[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Dec 27 20:23:30 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5ab23720 by Salvatore Bonaccorso at 2019-12-27T20:23:03Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2019-20049 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A re ...)
- TODO: check
+ NOT-FOR-US: Alcatel-Lucent OmniVista 4760 devices
CVE-2019-20048 (An issue was discovered on Alcatel-Lucent OmniVista 8770 devices befor ...)
- TODO: check
+ NOT-FOR-US: Alcatel-Lucent OmniVista 8770 devices
CVE-2019-20047 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and ...)
- TODO: check
+ NOT-FOR-US: Alcatel-Lucent OmniVista 4760 devices
CVE-2019-20046
RESERVED
CVE-2019-20045
@@ -1338,7 +1338,7 @@ CVE-2019-19783 (An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x befor
CVE-2019-19782 (The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long ...)
NOT-FOR-US: AceaXe Plus
CVE-2019-19781 (An issue was discovered in Citrix Application Delivery Controller (ADC ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2019-19780
RESERVED
CVE-2019-19779
@@ -15678,7 +15678,7 @@ CVE-2019-16898
CVE-2019-16897 (In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security ...)
NOT-FOR-US: K7
CVE-2019-16896 (In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the ba ...)
- TODO: check
+ NOT-FOR-US: K7 Ultimate Security
CVE-2019-16895
REJECTED
CVE-2019-16894 (download.php in inoERP 4.15 allows SQL injection through insecure dese ...)
@@ -239633,7 +239633,7 @@ CVE-2014-4594 (Cross-site scripting (XSS) vulnerability in index.php in the Word
CVE-2014-4593 (Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php i ...)
NOT-FOR-US: WordPress plugin WP Plugin Manager
CVE-2014-4592 (Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_d ...)
- TODO: check
+ NOT-FOR-US: WP-Planet plugin for WordPress
CVE-2014-4591 (Cross-site scripting (XSS) vulnerability in picasa_upload.php in the W ...)
NOT-FOR-US: WordPress plugin WP-Picasa-Image
CVE-2014-4590 (Cross-site scripting (XSS) vulnerability in get.php in the WP Microblo ...)
@@ -239683,7 +239683,7 @@ CVE-2014-4569 (Cross-site scripting (XSS) vulnerability in ls/vv_login.php in th
CVE-2014-4568 (Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logou ...)
NOT-FOR-US: WordPress plugin
CVE-2014-4567 (Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_l ...)
- TODO: check
+ NOT-FOR-US: Video Comments Webcam Recorder plugin for WordPress
CVE-2014-4566 (Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php ...)
NOT-FOR-US: WordPress plugin
CVE-2014-4565 (Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in t ...)
@@ -239699,9 +239699,9 @@ CVE-2014-4561
CVE-2014-4560 (Cross-site scripting (XSS) vulnerability in includes/getTipo.php in th ...)
NOT-FOR-US: WordPress plugin ToolPage
CVE-2014-4559 (Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-4558 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-4557 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...)
NOT-FOR-US: WordPress plugin Swipe Checkout for Jigoshop
CVE-2014-4556 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...)
@@ -239721,7 +239721,7 @@ CVE-2014-4550
CVE-2014-4549 (Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplet ...)
NOT-FOR-US: WordPress plugin WooCommerce SagePay Direct Payment Gateway
CVE-2014-4548 (Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-4547 (Multiple cross-site scripting (XSS) vulnerabilities in templates/defau ...)
NOT-FOR-US: WordPress plugin Rezgo Online Booking
CVE-2014-4546 (Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo ...)
@@ -239729,7 +239729,7 @@ CVE-2014-4546 (Cross-site scripting (XSS) vulnerability in book_ajax.php in the
CVE-2014-4545 (Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php i ...)
NOT-FOR-US: WordPress plugin Pro Quoter
CVE-2014-4544 (Cross-site scripting (XSS) vulnerability in the Podcast Channels plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-4543 (Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.p ...)
NOT-FOR-US: WordPress plugin Pay Per Media Player
CVE-2014-4542 (Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl ...)
@@ -239739,13 +239739,13 @@ CVE-2014-4541 (Cross-site scripting (XSS) vulnerability in shortcode-generator/p
CVE-2014-4540 (Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_log ...)
NOT-FOR-US: WordPress plugin Oleggo LiveStream
CVE-2014-4539 (Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-4538 (Cross-site scripting (XSS) vulnerability in process.php in the Malware ...)
NOT-FOR-US: WordPress plugin Malware Finder
CVE-2014-4537 (Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyw ...)
NOT-FOR-US: WordPress plugin Keyword Strategy Internal Links
CVE-2014-4536 (Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_t ...)
- TODO: check
+ NOT-FOR-US: Infusionsoft Gravity Forms plugin for WordPress
CVE-2014-4535
RESERVED
CVE-2014-4534 (Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/aut ...)
@@ -239767,11 +239767,11 @@ CVE-2014-4527 (Multiple cross-site scripting (XSS) vulnerabilities in paginas/vi
CVE-2014-4526 (Multiple cross-site scripting (XSS) vulnerabilities in callback.php in ...)
NOT-FOR-US: WordPress plugin efence
CVE-2014-4525 (Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-4524 (Cross-site scripting (XSS) vulnerability in classes/custom-image/media ...)
