[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 18 20:33:41 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
28e2adca by Salvatore Bonaccorso at 2020-02-18T21:33:22+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...)
- TODO: check
+ NOT-FOR-US: ICE Hrm
CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via ...)
- TODO: check
+ NOT-FOR-US: ICE Hrm
CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection that lead ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against t ...)
- TODO: check
+ NOT-FOR-US: phpMyChat-Plus
CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2020-9263
RESERVED
CVE-2020-9262
@@ -5364,9 +5364,9 @@ CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is
CVE-2020-6846
RESERVED
CVE-2020-6845 (An issue was discovered in TopManage OLK 2020. As there is no ReadOnly ...)
- TODO: check
+ NOT-FOR-US: TopManage
CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another vulnerab ...)
- TODO: check
+ NOT-FOR-US: TopManage
CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This i ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2020-6842
@@ -41750,7 +41750,7 @@ CVE-2019-12956
CVE-2019-12955
RESERVED
CVE-2019-12954 (SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2019-12953
RESERVED
CVE-2019-12952
@@ -44585,7 +44585,7 @@ CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS beca
CVE-2019-11868 (See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or ...)
NOT-FOR-US: SoftEther VPN Server
CVE-2019-11867 (Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to ...)
- TODO: check
+ NOT-FOR-US: Realtek NDIS driver rt640x64.sys
CVE-2019-11866
RESERVED
CVE-2019-11865
@@ -47781,7 +47781,7 @@ CVE-2019-10797
CVE-2019-10796
RESERVED
CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...)
- TODO: check
+ NOT-FOR-US: undefsafe
CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype Pollutio ...)
TODO: check
CVE-2019-10793 (dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set ...)
@@ -61056,15 +61056,15 @@ CVE-2019-6196
CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...)
TODO: check
CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was reported in ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6193 (An information disclosure vulnerability was reported in Lenovo XClarit ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6192 (A potential vulnerability has been reported in Lenovo Power Management ...)
NOT-FOR-US: Lenovo
CVE-2019-6191 (A potential vulnerability in the discontinued LenovoPaper software ver ...)
NOT-FOR-US: Lenovo
CVE-2019-6190 (Lenovo was notified of a potential denial of service vulnerability, af ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6189 (A potential vulnerability was reported in Lenovo System Interface Foun ...)
NOT-FOR-US: Lenovo
CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
@@ -63305,7 +63305,7 @@ CVE-2019-5324
CVE-2019-5323
RESERVED
CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is present ...)
- TODO: check
+ NOT-FOR-US: Edge Switch models
CVE-2019-5321
RESERVED
CVE-2019-5320
@@ -66099,7 +66099,7 @@ CVE-2019-4000
CVE-2019-3999
RESERVED
CVE-2019-3998 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
- TODO: check
+ NOT-FOR-US: SimpliSafe SS3 firmware
CVE-2019-3997 (Authentication bypass using an alternate path or channel in SimpliSafe ...)
NOT-FOR-US: SimpliSafe SS3 firmware
CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy ...)
@@ -219375,7 +219375,7 @@ CVE-2015-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Rea
CVE-2015-6971 (Lenovo System Update (formerly ThinkVantage System Update) before 5.07 ...)
NOT-FOR-US: Lenovo
CVE-2015-6970 (The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 ...)
- serendipity <removed>
CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the serendipity_isAct ...)
@@ -219501,7 +219501,7 @@ CVE-2015-6924
CVE-2015-6923 (The ndvbs module in VBox Communications Satellite Express Protocol 2.3 ...)
NOT-FOR-US: VBox Communications Satellite Express Protocol
CVE-2015-6922 (Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x bef ...)
- TODO: check
+ NOT-FOR-US: Kaseya Virtual System Administrator
CVE-2015-6921 (Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab m ...)
NOT-FOR-US: Zendesk Feedback Tab for Drupal
CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in the sourc ...)
@@ -220497,7 +220497,7 @@ CVE-2015-6591 (Directory traversal vulnerability in application/templates/amelia
CVE-2015-6590
RESERVED
CVE-2015-6589 (Directory traversal vulnerability in Kaseya Virtual System Administrat ...)
