Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4c7a0729 by Salvatore Bonaccorso at 2020-06-30T06:53:58+02:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -93,31 +93,31 @@ CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 
has a hardcoded certi
 CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded 
Erlang cook ...)
        NOT-FOR-US: Zyxel
 CVE-2020-15324 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a 
world-readable axess/ ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15323 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 
password  ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15322 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the 
wbboEZ4BN3ssxAfM ha ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15321 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel 
password fo ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15320 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros 
password for ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15319 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA 
SSH key ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15318 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA 
SSH key ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15317 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA 
SSH key ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15316 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded 
ECDSA SSH k ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15315 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA 
SSH key ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15314 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA 
SSH key ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15313 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded 
ECDSA SSH k ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15312 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA 
SSH key ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php 
download para ...)
        NOT-FOR-US: Stash
 CVE-2020-15310
@@ -609,7 +609,7 @@ CVE-2020-15071
 CVE-2020-15070
        RESERVED
 CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer 
Overflow an ...)
-       TODO: check
+       NOT-FOR-US: Sophos
 CVE-2020-15068
        RESERVED
 CVE-2020-15067
@@ -667,7 +667,7 @@ CVE-2020-15045
 CVE-2020-15044
        RESERVED
 CVE-2020-15043 (iBall WRB303N devices allow CSRF attacks, as demonstrated by 
enabling  ...)
-       TODO: check
+       NOT-FOR-US: iBall WRB303N devices
 CVE-2020-15042
        RESERVED
 CVE-2020-15041 (PHP-Fusion 9.03.60 allows XSS via the 
administration/site_links.php Ad ...)
@@ -2289,11 +2289,11 @@ CVE-2020-14416 (In the Linux kernel before 5.4.16, a 
race condition in tty->d
        [jessie] - linux 3.16.84-1
        NOTE: 
https://git.kernel.org/linus/0ace17d56824165c7f4c68785d6b58971db954dd
 CVE-2020-14414 (NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php 
imprope ...)
-       TODO: check
+       NOT-FOR-US: NeDi
 CVE-2020-14413 (NeDi 1.9C is vulnerable to XSS because of an incorrect 
implementation  ...)
-       TODO: check
+       NOT-FOR-US: NeDi
 CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote Command Execution. 
System-Snapshot.p ...)
-       TODO: check
+       NOT-FOR-US: NeDi
 CVE-2020-14411
        RESERVED
 CVE-2020-14410
@@ -3080,15 +3080,15 @@ CVE-2020-14074 (TRENDnet TEW-827DRU devices through 
2.06B04 contain a stack-base
 CVE-2020-14073 (XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted 
map proper ...)
        NOT-FOR-US: PRTG Network Monitor
 CVE-2020-14072 (An issue was discovered in MK-AUTH 19.01. It allows command 
execution  ...)
-       TODO: check
+       NOT-FOR-US: MK-AUTH
 CVE-2020-14071 (An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities 
in admin ...)
-       TODO: check
+       NOT-FOR-US: MK-AUTH
 CVE-2020-14070 (An issue was discovered in MK-AUTH 19.01. There is 
authentication bypa ...)
-       TODO: check
+       NOT-FOR-US: MK-AUTH
 CVE-2020-14069 (An issue was discovered in MK-AUTH 19.01. There are SQL 
injection issu ...)
-       TODO: check
+       NOT-FOR-US: MK-AUTH
 CVE-2020-14068 (An issue was discovered in MK-AUTH 19.01. The web login 
functionality  ...)
-       TODO: check
+       NOT-FOR-US: MK-AUTH
 CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does 
not consi ...)
        NOT-FOR-US: Navigate CMS
 CVE-2020-14066
@@ -3525,7 +3525,7 @@ CVE-2020-13898 (An issue was discovered in janus-gateway 
(aka Janus WebRTC Serve
 CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS. ...)
        NOT-FOR-US: HESK
 CVE-2020-13896 (The web interface of Maipu MP1800X-50 7.5.3.14(R) devices 
allows remot ...)
-       TODO: check
+       NOT-FOR-US: Maipu devices
 CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 
allows  ...)
        NOT-FOR-US: DEXT5 Editor
 CVE-2020-13893
@@ -4196,7 +4196,7 @@ CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 
can trigger a NULL poi
 CVE-2020-13658
        RESERVED
 CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free 
Antivirus ...)
-       TODO: check
+       NOT-FOR-US: Avast
 CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array 
implementation  ...)
        NOT-FOR-US: Hobbes
 CVE-2020-13655
@@ -6626,7 +6626,7 @@ CVE-2018-21233 (TensorFlow before 1.7.0 has an integer 
overflow that causes an o
 CVE-2020-12636
        RESERVED
 CVE-2020-12635 (XSS exists in the WebForms Pro M2 extension before 2.9.17 for 
Magento  ...)
-       TODO: check
+       NOT-FOR-US: WebForms Pro M2 extension for Magento
 CVE-2020-12634
        RESERVED
 CVE-2020-12633
@@ -8056,23 +8056,23 @@ CVE-2020-12049 (An issue was discovered in dbus >= 
1.3.0 before 1.12.18. The
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5
        NOTE: Test: 
https://gitlab.freedesktop.org/dbus/dbus/-/commit/8bc1381819e5a845331650bfa28dacf6d2ac1748
 CVE-2020-12048 (Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The 
Phoenix Hem ...)
-       TODO: check
+       NOT-FOR-US: Phoenix Hemodialysis Delivery System
 CVE-2020-12047 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and 
v22D24), whe ...)
-       TODO: check
+       NOT-FOR-US: Baxter Spectrum WBM
 CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s 
firmwar ...)
        NOT-FOR-US: Opto 22 SoftPAC Project
 CVE-2020-12045 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and 
v22D24) when ...)
-       TODO: check
+       NOT-FOR-US: Baxter Spectrum WBM
 CVE-2020-12044
        RESERVED
 CVE-2020-12043 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and 
v22D24) when ...)
-       TODO: check
+       NOT-FOR-US: Baxter Spectrum WBM
 CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified 
within  ...)
        NOT-FOR-US: Opto 22 SoftPAC Project
 CVE-2020-12041 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and 
v22D24) teln ...)
-       TODO: check
+       NOT-FOR-US: Baxter Spectrum WBM
 CVE-2020-12040 (Sigma Spectrum Infusion System v's6.x (model 35700BAX) and 
Baxter Spec ...)
-       TODO: check
+       NOT-FOR-US: Sigma Spectrum Infusion System
 CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion 
System v' ...)
        TODO: check
 CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior 
(FactoryTalk ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c7a0729b1f6ee1a2ba4146c6fe5cd01795022cd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c7a0729b1f6ee1a2ba4146c6fe5cd01795022cd
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to