[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 16 20:51:15 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ec8fffbc by Salvatore Bonaccorso at 2020-03-16T21:50:48+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -105,7 +105,7 @@ CVE-2018-21037
CVE-2020-10595
RESERVED
CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...)
- TODO: check
+ NOT-FOR-US: drf-jwt
CVE-2020-10593
RESERVED
CVE-2020-10592
@@ -186,7 +186,7 @@ CVE-2020-10559
CVE-2020-10558
RESERVED
CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...)
- TODO: check
+ NOT-FOR-US: AContent
CVE-2020-10556
RESERVED
CVE-2020-10555
@@ -838,17 +838,17 @@ CVE-2020-10245
CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. ...)
NOT-FOR-US: JPaseto
CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2020-10242 (An issue was discovered in Joomla! before 3.9.16. Inadequate handling ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2020-10241 (An issue was discovered in Joomla! before 3.9.16. Missing token checks ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2020-10240 (An issue was discovered in Joomla! before 3.9.16. Missing length check ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2020-10239 (An issue was discovered in Joomla! before 3.9.16. Incorrect Access Con ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2020-10238 (An issue was discovered in Joomla! before 3.9.16. Various actions in c ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The installer wrot ...)
NOT-FOR-US: Froxlor
CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created files wi ...)
@@ -871,7 +871,7 @@ CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a
CVE-2020-10231
RESERVED
CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) al ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com
CVE-2020-10229
RESERVED
CVE-2020-10228
@@ -2914,7 +2914,7 @@ CVE-2020-9323
CVE-2020-9322
RESERVED
CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...)
- TODO: check
+ NOT-FOR-US: Traefik
CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a ...)
NOT-FOR-US: Avira
CVE-2020-9319
@@ -8247,11 +8247,11 @@ CVE-2020-6992
CVE-2020-6991
RESERVED
CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2020-6989
RESERVED
CVE-2020-6988 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2020-6987
RESERVED
CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a series ...)
@@ -8259,7 +8259,7 @@ CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a se
CVE-2020-6985
RESERVED
CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2020-6983
RESERVED
CVE-2020-6982
@@ -8267,7 +8267,7 @@ CVE-2020-6982
CVE-2020-6981
RESERVED
CVE-2020-6980 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2020-6979
RESERVED
CVE-2020-6978
@@ -9222,11 +9222,11 @@ CVE-2020-6588
CVE-2020-6587
RESERVED
CVE-2020-6586 (Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2020-6585 (Nagios Log Server 2.1.3 has CSRF. ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2020-6584 (Nagios Log Server 2.1.3 has Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2019-20371
RESERVED
CVE-2019-20370
@@ -10826,17 +10826,17 @@ CVE-2020-5851 (On impacted versions and platforms the Trusted Platform Module (T
CVE-2020-5850
RESERVED
CVE-2020-5849 (Unraid 6.8.0 allows authentication bypass. ...)
- TODO: check
+ NOT-FOR-US: Unraid
CVE-2020-5848
RESERVED
CVE-2020-5847 (Unraid through 6.8.0 allows Remote Code Execution. ...)
- TODO: check
+ NOT-FOR-US: Unraid
CVE-2020-5846 (An insecure file upload and code execution issue was discovered in Ahs ...)
NOT-FOR-US: Ahsay Cloud Backup Suite
CVE-2020-5845
RESERVED
CVE-2020-5844 (index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pan ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2020-5843 (Codoforum 4.8.3 allows XSS in the admin dashboard via a category to th ...)
NOT-FOR-US: Codoforum
CVE-2020-5842 (Codoforum 4.8.3 allows XSS in the user registration page: via the user ...)
@@ -15258,9 +15258,9 @@ CVE-2020-3950
CVE-2020-3949
RESERVED
CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3947 (VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3946
RESERVED
CVE-2020-3945 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...)
@@ -15836,7 +15836,7 @@ CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks o
[stretch] - linux 4.9.210-1
NOTE: https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9
CVE-2019-19946 (The API in Dradis Pro 3.4.1 allows any user to extract the content of ...)
- TODO: check
+ NOT-FOR-US: Dradis Pro
CVE-2019-19945 (uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an ...)
TODO: check
CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c ...)
@@ -15844,11 +15844,11 @@ CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_de
CVE-2019-19943 (The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3 ...)
NOT-FOR-US: Pablo Quick 'n Easy Web Server
CVE-2019-19942 (Missing output sanitation in Swisscom Centro Grande Centro Grande befo ...)
- TODO: check
+ NOT-FOR-US: Swisscom
CVE-2019-19941 (Missing hostname validation in Swisscom Centro Grande before 6.16.12 a ...)
- TODO: check
+ NOT-FOR-US: Swisscom
CVE-2019-19940 (Incorrect input sanitation in text-oriented user interfaces (telnet, s ...)
- TODO: check
+ NOT-FOR-US: Swisscom
CVE-2019-19939
RESERVED
CVE-2019-19938
@@ -16890,7 +16890,7 @@ CVE-2019-19823 (A certain router administration interface (that includes Realtek
CVE-2019-19822 (A certain router administration interface (that includes Realtek APMIB ...)
NOT-FOR-US: Realtek
CVE-2019-19821 (A post-authentication privilege escalation in the web application of C ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys dr ...)
NOT-FOR-US: Kyrol Internet Security
CVE-2019-19819 (The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.1 ...)
@@ -22636,7 +22636,7 @@ CVE-2019-19210 (Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML
CVE-2019-19209 (Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. ...)
TODO: check
CVE-2019-19208 (Codiad Web IDE through 2.8.4 allows PHP Code injection. ...)
- TODO: check
+ NOT-FOR-US: Codiad Web IDE
CVE-2019-19207 (rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. ...)
NOT-FOR-US: rConfig
CVE-2019-19206 (Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to J ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec8fffbc8c585e8c85b8c006731373f8675b96d7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec8fffbc8c585e8c85b8c006731373f8675b96d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200316/8306b055/attachment.html>
More information about the debian-security-tracker-commits
mailing list