[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Apr 15 22:15:19 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98af0157 by Salvatore Bonaccorso at 2020-04-15T23:14:52+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -431,7 +431,7 @@ CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the L
 	- linux <unfixed>
 	NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400
 CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys  ...)
-	TODO: check
+	NOT-FOR-US: Cellebrite UFED
 CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...)
 	- crawl <unfixed>
 	NOTE: https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
@@ -561,11 +561,11 @@ CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlin
 CVE-2020-11667
 	RESERVED
 CVE-2020-11666 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...)
-	TODO: check
+	NOT-FOR-US: CA API Developer Portal
 CVE-2020-11665 (CA API Developer Portal 4.3.1 and earlier handles loginRedirect page r ...)
-	TODO: check
+	NOT-FOR-US: CA API Developer Portal
 CVE-2020-11664 (CA API Developer Portal 4.3.1 and earlier handles homeRedirect page re ...)
-	TODO: check
+	NOT-FOR-US: CA API Developer Portal
 CVE-2020-11663
 	RESERVED
 CVE-2020-11662
@@ -1151,13 +1151,13 @@ CVE-2020-11539
 CVE-2020-11538
 	RESERVED
 CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5 ...)
-	TODO: check
+	NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2020-11536 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...)
-	TODO: check
+	NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2020-11535 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...)
-	TODO: check
+	NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2020-11534 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...)
-	TODO: check
+	NOT-FOR-US: ONLYOFFICE Document Server
 CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...)
 	NOT-FOR-US: Ivanti Workspace Control
 CVE-2020-11532
@@ -3406,7 +3406,7 @@ CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified b
 CVE-2020-10647
 	RESERVED
 CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...)
-	TODO: check
+	NOT-FOR-US: Fuji Electric V-Server Lite
 CVE-2020-10645
 	RESERVED
 CVE-2020-10644
@@ -3414,17 +3414,17 @@ CVE-2020-10644
 CVE-2020-10643
 	RESERVED
 CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...)
-	TODO: check
+	NOT-FOR-US: Rockwell
 CVE-2020-10641
 	RESERVED
 CVE-2020-10640
 	RESERVED
 CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...)
-	TODO: check
+	NOT-FOR-US: Eaton HMiSoft VU3
 CVE-2020-10638
 	RESERVED
 CVE-2020-10637 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...)
-	TODO: check
+	NOT-FOR-US: Eaton HMiSoft VU3
 CVE-2020-10636
 	RESERVED
 CVE-2020-10635
@@ -3468,15 +3468,15 @@ CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perfor
 CVE-2020-10616
 	RESERVED
 CVE-2020-10615 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...)
-	TODO: check
+	NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
 CVE-2020-10614
 	RESERVED
 CVE-2020-10613 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...)
-	TODO: check
+	NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
 CVE-2020-10612
 	RESERVED
 CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...)
-	TODO: check
+	NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
 CVE-2020-10610
 	RESERVED
 CVE-2020-10609
@@ -3700,9 +3700,9 @@ CVE-2020-10516
 CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...)
 	NOT-FOR-US: STARFACE UCC Client
 CVE-2020-10514 (iCatch DVR do not validate function parameter properly, resulting atta ...)
-	TODO: check
+	NOT-FOR-US: iCatch DVR
 CVE-2020-10513 (The file management interface of iCatch DVR contains broken access con ...)
-	TODO: check
+	NOT-FOR-US: iCatch DVR
 CVE-2020-10512 (HGiga C&Cmail contains a SQL Injection vulnerability which allows  ...)
 	TODO: check
 CVE-2020-10511 (HGiga C&Cmail contains insecure configurations. Attackers can expl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98af01570d0901da2dfc3c503219b8e99cf7f8b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98af01570d0901da2dfc3c503219b8e99cf7f8b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200415/1a50226f/attachment.html>

More information about the debian-security-tracker-commits mailing list