[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Apr 4 07:41:32 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2655c8b by Salvatore Bonaccorso at 2020-04-04T08:40:24+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2020-11503
 CVE-2020-11502
 	RESERVED
 CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for vi ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when upd ...)
 	NOT-FOR-US: Firmware Analysis and Comparison Tool
 CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerability that ...)
@@ -2218,11 +2218,11 @@ CVE-2020-10603
 CVE-2020-10602
 	RESERVED
 CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow  ...)
-	TODO: check
+	NOT-FOR-US: VISAM VBASE Editor
 CVE-2020-10600
 	RESERVED
 CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
-	TODO: check
+	NOT-FOR-US: VISAM VBASE Editor
 CVE-2020-10598 (In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES  ...)
 	NOT-FOR-US: Pyxis
 CVE-2020-10597 (The affected insulin pump is designed to communicate using a wireless  ...)
@@ -6657,11 +6657,11 @@ CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel throu
 CVE-2020-8640
 	RESERVED
 CVE-2020-8639 (An unrestricted file upload vulnerability in keywordsImport.php in Tes ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2020-8638 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2020-8637 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...)
-	TODO: check
+	NOT-FOR-US: TestLink
 CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...)
 	NOT-FOR-US: OpServices OpMon
 CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...)
@@ -10438,7 +10438,7 @@ CVE-2020-7010
 CVE-2020-7009 (Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2  ...)
 	- elasticsearch <removed>
 CVE-2020-7008 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
-	TODO: check
+	NOT-FOR-US: VISAM VBASE Editor
 CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker  ...)
 	NOT-FOR-US: Moxa
 CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), ...)
@@ -10446,7 +10446,7 @@ CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, R
 CVE-2020-7005 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...)
 	NOT-FOR-US: Honeywell
 CVE-2020-7004 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
-	TODO: check
+	NOT-FOR-US: VISAM VBASE Editor
 CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...)
 	NOT-FOR-US: Moxa
 CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior.  ...)
@@ -10454,7 +10454,7 @@ CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and pr
 CVE-2020-7001 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected  ...)
 	NOT-FOR-US: Moxa
 CVE-2020-7000 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
-	TODO: check
+	NOT-FOR-US: VISAM VBASE Editor
 CVE-2020-6999 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the p ...)
 	NOT-FOR-US: Moxa
 CVE-2020-6998
@@ -10466,7 +10466,7 @@ CVE-2020-6996
 CVE-2020-6995 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
 	NOT-FOR-US: Moxa
 CVE-2020-6994 (A buffer overflow vulnerability was found in some devices of Hirschman ...)
-	TODO: check
+	NOT-FOR-US: Hirschmann Automation and Control HiOS and HiSecOS
 CVE-2020-6993 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...)
 	NOT-FOR-US: Moxa
 CVE-2020-6992



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2655c8bdf4a5a8282efd924327c9f4509c71aa6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2655c8bdf4a5a8282efd924327c9f4509c71aa6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200404/9f1e1416/attachment.html>

More information about the debian-security-tracker-commits mailing list