[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Sat, 19 Sep 2020 00:16:09 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f71f8c5f by Salvatore Bonaccorso at 2020-09-19T09:11:39+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2020-25768
 CVE-2020-25767
        RESERVED
 CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform 
an unwa ...)
-       TODO: check
+       NOT-FOR-US: MISP
 CVE-2020-25765
        RESERVED
 CVE-2020-25764
@@ -2434,7 +2434,7 @@ CVE-2020-24625
 CVE-2020-24624
        RESERVED
 CVE-2020-24623 (A potential security vulnerability has been identified in 
Hewlett Pack ...)
-       TODO: check
+       NOT-FOR-US: Hewlett Packard Enterprise Universal API Framework
 CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be 
exposed b ...)
        NOT-FOR-US: Sonatype
 CVE-2020-24621
@@ -19413,7 +19413,7 @@ CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox 
Exporter through 0.17.0 allow
        NOTE: Upstream of the project did disputed the CVE. Upstream position is
        NOTE: that the refererred behaviour is intended functionality.
 CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and 
prior. Th ...)
-       TODO: check
+       NOT-FOR-US: Philips
 CVE-2020-16246
        RESERVED
 CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product 
is vulne ...)
@@ -19447,7 +19447,7 @@ CVE-2020-16232
 CVE-2020-16231
        RESERVED
 CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards 
such as ...)
-       TODO: check
+       NOT-FOR-US: HMS Networks
 CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. 
Process ...)
        NOT-FOR-US: Advantech WebAccess
 CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, 
C.03, Perfo ...)
@@ -19507,11 +19507,11 @@ CVE-2020-16202
 CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 
1.01.23 and ...)
        NOT-FOR-US: Delta Industrial Automation
 CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and 
prior. Th ...)
-       TODO: check
+       NOT-FOR-US: Philips
 CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 
1.01.23 and ...)
        NOT-FOR-US: Delta Industrial Automation
 CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and 
prior. Wh ...)
-       TODO: check
+       NOT-FOR-US: Philips
 CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment 
target can ...)
        NOT-FOR-US: Octopus Deploy
 CVE-2020-16196
@@ -20027,7 +20027,7 @@ CVE-2020-15959
        - chromium <unfixed>
        [stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-15958 (An issue was discovered in 1CRM System through 8.6.7. An 
insecure dire ...)
-       TODO: check
+       NOT-FOR-US: 1CRM System
 CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for 
Decentral ...)
        NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving 
Proximity Tracing (DP3T)
 CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 
allows re ...)
@@ -21982,9 +21982,9 @@ CVE-2020-15191
 CVE-2020-15190
        RESERVED
 CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution 
(RCE) u ...)
-       TODO: check
+       NOT-FOR-US: SOY CMS
 CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated 
Remote Co ...)
-       TODO: check
+       NOT-FOR-US: SOY CMS
 CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can 
contain d ...)
        TODO: check
 CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not 
sanitiz ...)
@@ -21998,7 +21998,7 @@ CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by 
Reflected Cross-Site Scr
 CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site 
Request ...)
        NOT-FOR-US: SoyCMS
 CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies 
on untr ...)
-       TODO: check
+       NOT-FOR-US: Alfresco Reset Password add-on
 CVE-2020-15180
        RESERVED
 CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 
allows sto ...)
@@ -23475,7 +23475,7 @@ CVE-2020-14527 (Vulnerability in the Primavera 
Portfolio Management product of O
 CVE-2020-14526
        RESERVED
 CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and 
prior. Th ...)
-       TODO: check
+       NOT-FOR-US: Philips
 CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest 
build o ...)
        NOT-FOR-US: Softing Industrial Automation
 CVE-2020-14523
@@ -23513,7 +23513,7 @@ CVE-2020-14508 (GateManager versions prior to 9.2c, The 
affected product is vuln
 CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to 
multiple pat ...)
        NOT-FOR-US: Advantech
 CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and 
prior. Th ...)
-       TODO: check
+       NOT-FOR-US: Philips
 CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper 
neutralizatio ...)
        NOT-FOR-US: Advantech
 CVE-2020-14504
@@ -25163,7 +25163,7 @@ CVE-2020-14031
 CVE-2020-14030
        RESERVED
 CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. The RS ...)
-       TODO: check
+       NOT-FOR-US: Ozeki NG SMS Gateway
 CVE-2020-14028
        RESERVED
 CVE-2020-14027
@@ -25179,7 +25179,7 @@ CVE-2020-14023
 CVE-2020-14022
        RESERVED
 CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 
4.17.6. The AS ...)
-       TODO: check
+       NOT-FOR-US: Ozeki NG SMS Gateway
 CVE-2020-14020
        RESERVED
 CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for 
/etc/targ ...)
@@ -37617,9 +37617,9 @@ CVE-2020-9747
 CVE-2020-9746
        RESERVED
 CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has 
an out-o ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-9744 (Adobe Media Encoder version 14.3.2 (and earlier versions) has 
an out-o ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-9743 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 
(and be ...)
        NOT-FOR-US: Adobe AEM
 CVE-2020-9742 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 
6.3.3.8 (and ...)
@@ -37629,7 +37629,7 @@ CVE-2020-9741 (The AEM forms add-on for versions 
6.5.5.0 (and below) and 6.4.8.2
 CVE-2020-9740 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 
(and be ...)
        NOT-FOR-US: Adobe AEM
 CVE-2020-9739 (Adobe Media Encoder version 14.3.2 (and earlier versions) has 
an out-o ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-9738 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 
(and be ...)
        NOT-FOR-US: Adobe AEM
 CVE-2020-9737 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 
(and be ...)
@@ -39172,7 +39172,7 @@ CVE-2020-9086
 CVE-2020-9085
        RESERVED
 CVE-2020-9084 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have 
a use- ...)
-       TODO: check
+       NOT-FOR-US: Taurus-AN00B
 CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 
10.1.0.163(C00E ...)
        NOT-FOR-US: Huawei
 CVE-2020-9082
@@ -43398,7 +43398,7 @@ CVE-2020-7360 (An Uncontrolled Search Path Element 
(CWE-427) vulnerability in Sm
 CVE-2020-7359
        RESERVED
 CVE-2020-7358 (In AppSpider installer versions prior to 7.2.126, the AppSpider 
instal ...)
-       TODO: check
+       NOT-FOR-US: AppSpider installer
 CVE-2020-7357 (Cayin CMS suffers from an authenticated OS semi-blind command 
injectio ...)
        NOT-FOR-US: Cayin CMS
 CVE-2020-7356 (CAYIN xPost suffers from an unauthenticated SQL Injection 
vulnerabilit ...)
@@ -47067,9 +47067,9 @@ CVE-2020-5978
 CVE-2020-5977
        RESERVED
 CVE-2020-5976 (NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) 
and vers ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA GeForce NOW
 CVE-2020-5975 (NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and 
macOS, con ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA GeForce NOW
 CVE-2020-5974 (NVIDIA JetPack SDK, version 4.2 and 4.3, contains a 
vulnerability in i ...)
        NOT-FOR-US: NVIDIA
 CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a 
vulnerabili ...)
@@ -51812,7 +51812,7 @@ CVE-2020-3981
 CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation 
vulnerability due ...)
        NOT-FOR-US: VMware
 CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) 
installers lo ...)
-       TODO: check
+       NOT-FOR-US: InstallBuilder for Qt Windows installers
 CVE-2020-3978
        RESERVED
 CVE-2020-3977



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f71f8c5fdf3733f8f4a84286337ca1eefd7de690

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f71f8c5fdf3733f8f4a84286337ca1eefd7de690
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to