[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Jan 10 08:25:41 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
620ca5aa by Moritz Muehlenhoff at 2020-01-10T09:25:11+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2020-6760
CVE-2020-6759
RESERVED
CVE-2020-6758 (A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in ...)
- TODO: check
+ NOT-FOR-US: Rasilient PixelStor
CVE-2020-6757 (contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150 ...)
- TODO: check
+ NOT-FOR-US: Rasilient PixelStor
CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (K ...)
- TODO: check
+ NOT-FOR-US: Rasilient PixelStor
CVE-2020-6755
RESERVED
CVE-2020-6754
@@ -31,11 +31,11 @@ CVE-2020-6752
CVE-2020-6751
RESERVED
CVE-2019-20376 (A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG ...)
- TODO: check
+ NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-20375 (A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG ...)
- TODO: check
+ NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-20374 (A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31 ...)
- TODO: check
+ NOT-FOR-US: Typora
CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations, allows HT ...)
TODO: check
CVE-2019-20373 (LTSP LDM through 2.18.06 allows fat-client root access because the LDM ...)
@@ -1243,11 +1243,11 @@ CVE-2020-6170 (An authentication bypass vulnerability on Genexis Platinum-4410 v
CVE-2020-6169
RESERVED
CVE-2020-6168 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...)
NOT-FOR-US: WordPress plugin
CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-6165
RESERVED
CVE-2020-6164
@@ -3738,17 +3738,17 @@ CVE-2019-20185
CVE-2019-20184 (KeePass 2.4.1 allows CSV injection in the title field of a CSV export. ...)
TODO: check
CVE-2019-20183 (uploadimage.php in Employee Records System 1.0 allows upload and execu ...)
- TODO: check
+ NOT-FOR-US: Employee Records System
CVE-2019-20182 (The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_titl ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-20181 (The awesome-support plugin 5.8.0 for WordPress allows XSS via the post ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-20180 (The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-20179 (SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2019-20178 (Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php ...)
- TODO: check
+ NOT-FOR-US: Advisto PEEL Shopping
CVE-2019-20177
RESERVED
CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the li ...)
@@ -14063,7 +14063,7 @@ CVE-2019-18861
CVE-2019-18860
RESERVED
CVE-2019-18859 (Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. ...)
- TODO: check
+ NOT-FOR-US: Digi AnywhereUSB
CVE-2019-18858 (CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Con ...)
NOT-FOR-US: CODESYS 3 web server
CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and data val ...)
@@ -19008,21 +19008,21 @@ CVE-2020-0010
CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...)
TODO: check
CVE-2020-0008 (In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0007 (In flattenString8 of Sensor.cpp, there is a possible information discl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0006 (In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0005
RESERVED
CVE-2020-0004 (In generateCrop of WallpaperManagerService.java, there is a possible s ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0003 (In onCreate of InstallStart.java, there is a possible package validati ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0002 (In ih264d_init_decoder of ih264d_api.c, there is a possible out of bou ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0001 (In getProcessRecordLocked of ActivityManagerService.java isolated apps ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-18192 (GNU Guix 1.0.1 allows local users to gain access to an arbitrary user' ...)
- guix <itp> (bug #850644)
NOTE: https://issues.guix.gnu.org/issue/37744
@@ -39889,7 +39889,7 @@ CVE-2019-11294 (Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allow
CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set to log ...)
NOT-FOR-US: Cloud Foundry UAA Release
CVE-2019-11292 (Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior ...)
- rabbitmq-server <unfixed> (bug #945601)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
@@ -41298,7 +41298,7 @@ CVE-2019-10779
CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to execute arbi ...)
TODO: check
CVE-2019-10777 (In aws-lambda versions prior to version 1.0.5, the "config.FunctioName ...)
- TODO: check
+ NOT-FOR-US: aws-lambda
CVE-2019-10776 (In "index.js" file line 240, the run command executes the git command ...)
NOT-FOR-US: git-diff-apply
CVE-2019-10775 (ecstatic have a denial of service vulnerability. Successful exploitati ...)
