[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Fri, 12 Jun 2020 21:39:32 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d093a20b by Salvatore Bonaccorso at 2020-06-13T06:38:20+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3166,7 +3166,7 @@ CVE-2020-12727
 CVE-2020-12726
        RESERVED
 CVE-2020-12725 (Havoc Research discovered an authenticated Server-Side Request 
Forgery ...)
-       TODO: check
+       NOT-FOR-US: Redash
 CVE-2020-12724
        RESERVED
 CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a 
crafted ...)
@@ -3195,7 +3195,7 @@ CVE-2020-12714 (An issue was discovered in CipherMail 
Community Gateway Virtual
 CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and 
Profession ...)
        NOT-FOR-US: CipherMail
 CVE-2020-12712 (A vulnerability based on insecure user/password encryption in 
the JOE  ...)
-       TODO: check
+       NOT-FOR-US: SOS JobScheduler
 CVE-2020-12711
        RESERVED
 CVE-2020-12710
@@ -4904,7 +4904,7 @@ CVE-2020-12025
 CVE-2020-12024
        RESERVED
 CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and 
prior, Intel ...)
-       TODO: check
+       NOT-FOR-US: Philips
 CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 
9.0.0. An i ...)
        NOT-FOR-US: Advantech WebAccess Node
 CVE-2020-12021
@@ -4942,7 +4942,7 @@ CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 
and prior, Version 9.0.0
 CVE-2020-12005
        RESERVED
 CVE-2020-12004 (The affected product lacks proper authentication required to 
query the ...)
-       TODO: check
+       NOT-FOR-US: Inductive Automation Ignition
 CVE-2020-12003
        RESERVED
 CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 
9.0.0. Mult ...)
@@ -4950,7 +4950,7 @@ CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 
and prior, Version 9.0.0
 CVE-2020-12001
        RESERVED
 CVE-2020-12000 (The affected product is vulnerable to the handling of 
serialized data. ...)
-       TODO: check
+       NOT-FOR-US: Inductive Automation Ignition
 CVE-2020-11999
        RESERVED
 CVE-2020-11998
@@ -6833,9 +6833,9 @@ CVE-2020-11616
 CVE-2020-11615
        RESERVED
 CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update 
manifest, as w ...)
-       TODO: check
+       NOT-FOR-US: Mids' Reborn Hero Designer
 CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of 
privilege vulne ...)
-       TODO: check
+       NOT-FOR-US: Mids' Reborn Hero Designer
 CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for 
unbounded memo ...)
        - netty 1:4.1.48-1
        [jessie] - netty <ignored> (OOM DoS with fix/mitigation involving new 
API; too intrusive to backport due to more limited 3.x buffer API)
@@ -9964,7 +9964,7 @@ CVE-2020-10646 (Fuji Electric V-Server Lite all versions 
prior to 4.0.9.0 contai
 CVE-2020-10645
        RESERVED
 CVE-2020-10644 (The affected product lacks proper validation of user-supplied 
data, wh ...)
-       TODO: check
+       NOT-FOR-US: Inductive Automation Ignition
 CVE-2020-10643
        RESERVED
 CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and 
prior, an au ...)
@@ -12144,23 +12144,23 @@ CVE-2020-9653
 CVE-2020-9652
        RESERVED
 CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a 
cross-site sc ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-9650
        RESERVED
 CVE-2020-9649
        RESERVED
 CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a 
cross-site sc ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a 
cross-site sc ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-9646
        RESERVED
 CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind 
server- ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a 
cross-site sc ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-9643 (Adobe Experience Manager versions 6.5 and earlier have a 
server-side r ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-9642
        RESERVED
 CVE-2020-9641
@@ -12174,11 +12174,11 @@ CVE-2020-9638
 CVE-2020-9637
        RESERVED
 CVE-2020-9636 (Adobe Framemaker versions 2019.0.5 and below have a memory 
corruption  ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-9635 (Adobe Framemaker versions 2019.0.5 and below have an 
out-of-bounds wri ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-9634 (Adobe Framemaker versions 2019.0.5 and below have an 
out-of-bounds wri ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2020-9633 (Adobe Flash Player versions 32.0.0.371 and earlier, 32.0.0.371 
and ear ...)
        NOT-FOR-US: Adobe
 CVE-2020-9632
@@ -15269,19 +15269,19 @@ CVE-2020-8339
 CVE-2020-8338
        RESERVED
 CVE-2020-8337 (An unquoted search path vulnerability was reported in versions 
prior t ...)
-       TODO: check
+       NOT-FOR-US: Synaptics Smart Audio UWP app
 CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on 
some Th ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2020-8335
        RESERVED
 CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo 
ThinkP ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2020-8333
        RESERVED
 CVE-2020-8332
        RESERVED
 CVE-2020-8331 (A potential vulnerability in the BIOS configuration of some 
ThinkSyste ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2020-8330 (A denial of service vulnerability was reported in the firmware 
prior t ...)
