[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat May 9 09:33:24 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8ba4b1e by Salvatore Bonaccorso at 2020-05-09T10:32:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -94,11 +94,11 @@ CVE-2020-12709
CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
NOT-FOR-US: PHP-Fusion
CVE-2020-12707 (An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4 ...)
- TODO: check
+ NOT-FOR-US: LeptonCMS
CVE-2020-12706 (Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...)
NOT-FOR-US: PHP-Fusion
CVE-2020-12705 (Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS ...)
- TODO: check
+ NOT-FOR-US: LeptonCMS
CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS. ...)
NOT-FOR-US: UliCMS
CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall. ...)
@@ -4042,7 +4042,7 @@ CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with
CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...)
NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices
CVE-2020-11541 (In TechSmith SnagIt before 20.1.1, an XML External Entity (XXE) inject ...)
- TODO: check
+ NOT-FOR-US: TechSmith SnagIt
CVE-2020-11540
RESERVED
CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It ...)
@@ -4060,11 +4060,11 @@ CVE-2020-11534 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An
CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...)
NOT-FOR-US: Ivanti Workspace Control
CVE-2020-11532 (Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine DataSecurity Plus
CVE-2020-11531 (The DataEngine Xnode Server application in Zoho ManageEngine DataSecur ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine DataSecurity Plus
CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider 3, a Wor ...)
- TODO: check
+ NOT-FOR-US: Chop Slider 3 WordPress plugin
CVE-2020-11529 (Common/Grav.php in Grav before 1.6.23 has an Open Redirect. ...)
NOT-FOR-US: Grav CMS
CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) ...)
@@ -4281,7 +4281,7 @@ CVE-2020-11433
CVE-2020-11432
RESERVED
CVE-2020-11431 (The documentation component in i-net Clear Reports 16.0 to 19.2, HelpD ...)
- TODO: check
+ NOT-FOR-US: i-net
CVE-2020-11430
RESERVED
CVE-2020-11429
@@ -6022,9 +6022,9 @@ CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_p
CVE-2020-10796
RESERVED
CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code ...)
- TODO: check
+ NOT-FOR-US: Gira TKS-IP-Gateway
CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...)
- TODO: check
+ NOT-FOR-US: Gira TKS-IP-Gateway
CVE-2020-10793 (** DISPUTED ** CodeIgniter through 4.0.0 allows remote attackers to ga ...)
- codeigniter <itp> (bug #471583)
CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...)
@@ -9065,11 +9065,11 @@ CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices.
CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...)
NOT-FOR-US: ARRIS TG1692A devices
CVE-2020-9475 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows ...)
- TODO: check
+ NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway
CVE-2020-9474 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows ...)
- TODO: check
+ NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway
CVE-2020-9473 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a p ...)
- TODO: check
+ NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway
CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...)
NOT-FOR-US: Umbraco CMS
CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...)
@@ -17094,7 +17094,7 @@ CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstR
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018
NOTE: https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a
CVE-2020-6094 (An exploitable code execution vulnerability exists in the TIFF fillinr ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2020-6093
RESERVED
CVE-2020-6092
@@ -17120,7 +17120,7 @@ CVE-2020-6083
CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...)
NOT-FOR-US: Accusoft
CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Task fun ...)
- TODO: check
+ NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Runtime
CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource ...)
{DSA-4671-1}
- libmicrodns <removed>
@@ -17843,27 +17843,27 @@ CVE-2020-5753
CVE-2020-5752
RESERVED
CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5749 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5748 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5747 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5746 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5745 (Cross-site request forgery in TCExam 14.2.2 allows a remote attacker t ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5744 (Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticate ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5743 (Improper Control of Resource Identifiers in TCExam 14.2.2 allows a rem ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5742
RESERVED
CVE-2020-5741 (Deserialization of Untrusted Data in Plex Media Server on Windows allo ...)
- TODO: check
+ NOT-FOR-US: Plex Media Server on Windows
CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows allows a loc ...)
NOT-FOR-US: Plex Media Server
CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...)
@@ -24545,37 +24545,37 @@ CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Sn
CVE-2020-3314
RESERVED
CVE-2020-3313 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3312 (A vulnerability in the application policy configuration of Cisco Firep ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3311 (A vulnerability in the web interface of Cisco Firepower Management Cen ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3310 (A vulnerability in the XML parser code of Cisco Firepower Device Manag ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3309 (A vulnerability in Cisco Firepower Device Manager (FDM) On-Box softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3308 (A vulnerability in the Image Signature Verification feature of Cisco F ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3307 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3306 (A vulnerability in the DHCP module of Cisco Adaptive Security Applianc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3305 (A vulnerability in the implementation of the Border Gateway Protocol ( ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3304
RESERVED
CVE-2020-3303 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3302 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3301 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3300
RESERVED
CVE-2020-3299
RESERVED
CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3297
RESERVED
CVE-2020-3296
@@ -24601,11 +24601,11 @@ CVE-2020-3287
CVE-2020-3286
RESERVED
CVE-2020-3285 (A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3284
RESERVED
CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3282
RESERVED
CVE-2020-3281
@@ -24653,19 +24653,19 @@ CVE-2020-3261 (A vulnerability in the web-based management interface of Cisco Mo
CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software could a ...)
