new snmptt issue

new linux issue NFUs
author: Moritz Muehlenhoff <jmm@debian.org> 2020-08-20 20:35:44 +0200
committer: Moritz Muehlenhoff <jmm@debian.org> 2020-08-20 20:35:44 +0200
commit: 9a3b31c1801415245f914b0ae961d2a8fed74ebb (patch)
tree: 17471127a8878637641da2780b58e4eef2edd538
parent: 9a375d6190562440e236a75ca90bfaf9d2a7da0f (diff)
2 files changed, 105 insertions, 106 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 6dfe0c86bc..fd09fbd078 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,5 +1,5 @@
 CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...)
 	NOT-FOR-US: Mattermost
 CVE-2016-11083 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index fc8870f2e5..4593419bb0 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -311,7 +311,8 @@ CVE-2020-24396
 CVE-2020-24395
 	RESERVED
 CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) ca ...)
-	TODO: check
+	- linux <unfixed>
+	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832
 CVE-2020-24393
 	RESERVED
 CVE-2020-24392
@@ -337,7 +338,7 @@ CVE-2020-24383
 CVE-2020-24382
 	RESERVED
 CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) through 3.9 ...)
-	TODO: check
+	NOT-FOR-US: GUnet Open eClass Platform
 CVE-2020-24380
 	RESERVED
 CVE-2020-24379
@@ -377,7 +378,7 @@ CVE-2020-24363
 CVE-2020-24362
 	RESERVED
 CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, P ...)
-	TODO: check
+	- snmptt 1.4.2-1
 CVE-2020-24360
 	RESERVED
 CVE-2020-24359
@@ -671,7 +672,7 @@ CVE-2020-24222
 CVE-2020-24221
 	RESERVED
 CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...)
-	TODO: check
+	NOT-FOR-US: ShopXO
 CVE-2020-24219
 	RESERVED
 CVE-2020-24218
@@ -695,7 +696,7 @@ CVE-2020-24210
 CVE-2020-24209
 	RESERVED
 CVE-2020-24208 (A SQL injection vulnerability in SourceCodester Online Shopping Alphaw ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2020-24207
 	RESERVED
 CVE-2020-24206
@@ -1047,7 +1048,7 @@ CVE-2020-24034
 CVE-2020-24033
 	RESERVED
 CVE-2020-24032 (tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cm ...)
-	TODO: check
+	NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD
 CVE-2020-24031
 	RESERVED
 CVE-2020-24030
@@ -1243,7 +1244,7 @@ CVE-2020-23936
 CVE-2020-23935
 	RESERVED
 CVE-2020-23934 (An issue was discovered in RiteCMS 2.2.1. An authenticated user can di ...)
-	TODO: check
+	NOT-FOR-US: RiteCMS
 CVE-2020-23933
 	REJECTED
 CVE-2020-23932
@@ -1963,7 +1964,7 @@ CVE-2020-23576
 CVE-2020-23575
 	RESERVED
 CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...)
-	TODO: check
+	NOT-FOR-US: Sysax Multi Server
 CVE-2020-23573
 	RESERVED
 CVE-2020-23572
@@ -14218,7 +14219,7 @@ CVE-2020-17458
 CVE-2020-17457
 	RESERVED
 CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...)
-	TODO: check
+	NOT-FOR-US: SEOWON INTECH
 CVE-2020-17455
 	RESERVED
 CVE-2020-17454
@@ -16696,11 +16697,11 @@ CVE-2020-16256
 CVE-2020-16255
 	RESERVED
 CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...)
-	TODO: check
+	NOT-FOR-US: Chartkick gem
 CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...)
 	- ruby-pghero <itp> (bug #882288)
 CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. ...)
-	TODO: check
+	NOT-FOR-US: Field Test gem
 CVE-2020-16251
 	RESERVED
 CVE-2020-16250
@@ -17406,7 +17407,7 @@ CVE-2020-15928
 CVE-2020-15927
 	RESERVED
 CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...)
