[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Sun, 22 Nov 2020 00:40:43 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bd092d2b by Salvatore Bonaccorso at 2020-11-22T09:40:13+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -154,7 +154,7 @@ CVE-2020-28915 (A buffer over-read (at the framebuffer 
layer) in the fbcon code
        [stretch] - linux 4.9.240-1
        NOTE: 
https://git.kernel.org/linus/5af08640795b2b9a940c9266c0260455377ae262
 CVE-2020-28914 (An improper file permissions vulnerability affects Kata 
Containers pri ...)
-       TODO: check
+       NOT-FOR-US: Kata Containers
 CVE-2020-28913
        RESERVED
 CVE-2020-28912
@@ -7702,7 +7702,7 @@ CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 
5.0.3 allows XSS through
        NOTE: https://www.phpmyadmin.net/security/PMASA-2020-5/
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/19df63b0365621427697edc185ff7c9c5707c523
 CVE-2020-26933 (Trusted Computing Group (TCG) Trusted Platform Module Library 
Family 2 ...)
-       TODO: check
+       NOT-FOR-US: Trusted Computing Group (TCG) Trusted Platform Module 
Library Family 2.0 Library Specification
 CVE-2020-26931 (Certain NETGEAR devices are affected by disclosure of 
sensitive inform ...)
        NOT-FOR-US: Netgear
 CVE-2020-26930 (NETGEAR EX7700 devices before 1.0.0.210 are affected by 
incorrect conf ...)
@@ -9166,7 +9166,7 @@ CVE-2020-26238
 CVE-2020-26237
        RESERVED
 CVE-2020-26236 (In ScratchVerifier before commit a603769, an attacker can 
hijack the v ...)
-       TODO: check
+       NOT-FOR-US: ScratchVerifier
 CVE-2020-26234
        RESERVED
 CVE-2020-26233
@@ -9184,7 +9184,7 @@ CVE-2020-26228
 CVE-2020-26227
        RESERVED
 CVE-2020-26226 (In the npm package semantic-release before version 17.2.3, 
secrets tha ...)
-       TODO: check
+       NOT-FOR-US: semantic-release nodejs module
 CVE-2020-26225 (In PrestaShop Product Comments before version 4.2.0, an 
attacker could ...)
        NOT-FOR-US: PrestaShop
 CVE-2020-26224 (In PrestaShop before version 1.7.6.9 an attacker is able to 
list all t ...)
@@ -9737,9 +9737,9 @@ CVE-2020-25991
 CVE-2020-25990 (WebsiteBaker 2.12.2 allows SQL Injection via parameter 
'display_name'  ...)
        NOT-FOR-US: WebsiteBaker
 CVE-2020-25989 (Privilege escalation via arbitrary file write in pritunl 
electron clie ...)
-       TODO: check
+       NOT-FOR-US: pritunl-client
 CVE-2020-25988 (UPNP Service listening on port 5555 in Genexis Platinum 4410 
Router V2 ...)
-       TODO: check
+       NOT-FOR-US: Genexis Platinum 4410 Router
 CVE-2020-25987 (MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml 
file in ...)
        NOT-FOR-US: MonoCMS Blog
 CVE-2020-25986 (A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS 
Blog 1.0  ...)
@@ -11701,7 +11701,7 @@ CVE-2020-25191
 CVE-2020-25190
        RESERVED
 CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer 
overflo ...)
-       TODO: check
+       NOT-FOR-US: Paradox IP150
 CVE-2020-25188 (An attacker who convinces a valid user to open a specially 
crafted pro ...)
        NOT-FOR-US: LAquis SCADA
 CVE-2020-25187
@@ -11709,7 +11709,7 @@ CVE-2020-25187
 CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 
2019-09-2 ...)
        NOT-FOR-US: LeviStudioU Release
 CVE-2020-25185 (The affected product is vulnerable to five post-authentication 
buffer  ...)
-       TODO: check
+       NOT-FOR-US: Paradox IP150
 CVE-2020-25184
        RESERVED
 CVE-2020-25183
@@ -12704,7 +12704,7 @@ CVE-2020-24721 (An issue was discovered in the GAEN 
(aka Google/Apple Exposure N
 CVE-2020-24720
        RESERVED
 CVE-2020-24719 (Exposed Erlang Cookie could lead to Remote Command Execution 
(RCE) att ...)
-       TODO: check
+       NOT-FOR-US: Couchbase
 CVE-2020-24718 (bhyve, as used in FreeBSD through 12.1 and illumos (e.g., 
OmniOS CE th ...)
        NOT-FOR-US: bhyve
 CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets 
group pe ...)
@@ -18945,7 +18945,7 @@ CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file 
app/admin/controller/Ajax.php
 CVE-2020-21666
        RESERVED
 CVE-2020-21665 (In fastadmin V1.0.0.20191212_beta, when a user with 
administrator righ ...)
-       TODO: check
+       NOT-FOR-US: fastadmin
 CVE-2020-21664
        RESERVED
 CVE-2020-21663
@@ -42361,7 +42361,7 @@ CVE-2020-11831 (OvoiceManager has system permission to 
write vulnerability repor
 CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system 
command ...)
        NOT-FOR-US: QualityProtect
 CVE-2020-11829 (Dynamic loading of services in the backup and restore SDK 
leads to ele ...)
-       TODO: check
+       NOT-FOR-US: com.coloros.codebook (oppo.com)
 CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP 
framewor ...)
        NOT-FOR-US: ColorOS
 CVE-2020-11827 (In GOG Galaxy 1.2.67, there is a service that is vulnerable to 
weak fi ...)
@@ -50217,7 +50217,7 @@ CVE-2020-9051
 CVE-2020-9050
        RESERVED
 CVE-2020-9049 (A vulnerability in specified versions of American Dynamics 
victor Web  ...)
-       TODO: check
+       NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson 
Controls
 CVE-2020-9048 (A vulnerability in victor Web Client versions up to and 
including v5.4 ...)
        NOT-FOR-US: Johnson Controls
 CVE-2020-9047 (A vulnerability exists that could allow the execution of 
unauthorized  ...)
@@ -53371,7 +53371,7 @@ CVE-2020-7844
 CVE-2020-7843
        RESERVED
 CVE-2020-7842 (Improper Input validation vulnerability exists in Netis Korea 
D'live A ...)
-       TODO: check
+       NOT-FOR-US: Netis Korea D'live AP
 CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT 
XPLATFORM w ...)
        NOT-FOR-US: TOBESOFT XPLATFORM
 CVE-2020-7840
@@ -58482,7 +58482,7 @@ CVE-2020-5799
 CVE-2020-5798
        RESERVED
 CVE-2020-5797 (UNIX Symbolic Link (Symlink) Following in TP-Link Archer 
C9(US)_V1_180 ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2020-5796 (Improper preservation of permissions in Nagios XI 5.7.4 allows 
a local ...)
        NOT-FOR-US: Nagios XI
 CVE-2020-5795 (UNIX Symbolic Link (Symlink) Following in TP-Link Archer 
A7(US)_V5_200 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd092d2b004e693def1ee1f0061afe3de554aa0e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd092d2b004e693def1ee1f0061afe3de554aa0e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to