[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Jun 17 17:58:58 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7e0687a by Moritz Muehlenhoff at 2020-06-17T18:58:36+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10,7 +10,7 @@ CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_
 CVE-2020-14211
 	RESERVED
 CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected  ...)
-	TODO: check
+	NOT-FOR-US: MONITORAPP
 CVE-2020-14209
 	RESERVED
 CVE-2020-14208
@@ -5334,19 +5334,19 @@ CVE-2020-12007
 CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
 	NOT-FOR-US: Advantech WebAccess Node
 CVE-2020-12005 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
-	TODO: check
+	NOT-FOR-US: FactoryTalk
 CVE-2020-12004 (The affected product lacks proper authentication required to query the ...)
 	NOT-FOR-US: Inductive Automation Ignition
 CVE-2020-12003 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
-	TODO: check
+	NOT-FOR-US: FactoryTalk
 CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
 	NOT-FOR-US: Advantech WebAccess Node
 CVE-2020-12001 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
-	TODO: check
+	NOT-FOR-US: FactoryTalk
 CVE-2020-12000 (The affected product is vulnerable to the handling of serialized data. ...)
 	NOT-FOR-US: Inductive Automation Ignition
 CVE-2020-11999 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
-	TODO: check
+	NOT-FOR-US: FactoryTalk
 CVE-2020-11998
 	RESERVED
 CVE-2020-11997
@@ -5438,7 +5438,7 @@ CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in pa
 	NOTE: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a#commitcomment-38652070
 	NOTE: Fixed by: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a
 CVE-2020-11957 (The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4. ...)
-	TODO: check
+	NOT-FOR-US: Cypress
 CVE-2020-11956
 	RESERVED
 CVE-2020-11955
@@ -11164,7 +11164,7 @@ CVE-2020-10270
 CVE-2020-10269
 	RESERVED
 CVE-2020-10268 (Critical services for operation can be terminated from windows task ma ...)
-	TODO: check
+	NOT-FOR-US: Kuka
 CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...)
 	NOT-FOR-US: Universal Robots control box CB
 CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...)
@@ -17656,25 +17656,25 @@ CVE-2020-7503 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists
 CVE-2020-7502 (A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Lo ...)
 	TODO: check
 CVE-2020-7501 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7500 (A CWE-89:Improper Neutralization of Special Elements used in an SQL Co ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7499 (A CWE-284:Improper Access Control vulnerability exists in U.motion Ser ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7498 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in the U ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7497 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7496 (A CWE-88: Argument Injection or Modification vulnerability exists in E ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7495 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7494 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7493 (A CWE-89: Improper Neutralization of Special Elements used in an SQL C ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in the GP-P ...)
-	TODO: check
+	NOT-FOR-US: Schneider
 CVE-2020-7491
 	RESERVED
 CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...)
@@ -17769,7 +17769,8 @@ CVE-2020-7458
 CVE-2020-7457
 	RESERVED
 CVE-2020-7456 (In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-ST ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
+	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:17.usb.asc
 CVE-2020-7455 (In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-ST ...)
 	NOT-FOR-US: FreeBSD
 CVE-2020-7454 (In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-ST ...)
@@ -21857,9 +21858,9 @@ CVE-2020-5757
 CVE-2020-5756
 	RESERVED
 CVE-2020-5755 (Webroot endpoint agents prior to version v9.0.28.48 did not protect th ...)
-	TODO: check
+	NOT-FOR-US: Webroot
 CVE-2020-5754 (Webroot endpoint agents prior to version v9.0.28.48 allows remote atta ...)
-	TODO: check
+	NOT-FOR-US: Webroot
 CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...)
 	NOT-FOR-US: Signal Private Messenger (Android and iOS version)
 CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a  ...)
@@ -21883,7 +21884,7 @@ CVE-2020-5744 (Relative Path Traversal in TCExam 14.2.2 allows a remote, authent
 CVE-2020-5743 (Improper Control of Resource Identifiers in TCExam 14.2.2 allows a rem ...)
