[Git][security-tracker-team/security-tracker][master] 5 commits: Process some NFUs

Salvatore Bonaccorso Sat, 22 Aug 2020 03:51:55 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8c8c4488 by Salvatore Bonaccorso at 2020-08-22T12:45:55+02:00
Process some NFUs

- - - - -
790660d5 by Salvatore Bonaccorso at 2020-08-22T12:46:18+02:00
Add CVE-2020-{8189,8227}/nextcloud-desktop

- - - - -
843f9dcb by Salvatore Bonaccorso at 2020-08-22T12:46:45+02:00
Add CVE-2020-7923/mongodb

- - - - -
728cd5b5 by Salvatore Bonaccorso at 2020-08-22T12:47:03+02:00
AddCVE-2020-7019/elasticsearch

- - - - -
e42d42e9 by Salvatore Bonaccorso at 2020-08-22T12:50:35+02:00
Merge remote-tracking branch &#39;origin/master&#39; into master

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -809,7 +809,7 @@ CVE-2020-24214
 CVE-2020-24213
        RESERVED
 CVE-2020-24212 (**REJECTED**Kaldin 4.0 is affected by: Insecure Permissions. 
The impac ...)
-       TODO: check
+       NOT-FOR-US: Kaldin
 CVE-2020-24211
        RESERVED
 CVE-2020-24210
@@ -1357,7 +1357,7 @@ CVE-2020-23940
 CVE-2020-23939
        RESERVED
 CVE-2020-23938 (***REJECTED***Out of bounds read (CWE-125) in AnnLab V3 Lite 
4.0.8.3 c ...)
-       TODO: check
+       NOT-FOR-US: AnnLab V3 Lite
 CVE-2020-23937
        RESERVED
 CVE-2020-23936 (PHPGurukul Vehicle Parking Management System 1.0 is vulnerable 
to Auth ...)
@@ -17734,7 +17734,7 @@ CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in 
hw/net/e1000e_core.c because
        NOTE: 
https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
        NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
 CVE-2020-15858 (Some devices of Thales DIS (formerly Gemalto, formerly 
Cinterion) allo ...)
-       TODO: check
+       NOT-FOR-US: Thales DIS
 CVE-2020-15857
        RESERVED
 CVE-2020-15856
@@ -33896,13 +33896,13 @@ CVE-2020-10128
 CVE-2020-10127
        RESERVED
 CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly 
validate  ...)
-       TODO: check
+       NOT-FOR-US: NCR SelfServ ATMs
 CVE-2020-10125 (NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 
implement 51 ...)
-       TODO: check
+       NOT-FOR-US: NCR SelfServ ATMs
 CVE-2020-10124 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, 
authentic ...)
-       TODO: check
+       NOT-FOR-US: NCR SelfServ ATMs
 CVE-2020-10123 (The currency dispenser of NCR SelfSev ATMs running APTRA XFS 
05.01.00  ...)
-       TODO: check
+       NOT-FOR-US: NCR SelfServ ATMs
 CVE-2019-20501 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated 
OS comm ...)
        NOT-FOR-US: D-Link
 CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated 
OS comm ...)
@@ -36409,9 +36409,9 @@ CVE-2020-9065 (Huawei smart phone Taurus-AL00B with 
versions earlier than 10.0.0
 CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than 
OxfordS-AN00A 1 ...)
        NOT-FOR-US: Huawei
 CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not 
authent ...)
-       TODO: check
+       NOT-FOR-US: NCR SelfServ ATMs
 CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase 
version ...)
-       TODO: check
+       NOT-FOR-US: Diebold Nixdorf ProCash 2100xe USB ATMs
 CVE-2020-9061
        RESERVED
 CVE-2020-9060
@@ -38384,7 +38384,7 @@ CVE-2020-8236
 CVE-2020-8235
        RESERVED
 CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware 
&lt;v1.9.1 w ...)
-       TODO: check
+       NOT-FOR-US: EdgeMax EdgeSwitch firmware
 CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware 
&lt;v1 ...)
        NOT-FOR-US: Edgeswitch
 CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax 
EdgeSwitch f ...)
@@ -38403,7 +38403,8 @@ CVE-2020-8229 (A memory leak in the OCUtil.dll library 
used by Nextcloud Desktop
 CVE-2020-8228
        RESERVED
 CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop 
Client  ...)
-       TODO: check
+       - nextcloud-desktop <unfixed>
+       NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-032
 CVE-2020-8226 (A vulnerability exists in phpBB &lt;v3.2.10 and &lt;v3.3.1 
which allow ...)
        NOT-FOR-US: phpBB
 CVE-2020-8225
@@ -38483,7 +38484,8 @@ CVE-2020-8191 (Improper input validation in Citrix ADC 
and Citrix Gateway versio
 CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway 
before ver ...)
        NOT-FOR-US: Citrix
 CVE-2020-8189 (A cross-site scripting error in Nextcloud Desktop client 2.6.4 
allowed ...)
-       TODO: check
+       - nextcloud-desktop <unfixed>
+       NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-027
 CVE-2020-8188 (We have recently released new version of UniFi Protect firmware 
v1.13. ...)
        NOT-FOR-US: UniFi Protect
 CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway 
versions be ...)
@@ -39214,7 +39216,8 @@ CVE-2020-7925
 CVE-2020-7924
        RESERVED
 CVE-2020-7923 (A user authorized to perform database queries may cause denial 
of serv ...)
-       TODO: check
+       - mongodb <removed>
+       NOTE: https://jira.mongodb.org/browse/SERVER-47773
 CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise 
Kubernetes Oper ...)
        NOT-FOR-US: MongoDB Enterprise
 CVE-2020-7921 (Improper serialization of internal state in the authorization 
subsyste ...)
@@ -41377,7 +41380,7 @@ CVE-2020-7021
 CVE-2020-7020
        RESERVED
 CVE-2020-7019 (In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure 
flaw was f ...)
-       TODO: check
+       - elasticsearch <removed>
 CVE-2020-7018 (Elastic Enterprise Search before 7.9.0 contain a credential 
exposure f ...)
        TODO: check
 CVE-2020-7017 (In Kibana versions before 6.8.11 and 7.8.1 the region map 
visualizatio ...)
@@ -51128,7 +51131,7 @@ CVE-2020-3444
 CVE-2020-3443
        RESERVED
 CVE-2020-3442 (The DuoConnect client enables users to establish SSH 
connections to ho ...)
-       TODO: check
+       NOT-FOR-US: DuoConnect
 CVE-2020-3441
        RESERVED
 CVE-2020-3440
@@ -62218,7 +62221,7 @@ CVE-2020-0263
 CVE-2020-0262
        RESERVED
 CVE-2020-0261 (In C2 flame devices, there is a possible bypass of seccomp due 
to a mi ...)
-       TODO: check
+       NOT-FOR-US: C2 flame devices
 CVE-2020-0260 (There is a possible out of bounds read due to an incorrect 
bounds chec ...)
        NOT-FOR-US: Mediatek components for Android
 CVE-2020-0259 (In android_verity_ctr of dm-android-verity.c, there is a 
possible way  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b377e48a4b0cc7d8507f865e084ab1a9dae34285...e42d42e9f38d071b427695dba2590b774c8e7a10

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b377e48a4b0cc7d8507f865e084ab1a9dae34285...e42d42e9f38d071b427695dba2590b774c8e7a10
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 5 commits: Process some NFUs

Reply via email to