[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso Mon, 14 Dec 2020 12:30:33 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d3ca8748 by Salvatore Bonaccorso at 2020-12-14T21:29:37+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -139,7 +139,7 @@ CVE-2020-35384
 CVE-2020-35383
        RESERVED
 CVE-2020-35382 (SQL Injection in Classbooking before 2.4.1 via the username 
field of a ...)
-       TODO: check
+       NOT-FOR-US: Classbooking
 CVE-2020-35381
        RESERVED
 CVE-2020-35380
@@ -147,7 +147,7 @@ CVE-2020-35380
 CVE-2020-35379
        RESERVED
 CVE-2020-35378 (SQL Injection in the login page in Online Bus Ticket 
Reservation 1.0 a ...)
-       TODO: check
+       NOT-FOR-US: Online Bus Ticket Reservation
 CVE-2020-35377
        RESERVED
 CVE-2020-35376
@@ -227,7 +227,7 @@ CVE-2020-35340
 CVE-2020-35339
        RESERVED
 CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless 
Multiple ...)
-       TODO: check
+       NOT-FOR-US: Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout 
Server
 CVE-2020-35337
        RESERVED
 CVE-2020-35336
@@ -720,7 +720,7 @@ CVE-2016-15001
 CVE-2020-29670
        RESERVED
 CVE-2020-29669 (In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, 
the Gue ...)
-       TODO: check
+       NOT-FOR-US: Macally WIFISD2-2A82 Media and Travel Router
 CVE-2020-29668 (Sympa before 6.2.59b.2 allows remote attackers to obtain full 
SOAP API ...)
        - sympa 6.2.58~dfsg-2 (bug #976020)
        NOTE: https://github.com/sympa-community/sympa/issues/1041
@@ -3444,7 +3444,7 @@ CVE-2020-29229
 CVE-2020-29228
        RESERVED
 CVE-2020-29227 (An issue was discovered in Car Rental Management System 1.0. 
An unauth ...)
-       TODO: check
+       NOT-FOR-US: Car Rental Management System
 CVE-2020-29226
        RESERVED
 CVE-2020-29225
@@ -4268,13 +4268,13 @@ CVE-2020-28861
 CVE-2020-28860
        RESERVED
 CVE-2020-28859 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does 
not corr ...)
-       TODO: check
+       NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
 CVE-2020-28858 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does 
not corr ...)
-       TODO: check
+       NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
 CVE-2020-28857 (OpenAsset Digital Asset Management (DAM) through 12.0.19, does 
not cor ...)
-       TODO: check
+       NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
 CVE-2020-28856 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does 
not corr ...)
-       TODO: check
+       NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
 CVE-2020-28855
        RESERVED
 CVE-2020-28854
@@ -16019,7 +16019,7 @@ CVE-2020-25181 (WECON PLC Editor Versions 1.3.8 and 
prior has a heap-based buffe
 CVE-2020-25180
        RESERVED
 CVE-2020-25179 (GE Healthcare Imaging and Ultrasound Products may allow 
specific crede ...)
-       TODO: check
+       NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
 CVE-2020-25178
        RESERVED
 CVE-2020-25177 (WECON PLC Editor Versions 1.3.8 and prior has a stack-based 
buffer ove ...)
@@ -16027,7 +16027,7 @@ CVE-2020-25177 (WECON PLC Editor Versions 1.3.8 and 
prior has a stack-based buff
 CVE-2020-25176
        RESERVED
 CVE-2020-25175 (GE Healthcare Imaging and Ultrasound Products may allow 
specific crede ...)
-       TODO: check
+       NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
 CVE-2020-25174 (A DLL hijacking vulnerability in the B. Braun OnlineSuite 
Version AP 3 ...)
        NOT-FOR-US: B. Braun OnlineSuite Version AP
 CVE-2020-25173
@@ -35633,7 +35633,7 @@ CVE-2020-15735
 CVE-2020-15734
        RESERVED
 CVE-2020-15733 (An Origin Validation Error vulnerability in the SafePay 
component of B ...)