- TODO: check
+ NOT-FOR-US: Kaseya Virtual System Administrator
CVE-2015-6588 (Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Rev ...)
NOT-FOR-US: MODX Revolution
CVE-2015-6587 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated user ...)
@@ -235596,7 +235596,7 @@ CVE-2015-1430 (Buffer overflow in xymon 4.3.17-1. ...)
NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/
NOTE: http://www.openwall.com/lists/oss-security/2015/01/30/17
CVE-2015-1425 (JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: JAKWEB Gecko CMS
CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2 ...)
NOT-FOR-US: Gecko CMS
CVE-2015-1423 (Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow ...)
@@ -240849,7 +240849,7 @@ CVE-2012-6668 (Multiple cross-site scripting (XSS) vulnerabilities in the Shout
CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte ...)
NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
CVE-2012-6666 (vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. ...)
- TODO: check
+ NOT-FOR-US: vBSeo
CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 ...)
- linux 2.6.38-1
- linux-2.6 2.6.38-1
@@ -251781,7 +251781,7 @@ CVE-2014-4983
CVE-2014-4982 (LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection ...)
NOT-FOR-US: LPAR2RRD
CVE-2014-4981 (LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitra ...)
- TODO: check
+ NOT-FOR-US: LPAR2RRD
CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for Nes ...)
NOT-FOR-US: Tenable Web UI for Nessus
CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or c ...)
@@ -254598,9 +254598,9 @@ CVE-2014-3829 (displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterpris
CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon ...)
- centreon-web <itp> (bug #913903)
CVE-2014-3827 (Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka M ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2014-3826 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2014-3825 (The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1 ...)
NOT-FOR-US: Juniper Junos
CVE-2014-3824 (Cross-site scripting (XSS) vulnerability in the web server in the Juni ...)
@@ -258182,7 +258182,7 @@ CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to ca
CVE-2014-2596
RESERVED
CVE-2014-2595 (Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attac ...)
- TODO: check
+ NOT-FOR-US: Barracuda Web Application Firewall (WAF)
CVE-2014-2594
RESERVED
CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy Manager 6.3. ...)
@@ -260940,7 +260940,7 @@ CVE-2014-1619 (Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2,
CVE-2014-1618 (Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script a ...)
NOT-FOR-US: UAEPD Shopping Cart Script
CVE-2014-1617 (Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Over ...)
- TODO: check
+ NOT-FOR-US: Microsys
CVE-2014-1616
RESERVED
CVE-2014-1615 (Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon B ...)
@@ -262354,9 +262354,9 @@ CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other
CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb)
CVE-2013-7287 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encrypti ...)
- TODO: check
+ NOT-FOR-US: MobileIron
CVE-2013-7286 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfu ...)
- TODO: check
+ NOT-FOR-US: MobileIron
CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise Linu ...)
- libreswan <not-affected> (Fixed before initial upload in Debian; /tmp-race in libreswan.spec for rpm based systems)
CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router with fir ...)
@@ -263761,7 +263761,7 @@ CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam
CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS be ...)
NOT-FOR-US: QNAP QTS
CVE-2013-7173 (Belkin n750 routers have a buffer overflow. ...)
- TODO: check
+ NOT-FOR-US: Belkin
CVE-2013-7172 (Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permission ...)
- libiodbc2 <not-affected> (RPATH issue slackware specific)
CVE-2013-7171 (Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, ...)
@@ -264893,7 +264893,7 @@ CVE-2013-6929 (SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier
CVE-2013-6928
RESERVED
CVE-2013-6927 (Internet TRiLOGI Server (unknown versions) could allow a local user to ...)
- TODO: check
+ NOT-FOR-US: Internet TRiLOGI Server
CVE-2013-6926 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...)
NOT-FOR-US: Siemens
CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...)
@@ -266524,7 +266524,7 @@ CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle n
CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance (A ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-6681 (Tube Map Live Underground for Android before 3.0.22 has an Information ...)
- TODO: check
+ NOT-FOR-US: Tube Map Live Underground for Android
CVE-2013-6680
REJECTED
CVE-2013-6679
@@ -267574,11 +267574,11 @@ CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM su
CVE-2013-6363
RESERVED
CVE-2013-6362 (Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and s ...)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2013-6361
RESERVED
CVE-2013-6360 (TRENDnet TS-S402 has a backdoor to enable TELNET. ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attackers to ...)
