[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Mar 23 21:03:59 GMT 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45d58da2 by Moritz Muehlenhoff at 2020-03-23T22:03:41+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4694,17 +4694,17 @@ CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary c
 CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	NOT-FOR-US: Foxit Studio Photo
 CVE-2020-8876 (This vulnerability allows local attackers to disclose information on a ...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2020-8875 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2020-8874 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2020-8873 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive inform ...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: Parallels
 CVE-2020-8870
 	RESERVED
 CVE-2020-8869
@@ -6326,11 +6326,11 @@ CVE-2020-8139 (A missing access control check in Nextcloud Server < 18.0.1, &
 CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server < 1 ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may result in ...)
-	TODO: check
+	NOT-FOR-US: Node blamer
 CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5 allo ...)
-	TODO: check
+	NOT-FOR-US: Node fastify-multipart
 CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request ...)
-	TODO: check
+	NOT-FOR-US: Node uppy
 CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...)
 	NOT-FOR-US: Ghost CMS
 CVE-2020-8133
@@ -6846,7 +6846,7 @@ CVE-2020-7937 (An XSS issue in the title field in Plone 5.0 through 5.2.1 allows
 CVE-2020-7936 (An open redirect on the login form (and possibly other places) in Plon ...)
 	NOT-FOR-US: Plone
 CVE-2020-7935 (Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execu ...)
-	TODO: check
+	NOT-FOR-US: Artica Pandora FMS
 CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, ...)
 	NOT-FOR-US: LifeRay Portal
 CVE-2020-7933



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45d58da2cda506d3547ba175d08d1e71db136d0e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45d58da2cda506d3547ba175d08d1e71db136d0e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200323/b26cfabf/attachment.html>


More information about the debian-security-tracker-commits mailing list