[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Sat May 23 22:11:23 BST 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a9862d0 by Moritz Muehlenhoff at 2020-05-23T23:10:59+02:00
NFUs
amarok non issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep  ...)
-	TODO: check
+	NOT-FOR-US: TrackR
 CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...)
-	TODO: check
+	NOT-FOR-US: Joomla addon
 CVE-2020-13423
 	RESERVED
 CVE-2020-13422
@@ -79,7 +79,7 @@ CVE-2020-13390 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD0
 CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
 	NOT-FOR-US: Tenda devices
 CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...)
-	TODO: check
+	NOT-FOR-US: jw.util
 CVE-2020-13387
 	RESERVED
 CVE-2020-13386
@@ -351,7 +351,7 @@ CVE-2020-13260
 CVE-2020-13259
 	RESERVED
 CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...)
-	TODO: check
+	NOT-FOR-US: Contentful
 CVE-2020-13257
 	RESERVED
 CVE-2020-13256
@@ -387,7 +387,7 @@ CVE-2020-13243
 CVE-2020-13242
 	RESERVED
 CVE-2020-13241 (Microweber 1.1.18 allows Unrestricted File Upload because admin/view:m ...)
-	TODO: check
+	NOT-FOR-US: Microweber
 CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup doc ...)
 	- dolibarr <removed>
 CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html file ...)
@@ -538,7 +538,7 @@ CVE-2020-13169
 CVE-2020-13168
 	RESERVED
 CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution  ...)
-	TODO: check
+	NOT-FOR-US: Netsweeper
 CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers to ex ...)
 	NOT-FOR-US: MyLittleAdmin
 CVE-2020-13165
@@ -552,7 +552,7 @@ CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.1
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-08.html
 CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way that allo ...)
-	TODO: check
+	NOT-FOR-US: em-imap
 CVE-2020-13162
 	RESERVED
 CVE-2020-13161
@@ -574,7 +574,8 @@ CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows lo
 CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...)
 	NOT-FOR-US: MISP
 CVE-2020-13152 (A remote user can create a specially crafted M3U file, media playlist  ...)
-	TODO: check
+	- amarok <removed>
+	NOTE: Elevated resource usage in client application, no security impact
 CVE-2020-13151
 	RESERVED
 CVE-2020-13150
@@ -1755,7 +1756,7 @@ CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c direct
 CVE-2020-12648
 	RESERVED
 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...)
-	TODO: check
+	NOT-FOR-US: Unisys ALGOL Compiler
 CVE-2020-12646
 	RESERVED
 CVE-2020-12645
@@ -4684,7 +4685,7 @@ CVE-2019-20638 (NETGEAR MR1100 devices before 12.06.08.00 are affected by disclo
 CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. I ...)
 	NOT-FOR-US: itsio
 CVE-2020-11766 (sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web I ...)
-	TODO: check
+	NOT-FOR-US: iFAX AvantFAX
 CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...)
 	[experimental] - openexr 2.5.0-1
 	- openexr <unfixed> (bug #959444)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a9862d0de40c1af252bf3209133e2e1c589a6f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a9862d0de40c1af252bf3209133e2e1c589a6f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200523/6b53ce4f/attachment.html>

More information about the debian-security-tracker-commits mailing list