NOT-FOR-US: WordPress plugin WP Easy Post Types
CVE-2014-4523 (Cross-site scripting (XSS) vulnerability in the Easy Career Openings p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-4522 (Cross-site scripting (XSS) vulnerability in client-assist.php in the d ...)
NOT-FOR-US: WordPress plugin dsSearchAgent: WordPress Edition
CVE-2014-4521 (Cross-site scripting (XSS) vulnerability in client-assist.php in the d ...)
@@ -239779,7 +239779,7 @@ CVE-2014-4521 (Cross-site scripting (XSS) vulnerability in client-assist.php in
CVE-2014-4520 (Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA Wa ...)
NOT-FOR-US: WordPress plugin DMCA WaterMarker
CVE-2014-4519 (Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-4518 (Cross-site scripting (XSS) vulnerability in xd_resize.php in the Conta ...)
NOT-FOR-US: WordPress plugin Contact Form by ContactMe.com
CVE-2014-4517 (Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the ...)
@@ -257774,9 +257774,9 @@ CVE-2013-4978 (Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlie
CVE-2013-4977 (Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E I ...)
NOT-FOR-US: Hikvision IP camera
CVE-2013-4976 (Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded cre ...)
- TODO: check
+ NOT-FOR-US: Hikvision DS-2CD7153-E IP Camera
CVE-2013-4975 (Hikvision DS-2CD7153-E IP Camera has Privilege Escalation ...)
- TODO: check
+ NOT-FOR-US: Hikvision DS-2CD7153-E IP Camera
CVE-2013-4974 (RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 throug ...)
NOT-FOR-US: RealPlayer
CVE-2013-4973 (Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.5 ...)
@@ -258293,9 +258293,9 @@ CVE-2013-4766 (The gather log service in Eucalyptus before 3.3.1 allows remote a
CVE-2013-4765
RESERVED
CVE-2013-4764 (Samsung Galaxy S3/S4 exposes an unprotected component allowing an unpr ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2013-4763 (Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitra ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2013-4762 (Puppet Enterprise before 3.0.1 does not sufficiently invalidate a sess ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4761 (Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x befo ...)
@@ -258477,15 +258477,15 @@ CVE-2013-4698 (Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users
CVE-2013-4697 (Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Managem ...)
NOT-FOR-US: Hitachi
CVE-2013-4695 (Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Exe ...)
- TODO: check
+ NOT-FOR-US: Winamp
CVE-2013-4694 (Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Bu ...)
NOT-FOR-US: Winamp
CVE-2013-4693 (WordPress Xorbin Digital Flash Clock 1.0 has XSS ...)
- TODO: check
+ NOT-FOR-US: WordPress Xorbin Digital Flash Clock
CVE-2013-4692 (Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS ...)
- TODO: check
+ NOT-FOR-US: Xorbin Analog Flash Clock
CVE-2013-4691 (Sencha Labs Connect has XSS with connect.methodOverride() ...)
- TODO: check
+ NOT-FOR-US: Sencha Labs Connect
CVE-2013-4690 (Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before ...)
NOT-FOR-US: Juniper Junos
CVE-2013-4689 (J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R befor ...)
@@ -258538,9 +258538,9 @@ CVE-2013-4667
CVE-2013-4666
RESERVED
CVE-2013-4665 (SPBAS Business Automation Software 2012 has CSRF. ...)
- TODO: check
+ NOT-FOR-US: SPBAS Business Automation Software
CVE-2013-4664 (SPBAS Business Automation Software 2012 has XSS. ...)
- TODO: check
+ NOT-FOR-US: SPBAS Business Automation Software
CVE-2013-4663 (git_http_controller.rb in the redmine_git_hosting plugin for Redmine a ...)
NOT-FOR-US: Redmine plugin redmine_git_hosting
CVE-2013-4662 (The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through ...)
@@ -258646,7 +258646,7 @@ CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1
CVE-2013-4622 (The 3G Mobile Hotspot feature on the HTC Droid Incredible has a defaul ...)
NOT-FOR-US: HTC Droid Incredible
CVE-2013-4621 (Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: Magnolia CMS
CVE-2013-4620 (Cross-site scripting (XSS) vulnerability in interface/main/onotes/offi ...)
NOT-FOR-US: OpenEMR
CVE-2013-4619 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote a ...)
@@ -262835,13 +262835,13 @@ CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N30
CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin ...)
NOT-FOR-US: Belkin N300
CVE-2013-3088 (Belkin N900 router (F9K1104v1) contains an Authentication Bypass using ...)
- TODO: check
+ NOT-FOR-US: Belkin N900 router
CVE-2013-3087 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 rou ...)
NOT-FOR-US: Belkin N900 router
CVE-2013-3086 (Cross-site request forgery (CSRF) vulnerability in util_system.html in ...)
NOT-FOR-US: Belkin N900
CVE-2013-3085 (An authentication bypass exists in the web management interface in Bel ...)
- TODO: check
+ NOT-FOR-US: Belkin
CVE-2013-3084 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5 ...)
NOT-FOR-US: Belkin router
CVE-2013-3083 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_sett ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ab237205c754d635804a06bc4a301b53f32fa07
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5ab237205c754d635804a06bc4a301b53f32fa07
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191227/f1a76b80/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list