[Git][security-tracker-team/security-tracker][master] 5 commits: Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Aug 22 11:50:55 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c8c4488 by Salvatore Bonaccorso at 2020-08-22T12:45:55+02:00
Process some NFUs

- - - - -
790660d5 by Salvatore Bonaccorso at 2020-08-22T12:46:18+02:00
Add CVE-2020-{8189,8227}/nextcloud-desktop

- - - - -
843f9dcb by Salvatore Bonaccorso at 2020-08-22T12:46:45+02:00
Add CVE-2020-7923/mongodb

- - - - -
728cd5b5 by Salvatore Bonaccorso at 2020-08-22T12:47:03+02:00
AddCVE-2020-7019/elasticsearch

- - - - -
e42d42e9 by Salvatore Bonaccorso at 2020-08-22T12:50:35+02:00
Merge remote-tracking branch 'origin/master' into master

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -809,7 +809,7 @@ CVE-2020-24214
 CVE-2020-24213
 	RESERVED
 CVE-2020-24212 (**REJECTED**Kaldin 4.0 is affected by: Insecure Permissions. The impac ...)
-	TODO: check
+	NOT-FOR-US: Kaldin
 CVE-2020-24211
 	RESERVED
 CVE-2020-24210
@@ -1357,7 +1357,7 @@ CVE-2020-23940
 CVE-2020-23939
 	RESERVED
 CVE-2020-23938 (***REJECTED***Out of bounds read (CWE-125) in AnnLab V3 Lite 4.0.8.3 c ...)
-	TODO: check
+	NOT-FOR-US: AnnLab V3 Lite
 CVE-2020-23937
 	RESERVED
 CVE-2020-23936 (PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Auth ...)
@@ -17734,7 +17734,7 @@ CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
 CVE-2020-15858 (Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allo ...)
-	TODO: check
+	NOT-FOR-US: Thales DIS
 CVE-2020-15857
 	RESERVED
 CVE-2020-15856
@@ -33896,13 +33896,13 @@ CVE-2020-10128
 CVE-2020-10127
 	RESERVED
 CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate  ...)
-	TODO: check
+	NOT-FOR-US: NCR SelfServ ATMs
 CVE-2020-10125 (NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 51 ...)
-	TODO: check
+	NOT-FOR-US: NCR SelfServ ATMs
 CVE-2020-10124 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authentic ...)
-	TODO: check
+	NOT-FOR-US: NCR SelfServ ATMs
 CVE-2020-10123 (The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00  ...)
-	TODO: check
+	NOT-FOR-US: NCR SelfServ ATMs
 CVE-2019-20501 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
 	NOT-FOR-US: D-Link
 CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...)
@@ -36409,9 +36409,9 @@ CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0
 CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authent ...)
-	TODO: check
+	NOT-FOR-US: NCR SelfServ ATMs
 CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version ...)
-	TODO: check
+	NOT-FOR-US: Diebold Nixdorf ProCash 2100xe USB ATMs
 CVE-2020-9061
 	RESERVED
 CVE-2020-9060
@@ -38384,7 +38384,7 @@ CVE-2020-8236
 CVE-2020-8235
 	RESERVED
 CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 w ...)
-	TODO: check
+	NOT-FOR-US: EdgeMax EdgeSwitch firmware
 CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware <v1 ...)
 	NOT-FOR-US: Edgeswitch
 CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...)
@@ -38403,7 +38403,8 @@ CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop
 CVE-2020-8228
 	RESERVED
 CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Client  ...)
-	TODO: check
+	- nextcloud-desktop <unfixed>
+	NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-032
 CVE-2020-8226 (A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allow ...)
 	NOT-FOR-US: phpBB
 CVE-2020-8225
@@ -38483,7 +38484,8 @@ CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versio
 CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...)
 	NOT-FOR-US: Citrix
 CVE-2020-8189 (A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed ...)
-	TODO: check
+	- nextcloud-desktop <unfixed>
+	NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-027
 CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v1.13. ...)
 	NOT-FOR-US: UniFi Protect
 CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
@@ -39214,7 +39216,8 @@ CVE-2020-7925
 CVE-2020-7924
 	RESERVED
 CVE-2020-7923 (A user authorized to perform database queries may cause denial of serv ...)
-	TODO: check
+	- mongodb <removed>
+	NOTE: https://jira.mongodb.org/browse/SERVER-47773
 CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...)
 	NOT-FOR-US: MongoDB Enterprise
 CVE-2020-7921 (Improper serialization of internal state in the authorization subsyste ...)
@@ -41377,7 +41380,7 @@ CVE-2020-7021
 CVE-2020-7020
 	RESERVED
 CVE-2020-7019 (In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was f ...)
-	TODO: check
+	- elasticsearch <removed>
 CVE-2020-7018 (Elastic Enterprise Search before 7.9.0 contain a credential exposure f ...)
 	TODO: check
 CVE-2020-7017 (In Kibana versions before 6.8.11 and 7.8.1 the region map visualizatio ...)
@@ -51128,7 +51131,7 @@ CVE-2020-3444
 CVE-2020-3443
 	RESERVED
 CVE-2020-3442 (The DuoConnect client enables users to establish SSH connections to ho ...)
-	TODO: check
+	NOT-FOR-US: DuoConnect
 CVE-2020-3441
 	RESERVED
 CVE-2020-3440
@@ -62218,7 +62221,7 @@ CVE-2020-0263
 CVE-2020-0262
 	RESERVED
 CVE-2020-0261 (In C2 flame devices, there is a possible bypass of seccomp due to a mi ...)
-	TODO: check
+	NOT-FOR-US: C2 flame devices
 CVE-2020-0260 (There is a possible out of bounds read due to an incorrect bounds chec ...)
 	NOT-FOR-US: Mediatek components for Android
 CVE-2020-0259 (In android_verity_ctr of dm-android-verity.c, there is a possible way  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b377e48a4b0cc7d8507f865e084ab1a9dae34285...e42d42e9f38d071b427695dba2590b774c8e7a10

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b377e48a4b0cc7d8507f865e084ab1a9dae34285...e42d42e9f38d071b427695dba2590b774c8e7a10
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200822/d33710b4/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list