[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Sat May 9 09:33:24 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d8ba4b1e by Salvatore Bonaccorso at 2020-05-09T10:32:21+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -94,11 +94,11 @@ CVE-2020-12709
 CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2020-12707 (An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4 ...)
-	TODO: check
+	NOT-FOR-US: LeptonCMS
 CVE-2020-12706 (Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
 	NOT-FOR-US: PHP-Fusion
 CVE-2020-12705 (Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS ...)
-	TODO: check
+	NOT-FOR-US: LeptonCMS
 CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS. ...)
 	NOT-FOR-US: UliCMS
 CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall. ...)
@@ -4042,7 +4042,7 @@ CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with
 CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...)
 	NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices
 CVE-2020-11541 (In TechSmith SnagIt before 20.1.1, an XML External Entity (XXE) inject ...)
-	TODO: check
+	NOT-FOR-US: TechSmith SnagIt
 CVE-2020-11540
 	RESERVED
 CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It  ...)
@@ -4060,11 +4060,11 @@ CVE-2020-11534 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An
 CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...)
 	NOT-FOR-US: Ivanti Workspace Control
 CVE-2020-11532 (Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin  ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine DataSecurity Plus
 CVE-2020-11531 (The DataEngine Xnode Server application in Zoho ManageEngine DataSecur ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine DataSecurity Plus
 CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider 3, a Wor ...)
-	TODO: check
+	NOT-FOR-US: Chop Slider 3 WordPress plugin
 CVE-2020-11529 (Common/Grav.php in Grav before 1.6.23 has an Open Redirect. ...)
 	NOT-FOR-US: Grav CMS
 CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write)  ...)
@@ -4281,7 +4281,7 @@ CVE-2020-11433
 CVE-2020-11432
 	RESERVED
 CVE-2020-11431 (The documentation component in i-net Clear Reports 16.0 to 19.2, HelpD ...)
-	TODO: check
+	NOT-FOR-US: i-net
 CVE-2020-11430
 	RESERVED
 CVE-2020-11429
@@ -6022,9 +6022,9 @@ CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_p
 CVE-2020-10796
 	RESERVED
 CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code ...)
-	TODO: check
+	NOT-FOR-US: Gira TKS-IP-Gateway
 CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...)
-	TODO: check
+	NOT-FOR-US: Gira TKS-IP-Gateway
 CVE-2020-10793 (** DISPUTED ** CodeIgniter through 4.0.0 allows remote attackers to ga ...)
 	- codeigniter <itp> (bug #471583)
 CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...)
@@ -9065,11 +9065,11 @@ CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices.
 CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...)
 	NOT-FOR-US: ARRIS TG1692A devices
 CVE-2020-9475 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows  ...)
-	TODO: check
+	NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway
 CVE-2020-9474 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows  ...)
-	TODO: check
+	NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway
 CVE-2020-9473 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a p ...)
-	TODO: check
+	NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway
 CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...)
 	NOT-FOR-US: Umbraco CMS
 CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...)
@@ -17094,7 +17094,7 @@ CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstR
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a
 CVE-2020-6094 (An exploitable code execution vulnerability exists in the TIFF fillinr ...)
-	TODO: check
+	NOT-FOR-US: Accusoft ImageGear
 CVE-2020-6093
 	RESERVED
 CVE-2020-6092
@@ -17120,7 +17120,7 @@ CVE-2020-6083
 CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...)
 	NOT-FOR-US: Accusoft
 CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Task fun ...)
-	TODO: check
+	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Runtime
 CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource  ...)
 	{DSA-4671-1}
 	- libmicrodns <removed>
@@ -17843,27 +17843,27 @@ CVE-2020-5753
 CVE-2020-5752
 	RESERVED
 CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2020-5749 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2020-5748 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2020-5747 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2020-5746 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2020-5745 (Cross-site request forgery in TCExam 14.2.2 allows a remote attacker t ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2020-5744 (Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticate ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2020-5743 (Improper Control of Resource Identifiers in TCExam 14.2.2 allows a rem ...)
-	TODO: check
+	NOT-FOR-US: TCExam
 CVE-2020-5742
 	RESERVED
 CVE-2020-5741 (Deserialization of Untrusted Data in Plex Media Server on Windows allo ...)
-	TODO: check
+	NOT-FOR-US: Plex Media Server on Windows
 CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows allows a loc ...)
 	NOT-FOR-US: Plex Media Server
 CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable  ...)
