[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Mar 23 21:12:29 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f842d3b4 by Moritz Muehlenhoff at 2020-03-23T22:12:12+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7602,19 +7602,19 @@ CVE-2020-7608 (yargs-parser could be tricked into adding or modifying properties
 	NOTE: https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
 	NOTE: https://gist.github.com/Kirill89/dcd8100d010896157a36624119439832
 CVE-2020-7607 (gulp-styledocco through 0.0.3 allows execution of arbitrary commands.  ...)
-	TODO: check
+	NOT-FOR-US: Node gulp-styledocco
 CVE-2020-7606 (docker-compose-remote-api through 0.1.4 allows execution of arbitrary  ...)
-	TODO: check
+	NOT-FOR-US: Node docker-compose-remote-api
 CVE-2020-7605 (gulp-tape through 1.0.0 allows execution of arbitrary commands. It is  ...)
-	TODO: check
+	NOT-FOR-US: Node gulp-tape
 CVE-2020-7604 (pulverizr through 0.7.0 allows execution of arbitrary commands. Within ...)
-	TODO: check
+	NOT-FOR-US: Node pulverizr
 CVE-2020-7603 (closure-compiler-stream through 0.1.15 allows execution of arbitrary c ...)
-	TODO: check
+	NOT-FOR-US: closure-compiler-stream
 CVE-2020-7602 (node-prompt-here through 1.0.1 allows execution of arbitrary commands. ...)
-	TODO: check
+	NOT-FOR-US: Node node-prompt-here
 CVE-2020-7601 (gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. I ...)
-	TODO: check
+	NOT-FOR-US: Node gulp-scss-lint
 CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object properties. The  ...)
 	NOT-FOR-US: querymen nodejs module
 CVE-2020-7599
@@ -7873,11 +7873,11 @@ CVE-2020-7478
 CVE-2020-7477
 	RESERVED
 CVE-2020-7476 (A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Instal ...)
-	TODO: check
+	NOT-FOR-US: ZigBee Installation Kit
 CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...)
-	TODO: check
+	NOT-FOR-US: EcoStruxure Control Expert
 CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...)
-	TODO: check
+	NOT-FOR-US: ProSoft Configurator
 CVE-2020-7473
 	RESERVED
 CVE-2020-7472
@@ -9831,7 +9831,7 @@ CVE-2020-6652
 CVE-2020-6651
 	RESERVED
 CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by ‘Eval In ...)
-	TODO: check
+	NOT-FOR-US: UPS companion software
 CVE-2020-6649
 	RESERVED
 CVE-2020-6648
@@ -16555,7 +16555,7 @@ CVE-2019-19965 (In the Linux kernel through 5.4.6, there is a NULL pointer deref
 	[stretch] - linux 4.9.210-1
 	NOTE: https://git.kernel.org/linus/f70267f379b5e5e11bdc5d72a56bf17e5feed01f
 CVE-2019-19964 (On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2019-19963 (An issue was discovered in wolfSSL before 4.3.0 in a non-default confi ...)
 	- wolfssl 4.3.0+dfsg-1
 	NOTE: https://github.com/wolfSSL/wolfssl/commit/7e391f0fd57f2ef375b1174d752a56ce34b2b190 (v4.3.0-stable)
@@ -20561,7 +20561,7 @@ CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git information,
 CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia ...)
 	NOT-FOR-US: Microsoft Dynamics NAV
 CVE-2019-19615 (Multiple XSS vulnerabilities exist in the Backup & Restore module  ...)
-	TODO: check
+	NOT-FOR-US: FreePBX
 CVE-2019-19614 (An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login p ...)
 	NOT-FOR-US: Halvotec RAQuest
 CVE-2019-19613 (** DISPUTED ** An issue was discovered in Halvotec RaQuest 10.23.10801 ...)
@@ -23953,7 +23953,7 @@ CVE-2019-19035 (jhead 3.03 is affected by: heap-based buffer over-read. The impa
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765647
 	NOTE: Crash in CLI tool, no security impact
 CVE-2019-19034 (Zoho ManageEngine Asset Explorer 6.5 does not validate the System Cent ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2019-19033 (Jalios JCMS 10 allows attackers to access any part of the website and  ...)
 	NOT-FOR-US: Jalios JCMS
 CVE-2019-19032 (XMLBlueprint through 16.191112 is affected by XML External Entity Inje ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f842d3b4bf3a5a67c2153c12ba00fb0aa59fc7c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f842d3b4bf3a5a67c2153c12ba00fb0aa59fc7c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200323/f971f005/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list