[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Mon, 05 Oct 2020 13:37:17 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c08965ca by Salvatore Bonaccorso at 2020-10-05T22:36:01+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -796,7 +796,7 @@ CVE-2020-26168
 CVE-2020-26167
        RESERVED
 CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the 
file descr ...)
-       TODO: check
+       NOT-FOR-US: qdPM
 CVE-2020-26165
        RESERVED
 CVE-2020-26164
@@ -1056,7 +1056,7 @@ CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket 
creation in net/nfc/ra
        [buster] - linux 4.19.146-1
        NOTE: 
https://git.kernel.org/linus/26896f01467a28651f7a536143fe5ac8449d4041
 CVE-2020-26061 (ClickStudios Passwordstate Password Reset Portal prior to 
build 8501 i ...)
-       TODO: check
+       NOT-FOR-US: ClickStudios Passwordstate Password Reset Portal
 CVE-2020-26060
        RESERVED
 CVE-2020-26059
@@ -1083,7 +1083,7 @@ CVE-2020-26050
 CVE-2020-26049
        RESERVED
 CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows 
an authen ...)
-       TODO: check
+       NOT-FOR-US: CuppaCMS
 CVE-2020-26047
        RESERVED
 CVE-2020-26046
@@ -5121,7 +5121,7 @@ CVE-2020-24233
 CVE-2020-24232
        RESERVED
 CVE-2020-24231 (Symmetric DS &lt;3.12.0 uses mx4j to provide access to JMX 
over HTTP.  ...)
-       TODO: check
+       NOT-FOR-US: Symmetric DS
 CVE-2020-24230
        RESERVED
 CVE-2020-24229
@@ -21278,7 +21278,7 @@ CVE-2020-16228 (Patient Information Center iX (PICiX) 
Versions B.02, C.02, C.03,
 CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An 
improper input  ...)
        NOT-FOR-US: Delta Electronics
 CVE-2020-16226 (Multiple Mitsubishi Electric products are vulnerable to 
impersonations ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A 
write-what-where ...)
        NOT-FOR-US: Delta Electronics
 CVE-2020-16224 (Patient Information Center iX (PICiX) Versions B.02, C.02, 
C.03, Perfo ...)
@@ -31517,7 +31517,7 @@ CVE-2020-12304
 CVE-2020-12303
        RESERVED
 CVE-2020-12302 (Improper permissions in the Intel(R) Driver &amp; Support 
Assistant be ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server 
Board Fam ...)
        NOT-FOR-US: Intel
 CVE-2020-12300 (Uninitialized pointer in BIOS firmware for Intel(R) Server 
Board Famil ...)
@@ -42105,7 +42105,7 @@ CVE-2020-8673
 CVE-2020-8672
        RESERVED
 CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th 
Generat ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-8670
        RESERVED
 CVE-2020-8669
@@ -43161,7 +43161,7 @@ CVE-2020-8237 (Prototype pollution in json-bigint npm 
package &lt; 1.0.0 may lea
 CVE-2020-8236
        RESERVED
 CVE-2020-8235 (Missing access control in Nextcloud Deck 1.0.4 caused an 
insecure dire ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Deck
 CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware 
&lt;v1.9.1 w ...)
        NOT-FOR-US: EdgeMax EdgeSwitch firmware
 CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware 
&lt;v1 ...)
@@ -43183,7 +43183,7 @@ CVE-2020-8229 (A memory leak in the OCUtil.dll library 
used by Nextcloud Desktop
        NOTE: Windows-specific code in shell_integration/windows/OCUtil
        NOTE: https://hackerone.com/reports/588562
 CVE-2020-8228 (A missing rate limit in the Preferred Providers app 1.7.0 
allowed an a ...)
-       TODO: check
+       NOT-FOR-US: Preferred Providers app
 CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop 
Client  ...)
        - nextcloud-desktop 3.0.1-1
        [buster] - nextcloud-desktop <no-dsa> (Minor issue)
@@ -43296,7 +43296,7 @@ CVE-2020-8184 (A reliance on cookies without 
validation/integrity check security
 CVE-2020-8183
        RESERVED
 CVE-2020-8182 (Improper access control in Nextcloud Deck 0.8.0 allowed an 
attacker to ...)
-       TODO: check
+       NOT-FOR-US: Nextcloud Deck
 CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a 
malici ...)
        NOT-FOR-US: Nextcloud Contacts
 CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 
allowed a cod ...)
@@ -52676,7 +52676,7 @@ CVE-2020-4495
 CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and 
Windows ...)
        NOT-FOR-US: IBM
 CVE-2020-4493 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an 
attacker to ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 
through V4.2 ...)
        NOT-FOR-US: IBM
 CVE-2020-4491



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c08965ca0ad0624c6dd3a0c1e90ae1334d32229b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c08965ca0ad0624c6dd3a0c1e90ae1334d32229b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to