[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Fri, 13 Nov 2020 04:57:32 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b4f14a0f by Moritz Muehlenhoff at 2020-11-13T13:56:29+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -481,9 +481,9 @@ CVE-2020-25709 [assertion failure in Certificate List 
syntax validation]
        NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383
        NOTE: 
https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65
 (OPENLDAP_REL_ENG_2_4_56)
 CVE-2020-28415 (A reflected cross-site scripting (XSS) vulnerability exists in 
the Tra ...)
-       TODO: check
+       NOT-FOR-US: TranzWare Payment Gateway
 CVE-2020-28414 (A reflected cross-site scripting (XSS) vulnerability exists in 
the Tra ...)
-       TODO: check
+       NOT-FOR-US: TranzWare Payment Gateway
 CVE-2020-28413
        RESERVED
 CVE-2020-28412
@@ -2279,15 +2279,15 @@ CVE-2020-28273
 CVE-2020-28272
        RESERVED
 CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0 
through  ...)
-       TODO: check
+       NOT-FOR-US: Node deephas
 CVE-2020-28270 (Overview:Prototype pollution vulnerability in 
&#8216;object-hierarchy- ...)
-       TODO: check
+       NOT-FOR-US: Node object-hierarchy-access
 CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1 
through 1. ...)
-       TODO: check
+       NOT-FOR-US: Node field
 CVE-2020-28268
        RESERVED
 CVE-2020-28267 (Prototype pollution vulnerability in '@strikeentco/set' 
version 1.0.0  ...)
-       TODO: check
+       NOT-FOR-US: Node strikeentco/set
 CVE-2017-18926 (raptor_xml_writer_start_element_common in raptor_xml_writer.c 
in Rapto ...)
        {DSA-4785-1 DLA-2438-1}
        - raptor <removed>
@@ -2333,7 +2333,7 @@ CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a 
LINK element in a note
 CVE-2020-28248
        RESERVED
 CVE-2020-28247 (The lettre library through 0.10.0-alpha for Rust allows 
arbitrary send ...)
-       TODO: check
+       NOT-FOR-US: Node lettre
 CVE-2020-28246
        RESERVED
 CVE-2020-28245
@@ -4498,7 +4498,7 @@ CVE-2020-27525
 CVE-2020-27524 (On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 
MMI Multi ...)
        NOT-FOR-US: Audi
 CVE-2020-27523 (Solstice-Pod up to 5.0.2 WEBRTC server mishandles the 
format-string sp ...)
-       TODO: check
+       NOT-FOR-US: Solstice-Pod
 CVE-2020-27522
        RESERVED
 CVE-2020-27521
@@ -5163,7 +5163,7 @@ CVE-2020-27195 (HashiCorp Nomad and Nomad Enterprise 
version 0.9.0 up to 0.12.5
        NOTE: https://github.com/hashicorp/nomad/issues/9129
        NOTE: 
https://github.com/hashicorp/nomad/commit/a8ea7c5f421297db434b45046fca7a9deef6df85
 (0.12.6)
 CVE-2020-27193 (A cross-site scripting (XSS) vulnerability in the Color Dialog 
plugin  ...)
-       TODO: check
+       NOT-FOR-US: CKEditor plugin
 CVE-2020-27192
        RESERVED
 CVE-2020-27191
@@ -5277,7 +5277,7 @@ CVE-2020-27148
 CVE-2020-27147
        RESERVED
 CVE-2020-27146 (The Core component of TIBCO Software Inc.'s TIBCO iProcess 
Workspace ( ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2020-27145
        RESERVED
 CVE-2020-27144
@@ -6560,7 +6560,7 @@ CVE-2020-26543
 CVE-2017-18924 (** DISPUTED ** oauth2-server (aka node-oauth2-server) through 
3.1.1 im ...)
        NOT-FOR-US: node-oauth2-server
 CVE-2020-26542 (An issue was discovered in the MongoDB Simple LDAP plugin 
through 2020 ...)
