[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat May 30 10:27:28 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce0f4877 by Salvatore Bonaccorso at 2020-05-30T11:26:55+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -145,7 +145,7 @@ CVE-2020-13636
CVE-2020-13635
RESERVED
CVE-2020-13634 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
- TODO: check
+ NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...)
NOT-FOR-US: Fork CMS
CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...)
@@ -680,7 +680,7 @@ CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading
CVE-2020-13387
RESERVED
CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...)
- TODO: check
+ NOT-FOR-US: SmartDraw
CVE-2020-13385
RESERVED
CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...)
@@ -1136,7 +1136,7 @@ CVE-2020-13175
CVE-2020-13174
RESERVED
CVE-2020-13173 (Initialization of the pcoip_credential_provider in Teradici PCoIP Stan ...)
- TODO: check
+ NOT-FOR-US: Teradici
CVE-2020-13172
RESERVED
CVE-2020-13171
@@ -2697,7 +2697,7 @@ CVE-2020-12495
CVE-2020-12494
RESERVED
CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series with vers ...)
- TODO: check
+ NOT-FOR-US: SWARCOs CPU LS4000 Series
CVE-2020-12492
RESERVED
CVE-2020-12491
@@ -3992,9 +3992,9 @@ CVE-2020-11952
CVE-2020-11951
RESERVED
CVE-2020-11950 (VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XX ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK Network Cameras
CVE-2020-11949 (testserver.cgi of the web service on VIVOTEK Network Cameras before XX ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK Network Cameras
CVE-2020-11948
RESERVED
CVE-2020-11947
@@ -13016,7 +13016,7 @@ CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2
CVE-2020-8817
RESERVED
CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by priv ...)
- TODO: check
+ NOT-FOR-US: Pi-hole
CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam ...)
NOT-FOR-US: BearFTP
CVE-2020-8814
@@ -13804,7 +13804,7 @@ CVE-2020-8484 (Insufficient protection of the inter-process communication functi
CVE-2020-8483
RESERVED
CVE-2020-8482 (Insecure storage of sensitive information in ABB Device Library Wizard ...)
- TODO: check
+ NOT-FOR-US: ABB
CVE-2020-8481 (For ABB products ABB Ability™ System 800xA and related system ex ...)
NOT-FOR-US: ABB
CVE-2020-8480
@@ -14137,9 +14137,9 @@ CVE-2020-8332
CVE-2020-8331
RESERVED
CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8328
RESERVED
CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...)
@@ -17871,7 +17871,7 @@ CVE-2020-6776
CVE-2020-6775
RESERVED
CVE-2020-6774 (Improper Access Control in the Kiosk Mode functionality of Bosch Recor ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2020-6773
RESERVED
CVE-2020-6772
@@ -20239,7 +20239,7 @@ CVE-2020-5755
CVE-2020-5754
RESERVED
CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...)
- TODO: check
+ NOT-FOR-US: Signal Private Messenger (Android and iOS version)
CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a ...)
NOT-FOR-US: Druva inSync Windows Client
CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
@@ -20599,9 +20599,9 @@ CVE-2020-5575 (Cross-site scripting vulnerability in Movable Type series (Movabl
CVE-2020-5574 (HTML attribute value injection vulnerability in Movable Type series (M ...)
- movabletype-opensource <removed>
CVE-2020-5573 (Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attack ...)
- TODO: check
+ NOT-FOR-US: Android App 'kintone mobile for Android'
CVE-2020-5572 (Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker t ...)
- TODO: check
+ NOT-FOR-US: Android App 'Mailwise for Android'
CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...)
NOT-FOR-US: SHARP AQUOS
CVE-2020-5570 (Cross-site scripting vulnerability in Sales Force Assistant version 11 ...)
@@ -21116,7 +21116,7 @@ CVE-2020-5359
CVE-2020-5358
RESERVED
CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer and Comme ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5356
RESERVED
CVE-2020-5355
@@ -24502,11 +24502,11 @@ CVE-2020-3961
CVE-2020-3960
RESERVED
CVE-2020-3959 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3958 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3957 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, ...)
NOT-FOR-US: VMware
CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ...)
@@ -31074,11 +31074,11 @@ CVE-2020-1835
CVE-2020-1834
RESERVED
CVE-2020-1833 (Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1832 (E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1831 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
NOT-FOR-US: Huawei
CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospa ...)
@@ -31122,7 +31122,7 @@ CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulner
CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...)
NOT-FOR-US: Huawei
CVE-2020-1809 (HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E1 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 wi ...)
NOT-FOR-US: Huawei
CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...)
@@ -31144,9 +31144,9 @@ CVE-2020-1800 (HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E
CVE-2020-1799 (E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00 ...)
NOT-FOR-US: Huawei
CVE-2020-1798 (HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1797 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1796 (There is an improper authorization vulnerability in several smartphone ...)
NOT-FOR-US: Huawei
CVE-2020-1795 (There is a logic error vulnerability in several smartphones. The softw ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce0f48772132293e19468a21acdbf5726caac3f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce0f48772132293e19468a21acdbf5726caac3f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200530/8fc45763/attachment.html>
More information about the debian-security-tracker-commits
mailing list