[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Sat Mar 21 08:31:42 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
10cf9cb9 by Salvatore Bonaccorso at 2020-03-21T09:31:16+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2020-10794
 CVE-2020-10793
 	RESERVED
 CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...)
-	TODO: check
+	NOT-FOR-US: openITCOCKPIT
 CVE-2020-10791
 	RESERVED
 CVE-2020-10790
@@ -551,7 +551,7 @@ CVE-2020-10560
 CVE-2020-10559
 	RESERVED
 CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before  ...)
-	TODO: check
+	NOT-FOR-US: driving interface of Tesla Model 3 vehicles
 CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...)
 	NOT-FOR-US: AContent
 CVE-2020-10556
@@ -1317,7 +1317,7 @@ CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 f
 CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...)
 	NOT-FOR-US: popup-builder plugin for WordPress
 CVE-2020-10194 (cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8. ...)
-	TODO: check
+	NOT-FOR-US: Zimbra
 CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass  ...)
 	NOT-FOR-US: ESET Archive Support Module
 CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An unauthent ...)
@@ -2885,7 +2885,7 @@ CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holdin
 	[jessie] - libvirt <not-affected> (Vulnerable code not present)
 	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1)
 CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...)
-	TODO: check
+	NOT-FOR-US: Swann
 CVE-2020-9478
 	RESERVED
 CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...)
@@ -2992,7 +2992,7 @@ CVE-2020-9427
 CVE-2020-9426
 	RESERVED
 CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...)
-	TODO: check
+	NOT-FOR-US: rConfig
 CVE-2020-9424
 	RESERVED
 CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...)
@@ -4301,19 +4301,19 @@ CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngi
 CVE-2020-8884
 	RESERVED
 CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit Studio Photo
 CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit Studio Photo
 CVE-2020-8881 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit Studio Photo
 CVE-2020-8880 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit Studio Photo
 CVE-2020-8879 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit Studio Photo
 CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary code o ...)
-	TODO: check
+	NOT-FOR-US: Foxit Studio Photo
 CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...)
-	TODO: check
+	NOT-FOR-US: Foxit Studio Photo
 CVE-2020-8876
 	RESERVED
 CVE-2020-8875
@@ -5952,7 +5952,7 @@ CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5
 CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request ...)
 	TODO: check
 CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...)
-	TODO: check
+	NOT-FOR-US: Ghost CMS
 CVE-2020-8133
 	RESERVED
 CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0  ...)
@@ -6407,7 +6407,7 @@ CVE-2015-9541 (Qt through 5.14 allows an exponential XML entity expansion attack
 CVE-2020-7962
 	RESERVED
 CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE  ...)
-	TODO: check
+	NOT-FOR-US: Liferay Portal
 CVE-2020-7960
 	RESERVED
 CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of  ...)
@@ -23183,7 +23183,7 @@ CVE-2019-19150 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.
 CVE-2019-19149
 	RESERVED
 CVE-2019-19148 (Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command  ...)
-	TODO: check
+	NOT-FOR-US: Tellabs Optical Line Terminal (OLT) devices
 CVE-2019-19147
 	RESERVED
 CVE-2019-19146
@@ -23571,19 +23571,19 @@ CVE-2019-19031 (Easy XML Editor through v1.7.8 is affected by: XML External Enti
 CVE-2019-19030
 	RESERVED
 CVE-2019-19029 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
-	TODO: check
+	NOT-FOR-US: Harbor
 CVE-2019-19028
 	RESERVED
 CVE-2019-19027
 	RESERVED
 CVE-2019-19026 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
-	TODO: check
+	NOT-FOR-US: Harbor
 CVE-2019-19025 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
-	TODO: check
+	NOT-FOR-US: Harbor
 CVE-2019-19024
 	RESERVED
 CVE-2019-19023 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has  ...)
-	TODO: check
+	NOT-FOR-US: Harbor
 CVE-2019-19022 (iTerm2 through 3.3.6 has potentially insufficient documentation about  ...)
 	NOT-FOR-US: iTerm2
 CVE-2019-19021 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidd ...)
@@ -23684,7 +23684,7 @@ CVE-2019-18981 (Pimcore before 6.2.2 lacks an Access Denied outcome for a certai
 CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022 ...)
 	NOT-FOR-US: Signify Philips Taolight
 CVE-2019-18979 (Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine fla ...)
-	TODO: check
+	NOT-FOR-US: Adaware
 CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...)
 	{DLA-2096-1}
 	- ruby-rack-cors 1.1.1-1 (bug #944849)
@@ -24206,13 +24206,13 @@ CVE-2019-18788
 CVE-2019-18787
 	RESERVED
 CVE-2019-18785 (SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2019-18784 (SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2019-18783
 	RESERVED
 CVE-2019-18782 (SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not c ...)
-	TODO: check
+	NOT-FOR-US: SuiteCRM
 CVE-2019-18781 (An open redirect vulnerability was discovered in Zoho ManageEngine ADS ...)