        NOT-FOR-US: Lenovo
 CVE-2020-8329 (A denial of service vulnerability was reported in the firmware 
prior t ...)
@@ -15297,13 +15297,13 @@ CVE-2020-8325
 CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem 
for Leno ...)
        NOT-FOR-US: Lenovo
 CVE-2020-8323 (A potential vulnerability in the SMI callback function used in 
the Leg ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2020-8322 (A potential vulnerability in the SMI callback function used in 
the Leg ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2020-8321 (A potential vulnerability in the SMI callback function used in 
the Sys ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2020-8320 (An internal shell was included in BIOS image in some ThinkPad 
models t ...)
-       TODO: check
+       NOT-FOR-US: Lenovo
 CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo 
System Int ...)
        NOT-FOR-US: Lenovo
 CVE-2020-8318 (A privilege escalation vulnerability was reported in the 
LenovoSystemU ...)
@@ -17713,9 +17713,9 @@ CVE-2020-7282
 CVE-2020-7281
        RESERVED
 CVE-2020-7280 (Privilege Escalation vulnerability during daily DAT updates 
when using ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2020-7279 (DLL Search Order Hijacking Vulnerability in the installer 
component of ...)
-       TODO: check
+       NOT-FOR-US: McAfee
 CVE-2020-7278 (Exploiting incorrectly configured access control security 
levels vulne ...)
        NOT-FOR-US: McAfee
 CVE-2020-7277 (Protection mechanism failure in all processes in McAfee 
Endpoint Secur ...)
@@ -20715,7 +20715,7 @@ CVE-2020-6092 (An exploitable code execution 
vulnerability exists in the way Nit
 CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in 
the ESPON ...)
        NOT-FOR-US: EPSON
 CVE-2020-6090 (An exploitable code execution vulnerability exists in the 
Web-Based Ma ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2020-6089
        RESERVED
 CVE-2020-6088
@@ -21765,9 +21765,9 @@ CVE-2020-5595
 CVE-2020-5594
        RESERVED
 CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct 
PHP cod ...)
-       TODO: check
+       NOT-FOR-US: Zenphoto
 CVE-2020-5592 (Cross-site scripting vulnerability in Zenphoto versions prior 
to 1.5.7 ...)
-       TODO: check
+       NOT-FOR-US: Zenphoto
 CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 
1.7.0 to ...)
        NOT-FOR-US: XACK DNS
 CVE-2020-5590
@@ -22310,9 +22310,9 @@ CVE-2020-5365 (Dell EMC Isilon versions 8.2.2 and 
earlier contain a remotesuppor
 CVE-2020-5364 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an 
SNMPv2 vul ...)
        NOT-FOR-US: EMC
 CVE-2020-5363 (Select Dell Client Consumer and Commercial platforms include an 
issue  ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an 
improper auth ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2020-5361
        RESERVED
 CVE-2020-5360
@@ -25124,7 +25124,7 @@ CVE-2020-4253 (IBM Content Navigator 3.0CD does not 
invalidate session after log
 CVE-2020-4252 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is 
vulner ...)
        NOT-FOR-US: IBM
 CVE-2020-4251 (IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to 
cross-site sc ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2020-4250
        RESERVED
 CVE-2020-4249 (IBM Security Identity Governance and Intelligence 5.2.6 could 
disclose ...)
@@ -25424,7 +25424,7 @@ CVE-2020-4103
 CVE-2020-4102
        RESERVED
 CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request 
Forgery. ...)
-       TODO: check
+       NOT-FOR-US: HCL Digital Experience
 CVE-2020-4100
        RESERVED
 CVE-2020-4099
@@ -25526,11 +25526,11 @@ CVE-2020-4052
 CVE-2020-4051
        RESERVED
 CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure 
vulnerability. The ...)
-       TODO: check
+       NOT-FOR-US: SSB-DB
 CVE-2020-4044
        RESERVED
 CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an 
unserializati ...)
-       TODO: check
+       NOT-FOR-US: phpMussel
 CVE-2020-4042
        RESERVED
 CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded 
files was v ...)
@@ -26417,11 +26417,11 @@ CVE-2020-3932 (A vulnerable SNMP in Draytek 
VigorAP910C cannot be disabled, whic
 CVE-2020-3931
        RESERVED
 CVE-2020-3930 (GeoVision Door Access Control device family improperly stores 
and cont ...)
-       TODO: check
+       NOT-FOR-US: GeoVision Door Access Control
 CVE-2020-3929 (GeoVision Door Access Control device family employs shared 
cryptograph ...)
-       TODO: check
+       NOT-FOR-US: GeoVision Door Access Control
 CVE-2020-3928 (GeoVision Door Access Control device family is hardcoded with a 
root p ...)
-       TODO: check
+       NOT-FOR-US: GeoVision Door Access Control
 CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign 
security pl ...)
        NOT-FOR-US: ServiSign security plugin
 CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign 
security pl ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d093a20be8e0ad6b6d16e242871eb1634e4d7ad1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d093a20be8e0ad6b6d16e242871eb1634e4d7ad1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to