[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 23 20:43:15 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f3236774 by Salvatore Bonaccorso at 2020-01-23T21:42:44+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2020-7933
CVE-2020-7932
RESERVED
CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...)
- TODO: check
+ NOT-FOR-US: JFrog Artifactory
CVE-2020-7930
RESERVED
CVE-2020-7929
@@ -1538,7 +1538,7 @@ CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 201
CVE-2020-7221
RESERVED
CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Vault
CVE-2020-7219
RESERVED
CVE-2020-7218
@@ -1560,7 +1560,7 @@ CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent
NOTE: https://bugs.launchpad.net/qemu/+bug/1812451
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user account ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2020-7209
RESERVED
CVE-2020-7208
@@ -2339,7 +2339,7 @@ CVE-2020-6845
CVE-2020-6844
RESERVED
CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2020-6842
RESERVED
CVE-2020-6841
@@ -10277,15 +10277,15 @@ CVE-2019-19841 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows
CVE-2019-19840 (A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruc ...)
NOT-FOR-US: Ruckus devices
CVE-2019-19839 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...)
- TODO: check
+ NOT-FOR-US: Ruckus devices
CVE-2019-19838 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...)
- TODO: check
+ NOT-FOR-US: Ruckus devices
CVE-2019-19837 (Incorrect access control in the web interface in Ruckus Wireless Unlea ...)
- TODO: check
+ NOT-FOR-US: Ruckus devices
CVE-2019-19836 (AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200. ...)
NOT-FOR-US: Ruckus devices
CVE-2019-19835 (SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed thro ...)
- TODO: check
+ NOT-FOR-US: Ruckus devices
CVE-2019-19834 (Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed throug ...)
NOT-FOR-US: Ruckus devices
CVE-2019-20043 (In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...)
@@ -24171,9 +24171,9 @@ CVE-2019-17204 (TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowle
CVE-2019-17203 (TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a c ...)
- teampass <itp> (bug #730180)
CVE-2019-17202 (FastTrack Admin By Request 6.1.0.0 supports group policies that are su ...)
- TODO: check
+ NOT-FOR-US: FastTrack Admin By Request
CVE-2019-17201 (FastTrack Admin By Request 6.1.0.0 supports group policies that are su ...)
- TODO: check
+ NOT-FOR-US: FastTrack Admin By Request
CVE-2019-17200
RESERVED
CVE-2017-18637
@@ -26079,17 +26079,17 @@ CVE-2019-16519 (ESET Cyber Security 6.7.900.0 for macOS allows a local attacker
CVE-2019-16518 (An issue was discovered on Swell Kit Mod devices that use the Vandy Va ...)
NOT-FOR-US: Swell Kit Mod devices
CVE-2019-16517 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
- TODO: check
+ NOT-FOR-US: ConnectWise Control
CVE-2019-16516 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
- TODO: check
+ NOT-FOR-US: ConnectWise Control
CVE-2019-16515 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
- TODO: check
+ NOT-FOR-US: ConnectWise Control
CVE-2019-16514 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
- TODO: check
+ NOT-FOR-US: ConnectWise Control
CVE-2019-16513 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
- TODO: check
+ NOT-FOR-US: ConnectWise Control
CVE-2019-16512 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
- TODO: check
+ NOT-FOR-US: ConnectWise Control
CVE-2019-16511 (An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. ...)
NOT-FOR-US: FireGiant
CVE-2019-16510 (libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady ...)
@@ -27202,7 +27202,7 @@ CVE-2019-16155
CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...)
NOT-FOR-US: FortiAuthenticator WEB UI
CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM database ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-16152
RESERVED
CVE-2019-16151
@@ -28435,7 +28435,7 @@ CVE-2012-6717 (The redirection plugin before 2.2.12 for WordPress has XSS, a dif
CVE-2011-5329 (The redirection plugin before 2.2.9 for WordPress has XSS in the admin ...)
NOT-FOR-US: redirection plugin for WordPress
CVE-2019-15712 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...)
- TODO: check
+ NOT-FOR-US: FortiMail admin webUI
CVE-2019-15711
RESERVED
CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, ...)
@@ -28445,7 +28445,7 @@ CVE-2019-15709
CVE-2019-15708
RESERVED
CVE-2019-15707 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...)
- TODO: check
+ NOT-FOR-US: FortiMail admin webUI
CVE-2019-15706
RESERVED
CVE-2019-15705 (An Improper Input Validation vulnerability in the SSL VPN portal of Fo ...)
@@ -58995,7 +58995,7 @@ CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STA
CVE-2019-5594 (An Improper Neutralization of Input During Web Page Generation ("Cross ...)
NOT-FOR-US: Fortinet
CVE-2019-5593 (Improper permission or value checking in the CLI console may allow a n ...)
- TODO: check
+ NOT-FOR-US: FortiOS
CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, ...)
NOT-FOR-US: Fortinet
CVE-2019-5591
@@ -78842,7 +78842,7 @@ CVE-2018-17984 (An unanchored /[a-z]{2}/ regular expression in ISPConfig before
CVE-2018-17982
RESERVED
CVE-2018-17981 (Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the int ...)
- TODO: check
+ NOT-FOR-US: Lifesize Express
CVE-2018-17980 (NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain ...)
NOT-FOR-US: NoMachine
CVE-2015-9273 (The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for Wor ...)
