[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 24 21:59:43 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fe055312 by Salvatore Bonaccorso at 2020-06-24T22:58:38+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1131,7 +1131,7 @@ CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr
CVE-2020-14474
RESERVED
CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...)
- TODO: check
+ NOT-FOR-US: DrayTek
CVE-2020-14472 (DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1 ...)
NOT-FOR-US: DrayTek
CVE-2020-14471
@@ -20267,7 +20267,7 @@ CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (E
CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS for W ...)
NOT-FOR-US: ENS for Windows
CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7261 (Buffer Overflow via Environment Variables vulnerability in AMSI compon ...)
NOT-FOR-US: McAfee
CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee Application ...)
@@ -21231,9 +21231,9 @@ CVE-2020-6872
CVE-2020-6871
RESERVED
CVE-2020-6870 (The version V12.17.20T115 of ZTE U31R20 product is impacted by a desig ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2020-6869 (All versions up to 10.06 of ZTEMarket APK are impacted by an informati ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2020-6868 (ZTE's PON terminal product is impacted by the access control vulnerabi ...)
NOT-FOR-US: ZTE
CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...)
@@ -21856,7 +21856,7 @@ CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb all
CVE-2020-6645
RESERVED
CVE-2020-6644 (An insufficient session expiration vulnerability in FortiDeceptor 3.0. ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2020-6643 (An improper neutralization of input vulnerability in the URL Descripti ...)
NOT-FOR-US: Fortinet
CVE-2020-6642
@@ -24289,7 +24289,7 @@ CVE-2020-5596
CVE-2020-5595
RESERVED
CVE-2020-5594 (Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP cod ...)
NOT-FOR-US: Zenphoto
CVE-2020-5592 (Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 ...)
@@ -28032,7 +28032,7 @@ CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified crit
CVE-2020-4061
RESERVED
CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free vulnera ...)
- TODO: check
+ NOT-FOR-US: LoRa Basics Station
CVE-2020-4059 (In mversion before 2.0.0, there is a command injection vulnerability. ...)
TODO: check
CVE-2020-4058
@@ -28218,13 +28218,13 @@ CVE-2020-3974
CVE-2020-3973
RESERVED
CVE-2020-3972 (VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a den ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3971
RESERVED
CVE-2020-3970
RESERVED
CVE-2020-3969 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3968
RESERVED
CVE-2020-3967
@@ -28238,7 +28238,7 @@ CVE-2020-3964
CVE-2020-3963
RESERVED
CVE-2020-3962 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3961 (VMware Horizon Client for Windows (prior to 5.4.3) contains a privileg ...)
NOT-FOR-US: VMware
CVE-2020-3960
@@ -29688,7 +29688,7 @@ CVE-2020-3678
CVE-2020-3677
RESERVED
CVE-2020-3676 (Possible memory corruption in perfservice due to improper validation a ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3675
RESERVED
CVE-2020-3674
@@ -29710,21 +29710,21 @@ CVE-2020-3667
CVE-2020-3666
RESERVED
CVE-2020-3665 (A possible buffer overflow would occur while processing command from f ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3664
RESERVED
CVE-2020-3663 (Buffer over-write may occur during fetching track decoder specific inf ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3662 (Buffer overflow can occur while parsing eac3 header while playing the ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3661 (Buffer overflow will happen while parsing mp4 clip with corrupted samp ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3660 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3659
RESERVED
CVE-2020-3658 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3657
RESERVED
CVE-2020-3656
@@ -29756,7 +29756,7 @@ CVE-2020-3644
CVE-2020-3643
RESERVED
CVE-2020-3642 (Use after free issue in camera applications when used randomly over mu ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3641 (Integer overflow may occur if atom size is less than atom offset as th ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3640
@@ -29770,7 +29770,7 @@ CVE-2020-3637
CVE-2020-3636
RESERVED
CVE-2020-3635 (Stack based overflow If the maximum number of arguments allowed per re ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3634
RESERVED
CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check is the ...)
@@ -29784,11 +29784,11 @@ CVE-2020-3630 (Possibility of out of bound access while processing the responses
CVE-2020-3629
RESERVED
CVE-2020-3628 (Improper access due to socket opened by the logging application withou ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3627
RESERVED
CVE-2020-3626 (Any application can bind to it and exercise the APIs due to no protect ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3625 (When making query to DSP capabilities, Stack out of bounds occurs due ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3624
@@ -29812,9 +29812,9 @@ CVE-2020-3616 (Buffer overflow in display function due to memory copy without ch
CVE-2020-3615 (Valid deauth/disassoc frames is dropped in case if RMF is enabled and ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3614 (Possible buffer overflow while copying the frame to local buffer due t ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3613 (Double free issue in kernel memory mapping due to lack of memory prote ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2020-3612
RESERVED
CVE-2020-3611
@@ -54625,13 +54625,13 @@ CVE-2019-14096
CVE-2019-14095 (Buffer overflow occurs while processing LMP packet in which name lengt ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14094 (Integer overflow in diag command handler when user inputs a large valu ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14093
RESERVED
CVE-2019-14092 (System Services exports services without permission protect and can le ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14091 (Double free issue in NPU due to lack of resource locking mechanism to ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14090
RESERVED
CVE-2019-14089
@@ -54653,7 +54653,7 @@ CVE-2019-14082 (Potential buffer over-read due to lack of bound check of memory
CVE-2019-14081 (Buffer Over-read when WLAN module gets a WMI message for SAR limits wi ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14080 (Out of bound write can happen due to lack of check of array index valu ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14079 (Access to the uninitialized variable when the driver tries to unmap th ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14078 (Out of bound memory access while processing qpay due to not validating ...)
