[Git][security-tracker-team/security-tracker][master] Track NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Jan 1 08:03:58 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0fd56a32 by Salvatore Bonaccorso at 2020-01-01T08:03:33Z
Track NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -99,7 +99,7 @@ CVE-2020-5130
 CVE-2020-5129
 	RESERVED
 CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Nagios XI
 CVE-2019-20196
 	RESERVED
 CVE-2019-20195
@@ -18869,7 +18869,7 @@ CVE-2019-16792
 CVE-2019-16791
 	RESERVED
 CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code execution vi ...)
-	TODO: check
+	NOT-FOR-US: Tiny File Manager
 CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front  ...)
 	- waitress <unfixed> (bug #947433)
 	[buster] - waitress <no-dsa> (Minor issue)
@@ -31794,7 +31794,7 @@ CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allo
 	[stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
 	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
 CVE-2019-12837 (The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1 ...)
-	TODO: check
+	NOT-FOR-US: Java API in Generalitat de Catalunya accesuniversitat.gencat.cat
 CVE-2019-12836 (The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker t ...)
 	NOT-FOR-US: Bobronix JEditor editor for Jira
 CVE-2019-12835 (formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds ...)
@@ -33311,7 +33311,7 @@ CVE-2016-10750 (In Hazelcast before 3.11, the cluster join procedure is vulnerab
 CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to de ...)
 	NOT-FOR-US: Rancher
 CVE-2019-12273 (OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF ...)
-	TODO: check
+	NOT-FOR-US: OutSystems Platform
 CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...)
 	NOT-FOR-US: OpenWrt LuCI
 CVE-2019-12271 (Sandline Centraleyezer (On Premises) allows unrestricted File Upload w ...)
@@ -33586,7 +33586,7 @@ CVE-2019-12188
 CVE-2019-12187
 	RESERVED
 CVE-2019-12186 (An issue was discovered in Sylius products. Missing input sanitization ...)
-	TODO: check
+	NOT-FOR-US: Sylius
 CVE-2019-12185 (eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/con ...)
 	NOT-FOR-US: eLabFTW
 CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO Boost ...)
@@ -38912,7 +38912,7 @@ CVE-2019-10229 (An issue was discovered in MailStore Server (and Service Provide
 CVE-2019-10228
 	RESERVED
 CVE-2019-10227 (openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found comp ...)
-	TODO: check
+	NOT-FOR-US: openITCOCKPIT
 CVE-2019-10226 (HTML Injection has been discovered in the v0.19.0 version of the Fat F ...)
 	NOT-FOR-US: Fat Free CRM
 CVE-2019-10225
@@ -41593,7 +41593,7 @@ CVE-2019-9670 (mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x be
 CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attac ...)
 	NOT-FOR-US: Wordfence plugin for WordPress
 CVE-2019-9668 (An issue was discovered in rovinbhandari FTP through 2012-03-28. recei ...)
-	TODO: check
+	NOT-FOR-US: rovinbhandari FTP
 CVE-2019-9667
 	RESERVED
 CVE-2019-9666
@@ -41952,13 +41952,13 @@ CVE-2019-9558 (Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Sc
 CVE-2019-9557 (Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) vi ...)
 	NOT-FOR-US: Ability Mail Server
 CVE-2019-9556 (FiberHome an5506-04-f RP2669 devices have XSS. ...)
-	TODO: check
+	NOT-FOR-US: FiberHome an5506-04-f RP2669 devices
 CVE-2019-9555 (Sagemcom F at st 5260 routers using firmware version 0.4.39, in WPA mode, ...)
 	NOT-FOR-US: Sagemcom routers
 CVE-2019-9554 (In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS
 CVE-2019-9553 (Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcon ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2019-9552 (Eloan V3.0 through 2018-09-20 allows remote attackers to list files vi ...)
 	NOT-FOR-US: Eloan
 CVE-2019-9551 (An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06.  ...)
@@ -42892,9 +42892,9 @@ CVE-2019-9208 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissect
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2019-07.html
 CVE-2019-9207 (PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm search ...)
-	TODO: check
+	NOT-FOR-US: PRTG Network Monitor
 CVE-2019-9206 (PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm  ...)
-	TODO: check
+	NOT-FOR-US: PRTG Network Monitor
 CVE-2019-9205
 	RESERVED
 CVE-2019-9204 (SQL injection vulnerability in Nagios IM (component of Nagios XI) befo ...)
@@ -42919,7 +42919,7 @@ CVE-2019-9199 (PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp i
 CVE-2019-9198
 	RESERVED
 CVE-2019-9197 (The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows  ...)
-	TODO: check
+	NOT-FOR-US: Unity Editor
 CVE-2019-9196 (The Face authentication component in Aware mobile liveness 2.2.1 sdk 2 ...)
 	NOT-FOR-US: Aware mobile liveness
 CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An a ...)
@@ -48312,7 +48312,7 @@ CVE-2019-7164 (SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL In
 CVE-2019-7163 (The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 dev ...)
 	NOT-FOR-US: Alcatel
 CVE-2019-7162 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Bu ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2019-7161 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x th ...)
 	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
 CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Trav ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fd56a32f5977158783c22d7b718bdf0d45d0ba0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fd56a32f5977158783c22d7b718bdf0d45d0ba0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200101/fc5a1cf6/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list