[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Oct 16 12:49:41 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4321748 by Moritz Muehlenhoff at 2020-10-16T13:49:26+02:00
NFUs
otrs n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2020-27177
 	RESERVED
 CVE-2020-27176 (Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote C ...)
-	TODO: check
+	NOT-FOR-US: Mark Text
 CVE-2020-27175
 	RESERVED
 CVE-2020-27174 (In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the ...)
-	TODO: check
+	NOT-FOR-US: Firecracker
 CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow to unlimi ...)
-	TODO: check
+	NOT-FOR-US: vm-superio
 CVE-2020-27172
 	RESERVED
 CVE-2020-27171
@@ -27,7 +27,7 @@ CVE-2020-27165
 CVE-2020-27164
 	RESERVED
 CVE-2020-27163 (phpRedisAdmin before 1.13.2 allows XSS via the login.php username para ...)
-	TODO: check
+	NOT-FOR-US: phpRedisAdmin
 CVE-2020-27162
 	RESERVED
 CVE-2020-27161
@@ -469,7 +469,7 @@ CVE-2020-26945 (MyBatis before 3.5.6 mishandles deserialization of object stream
 CVE-2020-26944
 	RESERVED
 CVE-2020-26943 (An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2. ...)
-	TODO: check
+	NOT-FOR-US: blazar-dashboard
 CVE-2020-26942
 	RESERVED
 CVE-2020-26941
@@ -1194,9 +1194,9 @@ CVE-2020-26586
 CVE-2020-26585
 	RESERVED
 CVE-2020-26584 (An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The  ...)
-	TODO: check
+	NOT-FOR-US: Sage
 CVE-2020-26583 (An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It a ...)
-	TODO: check
+	NOT-FOR-US: Sage
 CVE-2020-26582 (D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users ...)
 	NOT-FOR-US: D-Link
 CVE-2020-26581
@@ -2774,9 +2774,9 @@ CVE-2020-25861
 CVE-2020-25860
 	RESERVED
 CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to ve ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm QCMAP
 CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm QCMAP
 CVE-2020-25857
 	RESERVED
 CVE-2020-25856
@@ -28001,7 +28001,7 @@ CVE-2020-14187
 CVE-2020-14186
 	RESERVED
 CVE-2020-14185 (Affected versions of Jira Server allow remote unauthenticated attacker ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-14184 (Affected versions of Atlassian Jira Server allow remote attackers to i ...)
 	NOT-FOR-US: Atlassian
 CVE-2020-14183 (Affected versions of Jira Server & Data Center allow a remote atta ...)
@@ -32325,15 +32325,15 @@ CVE-2020-12506 (Improper Authentication vulnerability in WAGO 750-8XX series wit
 CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...)
 	NOT-FOR-US: WAGO
 CVE-2020-12504 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
-	TODO: check
+	NOT-FOR-US: Pepperl+Fuchs
 CVE-2020-12503 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
-	TODO: check
+	NOT-FOR-US: Pepperl+Fuchs
 CVE-2020-12502 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
-	TODO: check
+	NOT-FOR-US: Pepperl+Fuchs
 CVE-2020-12501 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
-	TODO: check
+	NOT-FOR-US: Pepperl+Fuchs
 CVE-2020-12500 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
-	TODO: check
+	NOT-FOR-US: Pepperl+Fuchs
 CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...)
 	NOT-FOR-US: PHOENIX CONTACT PLCnext Engineer
 CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...)
@@ -35547,17 +35547,17 @@ CVE-2019-20637 (An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x
 	NOTE: Introduced in https://github.com/varnishcache/varnish-cache/commit/62932b422f311ed1224f14a216169bcdc1b77a2d (5.0)
 	NOTE: Case #3 implies labels introduced in https://github.com/varnishcache/varnish-cache/commit/34350d5e183ef4e04285729d1f63b784d1bc6454 (5.0)
 CVE-2020-11646 (A log information disclosure vulnerability in B&R GateManager 4260 ...)
