[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Mar 5 09:59:30 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b9306f1 by Moritz Muehlenhoff at 2020-03-05T10:59:12+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,25 +33,25 @@ CVE-2020-10107
 CVE-2020-10106
 	RESERVED
 CVE-2020-10105 (An issue was discovered in Zammad 3.0 through 3.2. It returns source c ...)
-	TODO: check
+	- zammad <itp> (bug #841355)
 CVE-2020-10104 (An issue was discovered in Zammad 3.0 through 3.2. After authenticatio ...)
-	TODO: check
+	- zammad <itp> (bug #841355)
 CVE-2020-10103 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code  ...)
-	TODO: check
+	- zammad <itp> (bug #841355)
 CVE-2020-10102 (An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password ...)
-	TODO: check
+	- zammad <itp> (bug #841355)
 CVE-2020-10101 (An issue was discovered in Zammad 3.0 through 3.2. The WebSocket serve ...)
-	TODO: check
+	- zammad <itp> (bug #841355)
 CVE-2020-10100 (An issue was discovered in Zammad 3.0 through 3.2. It allows for users ...)
-	TODO: check
+	- zammad <itp> (bug #841355)
 CVE-2020-10099 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code  ...)
-	TODO: check
+	- zammad <itp> (bug #841355)
 CVE-2020-10098 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code  ...)
-	TODO: check
+	- zammad <itp> (bug #841355)
 CVE-2020-10097 (An issue was discovered in Zammad 3.0 through 3.2. It may respond with ...)
-	TODO: check
+	- zammad <itp> (bug #841355)
 CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not prevent ...)
-	TODO: check
+	- zammad <itp> (bug #841355)
 CVE-2020-10095
 	RESERVED
 CVE-2020-10094
@@ -2324,7 +2324,7 @@ CVE-2020-9056
 CVE-2020-9055
 	RESERVED
 CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running firmware ...)
-	TODO: check
+	NOT-FOR-US: ZyXEL
 CVE-2020-9053
 	RESERVED
 CVE-2020-9052
@@ -4404,7 +4404,7 @@ CVE-2020-8129 (An unintended require vulnerability in script-manager npm package
 CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities  ...)
 	NOT-FOR-US: jsreport
 CVE-2020-8127 (Insufficient validation in cross-origin communication (postMessage) in ...)
-	TODO: check
+	NOT-FOR-US: reveal.js
 CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...)
 	NOT-FOR-US: Ubiquiti Networks EdgeSwitch
 CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and earlie ...)
@@ -4731,7 +4731,7 @@ CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS. ...)
 CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...)
 	NOT-FOR-US: Adive Framework
 CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4 ...)
-	TODO: check
+	NOT-FOR-US: phpIPAM
 CVE-2020-7987
 	RESERVED
 CVE-2020-7986
@@ -6677,7 +6677,7 @@ CVE-2020-7132
 CVE-2020-7131
 	RESERVED
 CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote information discl ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2020-7129
 	RESERVED
 CVE-2020-7128
@@ -16550,13 +16550,13 @@ CVE-2020-3195
 CVE-2020-3194
 	RESERVED
 CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3191
 	RESERVED
 CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR Software ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3189
 	RESERVED
 CVE-2020-3188
@@ -16566,15 +16566,15 @@ CVE-2020-3187
 CVE-2020-3186
 	RESERVED
 CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco TelePre ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3184
 	RESERVED
 CVE-2020-3183
 	RESERVED
 CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol configuration of  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco Advanc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3180
 	RESERVED
 CVE-2020-3179
@@ -16584,7 +16584,7 @@ CVE-2020-3178
 CVE-2020-3177
 	RESERVED
 CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS Softwar ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3174 (A vulnerability in the anycast gateway feature of Cisco NX-OS Software ...)
@@ -16608,7 +16608,7 @@ CVE-2020-3166 (A vulnerability in the CLI of Cisco FXOS Software could allow an
 CVE-2020-3165 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3164 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified Contact Cente ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3162
@@ -16622,11 +16622,11 @@ CVE-2020-3159 (A vulnerability in the web-based management interface of Cisco Fi
 CVE-2020-3158 (A vulnerability in the High Availability (HA) service of Cisco Smart S ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3157 (A vulnerability in the web-based management interface of Cisco Identit ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3156 (A vulnerability in the logging component of Cisco Identity Services En ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3155 (A vulnerability in the SSL implementation of the Cisco Intelligent Pro ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3154 (A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3153 (A vulnerability in the installer component of Cisco AnyConnect Secure  ...)
@@ -16640,7 +16640,7 @@ CVE-2020-3150
 CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network Regi ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3146
@@ -16680,9 +16680,9 @@ CVE-2020-3130
 CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3128 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3126
 	RESERVED
 CVE-2020-3125
@@ -21262,15 +21262,15 @@ CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1, there
 	[stretch] - linux 4.9.210-1
 	NOTE: https://git.kernel.org/linus/9804501fa1228048857910a6bf23e085aade37cc
 CVE-2019-19226 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-19225 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-19224 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-19223 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-19222 (A Stored XSS issue in the D-Link DSL-2680 web administration interface ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-19221 (In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string ...)
 	- libarchive <unfixed> (bug #945287)
 	[buster] - libarchive <no-dsa> (Minor issue)
@@ -28400,9 +28400,9 @@ CVE-2019-17646
 CVE-2019-17645
 	RESERVED
 CVE-2019-17644 (An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, a ...)
-	TODO: check
+	- centreon-web <itp> (bug #913903)
 CVE-2019-17643 (An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, an ...)
-	TODO: check
+	- centreon-web <itp> (bug #913903)
 CVE-2019-17642
 	RESERVED
 CVE-2019-17641
@@ -69188,7 +69188,7 @@ CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1120386
 	NOTE: https://marc.info/?l=linux-netdev&m=154651842302479&w=2
 CVE-2019-3700 (yast2-security didn't use secure defaults to protect passwords. This b ...)
-	TODO: check
+	NOT-FOR-US: yast2
 CVE-2019-3699 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging  ...)
 	NOT-FOR-US: SUSE specific privoxy issue
 CVE-2019-3698 (UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob sh ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b9306f1caf3d00c36f7989e237f06092d9995d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b9306f1caf3d00c36f7989e237f06092d9995d3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200305/5a3354a0/attachment.html>

More information about the debian-security-tracker-commits mailing list