[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Dec 21 11:47:57 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
253abc13 by Moritz Muehlenhoff at 2020-12-21T12:47:39+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2020-35581
 CVE-2020-35580
 	RESERVED
 CVE-2020-35579 (tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%& ...)
-	TODO: check
+	NOT-FOR-US: tindy2013
 CVE-2020-35578
 	RESERVED
 CVE-2020-35577
@@ -5569,7 +5569,7 @@ CVE-2020-29449
 CVE-2020-29448
 	RESERVED
 CVE-2020-29447 (Affected versions of Atlassian Crucible allow remote attackers to impa ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-29446
 	RESERVED
 CVE-2020-29445
@@ -8855,9 +8855,9 @@ CVE-2020-28459
 CVE-2020-28458 (All versions of package datatables.net are vulnerable to Prototype Pol ...)
 	NOT-FOR-US: Node datatables.net
 CVE-2020-28457 (This affects the package s-cart/core before 4.4. The search functional ...)
-	TODO: check
+	NOT-FOR-US: s-cart/core
 CVE-2020-28456 (The package s-cart/core before 4.4 are vulnerable to Cross-site Script ...)
-	TODO: check
+	NOT-FOR-US: s-cart/core
 CVE-2020-28455
 	RESERVED
 CVE-2020-28454
@@ -8885,7 +8885,7 @@ CVE-2020-28444
 CVE-2020-28443
 	RESERVED
 CVE-2020-28442 (All versions of package js-data are vulnerable to Prototype Pollution  ...)
-	TODO: check
+	NOT-FOR-US: Node js-data
 CVE-2020-28441
 	RESERVED
 CVE-2020-28440 (All versions of package corenlp-js-interface are vulnerable to Command ...)
@@ -12483,7 +12483,7 @@ CVE-2020-27689 (The Relish (Verve Connect) VH510 device with firmware before 1.0
 CVE-2020-27688 (RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt ...)
 	NOT-FOR-US: RVTools
 CVE-2020-27687 (ThingsBoard before v3.2 is vulnerable to Host header injection in pass ...)
-	TODO: check
+	NOT-FOR-US: ThingsBoard
 CVE-2020-27686
 	RESERVED
 CVE-2020-27685
@@ -16009,7 +16009,7 @@ CVE-2020-26282
 CVE-2020-26281
 	RESERVED
 CVE-2020-26280 (OpenSlides is a free, Web-based presentation and assembly system for m ...)
-	TODO: check
+	NOT-FOR-US: OpenSlides
 CVE-2020-26279
 	RESERVED
 CVE-2020-26278
@@ -16017,7 +16017,7 @@ CVE-2020-26278
 CVE-2020-26277
 	RESERVED
 CVE-2020-26276 (Fleet is an open source osquery manager. In Fleet before version 3.5.1 ...)
-	TODO: check
+	NOT-FOR-US: Fleet (osquery frontend)
 CVE-2020-26275
 	RESERVED
 CVE-2020-26274 (In systeminformation (npm package) before version 4.31.1 there is a co ...)
@@ -16970,6 +16970,7 @@ CVE-2020-25861
 CVE-2020-25860
 	RESERVED
 	- rauc 1.5-1
+	NOTE: https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv
 CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to ve ...)
 	NOT-FOR-US: Qualcomm QCMAP
 CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/253abc13a44aa8c0ef7c96d379bbd445d2ef6b56

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/253abc13a44aa8c0ef7c96d379bbd445d2ef6b56
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201221/cfa05f79/attachment.html>

More information about the debian-security-tracker-commits mailing list