[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Nov 2 14:43:35 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ae2fc64 by Moritz Muehlenhoff at 2020-11-02T15:43:13+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12,7 +12,7 @@ CVE-2020-28044 (An attacker with physical access to a PAX Point Of Sale device w
 CVE-2020-28043 (MISP through 2.4.133 allows SSRF in the REST client via the use_full_p ...)
 	NOT-FOR-US: MISP
 CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT signature verification unless ...)
-	TODO: check
+	NOT-FOR-US: ServiceStack
 CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 ...)
 	NOT-FOR-US: Netgear
 CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a theme's backg ...)
@@ -914,7 +914,7 @@ CVE-2020-27710
 CVE-2020-27709
 	RESERVED
 CVE-2020-27708 (A vulnerability exists in the Origin Client that could allow a non-Adm ...)
-	TODO: check
+	NOT-FOR-US: Electronic Arts
 CVE-2020-27707
 	RESERVED
 CVE-2020-27706
@@ -4454,7 +4454,7 @@ CVE-2020-26207
 CVE-2020-26206
 	RESERVED
 CVE-2020-26205 (Sal is a multi-tenanted reporting dashboard for Munki with the ability ...)
-	TODO: check
+	NOT-FOR-US: Sal
 CVE-2020-26204
 	RESERVED
 CVE-2020-26203
@@ -5252,7 +5252,7 @@ CVE-2020-25851
 CVE-2020-25850
 	RESERVED
 CVE-2020-25849 (MailGates and MailAudit products contain Command Injection flaw, which ...)
-	TODO: check
+	NOT-FOR-US: MailGates and MailAudit
 CVE-2020-25848
 	RESERVED
 CVE-2020-25847
@@ -28831,7 +28831,7 @@ CVE-2020-14752 (Vulnerability in the Hyperion Lifecycle Management product of Or
 CVE-2020-14751
 	RESERVED
 CVE-2020-14750 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-14749
 	RESERVED
 CVE-2020-14748
@@ -39484,7 +39484,7 @@ CVE-2020-11174 (u'Array index underflow issue in adsp driver due to improper che
 CVE-2020-11173 (u'Two threads running simultaneously from user space can lead to race  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11172 (u'fscanf reads a string from a file and stores its contents on a stati ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11171
 	RESERVED
 CVE-2020-11170
@@ -39522,7 +39522,7 @@ CVE-2020-11155 (u'Buffer overflow while processing PDU packet in bluetooth due t
 CVE-2020-11154 (u'Buffer overflow while processing a crafted PDU data packet in blueto ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11153 (u'Out of bound memory access while processing GATT data received due t ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11152
 	RESERVED
 CVE-2020-11151
@@ -39600,7 +39600,7 @@ CVE-2020-11116 (u'Possible out of bound write while processing association respo
 CVE-2020-11115 (u'Buffer over read occurs while processing information element from be ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-11114 (u'Bluetooth devices does not properly restrict the L2CAP payload lengt ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode a ...)
 	- bubblewrap 0.4.1-1 (low; bug #955441)
 	[buster] - bubblewrap <not-affected> (Introduced in 0.4.0)
@@ -49353,7 +49353,7 @@ CVE-2020-7386
 CVE-2020-7385
 	RESERVED
 CVE-2020-7384 (Rapid7's Metasploit msfvenom framework handles APK files in a way that ...)
-	TODO: check
+	NOT-FOR-US: Rapid7
 CVE-2020-7383 (A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that m ...)
 	NOT-FOR-US: Rapid7 Nexpose
 CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted  ...)
@@ -59257,13 +59257,13 @@ CVE-2020-3698 (Out of bound write while QoS DSCP mapping due to improper input v
 CVE-2020-3697
 	RESERVED
 CVE-2020-3696 (u'Use after free while installing new security rule in ipcrtr as old o ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3695
 	RESERVED
 CVE-2020-3694 (u'Use out of range pointer issue can occur due to incorrect buffer ran ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3693 (u'Use out of range pointer issue can occur due to incorrect buffer ran ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3692 (u'Possible buffer overflow while updating output buffer for IMEI and G ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2020-3691



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ae2fc6493fbc02b8720211253546df239b21184

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ae2fc6493fbc02b8720211253546df239b21184
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201102/c6e080a4/attachment.html>

More information about the debian-security-tracker-commits mailing list