[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Aug 28 22:27:10 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3b03ca54 by Moritz Muehlenhoff at 2020-08-28T23:26:43+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -597,13 +597,13 @@ CVE-2020-24719
CVE-2020-24718
RESERVED
CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...)
- TODO: check
+ NOT-FOR-US: OpenZFS
CVE-2020-24716 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permiss ...)
- TODO: check
+ NOT-FOR-US: OpenZFS
CVE-2020-24715 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation ...)
- TODO: check
+ NOT-FOR-US: Scalyr
CVE-2020-24714 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation ...)
- TODO: check
+ NOT-FOR-US: Scalyr
CVE-2020-24713
RESERVED
CVE-2020-24712
@@ -797,7 +797,7 @@ CVE-2020-24620
CVE-2020-24619
RESERVED
CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020. ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2020-24617
RESERVED
CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
@@ -2775,7 +2775,7 @@ CVE-2020-23662
CVE-2020-23661
RESERVED
CVE-2020-23660 (webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." ...)
- TODO: check
+ NOT-FOR-US: webTareas
CVE-2020-23659 (WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the " ...)
NOT-FOR-US: WebPort
CVE-2020-23658 (PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infus ...)
@@ -12081,7 +12081,7 @@ CVE-2020-19009
CVE-2020-19008
RESERVED
CVE-2020-19007 (Halo blog 1.2.0 allows users to submit comments on blog posts via /api ...)
- TODO: check
+ NOT-FOR-US: Halo blog
CVE-2020-19006
RESERVED
CVE-2020-19005 (zrlog v2.1.0 has a vulnerability with the permission check. If admin a ...)
@@ -15318,31 +15318,31 @@ CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary
CVE-2020-17403 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit
CVE-2020-17402 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17401 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17400 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17399 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17398 (This vulnerability allows local attackers to disclose information on a ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17397 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17396 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17395 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17394 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17393 (This vulnerability allows local attackers to disclose information on a ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17392 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17391 (This vulnerability allows local attackers to disclose information on a ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17390 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2020-17389 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Marvell QConvergeConsole
CVE-2020-17388 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -16926,7 +16926,7 @@ CVE-2020-16612
CVE-2020-16611
RESERVED
CVE-2020-16610 (Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request ...)
- TODO: check
+ NOT-FOR-US: Hoosk Codeigniter CMS
CVE-2020-16609
RESERVED
CVE-2020-16608
@@ -17723,9 +17723,9 @@ CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...)
CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. ...)
NOT-FOR-US: Field Test gem
CVE-2020-16251 (HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when co ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2020-16250 (HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when co ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2020-16249
RESERVED
CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /pro ...)
@@ -20348,9 +20348,9 @@ CVE-2020-15167
CVE-2020-15166
RESERVED
CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Stor ...)
- TODO: check
+ NOT-FOR-US: Chameleon Mini Live Debugger
CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any account ...)
- TODO: check
+ NOT-FOR-US: Scrach Login MediaWiki extension
CVE-2020-15163
RESERVED
CVE-2020-15162
@@ -20366,7 +20366,7 @@ CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP me
CVE-2020-15157
RESERVED
CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged in user ...)
- TODO: check
+ NOT-FOR-US: nodebb-plugin-blog-comments
CVE-2020-15155
RESERVED
CVE-2020-15154
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b03ca54554e56a1016f1e58007230fe539c8238
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b03ca54554e56a1016f1e58007230fe539c8238
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200828/5319891d/attachment.html>
More information about the debian-security-tracker-commits
mailing list