[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Jan 4 09:40:59 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b06d939 by Salvatore Bonaccorso at 2020-01-04T10:40:09+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non ...)
-	TODO: check
+	NOT-FOR-US: Baidu Rust SGX SDK
 CVE-2020-5498
 	RESERVED
 CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect throug ...)
-	TODO: check
+	NOT-FOR-US: MITREid Connect
 CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...)
 	TODO: check
 CVE-2020-5495
@@ -9468,7 +9468,7 @@ CVE-2020-1873
 CVE-2020-1872
 	RESERVED
 CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1870
 	RESERVED
 CVE-2020-1869
@@ -9640,7 +9640,7 @@ CVE-2020-1787
 CVE-2020-1786
 	RESERVED
 CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of ser ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-19466 (SCEditor 2.1.3 allows XSS. ...)
 	NOT-FOR-US: SCEditor
 CVE-2019-19465
@@ -9700,7 +9700,7 @@ CVE-2019-19443
 CVE-2019-19442
 	RESERVED
 CVE-2019-19441 (HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-19440
 	RESERVED
 CVE-2019-19439
@@ -35051,9 +35051,9 @@ CVE-2019-11996 (Potential security vulnerabilities have been identified with HPE
 CVE-2019-11995 (Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unaut ...)
 	NOT-FOR-US: HPE UIoT
 CVE-2019-11994 (A security vulnerability has been identified in HPE SimpliVity 380 Gen ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2019-11993 (A security vulnerability has been identified in HPE SimpliVity 380 Gen ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2019-11992 (A security vulnerability in HPE OneView for VMware vCenter 9.5 could b ...)
 	NOT-FOR-US: HPE OneView for VMware vCenter
 CVE-2019-11991 (HPE has identified a vulnerability in HPE 3PAR Service Processor (SP)  ...)
@@ -42995,17 +42995,17 @@ CVE-2019-9543 (An issue was discovered in Poppler 0.74.0. A recursive function c
 	[jessie] - poppler <postponed> (Minor issue; revisit when fixed upstream)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/730
 CVE-2019-9542 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
-	TODO: check
+	NOT-FOR-US: Telos Automated Message Handling System
 CVE-2019-9541 (: Information Exposure vulnerability in itemlookup.asp of Telos Automa ...)
-	TODO: check
+	NOT-FOR-US: Telos Automated Message Handling System
 CVE-2019-9540 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
-	TODO: check
+	NOT-FOR-US: Telos Automated Message Handling System
 CVE-2019-9539 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
-	TODO: check
+	NOT-FOR-US: Telos Automated Message Handling System
 CVE-2019-9538 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
-	TODO: check
+	NOT-FOR-US: Telos Automated Message Handling System
 CVE-2019-9537 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...)
-	TODO: check
+	NOT-FOR-US: Telos Automated Message Handling System
 CVE-2019-9536 (Apple iPhone 3GS bootrom malloc implementation returns a non-NULL poin ...)
 	NOT-FOR-US: Apple iPhone 3GS
 CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with tmux's c ...)
@@ -54016,7 +54016,7 @@ CVE-2019-5306 (There is a Factory Reset Protection (FRP) bypass security vulnera
 CVE-2019-5305 (The image processing module of some Huawei Mate 10 smartphones version ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5304 (Some Huawei products have a buffer error vulnerability. An unauthentic ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-5303
 	RESERVED
 CVE-2019-5302
@@ -57509,7 +57509,7 @@ CVE-2019-3770
 CVE-2019-3769
 	RESERVED
 CVE-2019-3768 (RSA Authentication Manager versions prior to 8.4 P7 contain an XML Ent ...)
-	TODO: check
+	NOT-FOR-US: RSA Authentication Manager
 CVE-2019-3767 (Dell ImageAssist versions prior to 8.7.15 contain an information discl ...)
 	NOT-FOR-US: Dell ImageAssist
 CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction ...)
@@ -233845,7 +233845,7 @@ CVE-2014-8519 (Unspecified vulnerability in McAfee Network Data Loss Prevention
 CVE-2014-8518 (The (1) Removable Media and (2) CD and DVD encryption offsite access o ...)
 	NOT-FOR-US: McAfee
 CVE-2014-8516 (Unrestricted file upload vulnerability in Visual Mining NetCharts Serv ...)
-	TODO: check
+	NOT-FOR-US: Visual Mining NetCharts Server
 CVE-2014-8515 (The web interface in BitTorrent allows remote attackers to execute arb ...)
 	NOT-FOR-US: uTorrent
 CVE-2014-8514 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Elec ...)
@@ -234344,7 +234344,7 @@ CVE-2014-8339 (SQL injection vulnerability in midroll.php in Nuevolab Nuevoplaye
 CVE-2014-8338
 	RESERVED
 CVE-2014-8337 (Unrestricted file upload vulnerability in includes/classes/uploadify-v ...)
-	TODO: check
+	NOT-FOR-US: HelpDEZk
 CVE-2014-8336 (The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugi ...)
 	NOT-FOR-US: WP-DBManager plugin for WordPress
 CVE-2014-8335 ((1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager ( ...)
@@ -242196,7 +242196,7 @@ CVE-2014-5142
 CVE-2014-5141
 	RESERVED
 CVE-2014-5140 (The bindReplace function in the query factory in includes/classes/data ...)
-	TODO: check
+	NOT-FOR-US: Loaded Commerce
 CVE-2014-5139 (The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 befo ...)
 	{DSA-2998-1}
 	- openssl 1.0.1i-1
@@ -244495,7 +244495,7 @@ CVE-2014-4198
 CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS  ...)
 	NOT-FOR-US: Bank Soft Systems
 CVE-2014-4196 (Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Syste ...)
-	TODO: check
+	NOT-FOR-US: Bank Soft Systems (BSS) RBS BS-Client
 CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in zero_view_article.php in Z ...)
 	NOT-FOR-US: ZeroCMS
 CVE-2014-4194 (SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b06d93972650cd10f75e95246390959b85cc0de

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7b06d93972650cd10f75e95246390959b85cc0de
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200104/aca80760/attachment.html>

More information about the debian-security-tracker-commits mailing list