[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Aug 14 13:11:52 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
61c12293 by Salvatore Bonaccorso at 2020-08-14T14:09:27+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,19 +11,19 @@ CVE-2020-24351
 CVE-2020-24350
 	RESERVED
 CVE-2020-24349 (njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_va ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2020-24348 (njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_jso ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2020-24347 (njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvl ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2020-24346 (njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_par ...)
-	TODO: check
+	NOT-FOR-US: njs
 CVE-2020-24345 (** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via  ...)
-	TODO: check
+	NOT-FOR-US: JerryScript
 CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const argumen ...)
-	TODO: check
+	NOT-FOR-US: JerryScript
 CVE-2020-24343 (Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of  ...)
-	TODO: check
+	NOT-FOR-US: MuJS
 CVE-2020-24342 (Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring be ...)
 	TODO: check
 CVE-2020-24341
@@ -13795,7 +13795,7 @@ CVE-2020-17465
 CVE-2020-17464
 	RESERVED
 CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...)
-	TODO: check
+	NOT-FOR-US: FUEL CMS
 CVE-2020-17462
 	RESERVED
 CVE-2020-17461
@@ -16422,7 +16422,7 @@ CVE-2020-16188
 CVE-2020-16187
 	RESERVED
 CVE-2020-16186 (A stored Cross-site scripting (XSS) vulnerability in Firco Continuity  ...)
-	TODO: check
+	NOT-FOR-US: Firco Continuity
 CVE-2020-16185
 	RESERVED
 CVE-2020-16184
@@ -16454,7 +16454,7 @@ CVE-2020-16172
 CVE-2020-16171
 	RESERVED
 CVE-2020-16170 (The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded ...)
-	TODO: check
+	NOT-FOR-US: Temi application fo Android
 CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in Robotemi G ...)
 	NOT-FOR-US: Temi Robox OS
 CVE-2020-16168 (Origin Validation Error in Robotemi Global Ltd Temi Firmware up to 201 ...)
@@ -16521,11 +16521,11 @@ CVE-2020-16141
 CVE-2020-16140
 	RESERVED
 CVE-2020-16139 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified I ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-16138 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in Cisco Uni ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-16137 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation issue in Cisco  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permis ...)
 	NOT-FOR-US: tgstation-server
 CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buf ...)
@@ -16648,7 +16648,7 @@ CVE-2020-16089
 CVE-2020-16088 (iked in OpenIKED, as used in OpenBSD through 6.7, allows authenticatio ...)
 	NOT-FOR-US: OpenIKED
 CVE-2020-16087 (An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An a ...)
-	TODO: check
+	NOT-FOR-US: VNG Zalo Desktop
 CVE-2020-16086
 	RESERVED
 CVE-2020-16085
@@ -16940,7 +16940,7 @@ CVE-2020-XXXX [RUSTSEC-2020-0026]
 	[buster] - rust-linked-hash-map <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0026.html
 CVE-2020-15947 (A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do end ...)
-	TODO: check
+	NOT-FOR-US: Loway QueueMetrics
 CVE-2020-15946
 	RESERVED
 CVE-2020-15945 (Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c  ...)
@@ -16991,7 +16991,7 @@ CVE-2020-15927
 CVE-2020-15926
 	RESERVED
 CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...)
-	TODO: check
+	NOT-FOR-US: Loway QueueMetrics
 CVE-2020-15924 (There is a SQL Injection in Mida eFramework through 2.9.0 that leads t ...)
 	NOT-FOR-US: Mida eFramework
 CVE-2020-15923 (Mida eFramework through 2.9.0 allows unauthenticated ../ directory tra ...)
@@ -17134,7 +17134,7 @@ CVE-2020-15870 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1
 CVE-2020-15869 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow ...)
 	NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro
 CVE-2020-15868 (Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect  ...)
-	TODO: check
+	NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro
 CVE-2020-15867
 	RESERVED
 CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...)
@@ -19276,7 +19276,7 @@ CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for
 CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...)
 	NOT-FOR-US: Sophos Secure Email application for Android
 CVE-2020-14979 (The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X ...)
-	TODO: check
+	NOT-FOR-US: EVGA Precision X1
 CVE-2020-14978 (An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorre ...)
 	NOT-FOR-US: F-Secure SAFE
 CVE-2020-14977 (An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC servic ...)
@@ -20347,7 +20347,7 @@ CVE-2020-14485 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacke
 CVE-2020-14484 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...)
 	NOT-FOR-US: OpenClinic GA
 CVE-2020-14483 (A timeout during a TLS handshake can result in the connection failing  ...)
-	TODO: check
+	NOT-FOR-US: Niagara
 CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...)
 	NOT-FOR-US: Delta Industrial Automation DOPSoft
 CVE-2020-14481
@@ -26708,9 +26708,9 @@ CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary C
 	[buster] - mailman <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/mailman/+bug/1873722
 CVE-2020-12107 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command ...)
-	TODO: check
+	NOT-FOR-US: VPNCrypt
 CVE-2020-12106 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthe ...)
-	TODO: check
+	NOT-FOR-US: VPNCrypt
 CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from X509_c ...)
 	- openconnect <unfixed> (unimportant; bug #959428)
 	[jessie] - openconnect <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61c12293ffb284b6f4634d710b861f659aaa8349

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61c12293ffb284b6f4634d710b861f659aaa8349
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200814/cd71d483/attachment.html>

More information about the debian-security-tracker-commits mailing list