[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Tue, 31 Mar 2020 01:45:17 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f11225a1 by Moritz Muehlenhoff at 2020-03-31T10:44:10+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1859,7 +1859,7 @@ CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 
devices allow remote attack
 CVE-2020-10375
        RESERVED
 CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 
to PRTG ...)
-       TODO: check
+       NOT-FOR-US: PRTG Network Monitor
 CVE-2020-10373
        RESERVED
 CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated 
Stored XS ...)
@@ -4829,7 +4829,7 @@ CVE-2020-9057
 CVE-2020-9056
        RESERVED
 CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Versiant LYNX Customer Service Portal
 CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running 
firmware ...)
        NOT-FOR-US: ZyXEL
 CVE-2020-9053
@@ -8187,7 +8187,7 @@ CVE-2020-7613
 CVE-2020-7612
        RESERVED
 CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 
1.2.11 and a ...)
-       TODO: check
+       NOT-FOR-US: io.micronaut:micronaut-http-client
 CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to 
Deserialization of ...)
        TODO: check, might affect node-mongodb embedding bson
 CVE-2020-7609
@@ -8216,7 +8216,7 @@ CVE-2020-7601 (gulp-scss-lint through 1.0.0 allows 
execution of arbitrary comman
 CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object 
properties. The  ...)
        NOT-FOR-US: querymen nodejs module
 CVE-2020-7599 (All versions of com.gradle.plugin-publish before 0.11.0 are 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: com.gradle.plugin-publish
 CVE-2020-7598 (minimist before 1.2.2 could be tricked into adding or modifying 
proper ...)
        - node-minimist 1.2.5-1 (bug #953762)
        [buster] - node-minimist <no-dsa> (Minor issue)
@@ -13445,7 +13445,7 @@ CVE-2020-5291
 CVE-2020-5290
        RESERVED
 CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to 
"guess and  ...)
-       TODO: check
+       NOT-FOR-US: Elide
 CVE-2020-5288
        RESERVED
 CVE-2020-5287
@@ -13455,7 +13455,7 @@ CVE-2020-5286
 CVE-2020-5285
        RESERVED
 CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: next.js
 CVE-2020-5283
        RESERVED
 CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a 
vulnerability in ...)
@@ -17396,9 +17396,9 @@ CVE-2019-19915 (The "301 Redirects - Easy Redirect 
Manager" plugin before 2.45 f
 CVE-2019-19914
        RESERVED
 CVE-2019-19913 (In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS 
via the ...)
-       TODO: check
+       NOT-FOR-US: Intland codeBeamer ALM
 CVE-2019-19912 (In Intland codeBeamer ALM 9.5 and earlier, a cross-site 
scripting (XSS ...)
-       TODO: check
+       NOT-FOR-US: Intland codeBeamer ALM
 CVE-2019-19911 (There is a DoS vulnerability in Pillow before 6.2.2 caused by 
FpxImage ...)
        {DSA-4631-1 DLA-2057-1}
        - pillow 7.0.0-1 (bug #948224)
@@ -21195,9 +21195,9 @@ CVE-2019-19608 (A SQL injection vulnerability in in the 
web conferencing compone
 CVE-2019-19607 (A SQL injection vulnerability in the web conferencing 
component of Mit ...)
        NOT-FOR-US: Mitel
 CVE-2019-19606 (X-Plane 11.41 and earlier has multiple improper path 
validations that  ...)
-       TODO: check
+       NOT-FOR-US: X-Plane
 CVE-2019-19605 (X-Plane 11.41 and earlier allows Arbitrary Memory Write via 
crafted ne ...)
-       TODO: check
+       NOT-FOR-US: X-Plane
 CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 
2.21.x b ...)
        - git 1:2.24.0-2
        [buster] - git 1:2.20.1-2+deb10u1
@@ -31501,9 +31501,11 @@ CVE-2019-17563 (When using FORM authentication with 
Apache Tomcat 9.0.0.M1 to 9.
 CVE-2019-17562
        RESERVED
 CVE-2019-17561 (The "Apache NetBeans" autoupdate system does not fully 
validate code s ...)
-       TODO: check
+       - netbeans <unfixed> (unimportant)
+       NOTE: Debian packages updated via apt
 CVE-2019-17560 (The "Apache NetBeans" autoupdate system does not validate SSL 
certific ...)
-       TODO: check
+       - netbeans <unfixed> (unimportant)
+       NOTE: Debian packages updated via apt
 CVE-2019-17559 (There is a vulnerability in Apache Traffic Server 6.0.0 to 
6.2.3, 7.0. ...)
        - trafficserver 8.0.6+ds-1
        NOTE: 
https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f11225a1fa4a1f6592f759018bc8f9a855b0b35f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f11225a1fa4a1f6592f759018bc8f9a855b0b35f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to