[Git][security-tracker-team/security-tracker][master] Process NFU

Salvatore Bonaccorso carnil at debian.org
Fri Feb 21 09:02:32 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
acf5984e by Salvatore Bonaccorso at 2020-02-21T10:01:51+01:00
Process NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,11 +11,11 @@ CVE-2020-9322
 CVE-2020-9321
 	RESERVED
 CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a  ...)
-	TODO: check
+	NOT-FOR-US: Avira
 CVE-2020-9319
 	RESERVED
 CVE-2020-9318 (Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative us ...)
-	TODO: check
+	NOT-FOR-US: Red Gate SQL Monitor
 CVE-2020-9317
 	RESERVED
 CVE-2020-9316
@@ -650,7 +650,7 @@ CVE-2020-9017
 CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter,  ...)
 	- dolibarr <removed>
 CVE-2020-9015 (Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7 ...)
-	TODO: check
+	NOT-FOR-US: Arista devices
 CVE-2020-9014
 	RESERVED
 CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...)
@@ -749,7 +749,7 @@ CVE-2020-8991 (vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanag
 	NOTE: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701
 	NOTE: 2.03.00 upstream removed lvmetad (and the still vulnerable code)
 CVE-2020-8990 (Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow  ...)
-	TODO: check
+	NOT-FOR-US: Western Digital My Cloud Home
 CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...)
 	NOT-FOR-US: Voatz application for Android
 CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...)
@@ -809,7 +809,7 @@ CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REV
 CVE-2020-8961
 	RESERVED
 CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: Western Digital mycloud.com
 CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...)
 	NOT-FOR-US: Western Digital
 CVE-2020-8958
@@ -5227,7 +5227,7 @@ CVE-2020-6979
 CVE-2020-6978
 	RESERVED
 CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...)
-	TODO: check
+	NOT-FOR-US: GE
 CVE-2020-6976
 	RESERVED
 CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
@@ -5245,7 +5245,7 @@ CVE-2020-6970 (A Heap-based Buffer Overflow was found in Emerson OpenEnterprise
 CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...)
 	NOT-FOR-US: AutomationDirect
 CVE-2020-6968 (Honeywell INNCOM INNControl 3 allows workstation users to escalate app ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2020-6967
 	RESERVED
 CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
@@ -13260,9 +13260,9 @@ CVE-2020-3767
 CVE-2020-3766
 	RESERVED
 CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
 	NOT-FOR-US: Adobe
 CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
@@ -14922,7 +14922,7 @@ CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a roo
 CVE-2019-19742 (On D-Link DIR-615 devices, the User Account Configuration page is vuln ...)
 	NOT-FOR-US: D-Link
 CVE-2019-19741 (Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege  ...)
-	TODO: check
+	NOT-FOR-US: Electronic Arts Origin
 CVE-2019-19740 (Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignI ...)
 	NOT-FOR-US: Octeth Oempro
 CVE-2019-19739 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/acf5984e2e29b8617b67bb7ab958adace4ec345c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/acf5984e2e29b8617b67bb7ab958adace4ec345c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200221/8aae8d0c/attachment.html>


More information about the debian-security-tracker-commits mailing list