[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Mar 21 08:31:42 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
10cf9cb9 by Salvatore Bonaccorso at 2020-03-21T09:31:16+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2020-10794
CVE-2020-10793
RESERVED
CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...)
- TODO: check
+ NOT-FOR-US: openITCOCKPIT
CVE-2020-10791
RESERVED
CVE-2020-10790
@@ -551,7 +551,7 @@ CVE-2020-10560
CVE-2020-10559
RESERVED
CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before ...)
- TODO: check
+ NOT-FOR-US: driving interface of Tesla Model 3 vehicles
CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...)
NOT-FOR-US: AContent
CVE-2020-10556
@@ -1317,7 +1317,7 @@ CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 f
CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...)
NOT-FOR-US: popup-builder plugin for WordPress
CVE-2020-10194 (cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8. ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...)
NOT-FOR-US: ESET Archive Support Module
CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An unauthent ...)
@@ -2885,7 +2885,7 @@ CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holdin
[jessie] - libvirt <not-affected> (Vulnerable code not present)
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1)
CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...)
- TODO: check
+ NOT-FOR-US: Swann
CVE-2020-9478
RESERVED
CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...)
@@ -2992,7 +2992,7 @@ CVE-2020-9427
CVE-2020-9426
RESERVED
CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...)
- TODO: check
+ NOT-FOR-US: rConfig
CVE-2020-9424
RESERVED
CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...)
@@ -4301,19 +4301,19 @@ CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngi
CVE-2020-8884
RESERVED
CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit Studio Photo
CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit Studio Photo
CVE-2020-8881 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit Studio Photo
CVE-2020-8880 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit Studio Photo
CVE-2020-8879 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit Studio Photo
CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit Studio Photo
CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit Studio Photo
CVE-2020-8876
RESERVED
CVE-2020-8875
@@ -5952,7 +5952,7 @@ CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5
CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request ...)
TODO: check
CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...)
- TODO: check
+ NOT-FOR-US: Ghost CMS
CVE-2020-8133
RESERVED
CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 ...)
@@ -6407,7 +6407,7 @@ CVE-2015-9541 (Qt through 5.14 allows an exponential XML entity expansion attack
CVE-2020-7962
RESERVED
CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2020-7960
RESERVED
CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...)
@@ -23183,7 +23183,7 @@ CVE-2019-19150 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.
CVE-2019-19149
RESERVED
CVE-2019-19148 (Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command ...)
- TODO: check
+ NOT-FOR-US: Tellabs Optical Line Terminal (OLT) devices
CVE-2019-19147
RESERVED
CVE-2019-19146
@@ -23571,19 +23571,19 @@ CVE-2019-19031 (Easy XML Editor through v1.7.8 is affected by: XML External Enti
CVE-2019-19030
RESERVED
CVE-2019-19029 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2019-19028
RESERVED
CVE-2019-19027
RESERVED
CVE-2019-19026 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2019-19025 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2019-19024
RESERVED
CVE-2019-19023 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2019-19022 (iTerm2 through 3.3.6 has potentially insufficient documentation about ...)
NOT-FOR-US: iTerm2
CVE-2019-19021 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidd ...)
@@ -23684,7 +23684,7 @@ CVE-2019-18981 (Pimcore before 6.2.2 lacks an Access Denied outcome for a certai
CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022 ...)
NOT-FOR-US: Signify Philips Taolight
CVE-2019-18979 (Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine fla ...)
- TODO: check
+ NOT-FOR-US: Adaware
CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...)
{DLA-2096-1}
- ruby-rack-cors 1.1.1-1 (bug #944849)
@@ -24206,13 +24206,13 @@ CVE-2019-18788
CVE-2019-18787
RESERVED
CVE-2019-18785 (SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2019-18784 (SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to ...)
NOT-FOR-US: SuiteCRM
CVE-2019-18783
RESERVED
CVE-2019-18782 (SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not c ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2019-18781 (An open redirect vulnerability was discovered in Zoho ManageEngine ADS ...)
NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-18786 (In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitial ...)
