[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jun 9 21:59:25 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c26f08db by Salvatore Bonaccorso at 2020-06-09T22:58:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated user
 CVE-2020-13979
 	RESERVED
 CVE-2020-13978 (** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has a ...)
-	TODO: check
+	NOT-FOR-US: Monstra CMS
 CVE-2020-13977 (Nagios 4.4.5 allows an attacker, who already has administrative access ...)
 	TODO: check
 CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Di ...)
-	TODO: check
+	NOT-FOR-US: DD-WRT
 CVE-2020-13975
 	RESERVED
 CVE-2020-13974 (An issue was discovered in the Linux kernel through 5.7.1. drivers/tty ...)
@@ -1917,7 +1917,7 @@ CVE-2020-13162
 CVE-2020-13161
 	RESERVED
 CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...)
-	TODO: check
+	NOT-FOR-US: AnyDesk
 CVE-2020-13159
 	RESERVED
 CVE-2020-13158
@@ -7200,7 +7200,7 @@ CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c i
 CVE-2020-11493
 	RESERVED
 CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on Windows.  ...)
-	TODO: check
+	NOT-FOR-US: Docker Desktop on Windows
 CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...)
 	NOT-FOR-US: Zen Load Balancer
 CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...)
@@ -12358,7 +12358,7 @@ CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP
 CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary  ...)
 	- centreon-web <itp> (bug #913903)
 CVE-2020-9462 (An issue was discovered in all Athom Homey and Homey Pro devices up to ...)
-	TODO: check
+	NOT-FOR-US: Athom
 CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated us ...)
 	NOT-FOR-US: Octech Oempro
 CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The ...)
@@ -13242,7 +13242,7 @@ CVE-2020-9101
 CVE-2020-9100
 	RESERVED
 CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9097
@@ -13600,7 +13600,7 @@ CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat thro
 	[stretch] - weechat <no-dsa> (Minor issue)
 	NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da
 CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link  ...)
-	TODO: check
+	NOT-FOR-US: OpenSearch Web browser
 CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...)
 	NOT-FOR-US: OpenVPN Access Server
 CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp ti ...)
@@ -20440,9 +20440,9 @@ CVE-2020-6112
 CVE-2020-6111
 	RESERVED
 CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way  ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2020-6108
 	RESERVED
 CVE-2020-6107
@@ -21547,7 +21547,7 @@ CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7
 CVE-2020-5590
 	RESERVED
 CVE-2020-5589 (Multiple SONY Wireless Headphones have vulnerability that someone with ...)
-	TODO: check
+	NOT-FOR-US: SONY
 CVE-2020-5588
 	RESERVED
 CVE-2020-5587
@@ -25318,9 +25318,9 @@ CVE-2020-4043
 CVE-2020-4042
 	RESERVED
 CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the preview ge ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2020-4039
 	RESERVED
 CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...)
@@ -32263,7 +32263,7 @@ CVE-2019-19414 (There is an integer overflow vulnerability in LDAP server of som
 CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of some Huaw ...)
 	NOT-FOR-US: Huawei
 CVE-2019-19412 (Some Huawei smart phones have a Factory Reset Protection (FRP) bypass  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...)
 	NOT-FOR-US: Huawei
 CVE-2019-19410
@@ -44048,9 +44048,9 @@ CVE-2019-16387 (** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to a direct prw
 CVE-2019-16386 (** DISPUTED ** PEGA Platform 7.x and 8.x is vulnerable to Information  ...)
 	NOT-FOR-US: PEGA Platform
 CVE-2019-16385 (Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting vi ...)
-	TODO: check
+	NOT-FOR-US: Cybele Thinfinity VirtualUI
 CVE-2019-16384 (Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that ca ...)
-	TODO: check
+	NOT-FOR-US: Cybele Thinfinity VirtualUI
 CVE-2019-16383 (MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2 ...)
 	NOT-FOR-US: Progress MOVEit Transfer
 CVE-2019-16382 (An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is ...)
@@ -44906,7 +44906,7 @@ CVE-2019-16152 (A Denial of service (DoS) vulnerability in FortiClient for Linux
 CVE-2019-16151
 	RESERVED
 CVE-2019-16150 (Use of a hard-coded cryptographic key to encrypt security sensitive da ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2019-16149
 	RESERVED
 CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c26f08dbe36cf0f4c1c821778eaf2c35a9b528f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c26f08dbe36cf0f4c1c821778eaf2c35a9b528f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200609/b8d8e9bc/attachment.html>

More information about the debian-security-tracker-commits mailing list