[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Oct 14 21:37:05 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7fc5f091 by Moritz Mühlenhoff at 2020-10-14T22:36:40+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -273,7 +273,7 @@ CVE-2020-27015
 CVE-2020-27014
 	RESERVED
 CVE-2020-27013 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2020-27012
 	RESERVED
 CVE-2020-27011
@@ -2796,7 +2796,8 @@ CVE-2020-25826 (PingID Integration for Windows Login before 2.4.2 allows local u
 CVE-2020-25825 (In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensit ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2020-25824 (Telegram Desktop through 2.4.3 does not require passcode entry upon pu ...)
-	TODO: check
+	NOTE: Nonsense CVE allocation for Telegram desktop client, with an desktop not protected
+	NOTE: by a screen lock anything can happen anyway
 CVE-2020-25823
 	RESERVED
 CVE-2020-25822
@@ -2920,9 +2921,9 @@ CVE-2020-25780
 CVE-2020-25779 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in w ...)
 	NOT-FOR-US: Trend Micro
 CVE-2020-25778 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2020-25777 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a speci ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro
 CVE-2020-25776 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbo ...)
 	NOT-FOR-US: Trend Micro
 CVE-2020-25775 (The Trend Micro Security 2020 (v16) consumer family of products is vul ...)
@@ -4276,7 +4277,7 @@ CVE-2020-25190
 CVE-2020-25189
 	RESERVED
 CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...)
-	TODO: check
+	NOT-FOR-US: LAquis SCADA
 CVE-2020-25187
 	RESERVED
 CVE-2020-25186
@@ -5664,7 +5665,7 @@ CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because tex
 CVE-2020-24552 (Atop Technology industrial 3G/4G gateway contains Command Injection vu ...)
 	NOT-FOR-US: Atop Technology industrial 3G/4G gateway
 CVE-2020-24551 (IProom MMC+ Server login page does not validate specific parameters pr ...)
-	TODO: check
+	NOT-FOR-US: IProom MMC+ Server
 CVE-2020-24550
 	RESERVED
 CVE-2020-24549
@@ -6452,7 +6453,7 @@ CVE-2020-24190
 CVE-2020-24189
 	RESERVED
 CVE-2020-24188 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
-	TODO: check
+	NOT-FOR-US: United Planet Intrexx Professional
 CVE-2020-24187
 	RESERVED
 CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors wpDiscuz  ...)
@@ -25021,11 +25022,11 @@ CVE-2020-15255
 CVE-2020-15254
 	RESERVED
 CVE-2020-15253 (Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting v ...)
-	TODO: check
+	NOT-FOR-US: Grocy
 CVE-2020-15252
 	RESERVED
 CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version ...)
-	TODO: check
+	NOT-FOR-US: Channelmgnt plug-in for Sopel
 CVE-2020-15250 (In JUnit4 before version 4.13.1, the test rule TemporaryFolder contain ...)
 	TODO: check
 CVE-2020-15249
@@ -25072,7 +25073,7 @@ CVE-2020-15229 (Singularity (an open source container platform) from version 3.1
 	- singularity-container <unfixed> (bug #972212)
 	NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9
 CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath` and ` ...)
-	TODO: check
+	NOT-FOR-US: Node @actions/core
 CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 ar ...)
 	- php-nette <removed>
 	[stretch] - php-nette <no-dsa> (low priority)
@@ -25082,7 +25083,7 @@ CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the AP
 CVE-2020-15225
 	RESERVED
 CVE-2020-15224 (In Open Enclave before version 0.12.0, an information disclosure vulne ...)
-	TODO: check
+	NOT-FOR-US: Open Enclave
 CVE-2020-15223 (In ORY Fosite (the security first OAuth2 & OpenID Connect framewor ...)
 	NOT-FOR-US: ORY Fosite
 CVE-2020-15222 (In ORY Fosite (the security first OAuth2 & OpenID Connect framewor ...)
@@ -45874,7 +45875,7 @@ CVE-2020-7745
 CVE-2020-7744
 	RESERVED
 CVE-2020-7743 (The package mathjs before 7.5.1 are vulnerable to Prototype Pollution  ...)
-	TODO: check
+	NOT-FOR-US: Node mathjs
 CVE-2020-7742 (This affects the package simpl-schema before 1.10.2. ...)
 	NOT-FOR-US: Node simpl-schema
 CVE-2020-7741 (This affects the package hellojs before 1.18.6. The code get the param ...)
@@ -45886,9 +45887,9 @@ CVE-2020-7739 (This affects all versions of package phantomjs-seo. It is possibl
 CVE-2020-7738 (All versions of package shiba are vulnerable to Arbitrary Code Executi ...)
