[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Jun 17 09:46:06 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee5f2657 by Salvatore Bonaccorso at 2020-06-17T10:45:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1400,11 +1400,11 @@ CVE-2020-13654
 CVE-2020-13653
 	RESERVED
 CVE-2020-13652 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...)
-	TODO: check
+	NOT-FOR-US: DigDash
 CVE-2020-13651 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...)
-	TODO: check
+	NOT-FOR-US: DigDash
 CVE-2020-13650 (An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1  ...)
-	TODO: check
+	NOT-FOR-US: DigDash
 CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during c ...)
 	NOT-FOR-US: JerryScript
 CVE-2020-13648
@@ -2507,7 +2507,7 @@ CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.1
 CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way that allo ...)
 	NOT-FOR-US: em-imap
 CVE-2020-13162 (A time-of-check time-of-use vulnerability in PulseSecureService.exe in ...)
-	TODO: check
+	NOT-FOR-US: Pulse Secure Client
 CVE-2020-13161
 	RESERVED
 CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...)
@@ -2532,7 +2532,7 @@ CVE-2020-13152 (A remote user can create a specially crafted M3U file, media pla
 CVE-2020-13151
 	RESERVED
 CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 secon ...)
-	TODO: check
+	NOT-FOR-US: D-link
 CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...)
 	NOT-FOR-US: Dragon Center
 CVE-2020-13148
@@ -5306,7 +5306,7 @@ CVE-2020-12021
 CVE-2020-12020
 	RESERVED
 CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based  ...)
-	TODO: check
+	NOT-FOR-US: WebAccess Node
 CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An o ...)
 	NOT-FOR-US: Advantech WebAccess Node
 CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmw ...)
@@ -13056,9 +13056,9 @@ CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509
 CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...)
 	NOT-FOR-US: lua-openssl (different from lua-luaossl)
 CVE-2020-9427 (OX Guard 2.10.3 and earlier allows SSRF. ...)
-	TODO: check
+	NOT-FOR-US: OX Guard
 CVE-2020-9426 (OX Guard 2.10.3 and earlier allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: OX Guard
 CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...)
 	NOT-FOR-US: rConfig
 CVE-2020-9424
@@ -13429,7 +13429,7 @@ CVE-2020-9298
 CVE-2020-9297
 	RESERVED
 CVE-2020-9296 (Netflix Conductor uses Java Bean Validation (JSR 380) custom constrain ...)
-	TODO: check
+	NOT-FOR-US: Netflix Conductor
 CVE-2020-9295
 	RESERVED
 CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...)
@@ -13443,7 +13443,7 @@ CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windo
 CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online  ...)
 	NOT-FOR-US: Fortiguard
 CVE-2020-9289 (Use of a hard-coded cryptographic key to encrypt password data in CLI  ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2020-9288
 	RESERVED
 CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...)
@@ -13917,9 +13917,9 @@ CVE-2020-9078
 CVE-2020-9077
 	RESERVED
 CVE-2020-9076 (HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9075 (Huawei products Secospace USG6300;USG6300E with versions of V500R001C3 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9074 (Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an imprope ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...)
@@ -15195,13 +15195,13 @@ CVE-2020-8546
 CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...)
 	NOT-FOR-US: AIL framework
 CVE-2020-8544 (OX App Suite through 7.10.3 allows SSRF. ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2020-8543 (OX App Suite through 7.10.3 has Improper Input Validation. ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2020-8542 (OX App Suite through 7.10.3 allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2020-8541 (OX App Suite through 7.10.3 allows XXE attacks. ...)
-	TODO: check
+	NOT-FOR-US: OX App Suite
 CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine Deskto ...)
 	NOT-FOR-US: Zoho ManageEngine Desktop Central
 CVE-2020-8539
@@ -22736,7 +22736,7 @@ CVE-2020-5360
 CVE-2020-5359
 	RESERVED
 CVE-2020-5358 (Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suit ...)
-	TODO: check
+	NOT-FOR-US: Dell Encryption
 CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer and Comme ...)
 	NOT-FOR-US: Dell
 CVE-2020-5356
@@ -22864,7 +22864,7 @@ CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display na
 CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of  ...)
 	NOT-FOR-US: Codoforum
 CVE-2020-5304 (The dashboard in WhiteSource Application Vulnerability Management (AVM ...)
-	TODO: check
+	NOT-FOR-US: WhiteSource Application Vulnerability Management (AVM)
 CVE-2020-5303 (Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-o ...)
 	NOT-FOR-US: Tendermint
 CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5f26577d2f57f1b4c511c637bed838f50048e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee5f26577d2f57f1b4c511c637bed838f50048e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200617/0a2cef9f/attachment.html>


More information about the debian-security-tracker-commits mailing list