@@ -26016,7 +26016,7 @@ CVE-2020-0795 (This vulnerability is caused when SharePoint Server does not prop
CVE-2020-0794
RESERVED
CVE-2020-0793 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-0792 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
NOT-FOR-US: Microsoft
CVE-2020-0791 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
@@ -26066,13 +26066,13 @@ CVE-2020-0770 (An elevation of privilege vulnerability exists when the Windows A
CVE-2020-0769 (An elevation of privilege vulnerability exists when the Windows CSC Se ...)
NOT-FOR-US: Microsoft
CVE-2020-0768 (A remote code execution vulnerability exists in the way the scripting ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-0767 (A remote code execution vulnerability exists in the way that the Chakr ...)
NOT-FOR-US: Microsoft
CVE-2020-0766
RESERVED
CVE-2020-0765 (An information disclosure vulnerability exists in the Remote Desktop C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-0764
RESERVED
CVE-2020-0763 (An elevation of privilege vulnerability exists when Windows Defender S ...)
@@ -26712,7 +26712,7 @@ CVE-2019-18643
CVE-2019-18642
RESERVED
CVE-2019-18641 (Rock RMS before 1.8.6 mishandles vCard access control within the Peopl ...)
- TODO: check
+ NOT-FOR-US: Rock RMS
CVE-2019-18640
RESERVED
CVE-2019-18639
@@ -33674,7 +33674,7 @@ CVE-2019-16384
CVE-2019-16383 (MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2 ...)
NOT-FOR-US: Progress MOVEit Transfer
CVE-2019-16382 (An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is ...)
- TODO: check
+ NOT-FOR-US: Ivanti Workspace Control
CVE-2019-16381
RESERVED
CVE-2019-16380
@@ -33854,9 +33854,9 @@ CVE-2019-16340 (Belkin Linksys Velop 1.1.8.192419 devices allows remote attacker
CVE-2019-16339
RESERVED
CVE-2019-16338 (The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 a ...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2019-16337 (The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-f ...)
- TODO: check
+ NOT-FOR-US: Hancom Office
CVE-2019-16336 (The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE componen ...)
NOT-FOR-US: Cypress
CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
@@ -34616,7 +34616,7 @@ CVE-2019-16110 (The network protocol of Blade Shadow though 2.13.3 allows remote
CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It confi ...)
NOT-FOR-US: Plataformatec Devise
CVE-2019-16108 (phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) to ...)
- TODO: check
+ NOT-FOR-US: phpBB
CVE-2019-16107 (Missing form token validation in phpBB 3.2.7 allows CSRF in deleting p ...)
NOT-FOR-US: phpBB
CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...)
@@ -34709,29 +34709,29 @@ CVE-2019-16074
CVE-2019-16073
RESERVED
CVE-2019-16072 (An OS command injection vulnerability in the discover_and_manage CGI s ...)
- TODO: check
+ NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16071 (Enigma NMS 65.0.0 and prior allows administrative users to create low- ...)
- TODO: check
+ NOT-FOR-US: Enigma NMS
CVE-2019-16070 (A number of stored Cross-site Scripting (XSS) vulnerabilities were ide ...)
- TODO: check
+ NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16069 (A number of stored Cross-site Scripting (XSS) vulnerabilities were ide ...)
- TODO: check
+ NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16068 (A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and pr ...)
- TODO: check
+ NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16067 (NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over ...)
- TODO: check
+ NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16066 (An unrestricted file upload vulnerability exists in user and system fi ...)
- TODO: check
+ NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16065 (A remote SQL injection web vulnerability was discovered in the Enigma ...)
- TODO: check
+ NOT-FOR-US: Enigma NMS
CVE-2019-16064 (NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal ...)
- TODO: check
+ NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16063 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data ren ...)
- TODO: check
+ NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16062 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data sto ...)
- TODO: check
+ NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16061 (A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are ...)
- TODO: check
+ NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16089 (An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_s ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -34853,11 +34853,11 @@ CVE-2019-16014
CVE-2019-16013
RESERVED
CVE-2019-16012 (A vulnerability in the web UI of Cisco SD-WAN Solution vManage softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-16011
RESERVED
CVE-2019-16010 (A vulnerability in the web UI of the Cisco SD-WAN vManage software cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-16009
RESERVED
CVE-2019-16008 (A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and ...)
