[Git][security-tracker-team/security-tracker][master] NFUs

Thu Sep 10 11:26:41 BST 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
401b4512 by Moritz Muehlenhoff at 2020-09-10T12:26:24+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1196,7 +1196,7 @@ CVE-2020-24657
 CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...)
 	NOT-FOR-US: Maltego
 CVE-2020-24655 (A race condition in the Twilio Authy 2-Factor Authentication applicati ...)
-	TODO: check
+	NOT-FOR-US: Twilio Authy 2-Factor Authentication app
 CVE-2020-24654 (In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can ins ...)
 	{DSA-4759-1}
 	- ark 4:20.08.1-1 (bug #969437)
@@ -2446,7 +2446,7 @@ CVE-2020-24076
 CVE-2020-24075
 	RESERVED
 CVE-2020-24074 (The decode program in silk-v3-decoder Version:20160922 Build By kn007  ...)
-	TODO: check
+	NOT-FOR-US: silk-v3-decoder
 CVE-2020-24073
 	RESERVED
 CVE-2020-24072
@@ -18989,7 +18989,7 @@ CVE-2020-15905
 CVE-2020-15904 (A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allo ...)
 	NOT-FOR-US: bsdiff4 (different from src:bsdiff)
 CVE-2020-15903 (An issue was found in Nagios XI before 5.7.3. There is a privilege esc ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url o ...)
 	NOT-FOR-US: Nagios XI
 CVE-2020-15901 (In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated  ...)
@@ -19302,9 +19302,9 @@ CVE-2020-15791 (A vulnerability has been identified in SIMATIC S7-300 CPU family
 CVE-2020-15790 (A vulnerability has been identified in Spectrum Power 4 (All versions  ...)
 	NOT-FOR-US: Siemens
 CVE-2020-15789 (A vulnerability has been identified in Polarion Subversion Webclient ( ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-15788 (A vulnerability has been identified in Polarion Subversion Webclient ( ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI United Comfort Pane ...)
 	NOT-FOR-US: Siemens
 CVE-2020-15786 (A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Ge ...)
@@ -20833,7 +20833,7 @@ CVE-2020-15175
 CVE-2020-15174
 	RESERVED
 CVE-2020-15173 (In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a b ...)
-	TODO: check
+	NOT-FOR-US: ACCEL-PPP
 CVE-2020-15172
 	RESERVED
 CVE-2020-15171
@@ -35741,7 +35741,7 @@ CVE-2019-20490 (cPanel before 82.0.18 allows authentication bypass because webma
 CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...)
 	NOT-FOR-US: GeniXCMS
 CVE-2020-10056 (A vulnerability has been identified in License Management Utility (LMU ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...)
 	NOT-FOR-US: Desigo
 CVE-2020-10054
@@ -56987,9 +56987,9 @@ CVE-2020-1915
 CVE-2020-1914
 	RESERVED
 CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in Facebook  ...)
-	TODO: check
+	NOT-FOR-US: Facebook Hermes
 CVE-2020-1912 (An out-of-bounds read/write vulnerability when executing lazily compil ...)
-	TODO: check
+	NOT-FOR-US: Facebook Hermes
 CVE-2020-1911 (A type confusion vulnerability when resolving properties of JavaScript ...)
 	NOT-FOR-US: Facebook Hermes
 CVE-2020-1910
@@ -122831,25 +122831,25 @@ CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for
 CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PR ...)
 	NOT-FOR-US: Seqrite End Point Security
 CVE-2018-17774 (Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This  ...)
-	TODO: check
+	NOT-FOR-US: Ingenico
 CVE-2018-17773 (Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK ...)
-	TODO: check
+	NOT-FOR-US: Ingenico
 CVE-2018-17772 (Ingenico Telium 2 POS terminals allow arbitrary code execution via the ...)
-	TODO: check
+	NOT-FOR-US: Ingenico
 CVE-2018-17771 (Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This i ...)
-	TODO: check
+	NOT-FOR-US: Ingenico
 CVE-2018-17770 (Ingenico Telium 2 POS terminals have a buffer overflow via the RemoteP ...)
-	TODO: check
+	NOT-FOR-US: Ingenico
 CVE-2018-17769 (Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 co ...)
-	TODO: check
+	NOT-FOR-US: Ingenico
 CVE-2018-17768 (Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This  ...)
-	TODO: check
+	NOT-FOR-US: Ingenico
 CVE-2018-17767 (Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This i ...)
-	TODO: check
+	NOT-FOR-US: Ingenico
 CVE-2018-17766 (Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrict ...)
-	TODO: check
+	NOT-FOR-US: Ingenico
 CVE-2018-17765 (Ingenico Telium 2 POS terminals have undeclared TRACE protocol command ...)
-	TODO: check
+	NOT-FOR-US: Ingenico
 CVE-2018-17764
 	RESERVED
 CVE-2018-17763



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401b4512121b2a117f09f23cd96711f0586c04d6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/401b4512121b2a117f09f23cd96711f0586c04d6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200910/3622e99d/attachment.html>
