[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Fri, 14 Aug 2020 05:12:16 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
61c12293 by Salvatore Bonaccorso at 2020-08-14T14:09:27+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,19 +11,19 @@ CVE-2020-24351
 CVE-2020-24350
        RESERVED
 CVE-2020-24349 (njs through 0.4.3, used in NGINX, allows control-flow hijack 
in njs_va ...)
-       TODO: check
+       NOT-FOR-US: njs
 CVE-2020-24348 (njs through 0.4.3, used in NGINX, has an out-of-bounds read in 
njs_jso ...)
-       TODO: check
+       NOT-FOR-US: njs
 CVE-2020-24347 (njs through 0.4.3, used in NGINX, has an out-of-bounds read in 
njs_lvl ...)
-       TODO: check
+       NOT-FOR-US: njs
 CVE-2020-24346 (njs through 0.4.3, used in NGINX, has a use-after-free in 
njs_json_par ...)
-       TODO: check
+       NOT-FOR-US: njs
 CVE-2020-24345 (** DISPUTED ** JerryScript through 2.3.0 allows stack 
consumption via  ...)
-       TODO: check
+       NOT-FOR-US: JerryScript
 CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const 
argumen ...)
-       TODO: check
+       NOT-FOR-US: JerryScript
 CVE-2020-24343 (Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c 
because of  ...)
-       TODO: check
+       NOT-FOR-US: MuJS
 CVE-2020-24342 (Lua through 5.4.0 allows a stack redzone cross in 
luaO_pushvfstring be ...)
        TODO: check
 CVE-2020-24341
@@ -13795,7 +13795,7 @@ CVE-2020-17465
 CVE-2020-17464
        RESERVED
 CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to 
/pages/it ...)
-       TODO: check
+       NOT-FOR-US: FUEL CMS
 CVE-2020-17462
        RESERVED
 CVE-2020-17461
@@ -16422,7 +16422,7 @@ CVE-2020-16188
 CVE-2020-16187
        RESERVED
 CVE-2020-16186 (A stored Cross-site scripting (XSS) vulnerability in Firco 
Continuity  ...)
-       TODO: check
+       NOT-FOR-US: Firco Continuity
 CVE-2020-16185
        RESERVED
 CVE-2020-16184
@@ -16454,7 +16454,7 @@ CVE-2020-16172
 CVE-2020-16171
        RESERVED
 CVE-2020-16170 (The Temi application 1.3.3 through 1.3.7931 for Android has 
hard-coded ...)
-       TODO: check
+       NOT-FOR-US: Temi application fo Android
 CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in 
Robotemi G ...)
        NOT-FOR-US: Temi Robox OS
 CVE-2020-16168 (Origin Validation Error in Robotemi Global Ltd Temi Firmware 
up to 201 ...)
@@ -16521,11 +16521,11 @@ CVE-2020-16141
 CVE-2020-16140
        RESERVED
 CVE-2020-16139 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco 
Unified I ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-16138 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in 
Cisco Uni ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-16137 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation issue 
in Cisco  ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user 
with permis ...)
        NOT-FOR-US: tgstation-server
 CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if 
ssh_buf ...)
@@ -16648,7 +16648,7 @@ CVE-2020-16089
 CVE-2020-16088 (iked in OpenIKED, as used in OpenBSD through 6.7, allows 
authenticatio ...)
        NOT-FOR-US: OpenIKED
 CVE-2020-16087 (An issue was discovered in Zalo.exe in VNG Zalo Desktop 
19.8.1.0. An a ...)
-       TODO: check
+       NOT-FOR-US: VNG Zalo Desktop
 CVE-2020-16086
        RESERVED
 CVE-2020-16085
@@ -16940,7 +16940,7 @@ CVE-2020-XXXX [RUSTSEC-2020-0026]
        [buster] - rust-linked-hash-map <no-dsa> (Minor issue)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0026.html
 CVE-2020-15947 (A SQL injection vulnerability in the 
qm_adm/qm_export_stats_run.do end ...)
-       TODO: check
+       NOT-FOR-US: Loway QueueMetrics
 CVE-2020-15946
        RESERVED
 CVE-2020-15945 (Lua through 5.4.0 has a segmentation fault in changedline in 
ldebug.c  ...)
@@ -16991,7 +16991,7 @@ CVE-2020-15927
 CVE-2020-15926
        RESERVED
 CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway 
QueueMetrics befor ...)
-       TODO: check
+       NOT-FOR-US: Loway QueueMetrics
 CVE-2020-15924 (There is a SQL Injection in Mida eFramework through 2.9.0 that 
leads t ...)
        NOT-FOR-US: Mida eFramework
 CVE-2020-15923 (Mida eFramework through 2.9.0 allows unauthenticated ../ 
directory tra ...)
@@ -17134,7 +17134,7 @@ CVE-2020-15870 (Sonatype Nexus Repository Manager 
OSS/Pro versions before 3.25.1
 CVE-2020-15869 (Sonatype Nexus Repository Manager OSS/Pro versions before 
3.25.1 allow ...)
        NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro
 CVE-2020-15868 (Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has 
Incorrect  ...)
-       TODO: check
+       NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro
 CVE-2020-15867
        RESERVED
 CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the 
mrb_yie ...)
@@ -19276,7 +19276,7 @@ CVE-2020-14981 (The ThreatTrack VIPRE Password Vault 
app through 1.100.1090 for
 CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android 
has Miss ...)
        NOT-FOR-US: Sophos Secure Email application for Android
 CVE-2020-14979 (The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA 
Precision X ...)
-       TODO: check
+       NOT-FOR-US: EVGA Precision X1
 CVE-2020-14978 (An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to 
incorre ...)
        NOT-FOR-US: F-Secure SAFE
 CVE-2020-14977 (An issue was discovered in F-Secure SAFE 17.7 on macOS. The 
XPC servic ...)
@@ -20347,7 +20347,7 @@ CVE-2020-14485 (OpenClinic GA versions 5.09.02 and 
5.89.05b may allow an attacke
 CVE-2020-14484 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an 
attacker to b ...)
        NOT-FOR-US: OpenClinic GA
 CVE-2020-14483 (A timeout during a TLS handshake can result in the connection 
failing  ...)
-       TODO: check
+       NOT-FOR-US: Niagara
 CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and 
prior. Ope ...)
        NOT-FOR-US: Delta Industrial Automation DOPSoft
 CVE-2020-14481
@@ -26708,9 +26708,9 @@ CVE-2020-12108 (/options/mailman in GNU Mailman before 
2.1.31 allows Arbitrary C
        [buster] - mailman <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/mailman/+bug/1873722
 CVE-2020-12107 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows 
command ...)
-       TODO: check
+       NOT-FOR-US: VPNCrypt
 CVE-2020-12106 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows 
unauthe ...)
-       TODO: check
+       NOT-FOR-US: VPNCrypt
 CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values 
from X509_c ...)
        - openconnect <unfixed> (unimportant; bug #959428)
        [jessie] - openconnect <not-affected> (Vulnerable code introduced later)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61c12293ffb284b6f4634d710b861f659aaa8349

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61c12293ffb284b6f4634d710b861f659aaa8349
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to