[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Aug 4 21:17:06 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
347a3225 by Salvatore Bonaccorso at 2020-08-04T22:16:36+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1268,15 +1268,15 @@ CVE-2020-16205
 CVE-2020-16204
 	RESERVED
 CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
-	TODO: check
+	NOT-FOR-US: Delta Industrial Automation
 CVE-2020-16202
 	RESERVED
 CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
-	TODO: check
+	NOT-FOR-US: Delta Industrial Automation
 CVE-2020-16200
 	RESERVED
 CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
-	TODO: check
+	NOT-FOR-US: Delta Industrial Automation
 CVE-2020-16198
 	RESERVED
 CVE-2020-16197
@@ -1411,7 +1411,7 @@ CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if s
 	NOTE: https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238
 	NOTE: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120
 CVE-2020-16134 (An issue was discovered on Swisscom Internet Box 2, Internet Box Stand ...)
-	TODO: check
+	NOT-FOR-US: Swisscom
 CVE-2020-16133
 	RESERVED
 CVE-2020-16132
@@ -1786,7 +1786,7 @@ CVE-2020-15958
 CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...)
 	NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T)
 CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...)
-	TODO: check
+	NOT-FOR-US: ACTi NVR3 Standard Server
 CVE-2020-15955
 	RESERVED
 CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...)
@@ -3046,7 +3046,7 @@ CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write call
 CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...)
 	NOT-FOR-US: Persian VIP Download Script
 CVE-2020-15467 (The administrative interface of Cohesive Networks vns3:vpn appliances  ...)
-	TODO: check
+	NOT-FOR-US: Cohesive Networks vns3:vpn appliances
 CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infin ...)
 	- wireshark 3.2.5-1 (low)
 	[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
@@ -8022,9 +8022,9 @@ CVE-2020-13525
 CVE-2020-13524
 	RESERVED
 CVE-2020-13523 (An exploitable information disclosure vulnerability exists in SoftPerf ...)
-	TODO: check
+	NOT-FOR-US: SoftPerfect
 CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in SoftPerfe ...)
-	TODO: check
+	NOT-FOR-US: SoftPerfect
 CVE-2020-13521
 	RESERVED
 CVE-2020-13520
@@ -28155,7 +28155,7 @@ CVE-2020-6014
 CVE-2020-6013 (ZoneAlarm Firewall and Antivirus products before version 15.8.109.1843 ...)
 	NOT-FOR-US: ZoneAlarm
 CVE-2020-6012 (ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the  ...)
-	TODO: check
+	NOT-FOR-US: ZoneAlarm
 CVE-2020-6011
 	RESERVED
 CVE-2020-6010 (LearnPress Wordpress plugin version prior and including 3.2.6.7 is vul ...)
@@ -31637,7 +31637,7 @@ CVE-2020-4633
 CVE-2020-4632
 	RESERVED
 CVE-2020-4631 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-de ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4630
 	RESERVED
 CVE-2020-4629
@@ -31815,7 +31815,7 @@ CVE-2020-4544
 CVE-2020-4543
 	RESERVED
 CVE-2020-4542 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4541
 	RESERVED
 CVE-2020-4540
@@ -31849,7 +31849,7 @@ CVE-2020-4527 (IBM Planning Analytics 2.0 could allow a remote attacker to obtai
 CVE-2020-4526
 	RESERVED
 CVE-2020-4525 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4524
 	RESERVED
 CVE-2020-4523
@@ -31981,7 +31981,7 @@ CVE-2020-4461 (IBM Security Access Manager Appliance 9.0.7.1 could allow an auth
 CVE-2020-4460
 	RESERVED
 CVE-2020-4459 (IBM Security Verify Access 10.7 contains hard-coded credentials, such  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4458
 	RESERVED
 CVE-2020-4457
@@ -32079,7 +32079,7 @@ CVE-2020-4412 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5
 CVE-2020-4411 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...)
 	NOT-FOR-US: IBM
 CVE-2020-4410 (IBM Jazz Foundation and IBM Engineering products could allow an authen ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4409
 	RESERVED
 CVE-2020-4408 (The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRada ...)
@@ -32107,7 +32107,7 @@ CVE-2020-4398
 CVE-2020-4397 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive informati ...)
 	NOT-FOR-US: IBM
 CVE-2020-4396 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4395
 	RESERVED
 CVE-2020-4394
@@ -33442,7 +33442,7 @@ CVE-2019-20003 (Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows
 CVE-2019-20002 (Formula Injection exists in the export feature in SolarWinds WebHelpDe ...)
 	NOT-FOR-US: SolarWinds WebHelpDesk
 CVE-2019-20001 (An issue was discovered in RICOH Streamline NX Client Tool and RICOH S ...)
-	TODO: check
+	NOT-FOR-US: RICOH
 CVE-2019-20000 (The malware scan function in BullGuard Premium Protection 20.0.371.8 h ...)
 	NOT-FOR-US: BullGuard Premium Protection
 CVE-2019-19999 (Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI)  ...)
@@ -39700,11 +39700,11 @@ CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...)
 CVE-2019-19456 (A Reflected XSS was found in the server selection box inside the login ...)
 	NOT-FOR-US: Wowza Streaming Engine
 CVE-2019-19455 (Wowza Streaming Engine through 2019-11-28 has Insecure Permissions. ...)
-	TODO: check
+	NOT-FOR-US: Wowza Streaming Engine
 CVE-2019-19454 (An arbitrary file download was found in the "Download Log" functionali ...)
 	NOT-FOR-US: Wowza Streaming Engine
 CVE-2019-19453 (Wowza Streaming Engine through 2019-11-28 allows XSS (issue 1 of 2). ...)
-	TODO: check
+	NOT-FOR-US: Wowza Streaming Engine
 CVE-2019-19452 (A buffer overflow was found in Patriot Viper RGB through 1.1 when proc ...)
 	NOT-FOR-US: Patriot Viper RGB
 CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename argument  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/347a32250c052ecc63fc876bce4f0336e53b7c9a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/347a32250c052ecc63fc876bce4f0336e53b7c9a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200804/f9bc5df7/attachment.html>

More information about the debian-security-tracker-commits mailing list