[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Jun 24 21:59:43 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe055312 by Salvatore Bonaccorso at 2020-06-24T22:58:38+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1131,7 +1131,7 @@ CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr
 CVE-2020-14474
 	RESERVED
 CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...)
-	TODO: check
+	NOT-FOR-US: DrayTek
 CVE-2020-14472 (DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1 ...)
 	NOT-FOR-US: DrayTek
 CVE-2020-14471
@@ -20267,7 +20267,7 @@ CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (E
 CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS for W ...)
 	NOT-FOR-US: ENS for Windows
 CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7261 (Buffer Overflow via Environment Variables vulnerability in AMSI compon ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee Application ...)
@@ -21231,9 +21231,9 @@ CVE-2020-6872
 CVE-2020-6871
 	RESERVED
 CVE-2020-6870 (The version V12.17.20T115 of ZTE U31R20 product is impacted by a desig ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2020-6869 (All versions up to 10.06 of ZTEMarket APK are impacted by an informati ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2020-6868 (ZTE's PON terminal product is impacted by the access control vulnerabi ...)
 	NOT-FOR-US: ZTE
 CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...)
@@ -21856,7 +21856,7 @@ CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb all
 CVE-2020-6645
 	RESERVED
 CVE-2020-6644 (An insufficient session expiration vulnerability in FortiDeceptor 3.0. ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2020-6643 (An improper neutralization of input vulnerability in the URL Descripti ...)
 	NOT-FOR-US: Fortinet
 CVE-2020-6642
@@ -24289,7 +24289,7 @@ CVE-2020-5596
 CVE-2020-5595
 	RESERVED
 CVE-2020-5594 (Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP cod ...)
 	NOT-FOR-US: Zenphoto
 CVE-2020-5592 (Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 ...)
@@ -28032,7 +28032,7 @@ CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified crit
 CVE-2020-4061
 	RESERVED
 CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free vulnera ...)
-	TODO: check
+	NOT-FOR-US: LoRa Basics Station
 CVE-2020-4059 (In mversion before 2.0.0, there is a command injection vulnerability.  ...)
 	TODO: check
 CVE-2020-4058
@@ -28218,13 +28218,13 @@ CVE-2020-3974
 CVE-2020-3973
 	RESERVED
 CVE-2020-3972 (VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a den ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3971
 	RESERVED
 CVE-2020-3970
 	RESERVED
 CVE-2020-3969 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3968
 	RESERVED
 CVE-2020-3967
@@ -28238,7 +28238,7 @@ CVE-2020-3964
 CVE-2020-3963
 	RESERVED
 CVE-2020-3962 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3961 (VMware Horizon Client for Windows (prior to 5.4.3) contains a privileg ...)
 	NOT-FOR-US: VMware
 CVE-2020-3960
@@ -29688,7 +29688,7 @@ CVE-2020-3678
 CVE-2020-3677
 	RESERVED
 CVE-2020-3676 (Possible memory corruption in perfservice due to improper validation a ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3675
 	RESERVED
 CVE-2020-3674
@@ -29710,21 +29710,21 @@ CVE-2020-3667
 CVE-2020-3666
 	RESERVED
 CVE-2020-3665 (A possible buffer overflow would occur while processing command from f ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3664
 	RESERVED
 CVE-2020-3663 (Buffer over-write may occur during fetching track decoder specific inf ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3662 (Buffer overflow can occur while parsing eac3 header while playing the  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3661 (Buffer overflow will happen while parsing mp4 clip with corrupted samp ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3660 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3659
 	RESERVED
 CVE-2020-3658 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3657
 	RESERVED
 CVE-2020-3656
@@ -29756,7 +29756,7 @@ CVE-2020-3644
 CVE-2020-3643
 	RESERVED
 CVE-2020-3642 (Use after free issue in camera applications when used randomly over mu ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3641 (Integer overflow may occur if atom size is less than atom offset as th ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3640
@@ -29770,7 +29770,7 @@ CVE-2020-3637
 CVE-2020-3636
 	RESERVED
 CVE-2020-3635 (Stack based overflow If the maximum number of arguments allowed per re ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3634
 	RESERVED
 CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check is the ...)
@@ -29784,11 +29784,11 @@ CVE-2020-3630 (Possibility of out of bound access while processing the responses
 CVE-2020-3629
 	RESERVED
 CVE-2020-3628 (Improper access due to socket opened by the logging application withou ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3627
 	RESERVED
 CVE-2020-3626 (Any application can bind to it and exercise the APIs due to no protect ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3625 (When making query to DSP capabilities, Stack out of bounds occurs due  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3624
@@ -29812,9 +29812,9 @@ CVE-2020-3616 (Buffer overflow in display function due to memory copy without ch
 CVE-2020-3615 (Valid deauth/disassoc frames is dropped in case if RMF is enabled and  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3614 (Possible buffer overflow while copying the frame to local buffer due t ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3613 (Double free issue in kernel memory mapping due to lack of memory prote ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2020-3612
 	RESERVED
 CVE-2020-3611
@@ -54625,13 +54625,13 @@ CVE-2019-14096
 CVE-2019-14095 (Buffer overflow occurs while processing LMP packet in which name lengt ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14094 (Integer overflow in diag command handler when user inputs a large valu ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-14093
 	RESERVED
 CVE-2019-14092 (System Services exports services without permission protect and can le ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-14091 (Double free issue in NPU due to lack of resource locking mechanism to  ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-14090
 	RESERVED
 CVE-2019-14089
@@ -54653,7 +54653,7 @@ CVE-2019-14082 (Potential buffer over-read due to lack of bound check of memory
 CVE-2019-14081 (Buffer Over-read when WLAN module gets a WMI message for SAR limits wi ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14080 (Out of bound write can happen due to lack of check of array index valu ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-14079 (Access to the uninitialized variable when the driver tries to unmap th ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14078 (Out of bound memory access while processing qpay due to not validating ...)