 	NOT-FOR-US: TCExam
 CVE-2020-5742 (Improper Access Control in Plex Media Server prior to June 15, 2020 al ...)
-	TODO: check
+	NOT-FOR-US: Plex Media Server
 CVE-2020-5741 (Deserialization of Untrusted Data in Plex Media Server on Windows allo ...)
 	NOT-FOR-US: Plex Media Server on Windows
 CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows allows a loc ...)
@@ -25942,7 +25943,7 @@ CVE-2020-4054 (In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and
 CVE-2020-4053 (In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path tra ...)
 	- helm-kubernetes <itp> (bug #910799)
 CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site scripting thro ...)
-	TODO: check
+	NOT-FOR-US: Wiki.js
 CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 1.12.0  ...)
 	TODO: check
 CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...)
@@ -26114,7 +26115,7 @@ CVE-2020-3963
 CVE-2020-3962
 	RESERVED
 CVE-2020-3961 (VMware Horizon Client for Windows (prior to 5.4.3) contains a privileg ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3960
 	RESERVED
 CVE-2020-3959 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
@@ -32693,7 +32694,7 @@ CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R
 CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1825 (Huawei FusionAccess products with versions earlier than 6.5.1.SPC002 h ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1824
 	RESERVED
 CVE-2020-1823
@@ -32717,7 +32718,7 @@ CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R
 CVE-2020-1814 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1813 (HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1812 (HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...)
@@ -37630,7 +37631,7 @@ CVE-2019-18616
 CVE-2019-18615 (In CloudVision Portal (CVP) for all releases in the 2018.2 Train, unde ...)
 	NOT-FOR-US: CloudVision Portal
 CVE-2019-18614 (On the Cypress CYW20735 evaluation board, any data that exceeds 384 by ...)
-	TODO: check
+	NOT-FOR-US: Cypress
 CVE-2019-18613
 	RESERVED
 CVE-2019-18612 (An issue was discovered in the AbuseFilter extension through 1.34 for  ...)
@@ -37900,7 +37901,7 @@ CVE-2020-0536 (Improper input validation in the DAL subsystem for Intel(R) CSME
 CVE-2020-0535 (Improper input validation in Intel(R) AMT versions before 11.8.76, 11. ...)
 	NOT-FOR-US: Intel
 CVE-2020-0534 (Improper input validation in the DAL subsystem for Intel(R) CSME versi ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-0533 (Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.1 ...)
 	NOT-FOR-US: Intel
 CVE-2020-0532 (Improper input validation in subsystem for Intel(R) AMT versions befor ...)
@@ -41000,7 +41001,7 @@ CVE-2019-17657 (An Uncontrolled Resource Consumption vulnerability in Fortinet F
 CVE-2019-17656
 	RESERVED
 CVE-2019-17655 (A cleartext storage in a file or on disk (CWE-313) vulnerability in Fo ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2019-17654 (An Insufficient Verification of Data Authenticity vulnerability in For ...)
 	NOT-FOR-US: Fortiguard
 CVE-2019-17653 (A Cross-Site Request Forgery (CSRF) vulnerability in the user interfac ...)
@@ -45091,7 +45092,7 @@ CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4
 CVE-2019-16253 (The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 ...)
 	NOT-FOR-US: Samsung
 CVE-2019-16252 (Missing SSL Certificate Validation in the Nutfind.com application thro ...)
-	TODO: check
+	NOT-FOR-US: Nutfind
 CVE-2019-16251 (plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework thro ...)
 	NOT-FOR-US: YIT Plugin Framework
 CVE-2019-16250 (includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7e0687ac0ae95e6874ae6f84fb912305018709a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7e0687ac0ae95e6874ae6f84fb912305018709a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200617/0395b18b/attachment.html>

More information about the debian-security-tracker-commits mailing list