 	NOT-FOR-US: Loway QueueMetrics
 CVE-2020-15924 (There is a SQL Injection in Mida eFramework through 2.9.0 that leads t ...)
@@ -17561,7 +17562,7 @@ CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the m
 	NOTE: https://github.com/mruby/mruby/issues/5042
 	NOTE: https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b
 CVE-2020-15865 (A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Re ...)
-	TODO: check
+	NOT-FOR-US: Stimulsoft
 CVE-2020-15864
 	RESERVED
 CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...)
@@ -18136,15 +18137,15 @@ CVE-2020-15640
 CVE-2020-15639
 	RESERVED
 CVE-2020-15638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-15637 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-15636 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-15635 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-15634 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2020-15633 (This vulnerability allows network-adjacent attackers to bypass authent ...)
 	NOT-FOR-US: D-Link
 CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass authent ...)
@@ -18152,9 +18153,9 @@ CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass a
 CVE-2020-15631 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
 	NOT-FOR-US: D-Link
 CVE-2020-15630 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-15629 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-15628 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	NOT-FOR-US: CentOS-WebPanel.com
 CVE-2020-15627 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -18387,9 +18388,9 @@ CVE-2020-15534
 CVE-2020-15533
 	RESERVED
 CVE-2020-15532 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...)
-	TODO: check
+	NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK
 CVE-2020-15531 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...)
-	TODO: check
+	NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK
 CVE-2020-15530 (An issue was discovered in Valve Steam Client 2.10.91.91. The installe ...)
 	- steam <not-affected> (Steam on Windows)
 CVE-2020-15529 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation  ...)
@@ -19213,23 +19214,23 @@ CVE-2020-15153
 CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Req ...)
 	TODO: check
 CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...)
-	TODO: check
+	NOT-FOR-US: OpenMage
 CVE-2020-15150
 	RESERVED
 CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...)
-	TODO: check
+	NOT-FOR-US: NodeBB
 CVE-2020-15148
 	RESERVED
 CVE-2020-15147
 	RESERVED
 CVE-2020-15146 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...)
-	TODO: check
+	NOT-FOR-US: SyliusResourceBundle
 CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...)
 	NOT-FOR-US: Composer-Setup for Windows
 CVE-2020-15144
 	RESERVED
 CVE-2020-15143 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...)
-	TODO: check
+	NOT-FOR-US: SyliusResourceBundle
 CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with  ...)
 	TODO: check
 CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...)
@@ -19243,11 +19244,11 @@ CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview
 	NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9
 	NOTE: https://github.com/PrismJS/prism/commit/8bba4880202ef6bd7a1e379fe9aebe69dd75f7be
 CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...)
-	TODO: check
+	NOT-FOR-US: HoRNDIS
 CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication  ...)
 	TODO: check
 CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...)
-	TODO: check
+	NOT-FOR-US: Node save-server
 CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...)
 	- ruby-faye <unfixed> (bug #967063)
 	[buster] - ruby-faye <no-dsa> (Minor issue)
@@ -19261,7 +19262,7 @@ CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of cert
 	NOTE: https://github.com/faye/faye-websocket-ruby/pull/129
 	NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/
 CVE-2020-15132 (In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget pa ...)
-	TODO: check
+	NOT-FOR-US: Sulu
 CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...)
 	NOT-FOR-US: Node slp-validate
 CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...)
@@ -19271,7 +19272,7 @@ CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there e
 CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...)
 	NOT-FOR-US: October CMS
 CVE-2020-15127 (In Contour ( Ingress controller for Kubernetes) before version 1.7.0,  ...)
-	TODO: check
+	NOT-FOR-US: Countour
 CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...)
 	NOT-FOR-US: Node parser-server
 CVE-2020-15125 (In auth0 (npm package) versions before 2.27.1, a DenyList of specific  ...)