 	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
 CVE-2019-18786 (In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitial ...)
@@ -26016,7 +26016,7 @@ CVE-2020-0795 (This vulnerability is caused when SharePoint Server does not prop
 CVE-2020-0794
 	RESERVED
 CVE-2020-0793 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-0792 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-0791 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
@@ -26066,13 +26066,13 @@ CVE-2020-0770 (An elevation of privilege vulnerability exists when the Windows A
 CVE-2020-0769 (An elevation of privilege vulnerability exists when the Windows CSC Se ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-0768 (A remote code execution vulnerability exists in the way the scripting  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-0767 (A remote code execution vulnerability exists in the way that the Chakr ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-0766
 	RESERVED
 CVE-2020-0765 (An information disclosure vulnerability exists in the Remote Desktop C ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-0764
 	RESERVED
 CVE-2020-0763 (An elevation of privilege vulnerability exists when Windows Defender S ...)
@@ -26712,7 +26712,7 @@ CVE-2019-18643
 CVE-2019-18642
 	RESERVED
 CVE-2019-18641 (Rock RMS before 1.8.6 mishandles vCard access control within the Peopl ...)
-	TODO: check
+	NOT-FOR-US: Rock RMS
 CVE-2019-18640
 	RESERVED
 CVE-2019-18639
@@ -33674,7 +33674,7 @@ CVE-2019-16384
 CVE-2019-16383 (MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2 ...)
 	NOT-FOR-US: Progress MOVEit Transfer
 CVE-2019-16382 (An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is ...)
-	TODO: check
+	NOT-FOR-US: Ivanti Workspace Control
 CVE-2019-16381
 	RESERVED
 CVE-2019-16380
@@ -33854,9 +33854,9 @@ CVE-2019-16340 (Belkin Linksys Velop 1.1.8.192419 devices allows remote attacker
 CVE-2019-16339
 	RESERVED
 CVE-2019-16338 (The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 a ...)
-	TODO: check
+	NOT-FOR-US: Hancom Office
 CVE-2019-16337 (The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-f ...)
-	TODO: check
+	NOT-FOR-US: Hancom Office
 CVE-2019-16336 (The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE componen ...)
 	NOT-FOR-US: Cypress
 CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
@@ -34616,7 +34616,7 @@ CVE-2019-16110 (The network protocol of Blade Shadow though 2.13.3 allows remote
 CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It confi ...)
 	NOT-FOR-US: Plataformatec Devise
 CVE-2019-16108 (phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) to ...)
-	TODO: check
+	NOT-FOR-US: phpBB
 CVE-2019-16107 (Missing form token validation in phpBB 3.2.7 allows CSRF in deleting p ...)
 	NOT-FOR-US: phpBB
 CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...)
@@ -34709,29 +34709,29 @@ CVE-2019-16074
 CVE-2019-16073
 	RESERVED
 CVE-2019-16072 (An OS command injection vulnerability in the discover_and_manage CGI s ...)
-	TODO: check
+	NOT-FOR-US: NETSAS Enigma NMS
 CVE-2019-16071 (Enigma NMS 65.0.0 and prior allows administrative users to create low- ...)
-	TODO: check
+	NOT-FOR-US: Enigma NMS
 CVE-2019-16070 (A number of stored Cross-site Scripting (XSS) vulnerabilities were ide ...)
-	TODO: check
+	NOT-FOR-US: NETSAS Enigma NMS
 CVE-2019-16069 (A number of stored Cross-site Scripting (XSS) vulnerabilities were ide ...)
-	TODO: check
+	NOT-FOR-US: NETSAS Enigma NMS
 CVE-2019-16068 (A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and pr ...)
-	TODO: check
+	NOT-FOR-US: NETSAS Enigma NMS
 CVE-2019-16067 (NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over  ...)
-	TODO: check
+	NOT-FOR-US: NETSAS Enigma NMS
 CVE-2019-16066 (An unrestricted file upload vulnerability exists in user and system fi ...)
-	TODO: check
+	NOT-FOR-US: NETSAS Enigma NMS
 CVE-2019-16065 (A remote SQL injection web vulnerability was discovered in the Enigma  ...)
-	TODO: check
+	NOT-FOR-US: Enigma NMS
 CVE-2019-16064 (NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal  ...)
-	TODO: check
+	NOT-FOR-US: NETSAS Enigma NMS
 CVE-2019-16063 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data ren ...)
-	TODO: check
+	NOT-FOR-US: NETSAS Enigma NMS
 CVE-2019-16062 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data sto ...)
-	TODO: check
+	NOT-FOR-US: NETSAS Enigma NMS
 CVE-2019-16061 (A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are ...)
-	TODO: check
+	NOT-FOR-US: NETSAS Enigma NMS
 CVE-2019-16089 (An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_s ...)