@@ -83360,13 +83360,13 @@ CVE-2018-16274
CVE-2018-16273
RESERVED
CVE-2018-16272 (The wpa_supplicant system service in Samsung Galaxy Gear series allows ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-16271 (The wemail_consumer_service (from the built-in application wemail) in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-16270 (Samsung Galaxy Gear series before build RE2 includes the hcidump utili ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-16269 (The wnoti system service in Samsung Galaxy Gear series allows an unpri ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2018-16268 (The SoundServer/FocusServer system services in Tizen allow an unprivil ...)
TODO: check
CVE-2018-16267 (The system-popup system service in Tizen allows an unprivileged proces ...)
@@ -242881,7 +242881,7 @@ CVE-2014-7240 (Cross-site scripting (XSS) vulnerability in the Easy Contact Form
CVE-2014-7239
RESERVED
CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin Contact Form Integrated With Google Maps
CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windo ...)
- twiki <removed>
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237
@@ -262825,7 +262825,7 @@ CVE-2013-6787 (SQL injection vulnerability in the check_user_password function i
CVE-2013-6786 (Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4. ...)
NOT-FOR-US: Allegro RomPager
CVE-2013-6785 (Directory traversal vulnerability in url_redirect.cgi in Supermicro IP ...)
- TODO: check
+ NOT-FOR-US: Supermicro IPMI
CVE-2013-6784
RESERVED
CVE-2013-6783
@@ -264106,7 +264106,7 @@ CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attacker
[squeeze] - munin 1.4.5-3+deb6u1
NOTE: http://munin-monitoring.org/ticket/1397
CVE-2013-6358 (PrestaShop 1.5.5 allows remote authenticated attackers to execute arbi ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the ...)
NOT-FOR-US: Disputed non-issue in Tomcat
CVE-2013-6356
@@ -277018,7 +277018,7 @@ CVE-2013-1594
CVE-2013-1593
RESERVED
CVE-2013-1592 (A Buffer Overflow vulnerability exists in the Message Server service _ ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2013-1591 (Stack-based buffer overflow in libpixman, as used in Pale Moon before ...)
- pixman 0.26.0-4 (bug #700308)
[squeeze] - pixman <not-affected> (Vulnerable code not present)
@@ -282862,7 +282862,7 @@ CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session cooki
- wordpress <unfixed> (unimportant; bug #696868)
NOTE: non-issue, see https://wordpress.org/support/topic/old-bug-cve-2012-5868
CVE-2012-5867 (HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability ...)
- TODO: check
+ NOT-FOR-US: HT Editor
CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4 ...)
NOT-FOR-US: Achievo
CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows re ...)
@@ -283272,9 +283272,9 @@ CVE-2012-5701 (Multiple SQL injection vulnerabilities in dotProject before 2.1.7
CVE-2012-5700 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko befo ...)
NOT-FOR-US: Baby Gekko
CVE-2012-5699 (BabyGekko before 1.2.4 allows PHP file inclusion. ...)
- TODO: check
+ NOT-FOR-US: BabyGekko
CVE-2012-5698 (BabyGekko before 1.2.4 has SQL injection. ...)
- TODO: check
+ NOT-FOR-US: BabyGekko
CVE-2012-5979
REJECTED
CVE-2012-5697 (The btinstall installation script in Bulb Security Smartphone Pentest ...)
@@ -285136,7 +285136,7 @@ CVE-2012-4983 (Multiple cross-site scripting (XSS) vulnerabilities on the Foresc
CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout CounterAC ...)
NOT-FOR-US: Forescout device
CVE-2012-4981 (Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vuln ...)
- TODO: check
+ NOT-FOR-US: Toshiba ConfigFree
CVE-2012-4980 (Multiple stack-based buffer overflows in CFProfile.exe in Toshiba Conf ...)
NOT-FOR-US: Toshiba ConfigFree Utility
CVE-2012-4979
@@ -285301,7 +285301,7 @@ CVE-2012-4921 (Multiple cross-site request forgery (CSRF) vulnerabilities in the
CVE-2012-4920 (Directory traversal vulnerability in the zing_forum_output function in ...)
NOT-FOR-US: Wordpress plugin Zingiri Forum
CVE-2012-4919 (Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Gallery Plugin1.4 for WordPress
CVE-2012-4918 (Call of Duty Elite for iOS 2.0.1 does not properly validate the server ...)
NOT-FOR-US: Call of Duty Elite for iOS
CVE-2012-4917 (The TripAdvisor app 6.6 for iOS sends cleartext credentials, which all ...)
@@ -285375,7 +285375,7 @@ CVE-2012-4902 (Multiple cross-site request forgery (CSRF) vulnerabilities in Tem
CVE-2012-4901 (Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and ear ...)
NOT-FOR-US: Template CMS (http://template-cms.ru)
CVE-2012-4900 (Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via unt ...)
- TODO: check
+ NOT-FOR-US: Corel WordPerfect Office X6
CVE-2012-4899 (WellinTech KingView 6.5.3 and earlier uses a weak password-hashing alg ...)
NOT-FOR-US: WellinTech KingView
CVE-2012-4898 (Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a ...)
@@ -285458,7 +285458,7 @@ CVE-2012-4865 (Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers
CVE-2012-4864 (Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Oreans WinLicense
CVE-2012-4863 (IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2012-4862 (The Host Connect emulator in IBM Rational Developer for System z 7.1 t ...)
NOT-FOR-US: IBM Rational
CVE-2012-4861 (The web server in InfoSphere Data Replication Dashboard in IBM InfoSph ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f323677494e1ff66e532a1c2dca36cdbd2889e61
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f323677494e1ff66e532a1c2dca36cdbd2889e61
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200123/08cd987b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list