@@ -19314,7 +19315,7 @@ CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.
 CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able  ...)
 	NOT-FOR-US: jupyterhub-kubespawner
 CVE-2020-15109 (In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bilit ...)
-	TODO: check
+	NOT-FOR-US: solidus
 CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of "Clon ...)
 	- glpi <removed> (unimportant)
 	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v
@@ -19711,13 +19712,13 @@ CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assu
 	NOTE: https://bugs.freedroid.org/b/issue952
 	NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html
 CVE-2020-14937 (Memory access out of buffer boundaries issues was discovered in Contik ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2020-14936 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2020-14935 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2020-14934 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...)
-	TODO: check
+	NOT-FOR-US: Contiki-NG
 CVE-2020-14933 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachme ...)
 	- squirrelmail <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1
@@ -23865,7 +23866,7 @@ CVE-2020-13185
 CVE-2020-13184
 	RESERVED
 CVE-2020-13183 (Reflected Cross Site Scripting in Teradici PCoIP Management Console pr ...)
-	TODO: check
+	NOT-FOR-US: Teradici
 CVE-2020-13182
 	RESERVED
 CVE-2020-13181
@@ -23939,7 +23940,7 @@ CVE-2020-13152 (A remote user can create a specially crafted M3U file, media pla
 	- amarok <removed> (unimportant)
 	NOTE: Elevated resource usage in client application, no security impact
 CVE-2020-13151 (Aerospike Community Edition 4.9.0.5 allows for unauthenticated submiss ...)
-	TODO: check
+	NOT-FOR-US: Aerospike
 CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 secon ...)
 	NOT-FOR-US: D-link
 CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...)
@@ -24002,7 +24003,7 @@ CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerabil
 CVE-2020-13123
 	RESERVED
 CVE-2020-13122 (The novish command-line interface, included in NoviFlow NoviWare befor ...)
-	TODO: check
+	NOT-FOR-US: Noviflow
 CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...)
 	NOT-FOR-US: Submitty
 CVE-2020-13120
@@ -25288,7 +25289,7 @@ CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management
 CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...)
 	NOT-FOR-US: fastecdsa
 CVE-2020-12606 (An issue was discovered in DB Soft SGLAC before 20.05.001. The Procedi ...)
-	TODO: check
+	NOT-FOR-US: DB Soft
 CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive  ...)
 	NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
 CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...)
@@ -25540,7 +25541,7 @@ CVE-2020-12482
 CVE-2020-12481
 	RESERVED
 CVE-2020-12480 (In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed ...)
-	TODO: check
+	NOT-FOR-US: Play Framework
 CVE-2020-12479 (TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a ...)
 	- teampass <itp> (bug #730180)
 CVE-2020-12478 (TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve file ...)
@@ -26081,7 +26082,7 @@ CVE-2020-12289
 CVE-2020-12288
 	RESERVED
 CVE-2020-12287 (Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Too ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2020-12285
@@ -27150,7 +27151,7 @@ CVE-2020-11850
 CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...)
 	NOT-FOR-US: Micro Focus
 CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Management Cen ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus
 CVE-2020-11847
 	RESERVED
 CVE-2020-11846
@@ -27450,7 +27451,7 @@ CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allo
 CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...)
 	NOT-FOR-US: CyberSolutions CyberMail
 CVE-2020-11733 (An issue was discovered on Spirent TestCenter and Avalanche appliance  ...)
-	TODO: check
+	NOT-FOR-US: Spirent
 CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...)
 	NOT-FOR-US: Media Library Assistant plugin for WordPress
 CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...)
@@ -31738,7 +31739,7 @@ CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to
 CVE-2020-10056
 	RESERVED
 CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...)
-	TODO: check
+	NOT-FOR-US: Desigo
 CVE-2020-10054
 	RESERVED
 CVE-2020-10053
@@ -32338,7 +32339,7 @@ CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. T
 CVE-2020-9768 (A use after free issue was addressed with improved memory management.  ...)