-       TODO: check
+       NOT-FOR-US: Bitdefender Antivirus Plus
 CVE-2020-15732
        RESERVED
 CVE-2020-15731 (An improper Input Validation vulnerability in the code 
handling file r ...)
@@ -39764,7 +39764,7 @@ CVE-2020-14270
 CVE-2020-14269
        RESERVED
 CVE-2020-14268 (A vulnerability in the MIME message handling of the Notes 
client (vers ...)
-       TODO: check
+       NOT-FOR-US: HCL Notes
 CVE-2020-14267
        RESERVED
 CVE-2020-14266
@@ -41736,7 +41736,7 @@ CVE-2020-13558
 CVE-2020-13557
        RESERVED
 CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP 
server  ...)
-       TODO: check
+       NOT-FOR-US: EIP Stack Group OpENer
 CVE-2020-13555
        RESERVED
 CVE-2020-13554
@@ -41792,7 +41792,7 @@ CVE-2020-13532
 CVE-2020-13531 (A use-after-free vulnerability exists in a way Pixar OpenUSD 
20.08 pro ...)
        NOT-FOR-US: Pixar OpenUSD
 CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP 
server fun ...)
-       TODO: check
+       NOT-FOR-US: EIP Stack Group OpENer
 CVE-2020-13529
        RESERVED
 CVE-2020-13528
@@ -55011,7 +55011,7 @@ CVE-2020-8910 (A URL parsing issue in goog.uri of the 
Google Closure Library ver
 CVE-2020-8909
        RESERVED
 CVE-2020-8908 (A temp directory creation vulnerability exist in Guava versions 
prior  ...)
-       TODO: check
+       NOT-FOR-US: Google Guava
 CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin 
versions betw ...)
        - google-compute-image-packages <unfixed>
        NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
@@ -58503,23 +58503,23 @@ CVE-2020-7545 (A CWE-284:Improper Access Control 
vulnerability exists in EcoStru
 CVE-2020-7544 (A CWE-269 Improper Privilege Management vulnerability exists in 
EcoStr ...)
        NOT-FOR-US: EcoStruxure Operator Terminal Expert runtime
 CVE-2020-7543 (A CWE-754: Improper Check for Unusual or Exceptional Conditions 
vulner ...)
-       TODO: check
+       NOT-FOR-US: Modicon
 CVE-2020-7542 (A CWE-754: Improper Check for Unusual or Exceptional Conditions 
vulner ...)
-       TODO: check
+       NOT-FOR-US: Modicon
 CVE-2020-7541 (A CWE-425: Direct Request ('Forced Browsing') vulnerability 
exists in  ...)
-       TODO: check
+       NOT-FOR-US: Modicon
 CVE-2020-7540 (A CWE-306: Missing Authentication for Critical Function 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Modicon
 CVE-2020-7539 (A CWE-754 Improper Check for Unusual or Exceptional Conditions 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Modicon
 CVE-2020-7538 (A CWE-754: Improper Check for Unusual or Exceptional Conditions 
vulner ...)
        NOT-FOR-US: EcoStruxure Control Expert
 CVE-2020-7537 (A CWE-754: Improper Check for Unusual or Exceptional Conditions 
vulner ...)
-       TODO: check
+       NOT-FOR-US: Modicon
 CVE-2020-7536 (A CWE-754:Improper Check for Unusual or Exceptional Conditions 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Modicon
 CVE-2020-7535 (A CWE-22: Improper Limitation of a Pathname to a Restricted 
Directory  ...)
-       TODO: check
+       NOT-FOR-US: Modicon
 CVE-2020-7534
        RESERVED
 CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web 
Server o ...)