-       TODO: check
+       NOT-FOR-US: MongoDB plugin
 CVE-2020-26541 (The Linux kernel through 5.8.13 does not properly enforce the 
Secure B ...)
        - linux <unfixed>
        [stretch] - linux <not-affected> (Secure Boot key import not supported)
@@ -7316,7 +7316,7 @@ CVE-2020-26170
 CVE-2020-26169
        RESERVED
 CVE-2020-26168 (The LDAP authentication method in LdapLoginModule in Hazelcast 
IMDG En ...)
-       TODO: check
+       NOT-FOR-US: Hazelcast
 CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature 
allows an ano ...)
        NOT-FOR-US: FUEL CMS
 CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the 
file descr ...)
@@ -11258,7 +11258,7 @@ CVE-2020-24462
 CVE-2020-24461
        RESERVED
 CVE-2020-24460 (Incorrect default permissions in the Intel(R) DSA before 
version 20.8. ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-24459
        RESERVED
 CVE-2020-24458
@@ -25283,7 +25283,7 @@ CVE-2020-17495 (django-celery-results through 1.2.1 
stores task results in the d
        [buster] - python-django-celery-results <no-dsa> (Minor issue)
        NOTE: https://github.com/celery/django-celery-results/issues/142
 CVE-2020-17494 (Untangle Firewall NG before 16.0 uses MD5 for passwords. ...)
-       TODO: check
+       NOT-FOR-US: Untangle Firewall NG
 CVE-2020-17493
        RESERVED
 CVE-2020-17492
@@ -29061,7 +29061,7 @@ CVE-2020-15785 (A vulnerability has been identified in 
Siveillance Video Client
 CVE-2020-15784 (A vulnerability has been identified in Spectrum Power 4 (All 
versions  ...)
        NOT-FOR-US: Spectrum Power 4
 CVE-2020-15783 (A vulnerability has been identified in SIMATIC S7-300 CPU 
family (incl ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2020-15782
        RESERVED
 CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for 
SICAM A8 ...)
@@ -34323,7 +34323,7 @@ CVE-2020-13879
 CVE-2020-13878
        RESERVED
 CVE-2020-13877 (SQL Injection issues in various ASPX pages of ResourceXpress 
Meeting M ...)
-       TODO: check
+       NOT-FOR-US: ResourceXpress Meeting Monitor 
 CVE-2020-13876
        RESERVED
 CVE-2020-13875
@@ -34681,7 +34681,7 @@ CVE-2020-13775 (ZNC 1.8.0 up to 1.8.1-rc1 allows 
authenticated users to trigger
        NOTE: Fixed by: 
https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8 
(znc-1.8.1-rc1)
        NOTE: Introduced with: 
https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001 
(znc-1.8.0)
 CVE-2020-13774 (An unrestricted file-upload issue in EditLaunchPadDialog.aspx 
in Ivant ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2020-13773
        RESERVED
 CVE-2020-13772
@@ -36706,9 +36706,9 @@ CVE-2020-12929
 CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD 
Ryzen Master ...)
        NOT-FOR-US: AMD Ryzen Master
 CVE-2020-12927 (A potential vulnerability in a dynamically loaded AMD driver 
in AMD VB ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2020-12926 (The Trusted Platform Modules (TPM) reference software may not 
properly ...)
-       TODO: check
+       NOT-FOR-US: AMD
 CVE-2020-12925
        RESERVED
 CVE-2020-12924
@@ -38302,7 +38302,7 @@ CVE-2020-12357
 CVE-2020-12356 (Out-of-bounds read in subsystem in Intel(R) AMT versions 
before 11.8.8 ...)
        NOT-FOR-US: Intel
 CVE-2020-12355 (Authentication bypass by capture-replay in RPMB protocol 
message authe ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-12354 (Incorrect default permissions in Windows(R) installer in 
Intel(R) AMT  ...)
        NOT-FOR-US: Intel
 CVE-2020-12353 (Improper permissions in the Intel(R) Data Center Manager 
Console befor ...)