@@ -54661,13 +54661,13 @@ CVE-2019-14078 (Out of bound memory access while processing qpay due to not vali
CVE-2019-14077 (Out of bound memory access while processing ese transmit command due t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14076 (Buffer overflow occurs while processing an subsample data length out o ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14075 (Null pointer dereference issue in radio interface layer due to lack of ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14074
RESERVED
CVE-2019-14073 (Copying RTCP messages into the output buffer without checking the dest ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14072 (Unhandled paging request is observed due to dereferencing an already f ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14071 (Compromised reset handler may bypass access control due to AC config i ...)
@@ -54689,7 +54689,7 @@ CVE-2019-14064
CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...)
NOT-FOR-US: Snapdragon
CVE-2019-14062 (Buffer overflows while decoding setup message from Network due to lack ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14061 (Null-pointer dereference can occur while accessing the segment element ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...)
@@ -54719,7 +54719,7 @@ CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocati
CVE-2019-14048 (Possible out of bound memory access while playing a crafted clip in me ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14047 (While IPA driver processes route add rule IOCTL, there is no input val ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...)
NOT-FOR-US: Snapdragon
CVE-2019-14045 (Possible buffer overflow while processing clientlog and serverlog due ...)
@@ -65358,7 +65358,7 @@ CVE-2019-10628
CVE-2019-10627 (Integer overflow to buffer overflow vulnerability in PostScript image ...)
NOT-FOR-US: Qualcomm
CVE-2019-10626 (Payload size is not validated before reading memory that may cause iss ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10625 (Out of bound access in diag services when DCI command buffer reallocat ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10624 (While handling the vendor command there is an integer truncation issue ...)
@@ -65416,7 +65416,7 @@ CVE-2019-10599
CVE-2019-10598 (Out of bound access can occur while processing peer info in IBSS conne ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10597 (kernel writes to user passed address without any checks can lead to ar ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10596
RESERVED
CVE-2019-10595 (Possible buffer overwrite in message handler due to lack of validation ...)
@@ -67219,9 +67219,9 @@ CVE-2019-9946 (Cloud Native Computing Foundation (CNCF) CNI (Container Networkin
CVE-2019-9945 (SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGI ...)
NOT-FOR-US: SoftNAS Cloud
CVE-2019-9944 (In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the r ...)
- TODO: check
+ NOT-FOR-US: Open Microscopy Environment OMERO.server
CVE-2019-9943 (In ome.services.graphs.GraphTraversal.findObjectDetails in Open Micros ...)
- TODO: check
+ NOT-FOR-US: Open Microscopy Environment OMERO.server
CVE-2016-10743 (hostapd before 2.6 does not prevent use of the low-quality PRNG that i ...)
{DLA-1733-1}
- wpa 2:2.6-7 (unimportant)
@@ -78124,7 +78124,7 @@ CVE-2019-6198
CVE-2019-6197
RESERVED
CVE-2019-6196 (A symbolic link vulnerability in some Lenovo installation packages, pr ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...)
NOT-FOR-US: Lenovo
CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was reported in ...)
@@ -78170,7 +78170,7 @@ CVE-2019-6175 (A denial of service vulnerability was reported in Lenovo System U
CVE-2019-6174
RESERVED
CVE-2019-6173 (A DLL search path vulnerability could allow privilege escalation in so ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6172 (A potential vulnerability in the SMI callback function in some Lenovo ...)
NOT-FOR-US: Lenovo
CVE-2019-6171 (A vulnerability was reported in various BIOS versions of older ThinkPa ...)
@@ -84265,7 +84265,7 @@ CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in McAf
CVE-2019-3618
RESERVED
CVE-2019-3617 (Privilege escalation vulnerability in McAfee Total Protection (ToPS) f ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3616
RESERVED
CVE-2019-3615 (Data Leakage Attacks vulnerability in the web interface in McAfee Data ...)
@@ -84273,7 +84273,7 @@ CVE-2019-3615 (Data Leakage Attacks vulnerability in the web interface in McAfee
CVE-2019-3614
RESERVED
CVE-2019-3613 (DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3612 (Information Disclosure vulnerability in McAfee DXL Platform and TIE Se ...)
NOT-FOR-US: McAFee
CVE-2019-3611
@@ -84323,13 +84323,13 @@ CVE-2019-3590
CVE-2019-3589
RESERVED
CVE-2019-3588 (Privilege Escalation vulnerability in Microsoft Windows client (McTray ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3587 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...)
NOT-FOR-US: McAfee
CVE-2019-3586 (Protection Mechanism Failure in the Firewall in McAfee Endpoint Securi ...)
NOT-FOR-US: McAfee
CVE-2019-3585 (Privilege Escalation vulnerability in Microsoft Windows client (McTray ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3584 (Exploitation of Authentication vulnerability in MVision Endpoint in Mc ...)
NOT-FOR-US: McAfee
CVE-2019-3583
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe0553129c92a339d41a8a111715e91787f2b0ad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe0553129c92a339d41a8a111715e91787f2b0ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200624/68ac3d93/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list