[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sun Oct 11 09:08:16 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c4fa2bc by Salvatore Bonaccorso at 2020-10-11T10:07:53+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -42785,9 +42785,9 @@ CVE-2019-20449
 CVE-2019-20448
 	RESERVED
 CVE-2020-8782 (Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 al ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2020-8781 (Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 an ...)
-	TODO: check
+	NOT-FOR-US: ALEOS
 CVE-2020-8780
 	RESERVED
 CVE-2020-8779
@@ -62698,7 +62698,7 @@ CVE-2019-19117 (/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2
 CVE-2019-19116
 	RESERVED
 CVE-2019-19115 (An escalation of privilege vulnerability in Nahimic APO Software Compo ...)
-	TODO: check
+	NOT-FOR-US: Nahimic APO Software Component Driver
 CVE-2019-19114
 	RESERVED
 CVE-2019-19113 (main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka Ne ...)
@@ -63109,7 +63109,7 @@ CVE-2019-18991 (A partial authentication bypass vulnerability exists on Atheros
 CVE-2019-18990 (A partial authentication bypass vulnerability exists on Realtek RTL881 ...)
 	TODO: check
 CVE-2019-18989 (A partial authentication bypass vulnerability exists on Mediatek MT762 ...)
-	TODO: check
+	NOT-FOR-US: Mediatek devices
 CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login a ...)
 	NOT-FOR-US: TeamViewer
 CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for  ...)
@@ -66431,7 +66431,7 @@ CVE-2020-0573
 CVE-2020-0572
 	RESERVED
 CVE-2020-0571 (Improper conditions check in BIOS firmware for 8th Generation Intel(R) ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-0570 (Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5 ...)
 	- qtbase-opensource-src 5.12.5+dfsg-8
 	[buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3
@@ -74143,7 +74143,7 @@ CVE-2019-16162 (Onigmo through 6.2.0 has an out-of-bounds read in parse_char_cla
 CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code ...)
 	NOT-FOR-US: Onigmo (fork of Oniguruma)
 CVE-2019-16160 (An integer underflow in the SMB server of MikroTik RouterOS before 6.4 ...)
-	TODO: check
+	NOT-FOR-US: MikroTik RouterOS
 CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 ...)
 	- bird 1.6.8-1 (bug #939990)
 	[buster] - bird 1.6.6-1+deb10u1
@@ -79274,9 +79274,9 @@ CVE-2019-14558 (Insufficient control flow management in BIOS firmware for 8th, 9
 	NOTE: https://github.com/tianocore/edk2/commit/764e8ba1389a617639d79d2c4f0d53f4ea4a7387
 	NOTE: https://github.com/tianocore/edk2/commit/f1d78c489a39971b5aac5d2fc8a39bfa925c3c5d
 CVE-2019-14557 (Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-14556 (Improper initialization in BIOS firmware for 8th, 9th, 10th Generation ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2019-14555
 	RESERVED
 CVE-2019-14554
@@ -109255,9 +109255,9 @@ CVE-2019-4328
 CVE-2019-4327 ("HCL AppScan Enterprise uses hard-coded credentials which can be explo ...)
 	NOT-FOR-US: HCL AppScan Enterprise
 CVE-2019-4326 ("HCL AppScan Enterprise security rules update administration section o ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2019-4325 ("HCL AppScan Enterprise makes use of broken or risky cryptographic alg ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2019-4324 ("HCL AppScan Enterprise is susceptible to Cross-Site Scripting while i ...)
 	NOT-FOR-US: HCL
 CVE-2019-4323 ("HCL AppScan Enterprise advisory API documentation is susceptible to c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c4fa2bcb2dcfb5835fb810df9d2edb203b24873

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c4fa2bcb2dcfb5835fb810df9d2edb203b24873
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201011/4e99a756/attachment.html>

More information about the debian-security-tracker-commits mailing list