 	NOT-FOR-US: Apple
 CVE-2020-9767 (A vulnerability related to Dynamic-link Library (&#8220;DLL&#8221;) lo ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...)
@@ -32495,69 +32496,69 @@ CVE-2020-9726
 CVE-2020-9725
 	RESERVED
 CVE-2020-9724 (Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9723 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9722 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9721 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9720 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9719 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9718 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9717 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9716 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9715 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9714 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9713
 	RESERVED
 CVE-2020-9712 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9711
 	RESERVED
 CVE-2020-9710 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9709
 	RESERVED
 CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9707 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9706 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9705 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9704 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9703 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9702 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9701 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9700 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9699 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9698 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9697 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9696 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9695
 	RESERVED
 CVE-2020-9694 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9693 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2020-9692 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
 	NOT-FOR-US: Magento
 CVE-2020-9691 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
@@ -33194,7 +33195,7 @@ CVE-2020-9417
 CVE-2020-9416
 	RESERVED
 CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO Software Inc.' ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...)
 	NOT-FOR-US: TIBCO
 CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...)
@@ -33625,9 +33626,9 @@ CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R
 CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9242 (FusionCompute 8.0.0 have a command injection vulnerability. The softwa ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9241 (Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00), ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9240
 	RESERVED
 CVE-2020-9239
@@ -33635,7 +33636,7 @@ CVE-2020-9239
 CVE-2020-9238
 	RESERVED
 CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9236
 	RESERVED
 CVE-2020-9235
@@ -33643,7 +33644,7 @@ CVE-2020-9235
 CVE-2020-9234
 	RESERVED
 CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9232
 	RESERVED
 CVE-2020-9231
@@ -33651,9 +33652,9 @@ CVE-2020-9231
 CVE-2020-9230
 	RESERVED
 CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166  ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...)
@@ -33903,7 +33904,7 @@ CVE-2020-9105
 CVE-2020-9104
 	RESERVED
 CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...)
@@ -33951,9 +33952,9 @@ CVE-2020-9081
 CVE-2020-9080
 	RESERVED
 CVE-2020-9079 (FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulne ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9078 (FusionCompute 8.0.0 have local privilege escalation vulnerability. A l ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2020-9077 (HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9076 (HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier ...)
@@ -34037,7 +34038,7 @@ CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
 CVE-2020-9037
 	RESERVED
 CVE-2020-9036 (Jeedom through 4.0.38 allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: Jeedom
 CVE-2020-9035
 	RESERVED
 CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalati ...)
@@ -34395,9 +34396,9 @@ CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive i
 CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...)
 	NOT-FOR-US: Parallels
 CVE-2020-8870 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-8869 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit
 CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Quest Foglight Evolve
 CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...)
@@ -34663,7 +34664,7 @@ CVE-2020-8765
 CVE-2020-8764
 	RESERVED
 CVE-2020-8763 (Improper permissions in the installer for the Intel(R) RealSense(TM) D ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8762
 	RESERVED
 CVE-2020-8761
@@ -34671,7 +34672,7 @@ CVE-2020-8761
 CVE-2020-8760
 	RESERVED
 CVE-2020-8759 (Improper access control in the installer for Intel(R) SSD DCT versions ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8758
 	RESERVED
 CVE-2020-8757
@@ -34703,10 +34704,9 @@ CVE-2020-8745
 CVE-2020-8744
 	RESERVED
 CVE-2020-8743 (Improper permissions in the installer for the Intel(R) Mailbox Interfa ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8742 (Improper input validation in the firmware for Intel(R) NUCs may allow  ...)
