[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 19 08:15:53 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f71f8c5f by Salvatore Bonaccorso at 2020-09-19T09:11:39+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2020-25768
CVE-2020-25767
RESERVED
CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2020-25765
RESERVED
CVE-2020-25764
@@ -2434,7 +2434,7 @@ CVE-2020-24625
CVE-2020-24624
RESERVED
CVE-2020-24623 (A potential security vulnerability has been identified in Hewlett Pack ...)
- TODO: check
+ NOT-FOR-US: Hewlett Packard Enterprise Universal API Framework
CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...)
NOT-FOR-US: Sonatype
CVE-2020-24621
@@ -19413,7 +19413,7 @@ CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allow
NOTE: Upstream of the project did disputed the CVE. Upstream position is
NOTE: that the refererred behaviour is intended functionality.
CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2020-16246
RESERVED
CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...)
@@ -19447,7 +19447,7 @@ CVE-2020-16232
CVE-2020-16231
RESERVED
CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...)
- TODO: check
+ NOT-FOR-US: HMS Networks
CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
NOT-FOR-US: Advantech WebAccess
CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
@@ -19507,11 +19507,11 @@ CVE-2020-16202
CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
NOT-FOR-US: Delta Industrial Automation
CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
NOT-FOR-US: Delta Industrial Automation
CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Wh ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...)
NOT-FOR-US: Octopus Deploy
CVE-2020-16196
@@ -20027,7 +20027,7 @@ CVE-2020-15959
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15958 (An issue was discovered in 1CRM System through 8.6.7. An insecure dire ...)
- TODO: check
+ NOT-FOR-US: 1CRM System
CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...)
NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T)
CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...)
@@ -21982,9 +21982,9 @@ CVE-2020-15191
CVE-2020-15190
RESERVED
CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) u ...)
- TODO: check
+ NOT-FOR-US: SOY CMS
CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Co ...)
- TODO: check
+ NOT-FOR-US: SOY CMS
CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain d ...)
TODO: check
CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitiz ...)
@@ -21998,7 +21998,7 @@ CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scr
CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site Request ...)
NOT-FOR-US: SoyCMS
CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies on untr ...)
- TODO: check
+ NOT-FOR-US: Alfresco Reset Password add-on
CVE-2020-15180
RESERVED
CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 allows sto ...)
@@ -23475,7 +23475,7 @@ CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of O
CVE-2020-14526
RESERVED
CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...)
NOT-FOR-US: Softing Industrial Automation
CVE-2020-14523
@@ -23513,7 +23513,7 @@ CVE-2020-14508 (GateManager versions prior to 9.2c, The affected product is vuln
CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to multiple pat ...)
NOT-FOR-US: Advantech
CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...)
NOT-FOR-US: Advantech
CVE-2020-14504
@@ -25163,7 +25163,7 @@ CVE-2020-14031
CVE-2020-14030
RESERVED
CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RS ...)
- TODO: check
+ NOT-FOR-US: Ozeki NG SMS Gateway
CVE-2020-14028
RESERVED
CVE-2020-14027
@@ -25179,7 +25179,7 @@ CVE-2020-14023
CVE-2020-14022
RESERVED
CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The AS ...)
- TODO: check
+ NOT-FOR-US: Ozeki NG SMS Gateway
CVE-2020-14020
RESERVED
CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...)
@@ -37617,9 +37617,9 @@ CVE-2020-9747
CVE-2020-9746
RESERVED
CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9744 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9743 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
NOT-FOR-US: Adobe AEM
CVE-2020-9742 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and ...)
@@ -37629,7 +37629,7 @@ CVE-2020-9741 (The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2
CVE-2020-9740 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
NOT-FOR-US: Adobe AEM
CVE-2020-9739 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-9738 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
NOT-FOR-US: Adobe AEM
CVE-2020-9737 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
@@ -39172,7 +39172,7 @@ CVE-2020-9086
CVE-2020-9085
RESERVED
CVE-2020-9084 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use- ...)
- TODO: check
+ NOT-FOR-US: Taurus-AN00B
CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E ...)
NOT-FOR-US: Huawei
CVE-2020-9082
@@ -43398,7 +43398,7 @@ CVE-2020-7360 (An Uncontrolled Search Path Element (CWE-427) vulnerability in Sm
CVE-2020-7359
RESERVED
CVE-2020-7358 (In AppSpider installer versions prior to 7.2.126, the AppSpider instal ...)
- TODO: check
+ NOT-FOR-US: AppSpider installer
CVE-2020-7357 (Cayin CMS suffers from an authenticated OS semi-blind command injectio ...)
NOT-FOR-US: Cayin CMS
CVE-2020-7356 (CAYIN xPost suffers from an unauthenticated SQL Injection vulnerabilit ...)
@@ -47067,9 +47067,9 @@ CVE-2020-5978
CVE-2020-5977
RESERVED
CVE-2020-5976 (NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and vers ...)
- TODO: check
+ NOT-FOR-US: NVIDIA GeForce NOW
CVE-2020-5975 (NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, con ...)
- TODO: check
+ NOT-FOR-US: NVIDIA GeForce NOW
CVE-2020-5974 (NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in i ...)
NOT-FOR-US: NVIDIA
CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerabili ...)
@@ -51812,7 +51812,7 @@ CVE-2020-3981
CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...)
NOT-FOR-US: VMware
CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) installers lo ...)
- TODO: check
+ NOT-FOR-US: InstallBuilder for Qt Windows installers
CVE-2020-3978
RESERVED
CVE-2020-3977
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f71f8c5fdf3733f8f4a84286337ca1eefd7de690
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f71f8c5fdf3733f8f4a84286337ca1eefd7de690
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200919/b2a141ee/attachment.html>
More information about the debian-security-tracker-commits
mailing list