[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Mon, 23 Mar 2020 14:13:08 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f842d3b4 by Moritz Muehlenhoff at 2020-03-23T22:12:12+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7602,19 +7602,19 @@ CVE-2020-7608 (yargs-parser could be tricked into 
adding or modifying properties
        NOTE: 
https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
        NOTE: https://gist.github.com/Kirill89/dcd8100d010896157a36624119439832
 CVE-2020-7607 (gulp-styledocco through 0.0.3 allows execution of arbitrary 
commands.  ...)
-       TODO: check
+       NOT-FOR-US: Node gulp-styledocco
 CVE-2020-7606 (docker-compose-remote-api through 0.1.4 allows execution of 
arbitrary  ...)
-       TODO: check
+       NOT-FOR-US: Node docker-compose-remote-api
 CVE-2020-7605 (gulp-tape through 1.0.0 allows execution of arbitrary commands. 
It is  ...)
-       TODO: check
+       NOT-FOR-US: Node gulp-tape
 CVE-2020-7604 (pulverizr through 0.7.0 allows execution of arbitrary commands. 
Within ...)
-       TODO: check
+       NOT-FOR-US: Node pulverizr
 CVE-2020-7603 (closure-compiler-stream through 0.1.15 allows execution of 
arbitrary c ...)
-       TODO: check
+       NOT-FOR-US: closure-compiler-stream
 CVE-2020-7602 (node-prompt-here through 1.0.1 allows execution of arbitrary 
commands. ...)
-       TODO: check
+       NOT-FOR-US: Node node-prompt-here
 CVE-2020-7601 (gulp-scss-lint through 1.0.0 allows execution of arbitrary 
commands. I ...)
-       TODO: check
+       NOT-FOR-US: Node gulp-scss-lint
 CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object 
properties. The  ...)
        NOT-FOR-US: querymen nodejs module
 CVE-2020-7599
@@ -7873,11 +7873,11 @@ CVE-2020-7478
 CVE-2020-7477
        RESERVED
 CVE-2020-7476 (A CWE-426: Untrusted Search Path vulnerability exists in ZigBee 
Instal ...)
-       TODO: check
+       NOT-FOR-US: ZigBee Installation Kit
 CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output 
Used b ...)
-       TODO: check
+       NOT-FOR-US: EcoStruxure Control Expert
 CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability 
exists in Pr ...)
-       TODO: check
+       NOT-FOR-US: ProSoft Configurator
 CVE-2020-7473
        RESERVED
 CVE-2020-7472
@@ -9831,7 +9831,7 @@ CVE-2020-6652
 CVE-2020-6651
        RESERVED
 CVE-2020-6650 (UPS companion software v1.05 &amp; Prior is affected by 
&#8216;Eval In ...)
-       TODO: check
+       NOT-FOR-US: UPS companion software
 CVE-2020-6649
        RESERVED
 CVE-2020-6648
@@ -16555,7 +16555,7 @@ CVE-2019-19965 (In the Linux kernel through 5.4.6, 
there is a NULL pointer deref
        [stretch] - linux 4.9.210-1
        NOTE: 
https://git.kernel.org/linus/f70267f379b5e5e11bdc5d72a56bf17e5feed01f
 CVE-2019-19964 (On NETGEAR GS728TPS devices through 5.3.0.35, a remote 
attacker having ...)
-       TODO: check
+       NOT-FOR-US: NETGEAR
 CVE-2019-19963 (An issue was discovered in wolfSSL before 4.3.0 in a 
non-default confi ...)
        - wolfssl 4.3.0+dfsg-1
        NOTE: 
https://github.com/wolfSSL/wolfssl/commit/7e391f0fd57f2ef375b1174d752a56ce34b2b190
 (v4.3.0-stable)
@@ -20561,7 +20561,7 @@ CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape 
certain Git information,
 CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in 
the Xtivia ...)
        NOT-FOR-US: Microsoft Dynamics NAV
 CVE-2019-19615 (Multiple XSS vulnerabilities exist in the Backup &amp; Restore 
module  ...)
-       TODO: check
+       NOT-FOR-US: FreePBX
 CVE-2019-19614 (An issue was discovered in Halvotec RAQuest 10.23.10801.0. The 
login p ...)
        NOT-FOR-US: Halvotec RAQuest
 CVE-2019-19613 (** DISPUTED ** An issue was discovered in Halvotec RaQuest 
10.23.10801 ...)
@@ -23953,7 +23953,7 @@ CVE-2019-19035 (jhead 3.03 is affected by: heap-based 
buffer over-read. The impa
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765647
        NOTE: Crash in CLI tool, no security impact
 CVE-2019-19034 (Zoho ManageEngine Asset Explorer 6.5 does not validate the 
System Cent ...)
-       TODO: check
+       NOT-FOR-US: Zoho
 CVE-2019-19033 (Jalios JCMS 10 allows attackers to access any part of the 
website and  ...)
        NOT-FOR-US: Jalios JCMS
 CVE-2019-19032 (XMLBlueprint through 16.191112 is affected by XML External 
Entity Inje ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f842d3b4bf3a5a67c2153c12ba00fb0aa59fc7c7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f842d3b4bf3a5a67c2153c12ba00fb0aa59fc7c7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to