[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 13 05:38:54 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d093a20b by Salvatore Bonaccorso at 2020-06-13T06:38:20+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3166,7 +3166,7 @@ CVE-2020-12727
CVE-2020-12726
RESERVED
CVE-2020-12725 (Havoc Research discovered an authenticated Server-Side Request Forgery ...)
- TODO: check
+ NOT-FOR-US: Redash
CVE-2020-12724
RESERVED
CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...)
@@ -3195,7 +3195,7 @@ CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual
CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...)
NOT-FOR-US: CipherMail
CVE-2020-12712 (A vulnerability based on insecure user/password encryption in the JOE ...)
- TODO: check
+ NOT-FOR-US: SOS JobScheduler
CVE-2020-12711
RESERVED
CVE-2020-12710
@@ -4904,7 +4904,7 @@ CVE-2020-12025
CVE-2020-12024
RESERVED
CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, Intel ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An i ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12021
@@ -4942,7 +4942,7 @@ CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12005
RESERVED
CVE-2020-12004 (The affected product lacks proper authentication required to query the ...)
- TODO: check
+ NOT-FOR-US: Inductive Automation Ignition
CVE-2020-12003
RESERVED
CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
@@ -4950,7 +4950,7 @@ CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12001
RESERVED
CVE-2020-12000 (The affected product is vulnerable to the handling of serialized data. ...)
- TODO: check
+ NOT-FOR-US: Inductive Automation Ignition
CVE-2020-11999
RESERVED
CVE-2020-11998
@@ -6833,9 +6833,9 @@ CVE-2020-11616
CVE-2020-11615
RESERVED
CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as w ...)
- TODO: check
+ NOT-FOR-US: Mids' Reborn Hero Designer
CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...)
- TODO: check
+ NOT-FOR-US: Mids' Reborn Hero Designer
CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...)
- netty 1:4.1.48-1
[jessie] - netty <ignored> (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API)
@@ -9964,7 +9964,7 @@ CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contai
CVE-2020-10645
RESERVED
CVE-2020-10644 (The affected product lacks proper validation of user-supplied data, wh ...)
- TODO: check
+ NOT-FOR-US: Inductive Automation Ignition
CVE-2020-10643
RESERVED
CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...)
@@ -12144,23 +12144,23 @@ CVE-2020-9653
CVE-2020-9652
RESERVED
CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9650
RESERVED
CVE-2020-9649
RESERVED
CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9646
RESERVED
CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind server- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9643 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9642
RESERVED
CVE-2020-9641
@@ -12174,11 +12174,11 @@ CVE-2020-9638
CVE-2020-9637
RESERVED
CVE-2020-9636 (Adobe Framemaker versions 2019.0.5 and below have a memory corruption ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9635 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9634 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9633 (Adobe Flash Player versions 32.0.0.371 and earlier, 32.0.0.371 and ear ...)
NOT-FOR-US: Adobe
CVE-2020-9632
@@ -15269,19 +15269,19 @@ CVE-2020-8339
CVE-2020-8338
RESERVED
CVE-2020-8337 (An unquoted search path vulnerability was reported in versions prior t ...)
- TODO: check
+ NOT-FOR-US: Synaptics Smart Audio UWP app
CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on some Th ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8335
RESERVED
CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8333
RESERVED
CVE-2020-8332
RESERVED
CVE-2020-8331 (A potential vulnerability in the BIOS configuration of some ThinkSyste ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...)
NOT-FOR-US: Lenovo
CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...)
@@ -15297,13 +15297,13 @@ CVE-2020-8325
CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem for Leno ...)
NOT-FOR-US: Lenovo
CVE-2020-8323 (A potential vulnerability in the SMI callback function used in the Leg ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8322 (A potential vulnerability in the SMI callback function used in the Leg ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8321 (A potential vulnerability in the SMI callback function used in the Sys ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8320 (An internal shell was included in BIOS image in some ThinkPad models t ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo System Int ...)
NOT-FOR-US: Lenovo
CVE-2020-8318 (A privilege escalation vulnerability was reported in the LenovoSystemU ...)
@@ -17713,9 +17713,9 @@ CVE-2020-7282
CVE-2020-7281
RESERVED
CVE-2020-7280 (Privilege Escalation vulnerability during daily DAT updates when using ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7279 (DLL Search Order Hijacking Vulnerability in the installer component of ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7278 (Exploiting incorrectly configured access control security levels vulne ...)
NOT-FOR-US: McAfee
CVE-2020-7277 (Protection mechanism failure in all processes in McAfee Endpoint Secur ...)
@@ -20715,7 +20715,7 @@ CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nit
CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in the ESPON ...)
NOT-FOR-US: EPSON
CVE-2020-6090 (An exploitable code execution vulnerability exists in the Web-Based Ma ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2020-6089
RESERVED
CVE-2020-6088
@@ -21765,9 +21765,9 @@ CVE-2020-5595
CVE-2020-5594
RESERVED
CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP cod ...)
- TODO: check
+ NOT-FOR-US: Zenphoto
CVE-2020-5592 (Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 ...)
- TODO: check
+ NOT-FOR-US: Zenphoto
CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to ...)
NOT-FOR-US: XACK DNS
CVE-2020-5590
@@ -22310,9 +22310,9 @@ CVE-2020-5365 (Dell EMC Isilon versions 8.2.2 and earlier contain a remotesuppor
CVE-2020-5364 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vul ...)
NOT-FOR-US: EMC
CVE-2020-5363 (Select Dell Client Consumer and Commercial platforms include an issue ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an improper auth ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5361
RESERVED
CVE-2020-5360
@@ -25124,7 +25124,7 @@ CVE-2020-4253 (IBM Content Navigator 3.0CD does not invalidate session after log
CVE-2020-4252 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...)
NOT-FOR-US: IBM
CVE-2020-4251 (IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site sc ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4250
RESERVED
CVE-2020-4249 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...)
@@ -25424,7 +25424,7 @@ CVE-2020-4103
CVE-2020-4102
RESERVED
CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...)
- TODO: check
+ NOT-FOR-US: HCL Digital Experience
CVE-2020-4100
RESERVED
CVE-2020-4099
@@ -25526,11 +25526,11 @@ CVE-2020-4052
CVE-2020-4051
RESERVED
CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...)
- TODO: check
+ NOT-FOR-US: SSB-DB
CVE-2020-4044
RESERVED
CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserializati ...)
- TODO: check
+ NOT-FOR-US: phpMussel
CVE-2020-4042
RESERVED
CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...)
@@ -26417,11 +26417,11 @@ CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, whic
CVE-2020-3931
RESERVED
CVE-2020-3930 (GeoVision Door Access Control device family improperly stores and cont ...)
- TODO: check
+ NOT-FOR-US: GeoVision Door Access Control
CVE-2020-3929 (GeoVision Door Access Control device family employs shared cryptograph ...)
- TODO: check
+ NOT-FOR-US: GeoVision Door Access Control
CVE-2020-3928 (GeoVision Door Access Control device family is hardcoded with a root p ...)
- TODO: check
+ NOT-FOR-US: GeoVision Door Access Control
CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...)
NOT-FOR-US: ServiSign security plugin
CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d093a20be8e0ad6b6d16e242871eb1634e4d7ad1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d093a20be8e0ad6b6d16e242871eb1634e4d7ad1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200613/0e19fce0/attachment.html>
More information about the debian-security-tracker-commits
mailing list