NOT-FOR-US: NCP Secure Enterprise Client
 CVE-2020-11473
        RESERVED
 CVE-2020-11472
@@ -14038,13 +14038,13 @@ CVE-2020-10987 (The goform/setUsbUnload endpoint of 
Tenda AC15 AC1900 version 15
 CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda 
AC15 AC190 ...)
        NOT-FOR-US: Tenda
 CVE-2020-10985 (Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. 
...)
-       TODO: check
+       NOT-FOR-US: Gambio GX
 CVE-2020-10984 (Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. ...)
-       TODO: check
+       NOT-FOR-US: Gambio GX
 CVE-2020-10983 (Gambio GX before 4.0.1.0 allows SQL Injection in 
admin/mobile.php. ...)
-       TODO: check
+       NOT-FOR-US: Gambio GX
 CVE-2020-10982 (Gambio GX before 4.0.1.0 allows SQL Injection in 
admin/gv_mail.php. ...)
-       TODO: check
+       NOT-FOR-US: Gambio GX
 CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other 
maintaine ...)
        [experimental] - gitlab 12.8.8-1
        - gitlab <unfixed>
@@ -14231,21 +14231,21 @@ CVE-2020-10932 (An issue was discovered in Arm Mbed 
TLS before 2.16.6 and 2.7.x
        NOTE: 
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
        NOTE: 
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
 CVE-2020-10930 (This vulnerability allows network-adjacent attackers to 
disclose sensi ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-10929 (This vulnerability allows network-adjacent attackers to 
execute arbitr ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-10928 (This vulnerability allows network-adjacent attackers to 
execute arbitr ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-10927 (This vulnerability allows network-adjacent attackers to 
execute arbitr ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-10926 (This vulnerability allows network-adjacent attackers to 
execute arbitr ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-10925 (This vulnerability allows network-adjacent attackers to 
compromise the ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-10924 (This vulnerability allows network-adjacent attackers to bypass 
authent ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-10923 (This vulnerability allows network-adjacent attackers to bypass 
authent ...)
-       TODO: check
+       NOT-FOR-US: Netgear
 CVE-2020-10922 (This vulnerability allows remote attackers to create a 
denial-of-servi ...)
        NOT-FOR-US: C-MORE HMI
 CVE-2020-10921 (This vulnerability allows remote attackers to issue commands 
on affect ...)
@@ -17559,13 +17559,13 @@ CVE-2020-9694
 CVE-2020-9693
        RESERVED
 CVE-2020-9692 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier 
have a ...)
-       TODO: check
+       NOT-FOR-US: Magento
 CVE-2020-9691 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier 
have a ...)
-       TODO: check
+       NOT-FOR-US: Magento
 CVE-2020-9690 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier 
have a ...)
-       TODO: check
+       NOT-FOR-US: Magento
 CVE-2020-9689 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier 
have a ...)
-       TODO: check
+       NOT-FOR-US: Magento
 CVE-2020-9688 (Adobe Download Manager version 2.0.0.518 have a command 
injection vuln ...)
        NOT-FOR-US: Adobe
 CVE-2020-9687 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 
have an ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbd864295bc9fba628c63459444105786e09bcd0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbd864295bc9fba628c63459444105786e09bcd0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to