[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Mar 23 21:03:59 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
45d58da2 by Moritz Muehlenhoff at 2020-03-23T22:03:41+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4694,17 +4694,17 @@ CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary c
CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: Foxit Studio Photo
CVE-2020-8876 (This vulnerability allows local attackers to disclose information on a ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2020-8875 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2020-8874 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2020-8873 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels
CVE-2020-8870
RESERVED
CVE-2020-8869
@@ -6326,11 +6326,11 @@ CVE-2020-8139 (A missing access control check in Nextcloud Server < 18.0.1, &
CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server < 1 ...)
- nextcloud-server <itp> (bug #941708)
CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may result in ...)
- TODO: check
+ NOT-FOR-US: Node blamer
CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5 allo ...)
- TODO: check
+ NOT-FOR-US: Node fastify-multipart
CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request ...)
- TODO: check
+ NOT-FOR-US: Node uppy
CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...)
NOT-FOR-US: Ghost CMS
CVE-2020-8133
@@ -6846,7 +6846,7 @@ CVE-2020-7937 (An XSS issue in the title field in Plone 5.0 through 5.2.1 allows
CVE-2020-7936 (An open redirect on the login form (and possibly other places) in Plon ...)
NOT-FOR-US: Plone
CVE-2020-7935 (Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execu ...)
- TODO: check
+ NOT-FOR-US: Artica Pandora FMS
CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, ...)
NOT-FOR-US: LifeRay Portal
CVE-2020-7933
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45d58da2cda506d3547ba175d08d1e71db136d0e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45d58da2cda506d3547ba175d08d1e71db136d0e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200323/b26cfabf/attachment.html>
More information about the debian-security-tracker-commits
mailing list