@@ -58938,11 +58938,11 @@ CVE-2020-7341
 CVE-2020-7340
        RESERVED
 CVE-2020-7339 (Use of a Broken or Risky Cryptographic Algorithm vulnerability 
in McAf ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2020-7338
        RESERVED
 CVE-2020-7337 (Incorrect Permission Assignment for Critical Resource 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2020-7336
        RESERVED
 CVE-2020-7335 (Privilege Escalation vulnerability in Microsoft Windows client 
McAfee  ...)
@@ -63273,11 +63273,11 @@ CVE-2020-5639 (Directory traversal vulnerability in 
FileZen versions from V3.0.0
 CVE-2020-5638 (Cross-site scripting vulnerability in desknet's NEO (desknet's 
NEO Sma ...)
        NOT-FOR-US: desknet's NEO
 CVE-2020-5637 (Improper validation of integrity check value vulnerability in 
Aterm SA ...)
-       TODO: check
+       NOT-FOR-US: Aterm SA3500G firmware
 CVE-2020-5636 (Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an 
attacker ...)
-       TODO: check
+       NOT-FOR-US: Aterm SA3500G firmware
 CVE-2020-5635 (Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an 
attacker ...)
-       TODO: check
+       NOT-FOR-US: Aterm SA3500G firmware
 CVE-2020-5634 (ELECOM LAN routers (WRC-2533GST2 firmware versions prior to 
v1.14, WRC ...)
        NOT-FOR-US: ELECOM LAN routers
 CVE-2020-5633
@@ -71862,21 +71862,21 @@ CVE-2020-2500 (This improper access control 
vulnerability in Helpdesk allows att
 CVE-2020-2499
        RESERVED
 CVE-2020-2498 (If exploited, this cross-site scripting vulnerability could 
allow remo ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2020-2497 (If exploited, this cross-site scripting vulnerability could 
allow remo ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2020-2496 (If exploited, this cross-site scripting vulnerability could 
allow remo ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2020-2495 (If exploited, this cross-site scripting vulnerability could 
allow remo ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2020-2494 (This cross-site scripting vulnerability in Music Station allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2020-2493 (This cross-site scripting vulnerability in Multimedia Console 
allows r ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2020-2492 (If exploited, the command injection vulnerability could allow 
remote a ...)
        NOT-FOR-US: QNAP
 CVE-2020-2491 (This cross-site scripting vulnerability in Photo Station allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2020-2490 (If exploited, the command injection vulnerability could allow 
remote a ...)
        NOT-FOR-US: QNAP
 CVE-2019-19701
@@ -73036,7 +73036,7 @@ CVE-2020-2051
 CVE-2020-2050 (An authentication bypass vulnerability exists in the 
GlobalProtect SSL ...)
        NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2020-2049 (A local privilege escalation vulnerability exists in Palo Alto 
Network ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks Cortex XDR Agent
 CVE-2020-2048 (An information exposure through log file vulnerability exists 
where th ...)
        NOT-FOR-US: Palo Alto Networks PAN-OS
 CVE-2020-2047
@@ -73094,7 +73094,7 @@ CVE-2020-2022 (An information exposure vulnerability 
exists in Palo Alto Network
 CVE-2020-2021 (When Security Assertion Markup Language (SAML) authentication 
is enabl ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2020-2020 (An improper handling of exceptional conditions vulnerability in 
Cortex ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks Cortex XDR Agent
 CVE-2020-2019
        RESERVED
 CVE-2020-2018 (An authentication bypass vulnerability in the Panorama context 
switchi ...)
@@ -115041,7 +115041,7 @@ CVE-2019-7200
 CVE-2019-7199
        RESERVED
 CVE-2019-7198 (This command injection vulnerability allows attackers to 
execute arbit ...)
-       TODO: check
+       NOT-FOR-US: QNAP
 CVE-2019-7197 (A stored cross-site scripting (XSS) vulnerability has been 
reported to ...)
        NOT-FOR-US: QNAP
 CVE-2019-7196



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3ca8748f78321fb03e1f703da9de37611bcb5ae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3ca8748f78321fb03e1f703da9de37611bcb5ae
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to