[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Jun 6 07:29:24 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37fcf0ea by Salvatore Bonaccorso at 2020-06-06T08:19:58+02:00
Process NFUs

- - - - -
7ec11f91 by Salvatore Bonaccorso at 2020-06-06T08:28:28+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2020-13870 (An issue was discovered in the Comments plugin before 1.5.5 for Craft  ...)
-	TODO: check
+	NOT-FOR-US: Comments plugin for Craft CMS
 CVE-2020-13869 (An issue was discovered in the Comments plugin before 1.5.6 for Craft  ...)
-	TODO: check
+	NOT-FOR-US: Comments plugin for Craft CMS
 CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 for Craft  ...)
-	TODO: check
+	NOT-FOR-US: Comments plugin for Craft CMS
 CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...)
 	TODO: check
 CVE-2020-13866
@@ -6135,13 +6135,13 @@ CVE-2020-11684
 CVE-2020-11683
 	RESERVED
 CVE-2020-11682 (Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing  ...)
-	TODO: check
+	NOT-FOR-US: Castel NextGen DVR
 CVE-2020-11681 (Castel NextGen DVR v1.0.0 stores and displays credentials for the asso ...)
-	TODO: check
+	NOT-FOR-US: Castel NextGen DVR
 CVE-2020-11680 (Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all ...)
-	TODO: check
+	NOT-FOR-US: Castel NextGen DVR
 CVE-2020-11679 (Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation throug ...)
-	TODO: check
+	NOT-FOR-US: Castel NextGen DVR
 CVE-2020-11678
 	RESERVED
 CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). ...)
@@ -12496,7 +12496,7 @@ CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0
 CVE-2020-9293
 	RESERVED
 CVE-2020-9292 (An unquoted service path vulnerability in the FortiSIEM Windows Agent  ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windows 6. ...)
 	NOT-FOR-US: Fortiguard / FortiClient for Windows
 CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online  ...)
@@ -12980,7 +12980,7 @@ CVE-2020-9076
 CVE-2020-9075
 	RESERVED
 CVE-2020-9074 (Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an imprope ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a  ...)
@@ -15268,7 +15268,7 @@ CVE-2020-8105
 CVE-2020-8104
 	RESERVED
 CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...)
-	TODO: check
+	NOT-FOR-US: Bitdefender Antivirus Free
 CVE-2020-8102
 	RESERVED
 CVE-2020-8101
@@ -17556,11 +17556,11 @@ CVE-2020-7119
 CVE-2020-7118
 	RESERVED
 CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
-	TODO: check
+	NOT-FOR-US: ClearPass Policy Manager WebUI
 CVE-2020-7116 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
-	TODO: check
+	NOT-FOR-US: ClearPass Policy Manager WebUI
 CVE-2020-7115 (The ClearPass Policy Manager web interface is affected by a vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: ClearPass Policy Manager
 CVE-2020-7114 (A vulnerability exists allowing attackers, when present in the same ne ...)
 	NOT-FOR-US: ClearPass
 CVE-2020-7113 (A vulnerability was found when an attacker, while communicating with t ...)
@@ -17850,7 +17850,7 @@ CVE-2020-7032
 CVE-2020-7031
 	RESERVED
 CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered in the ...)
-	TODO: check
+	NOT-FOR-US: IP Office
 CVE-2020-7029
 	RESERVED
 CVE-2020-7028
@@ -18805,7 +18805,7 @@ CVE-2020-6642
 CVE-2020-6641
 	RESERVED
 CVE-2020-6640 (An improper neutralization of input vulnerability in the Admin Profile ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2020-6639
 	RESERVED
 CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...)
@@ -21213,7 +21213,7 @@ CVE-2020-5593
 CVE-2020-5592
 	RESERVED
 CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to ...)
-	TODO: check
+	NOT-FOR-US: XACK DNS
 CVE-2020-5590
 	RESERVED
 CVE-2020-5589
@@ -21902,15 +21902,15 @@ CVE-2020-5301 (SimpleSAMLphp versions before 1.18.6 contain an information discl
 CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect  ...)
 	NOT-FOR-US: ORY Hydra
 CVE-2020-5299 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
-	TODO: check
+	NOT-FOR-US: OctoberCMS
 CVE-2020-5298 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
-	TODO: check
+	NOT-FOR-US: OctoberCMS
 CVE-2020-5297 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
-	TODO: check
+	NOT-FOR-US: OctoberCMS
 CVE-2020-5296 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
-	TODO: check
+	NOT-FOR-US: OctoberCMS
 CVE-2020-5295 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
-	TODO: check
+	NOT-FOR-US: OctoberCMS
 CVE-2020-5294 (PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflect ...)
 	NOT-FOR-US: PrestaShop
 CVE-2020-5293 (In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper ...)
@@ -24170,11 +24170,11 @@ CVE-2020-4452
 CVE-2020-4451
 	RESERVED
 CVE-2020-4450 (IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4449 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4448 (IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4447
 	RESERVED
 CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automa ...)
