[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Mar 17 08:49:35 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7a712a5 by Salvatore Bonaccorso at 2020-03-17T09:49:04+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1307,7 +1307,7 @@ CVE-2019-20493
CVE-2019-20492
RESERVED
CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual mail accoun ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2019-20490
RESERVED
CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...)
@@ -2529,9 +2529,9 @@ CVE-2020-9474
CVE-2020-9473
RESERVED
CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...)
- TODO: check
+ NOT-FOR-US: Umbraco
CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...)
NOT-FOR-US: Wing FTP Server
CVE-2020-9469
@@ -2853,9 +2853,9 @@ CVE-2020-9349
CVE-2020-9348
RESERVED
CVE-2020-9347 (Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Ma ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no protectio ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine
CVE-2020-9345
RESERVED
CVE-2020-9344
@@ -4158,15 +4158,15 @@ CVE-2020-8789
CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...)
NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer
CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2020-8786 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2020-8785 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2019-20450
RESERVED
CVE-2019-20449
@@ -5962,7 +5962,7 @@ CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an
NOTE: https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8
NOTE: https://github.com/Exiv2/exiv2/issues/1011
CVE-2020-7982 (An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and ...)
- TODO: check
+ NOT-FOR-US: OpenWrt
CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...)
- ruby-geocoder 1.5.1-3 (bug #949870)
NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613
@@ -6140,7 +6140,7 @@ CVE-2019-20409
CVE-2019-20408
RESERVED
CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira Software ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...)
NOT-FOR-US: Atlassian
CVE-2019-20405 (The JMX monitoring flag in Atlassian Jira Server and Data Center befor ...)
@@ -6172,7 +6172,7 @@ CVE-2020-7918
CVE-2020-7917
RESERVED
CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...)
- TODO: check
+ NOT-FOR-US: LearnPress plugin for WordPress
CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...)
NOT-FOR-US: Eaton devices
CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...)
@@ -7589,7 +7589,7 @@ CVE-2020-7250
CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...)
NOT-FOR-US: SMC D3G0804W devices
CVE-2020-7248 (libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged ...)
- TODO: check
+ NOT-FOR-US: libubox in OpenWrt
CVE-2020-XXXX [opensmtpd DoS via opportunistic TLS downgrade]
- opensmtpd 6.6.2p1-1 (bug #950121)
[stretch] - opensmtpd 6.0.2p1-2+deb9u2
@@ -10159,7 +10159,7 @@ CVE-2019-20362 (In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 1
CVE-2020-6176
RESERVED
CVE-2020-6175 (Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missin ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2020-6174 (TUF (aka The Update Framework) through 0.12.1 has Improper Verificatio ...)
- python-tuf <itp> (bug #934151)
CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolle ...)
@@ -12760,7 +12760,7 @@ CVE-2019-20193
CVE-2019-20192
RESERVED
CVE-2019-20191 (Oxygen XML Editor 21.1.1 allows XXE to read any file. ...)
- TODO: check
+ NOT-FOR-US: Oxygen XML Editor
CVE-2019-20190
RESERVED
CVE-2019-20189
@@ -15389,7 +15389,7 @@ CVE-2019-20107 (Multiple SQL injection vulnerabilities in TestLink through 1.9.1
CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center before ver ...)
NOT-FOR-US: Atlassian
CVE-2019-20105 (The EditApplinkServlet resource in the Atlassian Application Links plu ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20104 (The OpenID client application in Atlassian Crowd before version 3.6.2, ...)
NOT-FOR-US: Atlassian
CVE-2019-20103
@@ -15842,7 +15842,7 @@ CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks o
CVE-2019-19946 (The API in Dradis Pro 3.4.1 allows any user to extract the content of ...)
NOT-FOR-US: Dradis Pro
CVE-2019-19945 (uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an ...)
- TODO: check
+ NOT-FOR-US: uhttpd in OpenWrt
CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c ...)
NOT-FOR-US: libIEC61850
CVE-2019-19943 (The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3 ...)
@@ -15858,7 +15858,7 @@ CVE-2019-19939
CVE-2019-19938
RESERVED
CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to restrict eithe ...)
- TODO: check
+ NOT-FOR-US: JFrog Artifactory
CVE-2019-19936
RESERVED
CVE-2019-19935
@@ -23425,7 +23425,7 @@ CVE-2019-18919
CVE-2019-18918
RESERVED
CVE-2019-18917 (A potential security vulnerability has been identified for certain HP ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2019-18916
RESERVED
CVE-2019-18915 (A potential security vulnerability has been identified with certain ve ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7a712a53866d7cd1926f72b10d12d9357c6392e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7a712a53866d7cd1926f72b10d12d9357c6392e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200317/b6b0f653/attachment.html>
More information about the debian-security-tracker-commits
mailing list