[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Dec 4 08:47:06 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8d3de1e by Moritz Muehlenhoff at 2020-12-04T09:46:23+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8425,7 +8425,7 @@ CVE-2020-27350
CVE-2020-27349
RESERVED
CVE-2020-27348 (In some conditions, a snap package built by snapcraft includes the cur ...)
- TODO: check
+ NOT-FOR-US: snapcraft
CVE-2020-27346
REJECTED
CVE-2020-27345
@@ -39177,7 +39177,7 @@ CVE-2020-13527
CVE-2020-13526
RESERVED
CVE-2020-13525 (The sort parameter in the download page /sysworkflow/en/neoclassic/rep ...)
- TODO: check
+ NOT-FOR-US: ProcessMaker
CVE-2020-13524 (An out-of-bounds memory corruption vulnerability exists in the way Pix ...)
NOT-FOR-US: Pixar OpenUSD
CVE-2020-13523 (An exploitable information disclosure vulnerability exists in SoftPerf ...)
@@ -51896,9 +51896,9 @@ CVE-2020-9117 (HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and Sy
CVE-2020-9116 (Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection ...)
NOT-FOR-US: Huawei
CVE-2020-9115 (ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9114 (FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a pri ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9113 (HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buf ...)
NOT-FOR-US: Huawei
CVE-2020-9112 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a priv ...)
@@ -55853,13 +55853,13 @@ CVE-2020-7550 (A CWE-119 Improper Restriction of Operations within the Bounds of
CVE-2020-7549
RESERVED
CVE-2020-7548 (A CWE-330 - Use of Insufficiently Random Values vulnerability exists i ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7547 (A CWE-284: Improper Access Control vulnerability exists in EcoStruxure ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7546 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7545 (A CWE-284:Improper Access Control vulnerability exists in EcoStruxure& ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2020-7544 (A CWE-269 Improper Privilege Management vulnerability exists in EcoStr ...)
NOT-FOR-US: EcoStruxure Operator Terminal Expert runtime
CVE-2020-7543
@@ -59828,9 +59828,9 @@ CVE-2020-6020 (Check Point Security Management's Internal CA web management befo
CVE-2020-6019 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
NOT-FOR-US: Valve's Game Networking Sockets
CVE-2020-6018 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
- TODO: check
+ NOT-FOR-US: Valve's Game Networking Sockets
CVE-2020-6017 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
- TODO: check
+ NOT-FOR-US: Valve's Game Networking Sockets
CVE-2020-6016 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
NOT-FOR-US: Valve's Game Networking Sockets
CVE-2020-6015 (Check Point Endpoint Security for Windows before E84.10 can reach deni ...)
@@ -61114,7 +61114,7 @@ CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.1
CVE-2020-5424
REJECTED
CVE-2020-5423 (CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2020-5422 (BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA pas ...)
NOT-FOR-US: BOSH System Metrics Server
CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...)
@@ -69831,15 +69831,15 @@ CVE-2020-2326
CVE-2020-2325
RESERVED
CVE-2020-2324 (Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2020-2323 (Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permissio ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2020-2322 (Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permissio ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2020-2321 (A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Pr ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2020-2320 (Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not ve ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2020-2319 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a pa ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2318 (Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8d3de1e365537b63a194eea2d704b43be55a7b2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8d3de1e365537b63a194eea2d704b43be55a7b2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201204/5521123c/attachment.html>
More information about the debian-security-tracker-commits
mailing list