[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 15 20:18:15 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e696f687 by Salvatore Bonaccorso at 2021-06-15T21:17:50+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47244,7 +47244,7 @@ CVE-2021-0086 (Improper permissions in the installer for the Intel(R) Brand Veri
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html
 	NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in
 	NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314").
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2021-0085
 	RESERVED
 CVE-2021-0084
@@ -54946,13 +54946,13 @@ CVE-2020-24511 (Improper isolation of shared resources in some Intel(R) Processo
 CVE-2020-24510
 	RESERVED
 CVE-2020-24509 (Insufficient control flow management in subsystem in Intel(R) SPS vers ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-24508
 	RESERVED
 CVE-2020-24507 (Improper initialization in a subsystem in the Intel(R) CSME versions b ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-24506 (Out of bound read in a subsystem in the Intel(R) CSME versions before  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-24505 (Insufficient input validation in the firmware for the Intel(R) 700-ser ...)
 	NOT-FOR-US: Intel NIC firmware
 CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapt ...)
@@ -54999,7 +54999,7 @@ CVE-2020-24488
 CVE-2020-24487
 	RESERVED
 CVE-2020-24486 (Improper input validation in the firmware for some Intel(R) Processors ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-24485 (Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux b ...)
 	NOT-FOR-US: Intel
 CVE-2020-24484
@@ -55021,11 +55021,11 @@ CVE-2020-24477
 CVE-2020-24476
 	RESERVED
 CVE-2020-24475 (Improper initialization in the BMC firmware for some Intel(R) Server B ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-24474 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-24473 (Out of bounds write in the BMC firmware for some Intel(R) Server Board ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-24472
 	RESERVED
 CVE-2020-24471
@@ -74373,27 +74373,27 @@ CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-f
 CVE-2020-15388
 	RESERVED
 CVE-2020-15387 (The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7. ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2020-15386 (Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2 ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2020-15385 (Brocade SANnav before version 2.1.1 allows an authenticated attacker t ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2020-15384 (Brocade SANNav before version 2.1.1 contains an information disclosure ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2020-15383 (Running security scans against the SAN switch can cause config and sec ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2020-15382 (Brocade SANnav before version 2.1.1 uses a hard-coded administrator ac ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2020-15381 (Brocade SANnav before version 2.1.1 contains an Improper Authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2020-15380 (Brocade SANnav before version 2.1.1 logs account credentials at the &# ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2020-15379 (Brocade SANnav before v.2.1.0a could allow remote attackers cause a de ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2020-15378 (The OVA version of Brocade SANnav before version 2.1.1 installation wi ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2020-15377 (Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated ...)
-	TODO: check
+	NOT-FOR-US: Brocade
 CVE-2020-15376 (Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, con ...)
 	NOT-FOR-US: Brocade Fabric OS
 CVE-2020-15375 (Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v ...)
@@ -82672,13 +82672,13 @@ CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Driv
 CVE-2020-12361 (Use after free in some Intel(R) Graphics Drivers before version 15.33. ...)
 	NOT-FOR-US: Intel graphics drivers for Windows
 CVE-2020-12360 (Out of bounds read in the firmware for some Intel(R) Processors may al ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12359 (Insufficient control flow management in the firmware for some Intel(R) ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12358 (Out of bounds write in the firmware for some Intel(R) Processors may a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12357 (Improper initialization in the firmware for some Intel(R) Processors m ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12356 (Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.8 ...)
 	NOT-FOR-US: Intel
 CVE-2020-12355 (Authentication bypass by capture-replay in RPMB protocol message authe ...)
@@ -82831,23 +82831,23 @@ CVE-2020-12298
 CVE-2020-12297 (Improper access control in Installer for Intel(R) CSME Driver for Wind ...)
 	NOT-FOR-US: Intel
 CVE-2020-12296 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12295 (Improper input validation in some Intel(R) Thunderbolt(TM) controllers ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12294 (Insufficient control flow management in some Intel(R) Thunderbolt(TM)  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12293 (Improper control of a resource through its lifetime in some Intel(R) T ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12292 (Improper conditions check in some Intel(R) Thunderbolt(TM) controllers ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12291 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12290 (Improper access control in some Intel(R) Thunderbolt(TM) controllers m ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12289 (Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12288 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) controll ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12287 (Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Too ...)
 	NOT-FOR-US: Intel
 CVE-2019-20791 (OpenThread before 2019-12-13 has a stack-based buffer overflow in Mesh ...)
@@ -93424,15 +93424,15 @@ CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards, Serv
 CVE-2020-8705 (Insecure default initialization of resource in Intel(R) Boot Guard in  ...)
 	NOT-FOR-US: Intel
 CVE-2020-8704 (Race condition in a subsystem in the Intel(R) LMS versions before 2039 ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8703 (Improper buffer restrictions in a subsystem in the Intel(R) CSME versi ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8702 (Uncontrolled search path element in the Intel(R) Processor Diagnostic  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8701 (Incorrect default permissions in installer for the Intel(R) SSD Toolbo ...)
 	NOT-FOR-US: Intel
 CVE-2020-8700 (Improper input validation in the firmware for some Intel(R) Processors ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8699
 	RESERVED
 CVE-2020-8698 (Improper isolation of shared resources in some Intel(R) Processors may ...)
@@ -93507,7 +93507,7 @@ CVE-2020-8672 (Out of bound read in BIOS firmware for 8th, 9th Generation Intel(
 CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...)
 	NOT-FOR-US: Intel
 CVE-2020-8670 (Race condition in the firmware for some Intel(R) Processors may allow  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8669 (Improper input validation in the Intel(R) Data Center Manager Console  ...)
 	NOT-FOR-US: Intel
 CVE-2020-8668



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e696f68787d667762444afde50240352d7ea8ec9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e696f68787d667762444afde50240352d7ea8ec9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210615/08283e01/attachment.htm>

More information about the debian-security-tracker-commits mailing list