[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Mon Oct 5 21:36:23 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c08965ca by Salvatore Bonaccorso at 2020-10-05T22:36:01+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -796,7 +796,7 @@ CVE-2020-26168
 CVE-2020-26167
 	RESERVED
 CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...)
-	TODO: check
+	NOT-FOR-US: qdPM
 CVE-2020-26165
 	RESERVED
 CVE-2020-26164
@@ -1056,7 +1056,7 @@ CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket creation in net/nfc/ra
 	[buster] - linux 4.19.146-1
 	NOTE: https://git.kernel.org/linus/26896f01467a28651f7a536143fe5ac8449d4041
 CVE-2020-26061 (ClickStudios Passwordstate Password Reset Portal prior to build 8501 i ...)
-	TODO: check
+	NOT-FOR-US: ClickStudios Passwordstate Password Reset Portal
 CVE-2020-26060
 	RESERVED
 CVE-2020-26059
@@ -1083,7 +1083,7 @@ CVE-2020-26050
 CVE-2020-26049
 	RESERVED
 CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows an authen ...)
-	TODO: check
+	NOT-FOR-US: CuppaCMS
 CVE-2020-26047
 	RESERVED
 CVE-2020-26046
@@ -5121,7 +5121,7 @@ CVE-2020-24233
 CVE-2020-24232
 	RESERVED
 CVE-2020-24231 (Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP.  ...)
-	TODO: check
+	NOT-FOR-US: Symmetric DS
 CVE-2020-24230
 	RESERVED
 CVE-2020-24229
@@ -21278,7 +21278,7 @@ CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03,
 CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An improper input  ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2020-16226 (Multiple Mitsubishi Electric products are vulnerable to impersonations ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2020-16224 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
@@ -31517,7 +31517,7 @@ CVE-2020-12304
 CVE-2020-12303
 	RESERVED
 CVE-2020-12302 (Improper permissions in the Intel(R) Driver & Support Assistant be ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...)
 	NOT-FOR-US: Intel
 CVE-2020-12300 (Uninitialized pointer in BIOS firmware for Intel(R) Server Board Famil ...)
@@ -42105,7 +42105,7 @@ CVE-2020-8673
 CVE-2020-8672
 	RESERVED
 CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8670
 	RESERVED
 CVE-2020-8669
@@ -43161,7 +43161,7 @@ CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lea
 CVE-2020-8236
 	RESERVED
 CVE-2020-8235 (Missing access control in Nextcloud Deck 1.0.4 caused an insecure dire ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Deck
 CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 w ...)
 	NOT-FOR-US: EdgeMax EdgeSwitch firmware
 CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware <v1 ...)
@@ -43183,7 +43183,7 @@ CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop
 	NOTE: Windows-specific code in shell_integration/windows/OCUtil
 	NOTE: https://hackerone.com/reports/588562
 CVE-2020-8228 (A missing rate limit in the Preferred Providers app 1.7.0 allowed an a ...)
-	TODO: check
+	NOT-FOR-US: Preferred Providers app
 CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Client  ...)
 	- nextcloud-desktop 3.0.1-1
 	[buster] - nextcloud-desktop <no-dsa> (Minor issue)
@@ -43296,7 +43296,7 @@ CVE-2020-8184 (A reliance on cookies without validation/integrity check security
 CVE-2020-8183
 	RESERVED
 CVE-2020-8182 (Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to ...)
-	TODO: check
+	NOT-FOR-US: Nextcloud Deck
 CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...)
 	NOT-FOR-US: Nextcloud Contacts
 CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...)
@@ -52676,7 +52676,7 @@ CVE-2020-4495
 CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...)
 	NOT-FOR-US: IBM
 CVE-2020-4493 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2 ...)
 	NOT-FOR-US: IBM
 CVE-2020-4491



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c08965ca0ad0624c6dd3a0c1e90ae1334d32229b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c08965ca0ad0624c6dd3a0c1e90ae1334d32229b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201005/27ae9f2c/attachment.html>

More information about the debian-security-tracker-commits mailing list