@@ -54076,7 +54076,7 @@ CVE-2019-6333 (A potential security vulnerability has been identified with certa
CVE-2019-6332 (A potential security vulnerability has been identified with certain HP ...)
NOT-FOR-US: HP InkJet printers
CVE-2019-6331 (An issue was found in Samsung Mobile Print (Android) versions prior to ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2019-6330 (A potential security vulnerability has been identified in the software ...)
NOT-FOR-US: HP Access Control
CVE-2019-6329 (HP Support Assistant 8.7.50 and earlier allows a user to gain system p ...)
@@ -190757,7 +190757,7 @@ CVE-2016-5313 (Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticat
CVE-2016-5312 (Directory traversal vulnerability in the charting component in Symante ...)
NOT-FOR-US: Symantec
CVE-2016-5311 (A Privilege Escalation vulnerability exists in Symantec Norton Antivir ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2016-5310 (The RAR file parser component in the AntiVirus Decomposer engine in Sy ...)
NOT-FOR-US: Symantec
CVE-2016-5309 (The RAR file parser component in the AntiVirus Decomposer engine in Sy ...)
@@ -254596,7 +254596,7 @@ CVE-2014-1600
CVE-2014-1599 (Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box rou ...)
NOT-FOR-US: SFR Box router
CVE-2014-1598 (centurystar 7.12 ActiveX Control has a Stack Buffer Overflow ...)
- TODO: check
+ NOT-FOR-US: centurystar
CVE-2014-1597 (SQL injection vulnerability in the CMDB web application in synetics i- ...)
NOT-FOR-US: i-doit
CVE-2014-1596
@@ -285694,15 +285694,15 @@ CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Ope
CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the Wall ...)
NOT-FOR-US: Avaya IP Office Customer Call Reporter
CVE-2012-3810 (Samsung Kies before 2.5.0.12094_27_11 has registry modification. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2012-3809 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modifica ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2012-3808 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2012-3807 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2012-3806 (Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer derefere ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2012-3805 (Multiple cross-site scripting (XSS) vulnerabilities in the getAllPasse ...)
NOT-FOR-US: Kajona
CVE-2012-3804
@@ -287746,7 +287746,7 @@ CVE-2012-2952 (SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earl
CVE-2012-2951
REJECTED
CVE-2012-2950 (Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local ...)
- TODO: check
+ NOT-FOR-US: Gateway Geomatics MapServer
CVE-2012-2949 (The ZTE sync_agent program for Android 2.3.4 on the Score M device use ...)
NOT-FOR-US: Android
CVE-2012-2948 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Ast ...)
@@ -287801,7 +287801,7 @@ CVE-2012-2933
CVE-2012-2932 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...)
NOT-FOR-US: TinyWebGallery
CVE-2012-2931 (PHP code injection in TinyWebGallery before 1.8.8 allows remote authen ...)
- TODO: check
+ NOT-FOR-US: TinyWebGallery
CVE-2012-2930 (Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebG ...)
NOT-FOR-US: TinyWebGallery
CVE-2012-2929
@@ -289740,7 +289740,7 @@ CVE-2012-2228
CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml before ...)
NOT-FOR-US: PluXml
CVE-2012-2226 (Invision Power Board before 3.3.1 fails to sanitize user-supplied inpu ...)
- TODO: check
+ NOT-FOR-US: Invision Power Board
CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary code via ...)
NOT-FOR-US: 360zip
CVE-2012-2224 (Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitra ...)
@@ -290591,7 +290591,7 @@ CVE-2012-1916 (@Mail WebMail Client in AtMail Open-Source before 1.05 allows rem
CVE-2007-6752 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drup ...)
- drupal7 <removed> (unimportant)
CVE-2012-1915 (EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_c ...)
- TODO: check
+ NOT-FOR-US: EllisLab CodeIgniter
CVE-2012-1914
RESERVED
CVE-2012-1913
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/620ca5aa06f75482150d2960449a9654635f8c20
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/620ca5aa06f75482150d2960449a9654635f8c20
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200110/520ce8b8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list