Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c11df04c by Salvatore Bonaccorso at 2020-02-18T20:52:17+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2015,9 +2015,9 @@ CVE-2020-8131
CVE-2020-8130
RESERVED
CVE-2020-8129 (An unintended require vulnerability in script-manager npm
package vers ...)
- TODO: check
+ NOT-FOR-US: script-manager nodejs module
CVE-2020-8128 (An unintended require and server-side request forgery
vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: jsreport
CVE-2020-8127
RESERVED
CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version
1.7.1, an CG ...)
@@ -2452,7 +2452,7 @@ CVE-2020-7961
CVE-2020-7960
RESERVED
CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the
confidentiality of ...)
- TODO: check
+ NOT-FOR-US: LabVantage LIMS
CVE-2020-7958
RESERVED
CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3
mishandle ...)
@@ -3270,7 +3270,7 @@ CVE-2020-7599
CVE-2020-7598
RESERVED
CVE-2020-7597 (codecov-node npm module before 3.6.5 allows remote attackers to
execut ...)
- TODO: check
+ NOT-FOR-US: codecov-node nodejs module
CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to
execute arb ...)
NOT-FOR-US: Codecov npm module
CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an
infini ...)
@@ -4112,9 +4112,9 @@ CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU
4.2.0, does not prevent
CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user
account ...)
NOT-FOR-US: Umbraco CMS
CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code
execution w ...)
- TODO: check
+ NOT-FOR-US: LinuxKI
CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is
resolved i ...)
- TODO: check
+ NOT-FOR-US: LinuxKI
CVE-2020-7207
RESERVED
CVE-2020-7206
@@ -7731,7 +7731,7 @@ CVE-2020-5532 (ilbo App (ilbo App for Android prior to
version 1.1.8 and ilbo Ap
CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC
Series MI500 ...)
NOT-FOR-US: Mitsubishi
CVE-2020-5530 (Cross-site request forgery (CSRF) vulnerability in Easy
Property Listi ...)
- TODO: check
+ NOT-FOR-US: Easy Property Listings plugin for WordPress
CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution
vulnerabilities. Html ...)
- htmlunit <removed>
NOTE:
https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28
@@ -8400,11 +8400,11 @@ CVE-2020-5243
CVE-2020-5242
RESERVED
CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to
XSS/Script i ...)
- TODO: check
+ NOT-FOR-US: matestack-ui-core Ruby gem
CVE-2020-5240
RESERVED
CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit
a vulne ...)
- TODO: check
+ NOT-FOR-US: Mailu
CVE-2020-5238
RESERVED
CVE-2020-5237 (oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited
to uplo ...)
@@ -18403,7 +18403,7 @@ CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata
Query Service GUI before 0
CVE-2019-19326
RESERVED
CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2
allows ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-19324
RESERVED
CVE-2019-19323
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c11df04cabe288fa54d5bb88e1bb2c680d198571
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c11df04cabe288fa54d5bb88e1bb2c680d198571
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
