[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Tue May 26 12:05:20 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
44665b76 by Moritz Muehlenhoff at 2020-05-26T13:04:44+02:00
NFUs
mark one issue as generic Bluetooth protocol, it's not specific to Linux
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
CVE-2020-13487
RESERVED
CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious red ...)
- TODO: check
+ NOT-FOR-US: Craft CMS plugin
CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist ...)
- TODO: check
+ NOT-FOR-US: Craft CMS plugin
CVE-2020-13484
RESERVED
CVE-2020-13483
RESERVED
CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way ...)
- TODO: check
+ NOT-FOR-US: EM-HTTP-Request
CVE-2020-13481
RESERVED
CVE-2020-13480
@@ -9381,8 +9381,7 @@ CVE-2020-10137
CVE-2020-10136
RESERVED
CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...)
- - linux <unfixed>
- TODO: check, the CVE was specifically associated with kernel part
+ NOTE: Bluetooth protocol issue
CVE-2020-10134 (Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthe ...)
NOTE: Bluetooth protocol issue
CVE-2020-10133
@@ -10231,7 +10230,7 @@ CVE-2020-9755
CVE-2020-9754
RESERVED
CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support signatur ...)
- TODO: check
+ NOT-FOR-US: Whale Browser
CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...)
NOT-FOR-US: Naver Cloud Explorer
CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an ...)
@@ -11013,9 +11012,9 @@ CVE-2020-9412
CVE-2020-9411
RESERVED
CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
NOT-FOR-US: TIBCO
CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain sensitive ...)
@@ -11814,7 +11813,7 @@ CVE-2020-9071
CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...)
NOT-FOR-US: Huawei
CVE-2020-9069 (There is an information leakage vulnerability in some Huawei products. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...)
NOT-FOR-US: Huawei
CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...)
@@ -11862,7 +11861,7 @@ CVE-2020-9047
CVE-2020-9046
RESERVED
CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...)
- TODO: check
+ NOT-FOR-US: Software House
CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...)
NOT-FOR-US: Johnson Controls
CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...)
@@ -12527,7 +12526,7 @@ CVE-2020-8791 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth
CVE-2020-8790 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...)
NOT-FOR-US: OKLOK
CVE-2020-8789 (Composr 10.0.30 allows Persistent XSS via a Usergroup name under the S ...)
- TODO: check
+ NOT-FOR-US: Composr
CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...)
NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer
CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
@@ -13015,7 +13014,7 @@ CVE-2020-8574
CVE-2020-8573
RESERVED
CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...)
- TODO: check
+ NOT-FOR-US: Element OS
CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...)
NOT-FOR-US: StorageGRID
CVE-2020-8570
@@ -14839,7 +14838,7 @@ CVE-2020-7815
CVE-2020-7814
RESERVED
CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
- TODO: check
+ NOT-FOR-US: Kaoni
CVE-2020-7812
RESERVED
CVE-2020-7811
@@ -14849,7 +14848,7 @@ CVE-2020-7810
CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM) ...)
NOT-FOR-US: ALSong
CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...)
- TODO: check
+ NOT-FOR-US: RAONWIZ K Upload
CVE-2020-7807
RESERVED
CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...)
@@ -16288,11 +16287,11 @@ CVE-2020-7141
CVE-2020-7140
RESERVED
CVE-2020-7139 (Potential remote access security vulnerabilities have been identified ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7138 (Potential remote code execution security vulnerabilities have been ide ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7137 (A validation issue in HPE Superdome Flex's RMC component may allow loc ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2020-7136 (A security vulnerability in HPE Smart Update Manager (SUM) prior to ve ...)
NOT-FOR-US: HPE Smart Update Manager (SUM)
CVE-2020-7135 (A potential security vulnerability has been identified in the disk dri ...)
@@ -17663,7 +17662,7 @@ CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/867
CVE-2020-6616 (Some Broadcom chips mishandle Bluetooth random-number generation becau ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...)
- libredwg <itp> (bug #595191)
CVE-2020-6614 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read ...)
@@ -18928,7 +18927,7 @@ CVE-2020-6093 (An exploitable information disclosure vulnerability exists in the
CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nitro Pr ...)
NOT-FOR-US: Nitro Pro
CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in the ESPON ...)
- TODO: check
+ NOT-FOR-US: EPSON
CVE-2020-6090
RESERVED
CVE-2020-6089
@@ -19662,7 +19661,7 @@ CVE-2020-5754
CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...)
TODO: check
CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a ...)
- TODO: check
+ NOT-FOR-US: Druva inSync Windows Client
CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
NOT-FOR-US: TCExam
CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
@@ -20008,7 +20007,7 @@ CVE-2020-5581
CVE-2020-5580
RESERVED
CVE-2020-5579 (SQL injection vulnerability in the Paid Memberships versions prior to ...)
- TODO: check
+ NOT-FOR-US: Paid Memberships
CVE-2020-5578
RESERVED
CVE-2020-5577 (Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movabl ...)
@@ -20092,7 +20091,7 @@ CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0
CVE-2020-5538 (Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows ...)
NOT-FOR-US: PALLET CONTROL
CVE-2020-5537 (Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code executi ...)
- TODO: check
+ NOT-FOR-US: Cybozu
CVE-2020-5536 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...)
NOT-FOR-US: OpenBlocks IoT VX2
CVE-2020-5535 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...)
@@ -23929,7 +23928,7 @@ CVE-2020-3958
CVE-2020-3957
RESERVED
CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ...)
NOT-FOR-US: VMware
CVE-2020-3954 (Open Redirect vulnerability exists in VMware vRealize Log Insight prio ...)
@@ -26323,9 +26322,9 @@ CVE-2020-3346
CVE-2020-3345
RESERVED
CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3343 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3342
RESERVED
CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVirus (C ...)
@@ -26391,7 +26390,7 @@ CVE-2020-3316
CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
NOT-FOR-US: Cisco
CVE-2020-3314 (A vulnerability in the file scan process of Cisco AMP for Endpoints Ma ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3313 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
NOT-FOR-US: Cisco
CVE-2020-3312 (A vulnerability in the application policy configuration of Cisco Firep ...)
@@ -26459,7 +26458,7 @@ CVE-2020-3282
CVE-2020-3281
RESERVED
CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of Cisco Unifi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3279
RESERVED
CVE-2020-3278
@@ -26475,7 +26474,7 @@ CVE-2020-3274
CVE-2020-3273 (A vulnerability in the 802.11 Generic Advertisement Service (GAS) fram ...)
NOT-FOR-US: Cisco
CVE-2020-3272 (A vulnerability in the DHCP server of Cisco Prime Network Registrar co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3271
RESERVED
CVE-2020-3270
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44665b76478c4578a8b91a79501140875691def6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44665b76478c4578a8b91a79501140875691def6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200526/3eb4a3b6/attachment.html>
More information about the debian-security-tracker-commits
mailing list