[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 29 20:37:08 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d753c8d9 by Salvatore Bonaccorso at 2020-01-29T21:36:43+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2020-8418
CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...)
NOT-FOR-US: Code Snippets plugin for WordPress
CVE-2020-8416 (BearFTP before 0.2.0 allows remote attackers to achieve denial of serv ...)
- TODO: check
+ NOT-FOR-US: BearFTP
CVE-2020-8415
RESERVED
CVE-2020-8414
@@ -683,9 +683,9 @@ CVE-2020-8095
CVE-2020-8094
RESERVED
CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...)
- TODO: check
+ NOT-FOR-US: Bitdefender Antivirus for Mac
CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in Bitdefend ...)
- TODO: check
+ NOT-FOR-US: Bitdefender Antivirus for Mac
CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...)
NOT-FOR-US: TYPO3
CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...)
@@ -997,7 +997,7 @@ CVE-2020-7967
CVE-2020-7966
RESERVED
CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...)
- TODO: check
+ NOT-FOR-US: webargs
CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect ...)
NOT-FOR-US: Mirumee Saleor
CVE-2020-7963
@@ -6853,7 +6853,7 @@ CVE-2020-5229
CVE-2020-5228
RESERVED
CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of ...)
- TODO: check
+ NOT-FOR-US: Feedgen
CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...)
- simplesamlphp 1.18.4-1
[buster] - simplesamlphp <not-affected> (Vulnerable code introduced later)
@@ -6921,7 +6921,7 @@ CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i
CVE-2020-5208
RESERVED
CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...)
- TODO: check
+ NOT-FOR-US: Ktor
CVE-2020-5206
RESERVED
CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...)
@@ -7225,11 +7225,11 @@ CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH s
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
CVE-2019-20217 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-20216 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-20215 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-20214
RESERVED
CVE-2019-20213 (D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Info ...)
@@ -11030,7 +11030,7 @@ CVE-2020-3760
CVE-2020-3759
RESERVED
CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-3757
RESERVED
CVE-2020-3756
@@ -11108,25 +11108,25 @@ CVE-2020-3721
CVE-2020-3720
RESERVED
CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-3717 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-3716 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-3715 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-3714 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3713 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3712 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3709
RESERVED
CVE-2020-3708
@@ -15562,7 +15562,7 @@ CVE-2019-19543 (In the Linux kernel before 5.1.6, there is a use-after-free in s
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://git.kernel.org/linus/56cd26b618855c9af48c8301aa6754ced8dd0beb
CVE-2019-19539 (An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01AB ...)
- TODO: check
+ NOT-FOR-US: Idelji Web ViewPoint
CVE-2019-19538
RESERVED
CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...)
@@ -23979,7 +23979,7 @@ CVE-2019-17653
CVE-2019-17652
RESERVED
CVE-2019-17651 (An Improper Neutralization of Input vulnerability in the description a ...)
- TODO: check
+ NOT-FOR-US: FortiSIEM
CVE-2019-17650 (An Improper Neutralization of Special Elements used in a Command vulne ...)
NOT-FOR-US: Fortiguard
CVE-2019-17649
@@ -25548,7 +25548,7 @@ CVE-2019-17098
CVE-2019-17097
RESERVED
CVE-2019-17096 (A OS Command Injection vulnerability in the bootstrap stage of Bitdefe ...)
- TODO: check
+ NOT-FOR-US: Bitdefender BOX 2
CVE-2019-17095 (A command injection vulnerability has been discovered in the bootstrap ...)
NOT-FOR-US: Bitdefender BOX 2
CVE-2019-17094 (A Stack-based Buffer Overflow vulnerability in libbelkin_api.so compon ...)
@@ -37621,11 +37621,11 @@ CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the in
CVE-2019-13522 (An attacker could use a specially crafted project file to corrupt the ...)
NOT-FOR-US: EZ PLC Editor
CVE-2019-13521 (A maliciously crafted program file opened by an unsuspecting user of R ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 Smart L ...)
NOT-FOR-US: Fuji Electric
CVE-2019-13519 (A maliciously crafted program file opened by an unsuspecting user of R ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2019-13518 (An attacker could use a specially crafted project file to overflow the ...)
