[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sat May 30 10:27:28 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce0f4877 by Salvatore Bonaccorso at 2020-05-30T11:26:55+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -145,7 +145,7 @@ CVE-2020-13636
 CVE-2020-13635
 	RESERVED
 CVE-2020-13634 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
-	TODO: check
+	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
 CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...)
 	NOT-FOR-US: Fork CMS
 CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...)
@@ -680,7 +680,7 @@ CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading
 CVE-2020-13387
 	RESERVED
 CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...)
-	TODO: check
+	NOT-FOR-US: SmartDraw
 CVE-2020-13385
 	RESERVED
 CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...)
@@ -1136,7 +1136,7 @@ CVE-2020-13175
 CVE-2020-13174
 	RESERVED
 CVE-2020-13173 (Initialization of the pcoip_credential_provider in Teradici PCoIP Stan ...)
-	TODO: check
+	NOT-FOR-US: Teradici
 CVE-2020-13172
 	RESERVED
 CVE-2020-13171
@@ -2697,7 +2697,7 @@ CVE-2020-12495
 CVE-2020-12494
 	RESERVED
 CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series with vers ...)
-	TODO: check
+	NOT-FOR-US: SWARCOs CPU LS4000 Series
 CVE-2020-12492
 	RESERVED
 CVE-2020-12491
@@ -3992,9 +3992,9 @@ CVE-2020-11952
 CVE-2020-11951
 	RESERVED
 CVE-2020-11950 (VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XX ...)
-	TODO: check
+	NOT-FOR-US: VIVOTEK Network Cameras
 CVE-2020-11949 (testserver.cgi of the web service on VIVOTEK Network Cameras before XX ...)
-	TODO: check
+	NOT-FOR-US: VIVOTEK Network Cameras
 CVE-2020-11948
 	RESERVED
 CVE-2020-11947
@@ -13016,7 +13016,7 @@ CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2
 CVE-2020-8817
 	RESERVED
 CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by priv ...)
-	TODO: check
+	NOT-FOR-US: Pi-hole
 CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam  ...)
 	NOT-FOR-US: BearFTP
 CVE-2020-8814
@@ -13804,7 +13804,7 @@ CVE-2020-8484 (Insufficient protection of the inter-process communication functi
 CVE-2020-8483
 	RESERVED
 CVE-2020-8482 (Insecure storage of sensitive information in ABB Device Library Wizard ...)
-	TODO: check
+	NOT-FOR-US: ABB
 CVE-2020-8481 (For ABB products ABB Ability™ System 800xA and related system ex ...)
 	NOT-FOR-US: ABB
 CVE-2020-8480
@@ -14137,9 +14137,9 @@ CVE-2020-8332
 CVE-2020-8331
 	RESERVED
 CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2020-8328
 	RESERVED
 CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...)
@@ -17871,7 +17871,7 @@ CVE-2020-6776
 CVE-2020-6775
 	RESERVED
 CVE-2020-6774 (Improper Access Control in the Kiosk Mode functionality of Bosch Recor ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2020-6773
 	RESERVED
 CVE-2020-6772
@@ -20239,7 +20239,7 @@ CVE-2020-5755
 CVE-2020-5754
 	RESERVED
 CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...)
-	TODO: check
+	NOT-FOR-US: Signal Private Messenger (Android and iOS version)
 CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a  ...)
 	NOT-FOR-US: Druva inSync Windows Client
 CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
@@ -20599,9 +20599,9 @@ CVE-2020-5575 (Cross-site scripting vulnerability in Movable Type series (Movabl
 CVE-2020-5574 (HTML attribute value injection vulnerability in Movable Type series (M ...)
 	- movabletype-opensource <removed>
 CVE-2020-5573 (Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attack ...)
-	TODO: check
+	NOT-FOR-US: Android App 'kintone mobile for Android'
 CVE-2020-5572 (Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker t ...)
-	TODO: check
+	NOT-FOR-US: Android App 'Mailwise for Android'
 CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...)
 	NOT-FOR-US: SHARP AQUOS
 CVE-2020-5570 (Cross-site scripting vulnerability in Sales Force Assistant version 11 ...)
@@ -21116,7 +21116,7 @@ CVE-2020-5359
 CVE-2020-5358
 	RESERVED
 CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer and Comme ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2020-5356
 	RESERVED
 CVE-2020-5355
@@ -24502,11 +24502,11 @@ CVE-2020-3961
 CVE-2020-3960
 	RESERVED
 CVE-2020-3959 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3958 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3957 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5,  ...)
 	NOT-FOR-US: VMware
 CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ...)
@@ -31074,11 +31074,11 @@ CVE-2020-1835
 CVE-2020-1834
 	RESERVED
 CVE-2020-1833 (Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1832 (E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1831 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospa ...)
@@ -31122,7 +31122,7 @@ CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulner
 CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1809 (HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E1 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 wi ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...)
@@ -31144,9 +31144,9 @@ CVE-2020-1800 (HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E
 CVE-2020-1799 (E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00 ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1798 (HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1797 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-1796 (There is an improper authorization vulnerability in several smartphone ...)
 	NOT-FOR-US: Huawei
 CVE-2020-1795 (There is a logic error vulnerability in several smartphones. The softw ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce0f48772132293e19468a21acdbf5726caac3f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce0f48772132293e19468a21acdbf5726caac3f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200530/8fc45763/attachment.html>


More information about the debian-security-tracker-commits mailing list