[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Dec 16 20:23:59 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e0cb97b9 by Salvatore Bonaccorso at 2020-12-16T21:23:47+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,21 +25,21 @@ CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and truncated datagrams,
 CVE-2020-35470 (Envoy before 1.16.1 logs an incorrect downstream address because it co ...)
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2020-35469 (The Software AG Terracotta Server OSS Docker image 5.4.1 contains a bl ...)
-	TODO: check
+	NOT-FOR-US: Software AG Terracotta Server OSS Docker image
 CVE-2020-35468 (The Appbase streams Docker image 2.1.2 contains a blank password for t ...)
-	TODO: check
+	NOT-FOR-US: Appbase streams Docker image
 CVE-2020-35467 (The Docker Docs Docker image through 2020-12-14 contains a blank passw ...)
-	TODO: check
+	NOT-FOR-US: Docker Docs Docker image
 CVE-2020-35466 (The Blackfire Docker image through 2020-12-14 contains a blank passwor ...)
-	TODO: check
+	NOT-FOR-US: Blackfire Docker image
 CVE-2020-35465 (The FullArmor HAPI File Share Mount Docker image through 2020-12-14 co ...)
-	TODO: check
+	NOT-FOR-US: FullArmor HAPI File Share Mount Docker image
 CVE-2020-35464 (Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank p ...)
-	TODO: check
+	NOT-FOR-US: Weave Cloud Agent Docker image
 CVE-2020-35463 (Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank ...)
-	TODO: check
+	NOT-FOR-US: Instana Dynamic APM Docker image
 CVE-2020-35462 (Version 3.16.0 of the CoScale agent Docker image contains a blank pass ...)
-	TODO: check
+	NOT-FOR-US: CoScale agent Docker image
 CVE-2020-35461
 	RESERVED
 CVE-2020-35460 (common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows dir ...)
@@ -134,7 +134,7 @@ CVE-2020-35418
 CVE-2020-35417
 	RESERVED
 CVE-2020-35416 (Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabber ...)
-	TODO: check
+	NOT-FOR-US: PHPJabbers Appointment Scheduler
 CVE-2020-35415
 	RESERVED
 CVE-2020-35414
@@ -584,7 +584,7 @@ CVE-2020-35195
 CVE-2020-35194
 	RESERVED
 CVE-2020-35193 (The official sonarqube docker images before alpine (Alpine specific) c ...)
-	TODO: check
+	NOT-FOR-US: sonarqube docker images before alpine (Alpine specific)
 CVE-2020-35192
 	RESERVED
 CVE-2020-35191
@@ -705,7 +705,7 @@ CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress a
 CVE-2020-35134
 	RESERVED
 CVE-2020-35133 (irfanView 4.56 contains an error processing parsing files of type .pcx ...)
-	TODO: check
+	NOT-FOR-US: irfanView
 CVE-2020-35132 (An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that a ...)
 	- phpldapadmin <unfixed>
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474
@@ -731,9 +731,9 @@ CVE-2020-35124
 CVE-2020-35123
 	RESERVED
 CVE-2020-35122 (An issue was discovered in the Keysight Database Connector plugin befo ...)
-	TODO: check
+	NOT-FOR-US: Keysight Database Connector plugin for Confluence
 CVE-2020-35121 (An issue was discovered in the Keysight Database Connector plugin befo ...)
-	TODO: check
+	NOT-FOR-US: Keysight Database Connector plugin for Confluence
 CVE-2020-35120
 	RESERVED
 CVE-2020-35119
@@ -2446,7 +2446,7 @@ CVE-2020-29609
 CVE-2020-29608
 	RESERVED
 CVE-2020-29607 (A file upload restriction bypass vulnerability in Pluck CMS before 4.7 ...)
-	TODO: check
+	NOT-FOR-US: Pluck CMS
 CVE-2020-XXXX [RUSTSEC-2020-0080: miow: `miow` invalidly assumes the memory layout of std::net::SocketAddr]
 	- rust-miow <unfixed> (bug #976871)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0080.html
@@ -8708,7 +8708,7 @@ CVE-2020-28074
 CVE-2020-28073
 	RESERVED
 CVE-2020-28072 (A Remote Code Execution vulnerability exists in DourceCodester Alumni  ...)
