[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Wed, 01 Jul 2020 08:45:58 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
43bf8aae by Moritz Muehlenhoff at 2020-07-01T17:45:27+02:00
NFUs
libmediainfo no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the 
cart_edit ...)
-       TODO: check
+       NOT-FOR-US: Persian VIP Download Script
 CVE-2020-15467
        RESERVED
 CVE-2020-15466
@@ -145,7 +145,9 @@ CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX 
Enterprise have scripts that
 CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup 
utility ...)
        TODO: check
 CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a 
stack-based b ...)
-       - libmediainfo <unfixed>
+       - libmediainfo <unfixed> (low)
+       [buster] - libmediainfo <no-dsa> (Minor issue)
+       [stretch] - libmediainfo <no-dsa> (Minor issue)
        NOTE: https://sourceforge.net/p/mediainfo/bugs/1127/
 CVE-2020-15394
        RESERVED
@@ -341,7 +343,7 @@ CVE-2020-15309
 CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 
allows post-a ...)
        NOT-FOR-US: Support Incident Tracker
 CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve 
stored XSS ( ...)
-       TODO: check
+       NOT-FOR-US: Nozomi Guardian
 CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid 
chunkCount a ...)
        - openexr <unfixed>
        [jessie] - openexr <no-dsa> (Minor issue)
@@ -787,11 +789,11 @@ CVE-2020-15089
 CVE-2020-15088
        RESERVED
 CVE-2020-15087 (In Presto before version 337, authenticated users can bypass 
authoriza ...)
-       TODO: check
+       NOT-FOR-US: Presto query engine, different from src:presto
 CVE-2020-15086
        RESERVED
 CVE-2020-15085 (In Saleor Storefront before version 2.10.3, request data used 
to authe ...)
-       TODO: check
+       NOT-FOR-US: Saleor Storefront
 CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3, 
the algor ...)
        TODO: check
 CVE-2020-15083
@@ -1077,9 +1079,9 @@ CVE-2020-14959 (Multiple XSS vulnerabilities in the Easy 
Testimonials plugin bef
 CVE-2020-14958 (In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks 
a "not  ...)
        NOT-FOR-US: Go Git Service
 CVE-2020-14957 (In Windows cleaning assistant 3.2, the driver file 
(AtpKrnl.sys) allow ...)
-       TODO: check
+       NOT-FOR-US: Windows cleaning assistant
 CVE-2020-14956 (In Windows cleaning assistant 3.2, the driver file 
(AtpKrnl.sys) allow ...)
-       TODO: check
+       NOT-FOR-US: Windows cleaning assistant
 CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) 
allows l ...)
        NOT-FOR-US: Jiangmin Antivirus
 CVE-2020-14953
@@ -2059,7 +2061,7 @@ CVE-2020-14484
 CVE-2020-14483
        RESERVED
 CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and 
prior. Ope ...)
-       TODO: check
+       NOT-FOR-US: Delta Industrial Automation DOPSoft
 CVE-2020-14481
        RESERVED
 CVE-2020-14480
@@ -2076,7 +2078,7 @@ CVE-2020-14475 (A reflected cross-site scripting (XSS) 
vulnerability in Dolibarr
        - dolibarr <removed>
        NOTE: 
https://github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08
 CVE-2020-14474 (The Cellebrite UFED physical device 5.0 through 7.5.0.845 
relies on ke ...)
-       TODO: check
+       NOT-FOR-US: Cellebrite
 CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, 
Vigor2960, and ...)
        NOT-FOR-US: DrayTek
 CVE-2020-14472 (DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware 
before 1.5.1 ...)
@@ -3059,17 +3061,17 @@ CVE-2020-14171
 CVE-2020-14170
        RESERVED
 CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data 
Center be ...)
-       TODO: check
+       NOT-FOR-US: Atlasstian
 CVE-2020-14168 (The email client in Jira Server and Data Center before version 
7.13.16 ...)
-       TODO: check
+       NOT-FOR-US: Atlasstian
 CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data 
Center befo ...)
-       TODO: check
+       NOT-FOR-US: Atlasstian
 CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service 
Desk Server ...)
-       TODO: check
+       NOT-FOR-US: Atlasstian
 CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server 
and Dat ...)
-       TODO: check
+       NOT-FOR-US: Atlasstian
 CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center 
before vers ...)
-       TODO: check
+       NOT-FOR-US: Atlasstian
 CVE-2020-14163 (An issue was discovered in 
ecma/operations/ecma-container-object.c in  ...)
        NOT-FOR-US: JerryScript
 CVE-2020-14162
@@ -4909,7 +4911,7 @@ CVE-2020-13445 (In Liferay Portal before 7.3.2 and 
Liferay DXP 7.0 before fix pa
 CVE-2020-13444 (Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before 
fix pack 9 ...)
        NOT-FOR-US: Liferay
 CVE-2020-13443 (ExpressionEngine before 5.3.2 allows remote attackers to 
upload and ex ...)
-       TODO: check
+       NOT-FOR-US: ExpressionEngine
 CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in 
DEXT5 t ...)
        NOT-FOR-US: DEXT5
 CVE-2020-13441
@@ -5725,7 +5727,7 @@ CVE-2020-13097
 CVE-2020-13096
        RESERVED
 CVE-2020-13095 (Little Snitch version 4.5.1 and older changed ownership of a 
directory ...)
-       TODO: check
+       NOT-FOR-US: Little Snitch
 CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...)
        - dolibarr <removed>
 CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory 
traversal. ...)
@@ -16284,9 +16286,9 @@ CVE-2020-9416
 CVE-2020-9415
        RESERVED
 CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO 
Managed ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin 
client comp ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO 
Managed Fil ...)
        NOT-FOR-US: TIBCO
 CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO 
Managed Fil ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43bf8aae6ab147f31eec0ae6cadb12ff6dc26d8f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43bf8aae6ab147f31eec0ae6cadb12ff6dc26d8f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to