[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Sat, 23 May 2020 14:12:30 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2a9862d0 by Moritz Muehlenhoff at 2020-05-23T23:10:59+02:00
NFUs
amarok non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger 
the Beep  ...)
-       TODO: check
+       NOT-FOR-US: TrackR
 CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows 
Authenticated Lo ...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2020-13423
        RESERVED
 CVE-2020-13422
@@ -79,7 +79,7 @@ CVE-2020-13390 (An issue was discovered on Tenda AC6 V1.0 
V15.03.05.19_multi_TD0
 CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 
V15.03.05.19_multi_TD01, AC9 ...)
        NOT-FOR-US: Tenda devices
 CVE-2020-13388 (An exploitable vulnerability exists in the 
configuration-loading funct ...)
-       TODO: check
+       NOT-FOR-US: jw.util
 CVE-2020-13387
        RESERVED
 CVE-2020-13386
@@ -351,7 +351,7 @@ CVE-2020-13260
 CVE-2020-13259
        RESERVED
 CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, 
as demo ...)
-       TODO: check
+       NOT-FOR-US: Contentful
 CVE-2020-13257
        RESERVED
 CVE-2020-13256
@@ -387,7 +387,7 @@ CVE-2020-13243
 CVE-2020-13242
        RESERVED
 CVE-2020-13241 (Microweber 1.1.18 allows Unrestricted File Upload because 
admin/view:m ...)
-       TODO: check
+       NOT-FOR-US: Microweber
 CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the 
'Setup doc ...)
        - dolibarr <removed>
 CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded 
.html file ...)
@@ -538,7 +538,7 @@ CVE-2020-13169
 CVE-2020-13168
        RESERVED
 CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code 
execution  ...)
-       TODO: check
+       NOT-FOR-US: Netsweeper
 CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote 
attackers to ex ...)
        NOT-FOR-US: MyLittleAdmin
 CVE-2020-13165
@@ -552,7 +552,7 @@ CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 
3.0.10, and 2.6.0 to 2.6.1
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a
        NOTE: https://www.wireshark.org/security/wnpa-sec-2020-08.html
 CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way 
that allo ...)
-       TODO: check
+       NOT-FOR-US: em-imap
 CVE-2020-13162
        RESERVED
 CVE-2020-13161
@@ -574,7 +574,8 @@ CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 
build 11112 allows lo
 CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 
has XSS ...)
        NOT-FOR-US: MISP
 CVE-2020-13152 (A remote user can create a specially crafted M3U file, media 
playlist  ...)
-       TODO: check
+       - amarok <removed>
+       NOTE: Elevated resource usage in client application, no security impact
 CVE-2020-13151
        RESERVED
 CVE-2020-13150
@@ -1755,7 +1756,7 @@ CVE-2020-12649 (Gurbalib through 2020-04-30 allows 
lib/cmds/player/help.c direct
 CVE-2020-12648
        RESERVED
 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 
59.1a.9, and 6 ...)
-       TODO: check
+       NOT-FOR-US: Unisys ALGOL Compiler
 CVE-2020-12646
        RESERVED
 CVE-2020-12645
@@ -4684,7 +4685,7 @@ CVE-2019-20638 (NETGEAR MR1100 devices before 12.06.08.00 
are affected by disclo
 CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak 
issue. I ...)
        NOT-FOR-US: itsio
 CVE-2020-11766 (sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX 
Enterprise Web I ...)
-       TODO: check
+       NOT-FOR-US: iFAX AvantFAX
 CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an 
off-by-on ...)
        [experimental] - openexr 2.5.0-1
        - openexr <unfixed> (bug #959444)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a9862d0de40c1af252bf3209133e2e1c589a6f5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a9862d0de40c1af252bf3209133e2e1c589a6f5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to