 	- linux <unfixed>
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -34853,11 +34853,11 @@ CVE-2019-16014
 CVE-2019-16013
 	RESERVED
 CVE-2019-16012 (A vulnerability in the web UI of Cisco SD-WAN Solution vManage softwar ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-16011
 	RESERVED
 CVE-2019-16010 (A vulnerability in the web UI of the Cisco SD-WAN vManage software cou ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-16009
 	RESERVED
 CVE-2019-16008 (A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and ...)
@@ -35763,7 +35763,7 @@ CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to
 CVE-2019-15709
 	RESERVED
 CVE-2019-15708 (A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6. ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2019-15707 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...)
 	NOT-FOR-US: FortiMail admin webUI
 CVE-2019-15706
@@ -35923,15 +35923,15 @@ CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There
 	[jessie] - linux 3.16.72-1
 	NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427
 CVE-2019-15665 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
-	TODO: check
+	NOT-FOR-US: Rivet Killer Control Center
 CVE-2019-15664 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
-	TODO: check
+	NOT-FOR-US: Rivet Killer Control Center
 CVE-2019-15663 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
-	TODO: check
+	NOT-FOR-US: Rivet Killer Control Center
 CVE-2019-15662 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
-	TODO: check
+	NOT-FOR-US: Rivet Killer Control Center
 CVE-2019-15661 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
-	TODO: check
+	NOT-FOR-US: Rivet Killer Control Center
 CVE-2019-15660 (The wp-members plugin before 3.2.8 for WordPress has CSRF. ...)
 	NOT-FOR-US: wp-members plugin for WordPress
 CVE-2019-15659 (The pie-register plugin before 3.1.2 for WordPress has SQL injection,  ...)
@@ -35941,13 +35941,13 @@ CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName
 CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute  ...)
 	NOT-FOR-US: eslint-utils
 CVE-2019-15656 (D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-15655 (D-Link DSL-2875AL devices through 1.00.05 are prone to password disclo ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-15654 (Comba AP2600-I devices through A02,0202N00PD2 are prone to password di ...)
-	TODO: check
+	NOT-FOR-US: Comba
 CVE-2019-15653 (Comba AP2600-I devices through A02,0202N00PD2 are prone to password di ...)
-	TODO: check
+	NOT-FOR-US: Comba
 CVE-2019-15652 (The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices ...)
 	NOT-FOR-US: NSSLGlobal SatLink VSAT Modem Unit (VMU) devices
 CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...)
@@ -37804,7 +37804,7 @@ CVE-2019-15077
 CVE-2019-15076
 	RESERVED
 CVE-2019-15075 (An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/ ...)
-	TODO: check
+	NOT-FOR-US: iNextrix ASTPP
 CVE-2019-15074 (The Timeline feature in my_view_page.php in MantisBT through 2.21.1 ha ...)
 	- mantis <removed>
 	NOTE: https://github.com/mantisbt/mantisbt/commit/9cee1971c498bbe0a72bca1c773fae50171d8c27
@@ -44205,7 +44205,7 @@ CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS)
 	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/commit/6090d6b0a90417f1a60aa68a01eb777cef2e1184
 	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1386
 CVE-2019-13463 (An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Li ...)
-	TODO: check
+	NOT-FOR-US: Simple Link Directory plugin for WordPress
 CVE-2019-13462 (Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. ...)
 	NOT-FOR-US: Lansweeper
 CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...)
@@ -44404,7 +44404,7 @@ CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_traile
 	NOTE: https://trac.ffmpeg.org/ticket/7979
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
 CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as ...)
-	TODO: check
+	NOT-FOR-US: RainLoop Webmail
 CVE-2019-13388
 	RESERVED
 CVE-2019-13387 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected ...)
@@ -46197,11 +46197,11 @@ CVE-2019-12771 (Command injection is possible in ThinStation through 6.1.1 via s
 CVE-2019-12770
 	RESERVED
 CVE-2019-12769 (SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-12768
 	RESERVED
 CVE-2019-12767 (An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2019-12766 (An issue was discovered in Joomla! before 3.9.7. The subform fieldtype ...)
 	NOT-FOR-US: Joomla!
 CVE-2019-12765 (An issue was discovered in Joomla! before 3.9.7. The CSV export of com ...)
@@ -46808,7 +46808,7 @@ CVE-2019-12501
 CVE-2019-12500 (The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "su ...)
 	NOT-FOR-US: Xiaomi M365 scooter
 CVE-2019-12498 (The WP Live Chat Support plugin before 8.0.33 for WordPress accepts ce ...)
-	TODO: check
+	NOT-FOR-US: WP Live Chat Support plugin for WordPress
 CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
 	{DLA-1816-1}
 	- otrs2 6.0.19-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10cf9cb957add7804834208ef95237ba0824700f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10cf9cb957add7804834208ef95237ba0824700f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200321/b02977f8/attachment.html>


More information about the debian-security-tracker-commits mailing list