{DSA-2815-1 DLA-20-1}
- munin 2.0.18-1
@@ -267744,7 +267744,7 @@ CVE-2013-6297
CVE-2013-6296
RESERVED
CVE-2013-6295 (PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman acc ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2013-6294
RESERVED
CVE-2013-6293
@@ -267780,7 +267780,7 @@ CVE-2013-6279
CVE-2013-6278
RESERVED
CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2013-6276
RESERVED
CVE-2013-6274
@@ -269164,7 +269164,7 @@ CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in
CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Ap ...)
NOT-FOR-US: Open-Xchange
CVE-2013-5687 (RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean ...)
- TODO: check
+ NOT-FOR-US: RiskNet Acquirer
CVE-2013-5686
RESERVED
CVE-2013-5685
@@ -271287,9 +271287,9 @@ CVE-2013-4793 (The update function in umbraco.webservices/templates/templateServ
CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2 ...)
NOT-FOR-US: Imperva SecureSphere Web Application Firewall (WAF)
CVE-2013-4792 (PrestaShop before 1.4.11 allows logout CSRF. ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2013-4791 (PrestaShop before 1.4.11 allows Logistician, translators and other low ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 be ...)
NOT-FOR-US: Open-Xchange
CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0 ...)
@@ -273916,7 +273916,7 @@ CVE-2013-3944 (Stack-based buffer overflow in the MrSID plugin (MrSID.dll) befor
CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6. ...)
NOT-FOR-US: DotNetNukeDot
CVE-2013-3942 (Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vul ...)
- TODO: check
+ NOT-FOR-US: Potplayer
CVE-2013-3941 (Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbi ...)
NOT-FOR-US: XnView
CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in Microsoft W ...)
@@ -275331,7 +275331,7 @@ CVE-2013-3325 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.20
CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
NOT-FOR-US: Adobe Flash Player
CVE-2013-3323 (A Privilege Escalation Vulnerability exists in IBM Maximo Asset Manage ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-3322 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...)
NOT-FOR-US: NetApp OnCommand System Manager
CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...)
@@ -276910,7 +276910,7 @@ CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Byp
CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartex ...)
NOT-FOR-US: Cisco
CVE-2013-2679 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...)
NOT-FOR-US: Cisco
CVE-2013-2677
@@ -281124,7 +281124,7 @@ CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbi
CVE-2013-1411
RESERVED
CVE-2013-1410 (Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: Perforce
CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin befo ...)
NOT-FOR-US: CommentLuv plugin for Wordpress
CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija Newsletters plugi ...)
@@ -281142,9 +281142,9 @@ CVE-2013-1403
CVE-2013-1402 (DigiLIBE 3.4 and possibly other versions sends a redirect but does not ...)
NOT-FOR-US: DigiLIBE
CVE-2013-1401 (Multiple security bypass vulnerabilities in the editAnswer, deleteAnsw ...)
- TODO: check
+ NOT-FOR-US: WordPress Poll Plugin for WordPress
CVE-2013-1400 (Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll ...)
- TODO: check
+ NOT-FOR-US: WordPress Poll Plugin for WordPress
CVE-2009-5134 (Buffer overflow in the "create torrent dialog" functionality in uTorre ...)
NOT-FOR-US: uTorrent
CVE-2013-0243 (haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnera ...)
@@ -296099,7 +296099,7 @@ CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Editi
CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7. ...)
NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2204 (InfoSphere Guardium aix_ktap module: DoS ...)
- TODO: check
+ NOT-FOR-US: InfoSphere Guardium aix_ktap module
CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM R ...)
NOT-FOR-US: IBM Global Security Kit
CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus ...)
@@ -299710,7 +299710,7 @@ CVE-2012-0720 (Cross-site scripting (XSS) vulnerability in the Integration Solut
CVE-2012-0719 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manage ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2012-0718 (IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookie ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2012-0717 (IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain S ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-0716 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/28e2adca1247a5eff44866a6b6bc1e03df9f6c7b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/28e2adca1247a5eff44866a6b6bc1e03df9f6c7b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200218/43d585f6/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list