[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Apr 20 17:31:21 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ab4df7b by Moritz Muehlenhoff at 2020-04-20T18:30:58+02:00
NFUs
new ming issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2020-11916
 CVE-2020-11915
 	RESERVED
 CVE-2019-20786 (handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a chec ...)
-	TODO: check
+	NOT-FOR-US: Pion DTLS
 CVE-2020-11914
 	RESERVED
 CVE-2020-11913
@@ -71,9 +71,11 @@ CVE-2020-11897
 CVE-2020-11896
 	RESERVED
 CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) i ...)
-	TODO: check
+	- ming <removed>
+	NOTE: https://github.com/libming/libming/issues/197
 CVE-2020-11894 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) i ...)
-	TODO: check
+	- ming <removed>
+	NOTE: https://github.com/libming/libming/issues/196
 CVE-2020-11893
 	RESERVED
 CVE-2020-11892
@@ -95,7 +97,7 @@ CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerabilit
 CVE-2020-11884
 	RESERVED
 CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...)
-	TODO: check
+	NOT-FOR-US: Divante vue-storefront-api
 CVE-2020-11882
 	RESERVED
 CVE-2020-11881
@@ -125,7 +127,7 @@ CVE-2020-11874 (An issue was discovered on LG mobile devices with Android OS 8.0
 CVE-2020-11873 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
 	NOT-FOR-US: LG mobile devices
 CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication ...)
-	TODO: check
+	NOT-FOR-US: OpenTrace
 CVE-2020-11871
 	RESERVED
 CVE-2020-11870
@@ -257,7 +259,7 @@ CVE-2020-11828
 CVE-2020-11827
 	RESERVED
 CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...)
-	TODO: check
+	NOT-FOR-US: Memono
 CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...)
 	- dolibarr <removed>
 CVE-2020-11824
@@ -795,7 +797,7 @@ CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and
 CVE-2020-11711
 	RESERVED
 CVE-2020-11710 (An issue was discovered in docker-kong (for Kong) through 2.0.3. The a ...)
-	TODO: check
+	NOT-FOR-US: docker-kong
 CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...)
 	TODO: check
 CVE-2020-11708 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
@@ -2607,13 +2609,13 @@ CVE-2020-11007 (In Shopizer before version 2.11.0, using API or Controller based
 CVE-2020-11006
 	RESERVED
 CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...)
-	TODO: check
+	NOT-FOR-US: WindowsHello
 CVE-2020-11004
 	RESERVED
 CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...)
 	NOT-FOR-US: Oasis (not the same as src:oasis)
 CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...)
-	TODO: check
+	NOT-FOR-US: dropwizard-validation
 CVE-2020-11001 (In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XS ...)
 	NOT-FOR-US: Wagtail
 CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps that re ...)
@@ -2769,7 +2771,7 @@ CVE-2020-10949
 CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) ...)
 	NOT-FOR-US: Jon Hedley AlienForm2
 CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2020-10946
 	RESERVED
 CVE-2020-10945
@@ -3283,9 +3285,9 @@ CVE-2020-10816
 CVE-2020-10815
 	RESERVED
 CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...)
-	TODO: check
+	NOT-FOR-US: Code::Blocks
 CVE-2020-10813 (A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to cr ...)
-	TODO: check
+	NOT-FOR-US: FTPDMIN
 CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4
@@ -4331,7 +4333,7 @@ CVE-2020-10379
 CVE-2020-10378
 	RESERVED
 CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client before ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...)
 	NOT-FOR-US: Technicolor
 CVE-2020-10375
@@ -4689,7 +4691,7 @@ CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. Th
 CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...)
 	NOT-FOR-US: Responsive FileManager
 CVE-2020-10211 (A remote code execution vulnerability in UCB component of Mitel MiVoic ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2020-10210
 	RESERVED
 CVE-2020-10209
@@ -11848,19 +11850,19 @@ CVE-2020-7087
 CVE-2020-7086
 	RESERVED
 CVE-2020-7085 (A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2020-7084 (A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versi ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2020-7083 (An intager overflow vulnerability in the Autodesk FBX-SDK versions 201 ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2020-7082 (A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2020-7081 (A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2020-7080 (A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019. ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2020-7079 (An improper signature validation vulnerability in Autodesk Dynamo BIM  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2020-7078
 	RESERVED
 CVE-2020-7077
@@ -15051,7 +15053,7 @@ CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulner
 CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable  ...)
