[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Sat Apr 4 22:51:03 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
903e9760 by Moritz Muehlenhoff at 2020-04-04T23:50:41+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...)
-	TODO: check
+	NOT-FOR-US: Ivanti Workspace Control
 CVE-2020-11532
 	RESERVED
 CVE-2020-11531
@@ -7,11 +7,11 @@ CVE-2020-11531
 CVE-2020-11530
 	RESERVED
 CVE-2020-11529 (Common/Grav.php in Grav before 1.6.23 has an Open Redirect. ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write)  ...)
 	TODO: check
 CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2020-11526
 	RESERVED
 CVE-2020-11525
@@ -29,7 +29,7 @@ CVE-2020-11520
 CVE-2020-11519
 	RESERVED
 CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticate ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2020-11517
 	RESERVED
 CVE-2020-11516
@@ -7790,7 +7790,7 @@ CVE-2020-8149
 CVE-2020-8148
 	RESERVED
 CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...)
-	TODO: check
+	NOT-FOR-US: Node utils-extend
 CVE-2020-8146 (In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privi ...)
 	NOT-FOR-US: UniFi
 CVE-2020-8145 (The UniFi Video Server (Windows) web interface configuration restore f ...)
@@ -9062,19 +9062,17 @@ CVE-2020-7625 (op-browser through 1.0.6 is vulnerable to Command Injection. It a
 CVE-2020-7624 (effect through 1.0.4 is vulnerable to Command Injection. It allows exe ...)
 	NOT-FOR-US: effect node module
 CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It allows ex ...)
-	TODO: check
+	NOT-FOR-US: Node jscover
 CVE-2020-7622
 	RESERVED
 CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command Injecti ...)
-	TODO: check
+	NOT-FOR-US: Node strong-nginx-controller
 CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It all ...)
-	TODO: check
-CVE-2020-7619 (get-git-data through 1.3.1 is vulnerable to Command Injection. It is p ...)
-	TODO: check
+	NOT-FOR-US: Node pomelo-monitor
 CVE-2020-7618
 	RESERVED
 CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The libr ...)
-	TODO: check
+	NOT-FOR-US: Node ini-parser
 CVE-2020-7616
 	RESERVED
 CVE-2020-7615
@@ -25853,7 +25851,7 @@ CVE-2019-18907
 CVE-2019-18906
 	RESERVED
 CVE-2019-18905 (A Insufficient Verification of Data Authenticity vulnerability in auto ...)
-	TODO: check
+	NOT-FOR-US: autoyast2
 CVE-2019-18904 (A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux ...)
 	NOT-FOR-US: SAP
 CVE-2019-18903 (A Use After Free vulnerability in wicked of SUSE Linux Enterprise Serv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/903e9760c3ac5476ccdfb37a98fc038fa0692c43

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/903e9760c3ac5476ccdfb37a98fc038fa0692c43
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200404/e23c93cb/attachment.html>

More information about the debian-security-tracker-commits mailing list