-	TODO: check
+	NOT-FOR-US: DourceCodester Alumni Management System
 CVE-2020-28071
 	RESERVED
 CVE-2020-28070
@@ -13680,7 +13680,7 @@ CVE-2020-26200
 CVE-2020-26199
 	RESERVED
 CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a  ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2020-26197
 	RESERVED
 CVE-2020-26196
@@ -14697,11 +14697,11 @@ CVE-2020-25761 (Projectworlds Visitor Management System in PHP 1.0 allows XSS. T
 CVE-2020-25760 (Projectworlds Visitor Management System in PHP 1.0 allows SQL Injectio ...)
 	NOT-FOR-US: Projectworlds Visitor Management System in PHP
 CVE-2020-25759 (An issue was discovered on D-Link DSR-250 3.17 devices. Certain functi ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2020-25758 (An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient v ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2020-25757 (A lack of input validation and access controls in Lua CGIs on D-Link D ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_ht ...)
 	NOT-FOR-US: Cesanta Mongoose
 	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
@@ -15187,17 +15187,17 @@ CVE-2020-25623 (Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Di
 	[stretch] - erlang <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/erlang/otp/releases/tag/OTP-23.1
 CVE-2020-25622 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The Advanc ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2020-25621 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The local  ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2020-25620 (An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2020-25619 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH co ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2020-25618 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo c ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2020-25617 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The Advanc ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2020-25616
 	RESERVED
 CVE-2020-25615
@@ -16168,7 +16168,7 @@ CVE-2020-25197
 CVE-2020-25196
 	RESERVED
 CVE-2020-25195 (The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM ...)
-	TODO: check
+	NOT-FOR-US: Host Engineering
 CVE-2020-25194
 	RESERVED
 CVE-2020-25193
@@ -18837,7 +18837,7 @@ CVE-2020-23959
 CVE-2020-23958
 	RESERVED
 CVE-2020-23957 (Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS)  ...)
-	TODO: check
+	NOT-FOR-US: Pega Platform
 CVE-2020-23956
 	RESERVED
 CVE-2020-23955
@@ -64132,9 +64132,9 @@ CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an improper
 CVE-2020-5361
 	RESERVED
 CVE-2020-5360 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2020-5359 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2020-5358 (Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suit ...)
 	NOT-FOR-US: Dell Encryption
 CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer and Comme ...)
@@ -67476,7 +67476,7 @@ CVE-2020-4010
 CVE-2020-4009
 	RESERVED
 CVE-2020-4008 (The installer of the macOS Sensor for VMware Carbon Black Cloud prior  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-4007
 	RESERVED
 CVE-2020-4006 (VMware Workspace One Access, Access Connector, Identity Manager, and I ...)
@@ -92437,21 +92437,21 @@ CVE-2019-14485
 CVE-2019-14484
 	RESERVED
 CVE-2019-14483 (AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user  ...)
-	TODO: check
+	NOT-FOR-US: AdRem NetCrunch
 CVE-2019-14482 (AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: AdRem NetCrunch
 CVE-2019-14481 (AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vu ...)
-	TODO: check
+	NOT-FOR-US: AdRem NetCrunch
 CVE-2019-14480 (AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: AdRem NetCrunch
 CVE-2019-14479 (AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCr ...)
-	TODO: check
+	NOT-FOR-US: AdRem NetCrunch
 CVE-2019-14478 (AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vu ...)
-	TODO: check
+	NOT-FOR-US: AdRem NetCrunch
 CVE-2019-14477 (AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the  ...)
-	TODO: check
+	NOT-FOR-US: AdRem NetCrunch
 CVE-2019-14476 (AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) v ...)
-	TODO: check
+	NOT-FOR-US: AdRem NetCrunch
 CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use s ...)
 	NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
 CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in ...)
@@ -143918,7 +143918,7 @@ CVE-2018-16245
 CVE-2018-16244
 	RESERVED
 CVE-2018-16243 (SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074  ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2018-16242 (oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which  ...)
 	NOT-FOR-US: oBike
 CVE-2018-16241



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0cb97b938832bf1b312617a454ec19cc2dc4b12

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0cb97b938832bf1b312617a454ec19cc2dc4b12
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201216/35fe0c17/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list