[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Aug 28 22:27:10 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b03ca54 by Moritz Muehlenhoff at 2020-08-28T23:26:43+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -597,13 +597,13 @@ CVE-2020-24719
 CVE-2020-24718
 	RESERVED
 CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...)
-	TODO: check
+	NOT-FOR-US: OpenZFS
 CVE-2020-24716 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permiss ...)
-	TODO: check
+	NOT-FOR-US: OpenZFS
 CVE-2020-24715 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation  ...)
-	TODO: check
+	NOT-FOR-US: Scalyr
 CVE-2020-24714 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation  ...)
-	TODO: check
+	NOT-FOR-US: Scalyr
 CVE-2020-24713
 	RESERVED
 CVE-2020-24712
@@ -797,7 +797,7 @@ CVE-2020-24620
 CVE-2020-24619
 	RESERVED
 CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020. ...)
-	TODO: check
+	NOT-FOR-US: JetBrains
 CVE-2020-24617
 	RESERVED
 CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
@@ -2775,7 +2775,7 @@ CVE-2020-23662
 CVE-2020-23661
 	RESERVED
 CVE-2020-23660 (webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." ...)
-	TODO: check
+	NOT-FOR-US: webTareas
 CVE-2020-23659 (WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the " ...)
 	NOT-FOR-US: WebPort
 CVE-2020-23658 (PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infus ...)
@@ -12081,7 +12081,7 @@ CVE-2020-19009
 CVE-2020-19008
 	RESERVED
 CVE-2020-19007 (Halo blog 1.2.0 allows users to submit comments on blog posts via /api ...)
-	TODO: check
+	NOT-FOR-US: Halo blog
 CVE-2020-19006
 	RESERVED
 CVE-2020-19005 (zrlog v2.1.0 has a vulnerability with the permission check. If admin a ...)
@@ -15318,31 +15318,31 @@ CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary
 CVE-2020-17403 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit
 CVE-2020-17402 (This vulnerability allows local attackers to disclose sensitive inform ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17401 (This vulnerability allows local attackers to disclose sensitive inform ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17400 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17399 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17398 (This vulnerability allows local attackers to disclose information on a ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17397 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17396 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17395 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17394 (This vulnerability allows local attackers to disclose sensitive inform ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17393 (This vulnerability allows local attackers to disclose information on a ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17392 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17391 (This vulnerability allows local attackers to disclose information on a ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17390 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels Desktop
 CVE-2020-17389 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Marvell QConvergeConsole
 CVE-2020-17388 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -16926,7 +16926,7 @@ CVE-2020-16612
 CVE-2020-16611
 	RESERVED
 CVE-2020-16610 (Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request ...)
-	TODO: check
+	NOT-FOR-US: Hoosk Codeigniter CMS
 CVE-2020-16609
 	RESERVED
 CVE-2020-16608
@@ -17723,9 +17723,9 @@ CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...)
 CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. ...)
 	NOT-FOR-US: Field Test gem
 CVE-2020-16251 (HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when co ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2020-16250 (HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when co ...)
-	TODO: check
+	NOT-FOR-US: HashiCorp Vault
 CVE-2020-16249
 	RESERVED
 CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /pro ...)
@@ -20348,9 +20348,9 @@ CVE-2020-15167
 CVE-2020-15166
 	RESERVED
 CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Stor ...)
-	TODO: check
+	NOT-FOR-US: Chameleon Mini Live Debugger
 CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any account ...)
-	TODO: check
+	NOT-FOR-US: Scrach Login MediaWiki extension
 CVE-2020-15163
 	RESERVED
 CVE-2020-15162
@@ -20366,7 +20366,7 @@ CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP me
 CVE-2020-15157
 	RESERVED
 CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged in user  ...)
-	TODO: check
+	NOT-FOR-US: nodebb-plugin-blog-comments
 CVE-2020-15155
 	RESERVED
 CVE-2020-15154



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b03ca54554e56a1016f1e58007230fe539c8238

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b03ca54554e56a1016f1e58007230fe539c8238
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200828/5319891d/attachment.html>


More information about the debian-security-tracker-commits mailing list