From da8c828498df78d5f032baab810b6a18092de9ce Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Sat, 23 May 2020 23:10:59 +0200 Subject: NFUs amarok non issue --- data/CVE/list.2020 | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 56c0fb58d8..b42e725034 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1,7 +1,7 @@ CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep ...) - TODO: check + NOT-FOR-US: TrackR CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...) - TODO: check + NOT-FOR-US: Joomla addon CVE-2020-13423 RESERVED CVE-2020-13422 @@ -79,7 +79,7 @@ CVE-2020-13390 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD0 CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...) - TODO: check + NOT-FOR-US: jw.util CVE-2020-13387 RESERVED CVE-2020-13386 @@ -339,7 +339,7 @@ CVE-2020-13260 CVE-2020-13259 RESERVED CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...) - TODO: check + NOT-FOR-US: Contentful CVE-2020-13257 RESERVED CVE-2020-13256 @@ -375,7 +375,7 @@ CVE-2020-13243 CVE-2020-13242 RESERVED CVE-2020-13241 (Microweber 1.1.18 allows Unrestricted File Upload because admin/view:m ...) - TODO: check + NOT-FOR-US: Microweber CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup doc ...) - dolibarr CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html file ...) @@ -526,7 +526,7 @@ CVE-2020-13169 CVE-2020-13168 RESERVED CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution ...) - TODO: check + NOT-FOR-US: Netsweeper CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers to ex ...) NOT-FOR-US: MyLittleAdmin CVE-2020-13165 @@ -540,7 +540,7 @@ CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.1 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a NOTE: https://www.wireshark.org/security/wnpa-sec-2020-08.html CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way that allo ...) - TODO: check + NOT-FOR-US: em-imap CVE-2020-13162 RESERVED CVE-2020-13161 @@ -562,7 +562,8 @@ CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows lo CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...) NOT-FOR-US: MISP CVE-2020-13152 (A remote user can create a specially crafted M3U file, media playlist ...) - TODO: check + - amarok + NOTE: Elevated resource usage in client application, no security impact CVE-2020-13151 RESERVED CVE-2020-13150 @@ -1705,7 +1706,7 @@ CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c direct CVE-2020-12648 RESERVED CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...) - TODO: check + NOT-FOR-US: Unisys ALGOL Compiler CVE-2020-12646 RESERVED CVE-2020-12645 @@ -3673,7 +3674,7 @@ CVE-2020-11768 (Certain NETGEAR devices are affected by Stored XSS. This affects CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. I ...) NOT-FOR-US: itsio CVE-2020-11766 (sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web I ...) - TODO: check + NOT-FOR-US: iFAX AvantFAX CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...) [experimental] - openexr 2.5.0-1 - openexr (bug #959444) -- cgit v1.2.3