 	NOT-FOR-US: Intel
-	TODO: check
 CVE-2020-8741
 	RESERVED
 CVE-2020-8740
@@ -34718,7 +34718,7 @@ CVE-2020-8738
 CVE-2020-8737
 	RESERVED
 CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing Improv ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8735
 	RESERVED
 CVE-2020-8734
@@ -34779,7 +34779,7 @@ CVE-2020-8708 (Improper authentication for some Intel(R) Server Boards, Server S
 CVE-2020-8707 (Buffer overflow in daemon for some Intel(R) Server Boards, Server Syst ...)
 	NOT-FOR-US: Intel
 CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards, Server Sy ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8705
 	RESERVED
 CVE-2020-8704
@@ -34816,16 +34816,15 @@ CVE-2020-8689 (Improper buffer restrictions in the Intel(R) Wireless for Open So
 	- iwd 1.5-1
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00379.html
 CVE-2020-8688 (Improper input validation in the Intel(R) RAID Web Console 3 for Windo ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8687 (Uncontrolled search path in the installer for Intel(R) RSTe Software R ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8686
 	RESERVED
 CVE-2020-8685 (Improper authentication in subsystem for Intel (R) LED Manager for NUC ...)
 	NOT-FOR-US: Intel
-	TODO: check
 CVE-2020-8684 (Improper access control in firmware for Intel(R) PAC with Arria(R) 10  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2020-8683 (Improper buffer restrictions in system driver for some Intel(R) Graphi ...)
 	TODO: check
 CVE-2020-8682 (Out of bounds read in system driver for some Intel(R) Graphics Drivers ...)
@@ -35840,9 +35839,9 @@ CVE-2020-8235
 CVE-2020-8234
 	RESERVED
 CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware &lt;v1 ...)
-	TODO: check
+	NOT-FOR-US: Edgeswitch
 CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...)
-	TODO: check
+	NOT-FOR-US: Edgeswitch
 CVE-2020-8231
 	RESERVED
 CVE-2020-8230 (A memory corruption vulnerability exists in NextCloud Desktop Client v ...)
@@ -35882,15 +35881,15 @@ CVE-2020-8214 (A path traversal vulnerability in servey version &lt; 3 allows an
 CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect before v ...)
 	NOT-FOR-US: UniFi Protect
 CVE-2020-8212 (Improper access control in Citrix XenMobile Server 10.12 before RP3, C ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2020-8211 (Improper input validation in Citrix XenMobile Server 10.12 before RP3, ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2020-8210 (Insufficient protection of secrets in Citrix XenMobile Server 10.12 be ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2020-8209 (Improper access control in Citrix XenMobile Server 10.12 before RP2, C ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2020-8208 (Improper input validation in Citrix XenMobile Server 10.12 before RP1, ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2020-8207 (Improper access control in Citrix Workspace app for Windows 1912 CU1 a ...)
 	NOT-FOR-US: Citrix
 CVE-2020-8206 (An improper authentication vulnerability exists in Pulse Connect Secur ...)
@@ -37328,7 +37327,7 @@ CVE-2020-7585 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and ear
 CVE-2020-7584 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU family ...)
 	NOT-FOR-US: Siemens
 CVE-2020-7583 (A vulnerability has been identified in Automation License Manager 5 (A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2020-7582
 	RESERVED
 CVE-2020-7581 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...)
@@ -37756,7 +37755,7 @@ CVE-2020-7376
 CVE-2020-7375
 	RESERVED
 CVE-2020-7374 (Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scan ...)
-	TODO: check
+	NOT-FOR-US: Documalis Free PDF Editor
 CVE-2020-7373
 	RESERVED
 CVE-2020-7372
author	Moritz Muehlenhoff <jmm@debian.org>	2020-08-20 20:35:44 +0200
committer	Moritz Muehlenhoff <jmm@debian.org>	2020-08-20 20:35:44 +0200
commit	9a3b31c1801415245f914b0ae961d2a8fed74ebb (patch)
tree	17471127a8878637641da2780b58e4eef2edd538
parent	9a375d6190562440e236a75ca90bfaf9d2a7da0f (diff)