[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Wed, 06 May 2020 14:08:26 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4fc5e741 by Moritz Muehlenhoff at 2020-05-06T23:07:07+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2020-12671
 CVE-2020-12670
        RESERVED
 CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote 
authentic ...)
-       TODO: check
+       - dolibarr <removed>
 CVE-2020-12668
        RESERVED
 CVE-2020-12667
@@ -3115,7 +3115,7 @@ CVE-2020-11728 (An issue was discovered in DAViCal 
Andrew's Web Libraries (AWL)
        NOTE: https://gitlab.com/davical-project/awl/-/issues/19
        NOTE: 
https://gitlab.com/davical-project/awl/-/commit/c2e808cc2420f8d870ac0a4aa9cc1f2c90562428
 CVE-2020-11727 (A cross-site scripting (XSS) vulnerability in the AlgolPlus 
Advanced O ...)
-       TODO: check
+       NOT-FOR-US: AlgolPlus
 CVE-2020-11726
        RESERVED
 CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. 
ngx_http_lua_sub ...)
@@ -12821,7 +12821,7 @@ CVE-2020-7808
 CVE-2020-7807
        RESERVED
 CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an 
arbitrary cod ...)
-       TODO: check
+       NOT-FOR-US: Tobesoft Xplatform
 CVE-2020-7805
        RESERVED
 CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for 
Windows 7,  ...)
@@ -14930,7 +14930,7 @@ CVE-2020-6863 (ZTE E8820V3 router product is impacted 
by a permission and access
 CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by 
Informati ...)
        NOT-FOR-US: ZTE F6x2W
 CVE-2020-6861 (A flawed protocol design in the Ledger Monero app before 1.5.1 
for Led ...)
-       TODO: check
+       NOT-FOR-US: Ledger Monero app
 CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in 
readDataVar in hd ...)
        - libmysofa 1.0~dfsg0-1 (bug #949325)
        [buster] - libmysofa <no-dsa> (Minor issue)
@@ -16883,7 +16883,7 @@ CVE-2020-6084
 CVE-2020-6083
        RESERVED
 CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the 
ico_rea ...)
-       TODO: check
+       NOT-FOR-US: Accusoft
 CVE-2020-6081
        RESERVED
 CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the 
resource  ...)
@@ -16923,9 +16923,9 @@ CVE-2020-6077 (An exploitable denial-of-service 
vulnerability exists in the mess
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000
        NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 
disables the plugin
 CVE-2020-6076 (An exploitable out-of-bounds write vulnerability exists in the 
igcore1 ...)
-       TODO: check
+       NOT-FOR-US: Accusoft
 CVE-2020-6075 (An exploitable out-of-bounds write vulnerability exists in the 
store_d ...)
-       TODO: check
+       NOT-FOR-US: Accusoft
 CVE-2020-6074
        RESERVED
 CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the 
TXT recor ...)
@@ -20884,7 +20884,7 @@ CVE-2020-4448
 CVE-2020-4447
        RESERVED
 CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business 
Automa ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2020-4445
        RESERVED
 CVE-2020-4444
@@ -20934,7 +20934,7 @@ CVE-2020-4423
 CVE-2020-4422
        RESERVED
 CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 
could allo ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2020-4420
        RESERVED
 CVE-2020-4419
@@ -21008,7 +21008,7 @@ CVE-2020-4386
 CVE-2020-4385
        RESERVED
 CVE-2020-4384 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2020-4383
        RESERVED
 CVE-2020-4382
@@ -37005,7 +37005,7 @@ CVE-2019-17558 (Apache Solr 5.0.0 to Apache Solr 8.3.1 
are vulnerable to a Remot
        NOTE: https://issues.apache.org/jira/browse/SOLR-14025
        TODO: check, whilst the advisory claims 5.0.0 upwards only the 
SolrParamResourceLoader might be of issue already earlier?
 CVE-2019-17557 (It was found that the Apache Syncope EndUser UI login page 
prio to 2.0 ...)
-       TODO: check
+       NOT-FOR-US: Apache Syncope
 CVE-2019-17556 (Apache Olingo versions 4.0.0 to 4.6.0 provide the 
AbstractService clas ...)
        NOT-FOR-US: Olingo
 CVE-2019-17555 (The AsyncResponseWrapperImpl class in Apache Olingo versions 
4.0.0 to  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fc5e741ee16ae1d892a460dbe77db20c0a72fae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4fc5e741ee16ae1d892a460dbe77db20c0a72fae
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to