[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Jan 6 08:57:22 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
370e4481 by Moritz Muehlenhoff at 2020-01-06T09:57:01+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2020-5508
 CVE-2019-20355
 	RESERVED
 CVE-2019-20354 (The web application component of piSignage before 2.6.4 allows a remot ...)
-	TODO: check
+	NOT-FOR-US: piSignage
 CVE-2019-20353
 	RESERVED
 CVE-2019-20352 (In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occ ...)
@@ -57,9 +57,9 @@ CVE-2019-20339
 CVE-2019-20338
 	RESERVED
 CVE-2019-20337 (In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.p ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Mall advanced-real-estate-script
 CVE-2019-20336 (In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-resu ...)
-	TODO: check
+	NOT-FOR-US: PHP Scripts Mall advanced-real-estate-script
 CVE-2019-20335
 	RESERVED
 CVE-2020-5507
@@ -494,9 +494,9 @@ CVE-2020-5308
 CVE-2020-5307
 	RESERVED
 CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display name, t ...)
-	TODO: check
+	NOT-FOR-US: Codoforum
 CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of  ...)
-	TODO: check
+	NOT-FOR-US: Codoforum
 CVE-2020-5304
 	RESERVED
 CVE-2020-5303
@@ -948,9 +948,9 @@ CVE-2013-7485 (Cross-site scripting (XSS) vulnerability in the backend in Open-X
 CVE-2020-5193
 	RESERVED
 CVE-2020-5192 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Hospital Management System
 CVE-2020-5191 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul Hospital Management System
 CVE-2020-5190
 	RESERVED
 CVE-2020-5189
@@ -1028,15 +1028,15 @@ CVE-2019-20203 (The Authorized Addresses feature in the Postie plugin 1.9.40 for
 CVE-2020-5179 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...)
 	NOT-FOR-US: Comtech Stampede FX-1010 7.4.3 devices
 CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
-	TODO: check
+	NOT-FOR-US: ezXML
 CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ...)
-	TODO: check
+	NOT-FOR-US: ezXML
 CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
-	TODO: check
+	NOT-FOR-US: ezXML
 CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
-	TODO: check
+	NOT-FOR-US: ezXML
 CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
-	TODO: check
+	NOT-FOR-US: ezXML
 CVE-2020-5178
 	RESERVED
 CVE-2020-5177
@@ -1246,11 +1246,11 @@ CVE-2019-20157
 CVE-2019-20156
 	RESERVED
 CVE-2019-20155 (An issue was discovered in report_edit.jsp in Determine (formerly Sele ...)
-	TODO: check
+	NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
 CVE-2019-20154 (An issue was discovered in Determine (formerly Selectica) Contract Lif ...)
-	TODO: check
+	NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
 CVE-2019-20153 (An issue was discovered in Determine (formerly Selectica) Contract Lif ...)
-	TODO: check
+	NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
 CVE-2019-20152
 	RESERVED
 CVE-2019-20151
@@ -3824,7 +3824,7 @@ CVE-2019-20079 (The autocmd feature in window.c in Vim before 8.1.2136 accesses
 CVE-2019-20078
 	RESERVED
 CVE-2019-20077 (The Typesetter CMS 5.1 logout functionality is affected by a CSRF vuln ...)
-	TODO: check
+	NOT-FOR-US: Typesetter CMS
 CVE-2019-20076 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username par ...)
 	NOT-FOR-US: Netis DL4323 devices
 CVE-2019-20075 (On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). ...)
@@ -4009,13 +4009,13 @@ CVE-2019-20009 (An issue was discovered in GNU LibreDWG before 0.93. Crafted inp
 CVE-2019-20008 (In Archery before 1.3, inserting an XSS payload into a project name (e ...)
 	NOT-FOR-US: Archery
 CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezx ...)
-	TODO: check
+	NOT-FOR-US: ezXML
 CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
-	TODO: check
+	NOT-FOR-US: ezXML
 CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
-	TODO: check
+	NOT-FOR-US: ezXML
 CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the ...)
-	TODO: check
+	NOT-FOR-US: Intelbras
 CVE-2019-20003
 	RESERVED
 CVE-2019-20002
@@ -10419,9 +10419,9 @@ CVE-2019-19268
 CVE-2019-19267
 	RESERVED
 CVE-2019-19266 (IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably ...)
-	TODO: check
+	NOT-FOR-US: IceWarp WebMail Server
 CVE-2019-19265 (IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably ...)