@@ -24545,37 +24545,37 @@ CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Sn
 CVE-2020-3314
 	RESERVED
 CVE-2020-3313 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3312 (A vulnerability in the application policy configuration of Cisco Firep ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3311 (A vulnerability in the web interface of Cisco Firepower Management Cen ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3310 (A vulnerability in the XML parser code of Cisco Firepower Device Manag ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3309 (A vulnerability in Cisco Firepower Device Manager (FDM) On-Box softwar ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3308 (A vulnerability in the Image Signature Verification feature of Cisco F ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3307 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3306 (A vulnerability in the DHCP module of Cisco Adaptive Security Applianc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3305 (A vulnerability in the implementation of the Border Gateway Protocol ( ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3304
 	RESERVED
 CVE-2020-3303 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3302 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3301 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3300
 	RESERVED
 CVE-2020-3299
 	RESERVED
 CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementation  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3297
 	RESERVED
 CVE-2020-3296
@@ -24601,11 +24601,11 @@ CVE-2020-3287
 CVE-2020-3286
 	RESERVED
 CVE-2020-3285 (A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3)  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3284
 	RESERVED
 CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3282
 	RESERVED
 CVE-2020-3281
@@ -24653,19 +24653,19 @@ CVE-2020-3261 (A vulnerability in the web-based management interface of Cisco Mo
 CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software could a ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3259 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3258
 	RESERVED
 CVE-2020-3257
 	RESERVED
 CVE-2020-3256 (A vulnerability in the web-based management interface of Cisco Hosted  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3255 (A vulnerability in the packet processing functionality of Cisco Firepo ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3254 (Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP)  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3253 (A vulnerability in the support tunnel feature of Cisco Firepower Threa ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3252 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3251 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
@@ -24679,7 +24679,7 @@ CVE-2020-3248 (Multiple vulnerabilities in the REST API of Cisco UCS Director an
 CVE-2020-3247 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3246 (A vulnerability in the web server of Cisco Umbrella could allow an una ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3245
 	RESERVED
 CVE-2020-3244
@@ -24779,9 +24779,9 @@ CVE-2020-3198
 CVE-2020-3197
 	RESERVED
 CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3195 (A vulnerability in the Open Shortest Path First (OSPF) implementation  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3194 (A vulnerability in Cisco Webex Network Recording Player for Microsoft  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...)
@@ -24789,17 +24789,17 @@ CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Pr
 CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3191 (A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR Software ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3189 (A vulnerability in the VPN System Logging functionality for Cisco Fire ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3188 (A vulnerability in how Cisco Firepower Threat Defense (FTD) Software h ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3187 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3186 (A vulnerability in the management access list configuration of Cisco F ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco TelePre ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3184
@@ -24813,9 +24813,9 @@ CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco A
 CVE-2020-3180
 	RESERVED
 CVE-2020-3179 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3178 (Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Softwar ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3177 (A vulnerability in the Tool for Auto-Registered Phones Support (TAPS)  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...)
@@ -24921,7 +24921,7 @@ CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player
 CVE-2020-3126 (vulnerability within the Multimedia Viewer feature of Cisco Webex Meet ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3125 (A vulnerability in the Kerberos authentication feature of Cisco Adapti ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3124
 	RESERVED
 CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...)
@@ -29887,9 +29887,9 @@ CVE-2019-19169 (Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulne
 CVE-2019-19168 (Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerabili ...)
 	TODO: check
 CVE-2019-19167 (Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary co ...)
-	TODO: check
+	NOT-FOR-US: Tobesoft Nexacro
 CVE-2019-19166 (Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability t ...)
-	TODO: check
+	NOT-FOR-US: Tobesoft XPlatform
 CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability  ...)
 	NOT-FOR-US: Inogard Ebiz4u
 CVE-2019-19164 (dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versio ...)
@@ -30704,23 +30704,23 @@ CVE-2019-18874 (psutil (aka python-psutil) through 5.6.5 can have a double free.
 CVE-2019-18873 (FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP hea ...)
 	NOT-FOR-US: FUDForum
 CVE-2019-18872 (Weak password requirements in Blaauw Remote Kiln Control through v3.00 ...)
-	TODO: check
+	NOT-FOR-US: Blaauw Remote Kiln Control
 CVE-2019-18871 (A path traversal in debug.php accessed via default.php in Blaauw Remot ...)
-	TODO: check
+	NOT-FOR-US: Blaauw Remote Kiln Control
 CVE-2019-18870 (A path traversal via the iniFile parameter in excel.php in Blaauw Remo ...)
-	TODO: check
+	NOT-FOR-US: Blaauw Remote Kiln Control
 CVE-2019-18869 (Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allo ...)
-	TODO: check
+	NOT-FOR-US: Blaauw Remote Kiln Control
 CVE-2019-18868 (Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated a ...)
-	TODO: check
+	NOT-FOR-US: Blaauw Remote Kiln Control
 CVE-2019-18867 (Browsable directories in Blaauw Remote Kiln Control through v3.00r4 al ...)
-	TODO: check
+	NOT-FOR-US: Blaauw Remote Kiln Control
 CVE-2019-18866 (Unauthenticated SQL injection via the username in the login mechanism  ...)
-	TODO: check
+	NOT-FOR-US: Blaauw Remote Kiln Control
 CVE-2019-18865 (Information disclosure via error message discrepancies in authenticati ...)
-	TODO: check
+	NOT-FOR-US: Blaauw Remote Kiln Control
 CVE-2019-18864 (/server-info and /server-status in Blaauw Remote Kiln Control through  ...)
-	TODO: check
+	NOT-FOR-US: Blaauw Remote Kiln Control
 CVE-2019-18863 (A key length vulnerability in the implementation of the SRTP 128-bit k ...)
 	NOT-FOR-US: Mitel
 CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allows loca ...)
@@ -52759,7 +52759,7 @@ CVE-2012-6711 (A heap-based buffer overflow exists in GNU Bash before 4.3 when w
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1721071
 	NOTE: https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=863d31ae775d56b785dc5b0105b6d251515d81d5 (bash-4.3-alpha)
 CVE-2019-12864 (SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vuln ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2019-12863 (SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows  ...)
 	NOT-FOR-US: SolarWinds
 CVE-2019-12862



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8ba4b1ee4cc9abaf9e39aee58fea84f8c629b37

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8ba4b1ee4cc9abaf9e39aee58fea84f8c629b37
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200509/eaaf4c12/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list