[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Jun 18 21:29:41 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3e1216c by Moritz Muehlenhoff at 2020-06-18T22:29:22+02:00
NFUs
new lynis issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,55 +1,55 @@
 CVE-2020-14446 (An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO ...)
-	TODO: check
+	NOT-FOR-US: WSO2 Identity Server
 CVE-2020-14445 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...)
-	TODO: check
+	NOT-FOR-US: WSO2 Identity Server
 CVE-2020-14444 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...)
-	TODO: check
+	NOT-FOR-US: WSO2 Identity Server
 CVE-2020-14443 (A SQL injection vulnerability in accountancy/customer/card.php in Doli ...)
-	TODO: check
+	- dolibarr <removed>
 CVE-2020-14442 (Certain NETGEAR devices are affected by command injection by an unauth ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14441 (Certain NETGEAR devices are affected by command injection by an unauth ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14440 (Certain NETGEAR devices are affected by command injection by an unauth ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14439 (Certain NETGEAR devices are affected by command injection by an unauth ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14438 (Certain NETGEAR devices are affected by command injection by an unauth ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14437 (Certain NETGEAR devices are affected by command injection by an unauth ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14436 (Certain NETGEAR devices are affected by command injection by an unauth ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14435 (Certain NETGEAR devices are affected by command injection by an unauth ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14434 (Certain NETGEAR devices are affected by command injection by an authen ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14433 (Certain NETGEAR devices are affected by command injection by an authen ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14432 (Certain NETGEAR devices are affected by CSRF. This affects RBK752 befo ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14431 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14430 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14429 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14428 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14427 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14426 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2020-14425
 	RESERVED
 CVE-2020-14424
 	RESERVED
 CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...)
-	TODO: check
+	NOT-FOR-US: Convos
 CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...)
 	TODO: check
 CVE-2020-14421 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...)
-	TODO: check
+	NOT-FOR-US: aaPanel
 CVE-2020-14420
 	RESERVED
 CVE-2020-14419
@@ -79,7 +79,7 @@ CVE-2020-14410
 CVE-2020-14409
 	RESERVED
 CVE-2020-14408 (An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanit ...)
-	TODO: check
+	NOT-FOR-US: Agentejo Cockpit
 CVE-2020-14407
 	RESERVED
 CVE-2020-14406
@@ -609,7 +609,7 @@ CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 2020.5.1
 CVE-2020-14158
 	RESERVED
 CVE-2020-14157 (The wireless-communication feature of the ABUS Secvest FUBE50001 devic ...)
-	TODO: check
+	NOT-FOR-US: ABUS
 CVE-2020-14156 (user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020 ...)
 	NOT-FOR-US: OpenBMC
 CVE-2020-14155 (libpcre in PCRE before 8.44 allows an integer overflow via a large num ...)
@@ -1268,7 +1268,8 @@ CVE-2020-13884 (Citrix Workspace App before 1912 on Windows has Insecure Permiss
 CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, an ...)
 	NOT-FOR-US: WSO2 API Manager
 CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TO ...)
-	TODO: check
+	- lynis <unfixed> (unimportant)
+	NOTE: Neutralised by kernel hardening
 CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...)
 	{DLA-2239-1}
 	- libpam-tacplus <unfixed> (low; bug #962830)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3e1216c3209b3d26bf7ffad1e522026a00fbdaa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3e1216c3209b3d26bf7ffad1e522026a00fbdaa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200618/de8862fe/attachment.html>

More information about the debian-security-tracker-commits mailing list