@@ -35763,7 +35763,7 @@ CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to
CVE-2019-15709
RESERVED
CVE-2019-15708 (A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6. ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2019-15707 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...)
NOT-FOR-US: FortiMail admin webUI
CVE-2019-15706
@@ -35923,15 +35923,15 @@ CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There
[jessie] - linux 3.16.72-1
NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427
CVE-2019-15665 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
- TODO: check
+ NOT-FOR-US: Rivet Killer Control Center
CVE-2019-15664 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
- TODO: check
+ NOT-FOR-US: Rivet Killer Control Center
CVE-2019-15663 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
- TODO: check
+ NOT-FOR-US: Rivet Killer Control Center
CVE-2019-15662 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
- TODO: check
+ NOT-FOR-US: Rivet Killer Control Center
CVE-2019-15661 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...)
- TODO: check
+ NOT-FOR-US: Rivet Killer Control Center
CVE-2019-15660 (The wp-members plugin before 3.2.8 for WordPress has CSRF. ...)
NOT-FOR-US: wp-members plugin for WordPress
CVE-2019-15659 (The pie-register plugin before 3.1.2 for WordPress has SQL injection, ...)
@@ -35941,13 +35941,13 @@ CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName
CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute ...)
NOT-FOR-US: eslint-utils
CVE-2019-15656 (D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-15655 (D-Link DSL-2875AL devices through 1.00.05 are prone to password disclo ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-15654 (Comba AP2600-I devices through A02,0202N00PD2 are prone to password di ...)
- TODO: check
+ NOT-FOR-US: Comba
CVE-2019-15653 (Comba AP2600-I devices through A02,0202N00PD2 are prone to password di ...)
- TODO: check
+ NOT-FOR-US: Comba
CVE-2019-15652 (The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices ...)
NOT-FOR-US: NSSLGlobal SatLink VSAT Modem Unit (VMU) devices
CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...)
@@ -37804,7 +37804,7 @@ CVE-2019-15077
CVE-2019-15076
RESERVED
CVE-2019-15075 (An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/ ...)
- TODO: check
+ NOT-FOR-US: iNextrix ASTPP
CVE-2019-15074 (The Timeline feature in my_view_page.php in MantisBT through 2.21.1 ha ...)
- mantis <removed>
NOTE: https://github.com/mantisbt/mantisbt/commit/9cee1971c498bbe0a72bca1c773fae50171d8c27
@@ -44205,7 +44205,7 @@ CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS)
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/commit/6090d6b0a90417f1a60aa68a01eb777cef2e1184
NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1386
CVE-2019-13463 (An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Li ...)
- TODO: check
+ NOT-FOR-US: Simple Link Directory plugin for WordPress
CVE-2019-13462 (Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. ...)
NOT-FOR-US: Lansweeper
CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...)
@@ -44404,7 +44404,7 @@ CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_traile
NOTE: https://trac.ffmpeg.org/ticket/7979
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as ...)
- TODO: check
+ NOT-FOR-US: RainLoop Webmail
CVE-2019-13388
RESERVED
CVE-2019-13387 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected ...)
@@ -46197,11 +46197,11 @@ CVE-2019-12771 (Command injection is possible in ThinStation through 6.1.1 via s
CVE-2019-12770
RESERVED
CVE-2019-12769 (SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2019-12768
RESERVED
CVE-2019-12767 (An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-12766 (An issue was discovered in Joomla! before 3.9.7. The subform fieldtype ...)
NOT-FOR-US: Joomla!
CVE-2019-12765 (An issue was discovered in Joomla! before 3.9.7. The CSV export of com ...)
@@ -46808,7 +46808,7 @@ CVE-2019-12501
CVE-2019-12500 (The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "su ...)
NOT-FOR-US: Xiaomi M365 scooter
CVE-2019-12498 (The WP Live Chat Support plugin before 8.0.33 for WordPress accepts ce ...)
- TODO: check
+ NOT-FOR-US: WP Live Chat Support plugin for WordPress
CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-1816-1}
- otrs2 6.0.19-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10cf9cb957add7804834208ef95237ba0824700f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10cf9cb957add7804834208ef95237ba0824700f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200321/b02977f8/attachment.html>
More information about the debian-security-tracker-commits
mailing list