[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a41f9a8 by Moritz Muehlenhoff at 2020-07-14T11:16:07+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,7 +41,7 @@ CVE-2020-15691
 CVE-2020-15690
 	RESERVED
 CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, ...)
-	TODO: check
+	NOT-FOR-US: Appweb
 CVE-2020-15688
 	RESERVED
 CVE-2020-15687
@@ -1334,7 +1334,7 @@ CVE-2020-15107
 CVE-2020-15106
 	RESERVED
 CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...)
-	TODO: check
+	NOT-FOR-US: Django Two-Factor Authentication
 CVE-2020-15104
 	RESERVED
 CVE-2020-15103
@@ -1363,7 +1363,7 @@ CVE-2020-15094
 CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does not pro ...)
 	TODO: check
 CVE-2020-15092 (In TimelineJS before version 3.7.0, some user data renders as HTML. An ...)
-	TODO: check
+	NOT-FOR-US: TimelineJS
 CVE-2020-15091 (TenderMint from version 0.33.0 and before version 0.33.6 allows block  ...)
 	NOT-FOR-US: TenderMint
 CVE-2020-15090
@@ -1447,7 +1447,7 @@ CVE-2020-15052
 CVE-2020-15051
 	RESERVED
 CVE-2020-15050 (An issue was discovered in the Video Extension in Suprema BioStar 2 be ...)
-	TODO: check
+	NOT-FOR-US: Suprema BioStar
 CVE-2020-15049 (An issue was discovered in http/ContentLengthInterpreter.cc in Squid b ...)
 	- squid 4.12-1
 	- squid3 <removed>
@@ -4315,10 +4315,10 @@ CVE-2020-13927
 	RESERVED
 CVE-2020-13926
 	RESERVED
-	NOT-FOR-US: Apache Kylin
+	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2020-13925
 	RESERVED
-	NOT-FOR-US: Apache Kylin
+	NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2020-13924
 	RESERVED
 CVE-2020-13923
@@ -8084,7 +8084,8 @@ CVE-2020-12405 (When browsing a malicious page, a race condition in our SharedWo
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12405
 CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be passed ...)
-	TODO: check
+	- firefox <not-affected> (Specific to iOS)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404
 CVE-2020-12403
 	RESERVED
 CVE-2020-12402 (During RSA key generation, bignum implementations used a variation of  ...)
@@ -10594,7 +10595,7 @@ CVE-2020-11751
 CVE-2020-11750
 	RESERVED
 CVE-2020-11749 (Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2020-11748
 	RESERVED
 CVE-2020-11747
@@ -12860,13 +12861,13 @@ CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows XXE because of validation/R
 CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28 because of the ...)
 	NOT-FOR-US: Accenture Mercury
 CVE-2020-10989 (An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2020-10988 (A hard-coded telnet credential in the tenda_login binary of Tenda AC15 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2020-10987 (The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC190 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2020-10985
 	RESERVED
 CVE-2020-10984



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a41f9a89d3ab2cd6e3db9ddafe655d646c91249

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a41f9a89d3ab2cd6e3db9ddafe655d646c91249
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200714/deae9b74/attachment.html>