 	NOT-FOR-US: Grandstream
 CVE-2020-5737 (Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated re ...)
-	TODO: check
+	NOT-FOR-US: Tenable.Sc
 CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...)
 	NOT-FOR-US: Amcrest
 CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer overflo ...)
@@ -15059,17 +15061,17 @@ CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer ov
 CVE-2020-5734 (Classic buffer overflow in SolarWinds Dameware allows a remote, unauth ...)
 	NOT-FOR-US: SolarWinds
 CVE-2020-5733 (In OpenMRS 2.9 and prior, the export functionality of the Data Exchang ...)
-	TODO: check
+	NOT-FOR-US: OpenMRS
 CVE-2020-5732 (In OpenMRS 2.9 and prior, he import functionality of the Data Exchange ...)
-	TODO: check
+	NOT-FOR-US: OpenMRS
 CVE-2020-5731 (In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page ...)
-	TODO: check
+	NOT-FOR-US: OpenMRS
 CVE-2020-5730 (In OpenMRS 2.9 and prior, the sessionLocation parameter for the login  ...)
-	TODO: check
+	NOT-FOR-US: OpenMRS
 CVE-2020-5729 (In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitra ...)
-	TODO: check
+	NOT-FOR-US: OpenMRS
 CVE-2020-5728 (OpenMRS 2.9 and prior copies "Referrer" header values into an html ele ...)
-	TODO: check
+	NOT-FOR-US: OpenMRS
 CVE-2020-5727
 	RESERVED
 CVE-2020-5726 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...)
@@ -16022,7 +16024,7 @@ CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name fiel
 CVE-2020-5304
 	RESERVED
 CVE-2020-5303 (Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-o ...)
-	TODO: check
+	NOT-FOR-US: Tendermint
 CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...)
 	NOT-FOR-US: MH-WikiBot
 CVE-2020-5301 [Fix source code disclosure on case-insensitive file systems. See SSPSA 202004-01.]
@@ -20707,9 +20709,9 @@ CVE-2020-3655
 CVE-2020-3654
 	RESERVED
 CVE-2020-3653 (Possible buffer over-read in windows wlan driver function due to lack  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3652 (Possible buffer over-read issue in windows x86 wlan driver function wh ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3651 (Active command timeout since WM status change cmd is not removed from  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3650
@@ -26054,7 +26056,7 @@ CVE-2020-1765 (An improper control of parameters allows the spoofing of the from
 	NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6)
 	NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5)
 CVE-2019-19394 (Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x bef ...)
-	TODO: check
+	NOT-FOR-US: CFEngine Enterprise
 CVE-2019-19393
 	RESERVED
 CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...)
@@ -30720,11 +30722,11 @@ CVE-2019-18572 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle
 CVE-2019-18571 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Go ...)
 	NOT-FOR-US: RSA
 CVE-2020-0600 (Improper buffer restrictions in firmware for some Intel(R) NUC may all ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-0599
 	RESERVED
 CVE-2020-0598 (Uncontrolled search path in the installer for the Intel(R) Binary Conf ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-0597
 	RESERVED
 CVE-2020-0596
@@ -30764,11 +30766,11 @@ CVE-2020-0580
 CVE-2020-0579
 	RESERVED
 CVE-2020-0578 (Improper conditions check for Intel(R) Modular Server MFS2600KISPP Com ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-0577 (Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Com ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-0576 (Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-0575
 	RESERVED
 CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all ...)
@@ -30795,7 +30797,7 @@ CVE-2020-0569
 	NOTE: Patch for 5.6.0 through 5.13.2: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404
 	NOTE: Patch for 5.0.0 through 5.5.1: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d
 CVE-2020-0568 (Race condition in the Intel(R) Driver and Support Assistant before ver ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before version  ...)
 	NOT-FOR-US: Intel graphics driver for Windows
 CVE-2020-0566



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ab4df7bc62bead1d4eaa2acc0c73379c02d395f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ab4df7bc62bead1d4eaa2acc0c73379c02d395f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200420/1a4820cf/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list