NOT-FOR-US: EZAutomation
CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Serve ...)
@@ -53380,7 +53380,7 @@ CVE-2019-8259 (UltraVNC revision 1198 contains multiple memory leaks (CWE-655) i
CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC ...)
NOT-FOR-US: UltraVNC
CVE-2019-8257 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure inherited pe ...)
NOT-FOR-US: ColdFusion
CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection vulnerabil ...)
@@ -56207,7 +56207,7 @@ CVE-2019-7133 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnera
CVE-2019-7132 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerabili ...)
NOT-FOR-US: Adobe
CVE-2019-7131 (Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Suc ...)
NOT-FOR-US: Adobe
CVE-2019-7129 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored ...)
@@ -58918,7 +58918,7 @@ CVE-2019-6038
CVE-2019-6037
RESERVED
CVE-2019-6036 (Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 p ...)
- TODO: check
+ NOT-FOR-US: F-RevoCRM
CVE-2019-6035 (Open redirect vulnerability in Athenz v1.8.24 and earlier allows remot ...)
NOT-FOR-US: Athenz
CVE-2019-6034 (a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver ...)
@@ -75602,7 +75602,7 @@ CVE-2018-19444 (A use after free in the TextBox field Validate action in IReader
CVE-2018-19442 (A Buffer Overflow in Network::AuthenticationClient::VerifySignature in ...)
NOT-FOR-US: Neato Botvac Connected
CVE-2018-19441 (An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateR ...)
- TODO: check
+ NOT-FOR-US: Neato Botvac Connected
CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...)
NOT-FOR-US: ARM Trusted Firmware-A
CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure Global Deskt ...)
@@ -240700,7 +240700,7 @@ CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in assets/mis
CVE-2014-8491 (The Grand Flagallery plugin before 4.25 for WordPress allows remote at ...)
NOT-FOR-US: Grand Flagallery plugin for WordPress
CVE-2014-8490 (Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9 ...)
- TODO: check
+ NOT-FOR-US: TennisConnect COMPONENTS
CVE-2014-8990 (default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attacke ...)
{DSA-3130-1}
- lsyncd 2.1.5-2 (low; bug #767227)
@@ -253514,7 +253514,7 @@ CVE-2014-3447 (BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vul
CVE-2014-3446 (SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in ...)
NOT-FOR-US: BSS Continuity CMS
CVE-2014-3445 (backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require ...)
- TODO: check
+ NOT-FOR-US: HandsomeWeb SOS Webpages
CVE-2014-3730 (The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, ...)
{DSA-2934-1}
- python-django 1.6.5-1
@@ -263698,9 +263698,9 @@ CVE-2013-6870 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk
CVE-2012-6611
RESERVED
CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J al ...)
- TODO: check
+ NOT-FOR-US: Polycom HDX Video End Points
CVE-2012-6609 (Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video ...)
- TODO: check
+ NOT-FOR-US: Polycom HDX Video End Points
CVE-2012-6608 (Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in ...)
NOT-FOR-US: Elastix
CVE-2013-6885 (The microcode on AMD 16h 00h through 0Fh processors does not properly ...)
@@ -268730,15 +268730,15 @@ CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python mod
CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for Android h ...)
NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for Android
CVE-2013-4865 (Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in ...)
- TODO: check
+ NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4864 (MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4863 (The HomeAutomationGateway service in MiCasaVerde VeraLite with firmwar ...)
- TODO: check
+ NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4862 (MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict ...)
- TODO: check
+ NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4861 (Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasa ...)
- TODO: check
+ NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does n ...)
NOT-FOR-US: Radio Thermostat
CVE-2013-4859 (INSTEON Hub 2242-222 lacks Web and API authentication ...)
@@ -272598,9 +272598,9 @@ CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.
CVE-2013-3494
RESERVED
CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Shar ...)
NOT-FOR-US: WordPress plugin sharebar
CVE-2013-3490
@@ -273225,13 +273225,13 @@ CVE-2013-3217
CVE-2013-3216
RESERVED
CVE-2013-3215 (vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerab ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2013-3214 (vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4 ...)