@@ -42300,13 +42300,13 @@ CVE-2020-11211
 CVE-2020-11210
        RESERVED
 CVE-2020-11209 (u'Improper authorization in DSP process could allow 
unauthorized users ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11208 (u'Out of Bound issue in DSP services while processing received 
argumen ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11207 (u'Buffer overflow in LibFastCV library due to improper size 
checks wit ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11206 (u'Possible buffer overflow in Fastrpc while handling received 
paramete ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11205 (u'Possible integer overflow to heap overflow while processing 
command  ...)
        NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11204
@@ -42314,9 +42314,9 @@ CVE-2020-11204
 CVE-2020-11203
        RESERVED
 CVE-2020-11202 (u'Buffer overflow/underflow occurs when typecasting the buffer 
passed  ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11201 (u'Arbitrary access to DSP memory due to improper check in 
loaded libra ...)
-       TODO: check
+       NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11200
        RESERVED
 CVE-2020-11199
@@ -50015,7 +50015,7 @@ CVE-2020-8278
 CVE-2020-8277
        RESERVED
 CVE-2020-8276 (The implementation of Brave Desktop's privacy-preserving 
analytics sys ...)
-       TODO: check
+       NOT-FOR-US: Brave
 CVE-2020-8275
        RESERVED
 CVE-2020-8274
@@ -50031,7 +50031,7 @@ CVE-2020-8270
 CVE-2020-8269
        RESERVED
 CVE-2020-8268 (Prototype pollution vulnerability in json8-merge-patch npm 
package &lt ...)
-       TODO: check
+       NOT-FOR-US: Node json8-merge-patch
 CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10 
and ea ...)
        NOT-FOR-US: UniFi Protect controller
 CVE-2020-8266
@@ -51398,7 +51398,7 @@ CVE-2020-7772
 CVE-2020-7771
        RESERVED
 CVE-2020-7770 (This affects the package json8 before 1.0.3. The function adds 
in the  ...)
-       TODO: check
+       NOT-FOR-US: Node json8
 CVE-2020-7769 (This affects the package nodemailer before 6.4.16. Use of 
crafted reci ...)
        TODO: check
 CVE-2020-7768 (The package grpc before 1.24.4; the package @grpc/grpc-js 
before 1.1.8 ...)
@@ -53159,9 +53159,9 @@ CVE-2020-7035
 CVE-2020-7034
        RESERVED
 CVE-2020-7033 (A Cross Site Scripting (XSS) Vulnerability on the Unified 
Portal Clien ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2020-7032 (An XML external entity (XXE) vulnerability in Avaya WebLM admin 
interf ...)
-       TODO: check
+       NOT-FOR-US: Avaya
 CVE-2020-7031
        RESERVED
 CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered 
in the ...)
@@ -57160,7 +57160,7 @@ CVE-2020-5428
 CVE-2020-5427
        RESERVED
 CVE-2020-5426 (Scheduler for TAS prior to version 1.4.0 was permitting 
plaintext tran ...)
-       TODO: check
+       NOT-FOR-US: Vmware
 CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 
,1.12.x v ...)
        NOT-FOR-US: Vmware
 CVE-2020-5424
@@ -72449,9 +72449,9 @@ CVE-2020-0595 (Use after free in IPv6 subsystem in 
Intel(R) AMT and Intel(R) ISM
 CVE-2020-0594 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and 
Intel(R) ISM  ...)
        NOT-FOR-US: Intel
 CVE-2020-0593 (Improper buffer restrictions in BIOS firmware for some Intel(R) 
Proces ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-0592 (Out of bounds write in BIOS firmware for some Intel(R) 
Processors may  ...)
-       TODO: check
+       NOT-FOR-US: Intel
 CVE-2020-0591 (Improper buffer restrictions in BIOS firmware for some Intel(R) 
Proces ...)
        NOT-FOR-US: Intel
 CVE-2020-0590 (Improper input validation in BIOS firmware for some Intel(R) 
Processor ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4f14a0f7a63b76c589afd36a680ca97a9b3583f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4f14a0f7a63b76c589afd36a680ca97a9b3583f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to