-	TODO: check
+	NOT-FOR-US: IceWarp WebMail Server
 CVE-2019-19264 (In Simplifile RecordFusion through 2019-11-25, the logs and hist param ...)
 	NOT-FOR-US: Simplifile RecordFusion
 CVE-2019-19263 (GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure ...)
@@ -46699,7 +46699,7 @@ CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer overflow vulnerability i
 CVE-2019-8257
 	RESERVED
 CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure inherited pe ...)
-	TODO: check
+	NOT-FOR-US: ColdFusion
 CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection vulnerabil ...)
 	NOT-FOR-US: Adobe
 CVE-2019-8254 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 hav ...)
@@ -52237,7 +52237,7 @@ CVE-2019-6037
 CVE-2019-6036
 	RESERVED
 CVE-2019-6035 (Open redirect vulnerability in Athenz v1.8.24 and earlier allows remot ...)
-	TODO: check
+	NOT-FOR-US: Athenz
 CVE-2019-6034 (a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver ...)
 	NOT-FOR-US: a-blog cms
 CVE-2019-6033 (Cross-site scripting vulnerability in a-blog cms versions prior to Ver ...)
@@ -52327,13 +52327,13 @@ CVE-2019-5992 (Cross-site request forgery (CSRF) vulnerability in WordPress Ultr
 CVE-2019-5991 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allow ...)
 	NOT-FOR-US: Cybozu Garoon
 CVE-2019-5990 (Access analysis CGI An-Analyzer released in 2019 June 24 and earlier a ...)
-	TODO: check
+	NOT-FOR-US: CGI An-Analyzer
 CVE-2019-5989 (DOM-based cross-site scripting vulnerability in Access analysis CGI An ...)
-	TODO: check
+	NOT-FOR-US: CGI An-Analyzer
 CVE-2019-5988 (Stored cross-site scripting vulnerability in Access analysis CGI An-An ...)
-	TODO: check
+	NOT-FOR-US: CGI An-Analyzer
 CVE-2019-5987 (Access analysis CGI An-Analyzer released in 2019 June 24 and earlier a ...)
-	TODO: check
+	NOT-FOR-US: CGI An-Analyzer
 CVE-2019-5986 (Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router ...)
 	NOT-FOR-US: Hikari
 CVE-2019-5985 (Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay ...)
@@ -54243,7 +54243,7 @@ CVE-2019-5250 (Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E
 CVE-2019-5249
 	RESERVED
 CVE-2019-5248 (CloudEngine 12800 has a DoS vulnerability. An attacker of a neighborin ...)
-	TODO: check
+	NOT-FOR-US: CloudEngine 12800
 CVE-2019-5247 (Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A lo ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5246 (Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0 ...)
@@ -93628,11 +93628,11 @@ CVE-2018-10391 (An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the
 CVE-2018-10390
 	RESERVED
 CVE-2018-10389 (Format string vulnerability in the logMess function in TFTP Server MT  ...)
-	TODO: check
+	NOT-FOR-US: TFTP Server SP
 CVE-2018-10388 (Format string vulnerability in the logMess function in TFTP Server SP  ...)
-	TODO: check
+	NOT-FOR-US: TFTP Server SP
 CVE-2018-10387 (Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier a ...)
-	TODO: check
+	NOT-FOR-US: TFTP Server SP
 CVE-2018-10386
 	RESERVED
 CVE-2018-10385
@@ -277313,7 +277313,7 @@ CVE-2012-5880
 CVE-2012-5879 (An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician ( ...)
 	NOT-FOR-US: McAfee Virtual Technician
 CVE-2012-5878 (Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 a ...)
-	TODO: check
+	NOT-FOR-US: Bulb Security Smartphone Pentest Framework
 CVE-2012-5877 (Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a  ...)
 	NOT-FOR-US: Nero MediaHome
 CVE-2012-5876 (Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHo ...)
@@ -277760,7 +277760,7 @@ CVE-2012-5695 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bul
 CVE-2012-5694 (Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pen ...)
 	NOT-FOR-US: Smartphone Pentest Framework
 CVE-2012-5693 (Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows r ...)
-	TODO: check
+	NOT-FOR-US: Bulb Security Smartphone Pentest Framework
 CVE-2012-5692 (Unspecified vulnerability in admin/sources/base/core.php in Invision P ...)
 	NOT-FOR-US: Invision Power Board
 CVE-2012-5691 (Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealP ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/370e44819b431d67d5c59ff2405d7a66535b474e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/370e44819b431d67d5c59ff2405d7a66535b474e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200106/14ad9472/attachment.html>

More information about the debian-security-tracker-commits mailing list