-	TODO: check
+	NOT-FOR-US: B&R GateManager
 CVE-2020-11645 (A denial of service vulnerability in B&R GateManager 4260 and 9250 ...)
-	TODO: check
+	NOT-FOR-US: B&R GateManager
 CVE-2020-11644 (The information disclosure vulnerability present in B&R GateManage ...)
-	TODO: check
+	NOT-FOR-US: B&R GateManager
 CVE-2020-11643 (An information disclosure vulnerability in B&R GateManager 4260 an ...)
-	TODO: check
+	NOT-FOR-US: B&R GateManager
 CVE-2020-11642 (The local file inclusion vulnerability present in B&R SiteManager  ...)
-	TODO: check
+	NOT-FOR-US: B&R SiteManager
 CVE-2020-11641 (A local file inclusion vulnerability in B&R SiteManager versions & ...)
-	TODO: check
+	NOT-FOR-US: B&R GateManager
 CVE-2020-11640
 	RESERVED
 CVE-2020-11639
@@ -35565,7 +35565,7 @@ CVE-2020-11639
 CVE-2020-11638
 	RESERVED
 CVE-2020-11637 (A memory leak in the TFTP service in B&R Automation Runtime versio ...)
-	TODO: check
+	NOT-FOR-US: B&R Automation Runtime
 CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...)
 	{DLA-2241-1}
 	- linux 5.4.13-1
@@ -44351,7 +44351,7 @@ CVE-2020-8351
 CVE-2020-8350 (An authentication bypass vulnerability was reported in Lenovo ThinkPad ...)
 	NOT-FOR-US: Lenovo
 CVE-2020-8349 (An internal security review has identified an unauthenticated remote c ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2020-8348 (A DOM-based cross-site scripting (XSS) vulnerability was reported in L ...)
 	NOT-FOR-US: Lenovo
 CVE-2020-8347 (A reflective cross-site scripting (XSS) vulnerability was reported in  ...)
@@ -46296,7 +46296,7 @@ CVE-2020-7593 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS v
 CVE-2020-7592 (A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Ge ...)
 	NOT-FOR-US: Siemens
 CVE-2020-7591 (A vulnerability has been identified in SIPORT MP (All versions < 3. ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-7590 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
 	NOT-FOR-US: DCA Vantage Analyzer
 CVE-2020-7589 (A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS variant ...)
@@ -46837,7 +46837,7 @@ CVE-2020-7336
 CVE-2020-7335
 	RESERVED
 CVE-2020-7334 (Improper privilege assignment vulnerability in the installer McAfee Ap ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7333
 	RESERVED
 CVE-2020-7332
@@ -46851,9 +46851,9 @@ CVE-2020-7329
 CVE-2020-7328
 	RESERVED
 CVE-2020-7327 (Improperly implemented security check in McAfee MVISION Endpoint Detec ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7326 (Improperly implemented security check in McAfee Active Response (MAR)  ...)
-	TODO: check
+	NOT-FOR-US: McAfee
 CVE-2020-7325 (Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7324 (Improper Access Control vulnerability in McAfee MVISION Endpoint prior ...)
@@ -51142,7 +51142,7 @@ CVE-2020-5644
 CVE-2020-5643
 	RESERVED
 CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Live su ...)
-	TODO: check
+	NOT-FOR-US: Live Chat
 CVE-2020-5641
 	RESERVED
 CVE-2020-5640
@@ -62111,7 +62111,8 @@ CVE-2020-1779
 CVE-2020-1778
 	RESERVED
 CVE-2020-1777 (Agent names that participates in a chat conversation are revealed in c ...)
-	TODO: check
+	- otrs <not-affected> (Only affects 7.x and 8.x)
+	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-15/
 CVE-2020-1776 (When an agent user is renamed or set to invalid the session belonging  ...)
 	- otrs2 6.0.29-1
 	[buster] - otrs2 <no-dsa> (Non-free not supported)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4321748536f6161317f96e2501429f31cf4d5e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4321748536f6161317f96e2501429f31cf4d5e4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201016/fc92a0cb/attachment.html>

More information about the debian-security-tracker-commits mailing list