NOT-FOR-US: vTiger CRM
CVE-2013-3212 (vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilitie ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2012-6551 (The default configuration of Apache ActiveMQ before 5.8.0 enables a sa ...)
- activemq <not-affected> (Example code not shipped in .deb)
CVE-2013-3211 (Unspecified vulnerability in Opera before 12.15 has unknown impact and ...)
@@ -273471,7 +273471,7 @@ CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-L
CVE-2013-3094
RESERVED
CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...)
- TODO: check
+ NOT-FOR-US: ASUS RT-N56U devices
CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass a ...)
NOT-FOR-US: Belkin router
CVE-2013-3091
@@ -273516,13 +273516,13 @@ CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initi
CVE-2013-3075 (Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Comp ...)
NOT-FOR-US: Mitsubishi MX Component 3
CVE-2013-3074 (NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow rem ...)
- TODO: check
+ NOT-FOR-US: NetGear WNDR4700 Media Server devices
CVE-2013-3073 (A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 F ...)
NOT-FOR-US: NETGEAR
CVE-2013-3072 (An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4 ...)
NOT-FOR-US: NETGEAR
CVE-2013-3071 (NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authenti ...)
- TODO: check
+ NOT-FOR-US: NETGEAR Centria WNDR4700 devices
CVE-2013-3070 (An Information Disclosure vulnerability exists in Netgear WNDR4700 run ...)
NOT-FOR-US: NETGEAR
CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR470 ...)
@@ -274379,7 +274379,7 @@ CVE-2013-2750 (Cross-site scripting (XSS) vulnerability in e107_plugins/content/
CVE-2013-2749
REJECTED
CVE-2013-2748 (Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote att ...)
- TODO: check
+ NOT-FOR-US: Belkin
CVE-2013-2747 (The password reset feature in Courion Access Risk Management Suite Ver ...)
NOT-FOR-US: Courion Access Risk Management Suite
CVE-2013-2746
@@ -274458,7 +274458,7 @@ CVE-2013-2716 (Puppet Labs Puppet Enterprise before 2.8.0 does not use a "random
CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in the Sear ...)
NOT-FOR-US: Drupal module search_api
CVE-2013-2714 (Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 coul ...)
- TODO: check
+ NOT-FOR-US: WordPress podPress Plugin
CVE-2013-2713 (Cross-site request forgery (CSRF) vulnerability in users_maint.html in ...)
NOT-FOR-US: KrisonAV
CVE-2013-2712 (Cross-site scripting (XSS) vulnerability in services/get_article.php i ...)
@@ -274680,7 +274680,7 @@ CVE-2013-2614
CVE-2013-2613
RESERVED
CVE-2013-2612 (Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.20 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2013-2611
RESERVED
CVE-2013-2610
@@ -274763,19 +274763,19 @@ CVE-2013-2575
CVE-2013-2574 (An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insuf ...)
NOT-FOR-US: Foscam
CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to the /c ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 313 ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale (POS) syst ...)
TODO: check
CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...)
- TODO: check
+ NOT-FOR-US: Zavio
CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6 ...)
- TODO: check
+ NOT-FOR-US: Zavio
CVE-2013-2568 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...)
- TODO: check
+ NOT-FOR-US: Zavio
CVE-2013-2567 (An Authentication Bypass vulnerability exists in the web interface in ...)
- TODO: check
+ NOT-FOR-US: Zavio
CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, has m ...)
NOTE: Generic protocol flaw in RC4
CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the Linux ...)
@@ -278072,9 +278072,9 @@ CVE-2013-1602 (An Information Disclosure vulnerability exists due to insufficien
CVE-2013-1601 (An Information Disclosure vulnerability exists due to a failure to res ...)
TODO: check
CVE-2013-1600 (An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2013-1599 (A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2013-1598 (A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras ...)
NOT-FOR-US: Vivotek PT7135 IP Cameras
CVE-2013-1597 (A Directory Traversal vulnerability exists in Vivotek PT7135 IP Camera ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d753c8d92822983d4908be4fdee90631dfd95a7b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d753c8d92822983d4908be4fdee90631dfd95a7b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200129/f712c6fc/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list