 	NOT-FOR-US: Node shiba
 CVE-2020-7737 (All versions of package safetydance are vulnerable to Prototype Pollut ...)
-	TODO: check
+	NOT-FOR-US: Node safetydance
 CVE-2020-7736 (The package bmoor before 0.8.12 are vulnerable to Prototype Pollution  ...)
-	TODO: check
+	NOT-FOR-US: Node bmoor
 CVE-2020-7735 (The package ng-packagr before 10.1.1 are vulnerable to Command Injecti ...)
 	NOT-FOR-US: ng-packagr
 CVE-2020-7734 (All versions of package cabot are vulnerable to Cross-site Scripting ( ...)
@@ -45953,7 +45954,7 @@ CVE-2020-7711 (This affects all versions of package github.com/russellhaering/go
 CVE-2020-7710 (This affects all versions of package safe-eval. It is possible for an  ...)
 	NOT-FOR-US: Node safe-eval
 CVE-2020-7709 (This affects the package json-pointer before 0.6.1. Multiple reference ...)
-	TODO: check
+	NOT-FOR-US: Node json-pointer
 CVE-2020-7708 (The package irrelon-path before 4.7.0; the package @irrelon/path befor ...)
 	NOT-FOR-US: Node irrelon-path
 CVE-2020-7707 (The package property-expr before 2.0.3 are vulnerable to Prototype Pol ...)
@@ -46781,7 +46782,7 @@ CVE-2020-7332
 CVE-2020-7331
 	RESERVED
 CVE-2020-7330 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) tr ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7329
 	RESERVED
 CVE-2020-7328
@@ -46805,9 +46806,9 @@ CVE-2020-7320 (Protection Mechanism Failure vulnerability in McAfee Endpoint Sec
 CVE-2020-7319 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7318 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7317 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7316 (Unquoted service path vulnerability in McAfee File and Removable Media ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7315 (DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to  ...)
@@ -47773,7 +47774,7 @@ CVE-2020-6935
 CVE-2020-6934
 	RESERVED
 CVE-2020-6933 (An improper input validation vulnerability in the UEM Core of BlackBer ...)
-	TODO: check
+	NOT-FOR-US: BlackBerry
 CVE-2020-6932 (An information disclosure and remote code execution vulnerability in t ...)
 	NOT-FOR-US: BlackBerry QNX Software Development Platform
 CVE-2020-6931
@@ -50106,15 +50107,15 @@ CVE-2020-6089 (An exploitable code execution vulnerability exists in the ANI fil
 CVE-2020-6088
 	RESERVED
 CVE-2020-6087 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
-	TODO: check
+	NOT-FOR-US: Allen-Bradley Flex IO
 CVE-2020-6086 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
-	TODO: check
+	NOT-FOR-US: Allen-Bradley Flex IO
 CVE-2020-6085
 	RESERVED
 CVE-2020-6084
 	RESERVED
 CVE-2020-6083 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
-	TODO: check
+	NOT-FOR-US: Allen-Bradley Flex IO
 CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...)
 	NOT-FOR-US: Accusoft
 CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Task fun ...)
@@ -54261,7 +54262,7 @@ CVE-2020-4397 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive info
 CVE-2020-4396 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
 	NOT-FOR-US: IBM
 CVE-2020-4395 (IBM Security Access Manager Appliance 9.0.7 does not invalidate sessio ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2020-4394
 	RESERVED
 CVE-2020-4393
@@ -57290,7 +57291,7 @@ CVE-2020-3485 (A vulnerability in the role-based access control (RBAC) functiona
 CVE-2020-3484 (A vulnerability in the web-based management interface of Cisco Vision  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3483 (Duo has identified and fixed an issue with the Duo Network Gateway (DN ...)
-	TODO: check
+	NOT-FOR-US: Duo
 CVE-2020-3482
 	RESERVED
 CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam AntiVirus (C ...)
@@ -57405,7 +57406,7 @@ CVE-2020-3429 (A vulnerability in the WPA2 and WPA3 security implementation of C
 CVE-2020-3428 (A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wi ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3427 (A privilege escalation vulnerability exists in the Duo Authentication  ...)
-	TODO: check
+	NOT-FOR-US: Duo
 CVE-2020-3426 (A vulnerability in the implementation of the Low Power, Wide Area (LPW ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3425 (Multiple vulnerabilities in the web management framework of Cisco IOS  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fc5f0915424860a5c52eb6bb87a7831ac9ac839

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fc5f0915424860a5c52eb6bb87a7831ac9ac839
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201014/1ea62452/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list