@@ -24612,7 +24612,7 @@ CVE-2020-4231 (IBM Security Identity Governance and Intelligence 5.2.6 could all
 CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
 	NOT-FOR-US: IBM
 CVE-2020-4229 (IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate se ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4228
 	RESERVED
 CVE-2020-4227
@@ -27521,7 +27521,7 @@ CVE-2020-3355
 CVE-2020-3354
 	RESERVED
 CVE-2020-3353 (A vulnerability in the syslog processing engine of Cisco Identity Serv ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3352
 	RESERVED
 CVE-2020-3351
@@ -27553,7 +27553,7 @@ CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVir
 CVE-2020-3340
 	RESERVED
 CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco Prime I ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3338
 	RESERVED
 CVE-2020-3337
@@ -27561,11 +27561,11 @@ CVE-2020-3337
 CVE-2020-3336
 	RESERVED
 CVE-2020-3335 (A vulnerability in the key store of Cisco Application Services Engine  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Securit ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3333 (A vulnerability in the API of Cisco Application Services Engine Softwa ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3332
 	RESERVED
 CVE-2020-3331
@@ -27591,13 +27591,13 @@ CVE-2020-3324
 CVE-2020-3323
 	RESERVED
 CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3320
 	RESERVED
 CVE-2020-3319 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3318 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3317
@@ -27673,7 +27673,7 @@ CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer
 CVE-2020-3282
 	RESERVED
 CVE-2020-3281 (A vulnerability in the audit logging component of Cisco Digital Networ ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of Cisco Unifi ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3279
@@ -27701,7 +27701,7 @@ CVE-2020-3269
 CVE-2020-3268
 	RESERVED
 CVE-2020-3267 (A vulnerability in the API subsystem of Cisco Unified Contact Center E ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3266 (A vulnerability in the CLI of Cisco SD-WAN Solution software could all ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3265 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...)
@@ -27719,9 +27719,9 @@ CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software co
 CVE-2020-3259 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3258 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3257 (Multiple vulnerabilities in the Cisco IOx application environment of C ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3256 (A vulnerability in the web-based management interface of Cisco Hosted  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3255 (A vulnerability in the packet processing functionality of Cisco Firepo ...)
@@ -27759,87 +27759,87 @@ CVE-2020-3240 (Multiple vulnerabilities in the REST API of Cisco UCS Director an
 CVE-2020-3239 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3238 (A vulnerability in the Cisco Application Framework component of the Ci ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3237 (A vulnerability in the Cisco Application Framework component of the Ci ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3236
 	RESERVED
 CVE-2020-3235 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3234 (A vulnerability in the virtual console authentication of Cisco IOS Sof ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3233 (A vulnerability in the web-based Local Manager interface of the Cisco  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3232 (A vulnerability in the Simple Network Management Protocol (SNMP) imple ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3231 (A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3230 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3229 (A vulnerability in Role Based Access Control (RBAC) functionality of C ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3228 (A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3227 (A vulnerability in the authorization controls for the Cisco IOx applic ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3226 (A vulnerability in the Session Initiation Protocol (SIP) library of Ci ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3225 (Multiple vulnerabilities in the implementation of the Common Industria ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3224 (A vulnerability in the web-based user interface (web UI) of Cisco IOS  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3223 (A vulnerability in the web-based user interface (web UI) of Cisco IOS  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3222 (A vulnerability in the web-based user interface (web UI) of Cisco IOS  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3221 (A vulnerability in the Flexible NetFlow Version 9 packet processor of  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3220 (A vulnerability in the hardware crypto driver of Cisco IOS XE Software ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3219 (A vulnerability in the web UI of Cisco IOS XE Software could allow an  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3218 (A vulnerability in the web UI of Cisco IOS XE Software could allow an  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3217 (A vulnerability in the Topology Discovery Service of Cisco One Platfor ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3216 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3215 (A vulnerability in the Virtual Services Container of Cisco IOS XE Soft ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3214 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3213 (A vulnerability in the ROMMON of Cisco IOS XE Software could allow an  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3212 (A vulnerability in the web UI of Cisco IOS XE Software could allow an  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3211 (A vulnerability in the web UI of Cisco IOS XE Software could allow an  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3210 (A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3209 (A vulnerability in software image verification in Cisco IOS XE Softwar ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3208 (A vulnerability in the image verification feature of Cisco IOS Softwar ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3207 (A vulnerability in the processing of boot options of specific Cisco IO ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3206 (A vulnerability in the handling of IEEE 802.11w Protected Management F ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3205 (A vulnerability in the implementation of the inter-VM channel of Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3204 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3203 (A vulnerability in the locally significant certificate (LSC) provision ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3202
 	RESERVED
 CVE-2020-3201 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3200 (A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Sof ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3199 (Multiple vulnerabilities in the Cisco IOx application environment of C ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3198 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3197
 	RESERVED
 CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
@@ -31613,7 +31613,7 @@ CVE-2019-19467
 CVE-2020-1884
 	RESERVED
 CVE-2020-1883 (Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak v ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6f9ce546f4a0fed1d888a7dcc75bc6e546b21dd7...7ec11f913e7715d8df4f49a9bb0b4b903f88bff3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6f9ce546f4a0fed1d888a7dcc75bc6e546b21dd7...7ec11f913e7715d8df4f49a9bb0b4b903f88bff3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200606/75e254ad/attachment.html>


More information about the debian-security-tracker-commits mailing list