[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sun Nov 22 08:40:33 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd092d2b by Salvatore Bonaccorso at 2020-11-22T09:40:13+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -154,7 +154,7 @@ CVE-2020-28915 (A buffer over-read (at the framebuffer layer) in the fbcon code
 	[stretch] - linux 4.9.240-1
 	NOTE: https://git.kernel.org/linus/5af08640795b2b9a940c9266c0260455377ae262
 CVE-2020-28914 (An improper file permissions vulnerability affects Kata Containers pri ...)
-	TODO: check
+	NOT-FOR-US: Kata Containers
 CVE-2020-28913
 	RESERVED
 CVE-2020-28912
@@ -7702,7 +7702,7 @@ CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2020-5/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/19df63b0365621427697edc185ff7c9c5707c523
 CVE-2020-26933 (Trusted Computing Group (TCG) Trusted Platform Module Library Family 2 ...)
-	TODO: check
+	NOT-FOR-US: Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification
 CVE-2020-26931 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
 	NOT-FOR-US: Netgear
 CVE-2020-26930 (NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect conf ...)
@@ -9166,7 +9166,7 @@ CVE-2020-26238
 CVE-2020-26237
 	RESERVED
 CVE-2020-26236 (In ScratchVerifier before commit a603769, an attacker can hijack the v ...)
-	TODO: check
+	NOT-FOR-US: ScratchVerifier
 CVE-2020-26234
 	RESERVED
 CVE-2020-26233
@@ -9184,7 +9184,7 @@ CVE-2020-26228
 CVE-2020-26227
 	RESERVED
 CVE-2020-26226 (In the npm package semantic-release before version 17.2.3, secrets tha ...)
-	TODO: check
+	NOT-FOR-US: semantic-release nodejs module
 CVE-2020-26225 (In PrestaShop Product Comments before version 4.2.0, an attacker could ...)
 	NOT-FOR-US: PrestaShop
 CVE-2020-26224 (In PrestaShop before version 1.7.6.9 an attacker is able to list all t ...)
@@ -9737,9 +9737,9 @@ CVE-2020-25991
 CVE-2020-25990 (WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name'  ...)
 	NOT-FOR-US: WebsiteBaker
 CVE-2020-25989 (Privilege escalation via arbitrary file write in pritunl electron clie ...)
-	TODO: check
+	NOT-FOR-US: pritunl-client
 CVE-2020-25988 (UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2 ...)
-	TODO: check
+	NOT-FOR-US: Genexis Platinum 4410 Router
 CVE-2020-25987 (MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in ...)
 	NOT-FOR-US: MonoCMS Blog
 CVE-2020-25986 (A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0  ...)
@@ -11701,7 +11701,7 @@ CVE-2020-25191
 CVE-2020-25190
 	RESERVED
 CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer overflo ...)
-	TODO: check
+	NOT-FOR-US: Paradox IP150
 CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...)
 	NOT-FOR-US: LAquis SCADA
 CVE-2020-25187
@@ -11709,7 +11709,7 @@ CVE-2020-25187
 CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 2019-09-2 ...)
 	NOT-FOR-US: LeviStudioU Release
 CVE-2020-25185 (The affected product is vulnerable to five post-authentication buffer  ...)
-	TODO: check
+	NOT-FOR-US: Paradox IP150
 CVE-2020-25184
 	RESERVED
 CVE-2020-25183
@@ -12704,7 +12704,7 @@ CVE-2020-24721 (An issue was discovered in the GAEN (aka Google/Apple Exposure N
 CVE-2020-24720
 	RESERVED
 CVE-2020-24719 (Exposed Erlang Cookie could lead to Remote Command Execution (RCE) att ...)
-	TODO: check
+	NOT-FOR-US: Couchbase
 CVE-2020-24718 (bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE th ...)
 	NOT-FOR-US: bhyve
 CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...)
@@ -18945,7 +18945,7 @@ CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php
 CVE-2020-21666
 	RESERVED
 CVE-2020-21665 (In fastadmin V1.0.0.20191212_beta, when a user with administrator righ ...)
-	TODO: check
+	NOT-FOR-US: fastadmin
 CVE-2020-21664
 	RESERVED
 CVE-2020-21663
@@ -42361,7 +42361,7 @@ CVE-2020-11831 (OvoiceManager has system permission to write vulnerability repor
 CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system command ...)
 	NOT-FOR-US: QualityProtect
 CVE-2020-11829 (Dynamic loading of services in the backup and restore SDK leads to ele ...)
-	TODO: check
+	NOT-FOR-US: com.coloros.codebook (oppo.com)
 CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...)
 	NOT-FOR-US: ColorOS
 CVE-2020-11827 (In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak fi ...)
@@ -50217,7 +50217,7 @@ CVE-2020-9051
 CVE-2020-9050
 	RESERVED
 CVE-2020-9049 (A vulnerability in specified versions of American Dynamics victor Web  ...)
-	TODO: check
+	NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls
 CVE-2020-9048 (A vulnerability in victor Web Client versions up to and including v5.4 ...)
 	NOT-FOR-US: Johnson Controls
 CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized  ...)
@@ -53371,7 +53371,7 @@ CVE-2020-7844
 CVE-2020-7843
 	RESERVED
 CVE-2020-7842 (Improper Input validation vulnerability exists in Netis Korea D'live A ...)
-	TODO: check
+	NOT-FOR-US: Netis Korea D'live AP
 CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT XPLATFORM w ...)
 	NOT-FOR-US: TOBESOFT XPLATFORM
 CVE-2020-7840
@@ -58482,7 +58482,7 @@ CVE-2020-5799
 CVE-2020-5798
 	RESERVED
 CVE-2020-5797 (UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180 ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2020-5796 (Improper preservation of permissions in Nagios XI 5.7.4 allows a local ...)
 	NOT-FOR-US: Nagios XI
 CVE-2020-5795 (UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd092d2b004e693def1ee1f0061afe3de554aa0e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd092d2b004e693def1ee1f0061afe3de554aa0e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201122/e6ff4fb4/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list