@@ -54661,13 +54661,13 @@ CVE-2019-14078 (Out of bound memory access while processing qpay due to not vali
 CVE-2019-14077 (Out of bound memory access while processing ese transmit command due t ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14076 (Buffer overflow occurs while processing an subsample data length out o ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-14075 (Null pointer dereference issue in radio interface layer due to lack of ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14074
 	RESERVED
 CVE-2019-14073 (Copying RTCP messages into the output buffer without checking the dest ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-14072 (Unhandled paging request is observed due to dereferencing an already f ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14071 (Compromised reset handler may bypass access control due to AC config i ...)
@@ -54689,7 +54689,7 @@ CVE-2019-14064
 CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-14062 (Buffer overflows while decoding setup message from Network due to lack ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-14061 (Null-pointer dereference can occur while accessing the segment element ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...)
@@ -54719,7 +54719,7 @@ CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocati
 CVE-2019-14048 (Possible out of bound memory access while playing a crafted clip in me ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-14047 (While IPA driver processes route add rule IOCTL, there is no input val ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...)
 	NOT-FOR-US: Snapdragon
 CVE-2019-14045 (Possible buffer overflow while processing clientlog and serverlog due  ...)
@@ -65358,7 +65358,7 @@ CVE-2019-10628
 CVE-2019-10627 (Integer overflow to buffer overflow vulnerability in PostScript image  ...)
 	NOT-FOR-US: Qualcomm
 CVE-2019-10626 (Payload size is not validated before reading memory that may cause iss ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10625 (Out of bound access in diag services when DCI command buffer reallocat ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10624 (While handling the vendor command there is an integer truncation issue ...)
@@ -65416,7 +65416,7 @@ CVE-2019-10599
 CVE-2019-10598 (Out of bound access can occur while processing peer info in IBSS conne ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2019-10597 (kernel writes to user passed address without any checks can lead to ar ...)
-	TODO: check
+	NOT-FOR-US: Snapdragon
 CVE-2019-10596
 	RESERVED
 CVE-2019-10595 (Possible buffer overwrite in message handler due to lack of validation ...)
@@ -67219,9 +67219,9 @@ CVE-2019-9946 (Cloud Native Computing Foundation (CNCF) CNI (Container Networkin
 CVE-2019-9945 (SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGI ...)
 	NOT-FOR-US: SoftNAS Cloud
 CVE-2019-9944 (In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the r ...)
-	TODO: check
+	NOT-FOR-US: Open Microscopy Environment OMERO.server
 CVE-2019-9943 (In ome.services.graphs.GraphTraversal.findObjectDetails in Open Micros ...)
-	TODO: check
+	NOT-FOR-US: Open Microscopy Environment OMERO.server
 CVE-2016-10743 (hostapd before 2.6 does not prevent use of the low-quality PRNG that i ...)
 	{DLA-1733-1}
 	- wpa 2:2.6-7 (unimportant)
@@ -78124,7 +78124,7 @@ CVE-2019-6198
 CVE-2019-6197
 	RESERVED
 CVE-2019-6196 (A symbolic link vulnerability in some Lenovo installation packages, pr ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...)
 	NOT-FOR-US: Lenovo
 CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was reported in  ...)
@@ -78170,7 +78170,7 @@ CVE-2019-6175 (A denial of service vulnerability was reported in Lenovo System U
 CVE-2019-6174
 	RESERVED
 CVE-2019-6173 (A DLL search path vulnerability could allow privilege escalation in so ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2019-6172 (A potential vulnerability in the SMI callback function in some Lenovo  ...)
 	NOT-FOR-US: Lenovo
 CVE-2019-6171 (A vulnerability was reported in various BIOS versions of older ThinkPa ...)
@@ -84265,7 +84265,7 @@ CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in McAf
 CVE-2019-3618
 	RESERVED
 CVE-2019-3617 (Privilege escalation vulnerability in McAfee Total Protection (ToPS) f ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2019-3616
 	RESERVED
 CVE-2019-3615 (Data Leakage Attacks vulnerability in the web interface in McAfee Data ...)
@@ -84273,7 +84273,7 @@ CVE-2019-3615 (Data Leakage Attacks vulnerability in the web interface in McAfee
 CVE-2019-3614
 	RESERVED
 CVE-2019-3613 (DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2019-3612 (Information Disclosure vulnerability in McAfee DXL Platform and TIE Se ...)
 	NOT-FOR-US: McAFee
 CVE-2019-3611
@@ -84323,13 +84323,13 @@ CVE-2019-3590
 CVE-2019-3589
 	RESERVED
 CVE-2019-3588 (Privilege Escalation vulnerability in Microsoft Windows client (McTray ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2019-3587 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...)
 	NOT-FOR-US: McAfee
 CVE-2019-3586 (Protection Mechanism Failure in the Firewall in McAfee Endpoint Securi ...)
 	NOT-FOR-US: McAfee
 CVE-2019-3585 (Privilege Escalation vulnerability in Microsoft Windows client (McTray ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2019-3584 (Exploitation of Authentication vulnerability in MVision Endpoint in Mc ...)
 	NOT-FOR-US: McAfee
 CVE-2019-3583



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe0553129c92a339d41a8a111715e91787f2b0ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe0553129c92a339d41a8a111715e91787f2b0ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200624/68ac3d93/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list