[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Tue May 26 12:05:20 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44665b76 by Moritz Muehlenhoff at 2020-05-26T13:04:44+02:00
NFUs
mark one issue as generic Bluetooth protocol, it's not specific to Linux

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2020-13487
 	RESERVED
 CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious red ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS plugin
 CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist  ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS plugin
 CVE-2020-13484
 	RESERVED
 CVE-2020-13483
 	RESERVED
 CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way ...)
-	TODO: check
+	NOT-FOR-US: EM-HTTP-Request
 CVE-2020-13481
 	RESERVED
 CVE-2020-13480
@@ -9381,8 +9381,7 @@ CVE-2020-10137
 CVE-2020-10136
 	RESERVED
 CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...)
-	- linux <unfixed>
-	TODO: check, the CVE was specifically associated with kernel part
+	NOTE: Bluetooth protocol issue
 CVE-2020-10134 (Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthe ...)
 	NOTE: Bluetooth protocol issue
 CVE-2020-10133
@@ -10231,7 +10230,7 @@ CVE-2020-9755
 CVE-2020-9754
 	RESERVED
 CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support signatur ...)
-	TODO: check
+	NOT-FOR-US: Whale Browser
 CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...)
 	NOT-FOR-US: Naver Cloud Explorer
 CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an  ...)
@@ -11013,9 +11012,9 @@ CVE-2020-9412
 CVE-2020-9411
 	RESERVED
 CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
 	NOT-FOR-US: TIBCO
 CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain sensitive  ...)
@@ -11814,7 +11813,7 @@ CVE-2020-9071
 CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9069 (There is an information leakage vulnerability in some Huawei products. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The  ...)
@@ -11862,7 +11861,7 @@ CVE-2020-9047
 CVE-2020-9046
 	RESERVED
 CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...)
-	TODO: check
+	NOT-FOR-US: Software House
 CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...)
 	NOT-FOR-US: Johnson Controls
 CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...)
@@ -12527,7 +12526,7 @@ CVE-2020-8791 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth
 CVE-2020-8790 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...)
 	NOT-FOR-US: OKLOK
 CVE-2020-8789 (Composr 10.0.30 allows Persistent XSS via a Usergroup name under the S ...)
-	TODO: check
+	NOT-FOR-US: Composr
 CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...)
 	NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer
 CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
@@ -13015,7 +13014,7 @@ CVE-2020-8574
 CVE-2020-8573
 	RESERVED
 CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...)
-	TODO: check
+	NOT-FOR-US: Element OS
 CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...)
 	NOT-FOR-US: StorageGRID
 CVE-2020-8570
@@ -14839,7 +14838,7 @@ CVE-2020-7815
 CVE-2020-7814
 	RESERVED
 CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
-	TODO: check
+	NOT-FOR-US: Kaoni
 CVE-2020-7812
 	RESERVED
 CVE-2020-7811
@@ -14849,7 +14848,7 @@ CVE-2020-7810
 CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM)  ...)
 	NOT-FOR-US: ALSong
 CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...)
-	TODO: check
+	NOT-FOR-US: RAONWIZ K Upload
 CVE-2020-7807
 	RESERVED
 CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...)
@@ -16288,11 +16287,11 @@ CVE-2020-7141
 CVE-2020-7140
 	RESERVED
 CVE-2020-7139 (Potential remote access security vulnerabilities have been identified  ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2020-7138 (Potential remote code execution security vulnerabilities have been ide ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2020-7137 (A validation issue in HPE Superdome Flex's RMC component may allow loc ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2020-7136 (A security vulnerability in HPE Smart Update Manager (SUM) prior to ve ...)
 	NOT-FOR-US: HPE Smart Update Manager (SUM)
 CVE-2020-7135 (A potential security vulnerability has been identified in the disk dri ...)
@@ -17663,7 +17662,7 @@ CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt
 	[buster] - libstb <no-dsa> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/867
 CVE-2020-6616 (Some Broadcom chips mishandle Bluetooth random-number generation becau ...)
-	TODO: check
+	NOT-FOR-US: Broadcom
 CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...)
 	- libredwg <itp> (bug #595191)
 CVE-2020-6614 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read  ...)
@@ -18928,7 +18927,7 @@ CVE-2020-6093 (An exploitable information disclosure vulnerability exists in the
 CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nitro Pr ...)
 	NOT-FOR-US: Nitro Pro
 CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in the ESPON ...)
-	TODO: check
+	NOT-FOR-US: EPSON
 CVE-2020-6090
 	RESERVED
 CVE-2020-6089
@@ -19662,7 +19661,7 @@ CVE-2020-5754
 CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...)
 	TODO: check
 CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a  ...)
-	TODO: check
+	NOT-FOR-US: Druva inSync Windows Client
 CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
 	NOT-FOR-US: TCExam
 CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
@@ -20008,7 +20007,7 @@ CVE-2020-5581
 CVE-2020-5580
 	RESERVED
 CVE-2020-5579 (SQL injection vulnerability in the Paid Memberships versions prior to  ...)
-	TODO: check
+	NOT-FOR-US: Paid Memberships
 CVE-2020-5578
 	RESERVED
 CVE-2020-5577 (Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movabl ...)
@@ -20092,7 +20091,7 @@ CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0
 CVE-2020-5538 (Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows  ...)
 	NOT-FOR-US: PALLET CONTROL
 CVE-2020-5537 (Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code executi ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2020-5536 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...)
 	NOT-FOR-US: OpenBlocks IoT VX2
 CVE-2020-5535 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...)
@@ -23929,7 +23928,7 @@ CVE-2020-3958
 CVE-2020-3957
 	RESERVED
 CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5,  ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ...)
 	NOT-FOR-US: VMware
 CVE-2020-3954 (Open Redirect vulnerability exists in VMware vRealize Log Insight prio ...)
@@ -26323,9 +26322,9 @@ CVE-2020-3346
 CVE-2020-3345
 	RESERVED
 CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3343 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3342
 	RESERVED
 CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVirus (C ...)
@@ -26391,7 +26390,7 @@ CVE-2020-3316
 CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3314 (A vulnerability in the file scan process of Cisco AMP for Endpoints Ma ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3313 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3312 (A vulnerability in the application policy configuration of Cisco Firep ...)
@@ -26459,7 +26458,7 @@ CVE-2020-3282
 CVE-2020-3281
 	RESERVED
 CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of Cisco Unifi ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3279
 	RESERVED
 CVE-2020-3278
@@ -26475,7 +26474,7 @@ CVE-2020-3274
 CVE-2020-3273 (A vulnerability in the 802.11 Generic Advertisement Service (GAS) fram ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3272 (A vulnerability in the DHCP server of Cisco Prime Network Registrar co ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3271
 	RESERVED
 CVE-2020-3270



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44665b76478c4578a8b91a79501140875691def6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44665b76478c4578a8b91a79501140875691def6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200526/3eb4a3b6/attachment.html>


More information about the debian-security-tracker-commits mailing list