NOT-FOR-US: Cisco
CVE-2020-3259 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3258
RESERVED
CVE-2020-3257
RESERVED
CVE-2020-3256 (A vulnerability in the web-based management interface of Cisco Hosted ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3255 (A vulnerability in the packet processing functionality of Cisco Firepo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3254 (Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3253 (A vulnerability in the support tunnel feature of Cisco Firepower Threa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3252 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
NOT-FOR-US: Cisco
CVE-2020-3251 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
@@ -24679,7 +24679,7 @@ CVE-2020-3248 (Multiple vulnerabilities in the REST API of Cisco UCS Director an
CVE-2020-3247 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
NOT-FOR-US: Cisco
CVE-2020-3246 (A vulnerability in the web server of Cisco Umbrella could allow an una ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3245
RESERVED
CVE-2020-3244
@@ -24779,9 +24779,9 @@ CVE-2020-3198
CVE-2020-3197
RESERVED
CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3195 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3194 (A vulnerability in Cisco Webex Network Recording Player for Microsoft ...)
NOT-FOR-US: Cisco
CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...)
@@ -24789,17 +24789,17 @@ CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Pr
CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...)
NOT-FOR-US: Cisco
CVE-2020-3191 (A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR Software ...)
NOT-FOR-US: Cisco
CVE-2020-3189 (A vulnerability in the VPN System Logging functionality for Cisco Fire ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3188 (A vulnerability in how Cisco Firepower Threat Defense (FTD) Software h ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3187 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3186 (A vulnerability in the management access list configuration of Cisco F ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco TelePre ...)
NOT-FOR-US: Cisco
CVE-2020-3184
@@ -24813,9 +24813,9 @@ CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco A
CVE-2020-3180
RESERVED
CVE-2020-3179 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3178 (Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3177 (A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) ...)
NOT-FOR-US: Cisco
CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...)
@@ -24921,7 +24921,7 @@ CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player
CVE-2020-3126 (vulnerability within the Multimedia Viewer feature of Cisco Webex Meet ...)
NOT-FOR-US: Cisco
CVE-2020-3125 (A vulnerability in the Kerberos authentication feature of Cisco Adapti ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3124
RESERVED
CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...)
@@ -29887,9 +29887,9 @@ CVE-2019-19169 (Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulne
CVE-2019-19168 (Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerabili ...)
TODO: check
CVE-2019-19167 (Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary co ...)
- TODO: check
+ NOT-FOR-US: Tobesoft Nexacro
CVE-2019-19166 (Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Tobesoft XPlatform
CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability ...)
NOT-FOR-US: Inogard Ebiz4u
CVE-2019-19164 (dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versio ...)
@@ -30704,23 +30704,23 @@ CVE-2019-18874 (psutil (aka python-psutil) through 5.6.5 can have a double free.
CVE-2019-18873 (FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP hea ...)
NOT-FOR-US: FUDForum
CVE-2019-18872 (Weak password requirements in Blaauw Remote Kiln Control through v3.00 ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18871 (A path traversal in debug.php accessed via default.php in Blaauw Remot ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18870 (A path traversal via the iniFile parameter in excel.php in Blaauw Remo ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18869 (Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allo ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18868 (Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated a ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18867 (Browsable directories in Blaauw Remote Kiln Control through v3.00r4 al ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18866 (Unauthenticated SQL injection via the username in the login mechanism ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18865 (Information disclosure via error message discrepancies in authenticati ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18864 (/server-info and /server-status in Blaauw Remote Kiln Control through ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18863 (A key length vulnerability in the implementation of the SRTP 128-bit k ...)
NOT-FOR-US: Mitel
CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allows loca ...)
@@ -52759,7 +52759,7 @@ CVE-2012-6711 (A heap-based buffer overflow exists in GNU Bash before 4.3 when w
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1721071
NOTE: https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=863d31ae775d56b785dc5b0105b6d251515d81d5 (bash-4.3-alpha)
CVE-2019-12864 (SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vuln ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2019-12863 (SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows ...)
NOT-FOR-US: SolarWinds
CVE-2019-12862
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8ba4b1ee4cc9abaf9e39aee58fea84f8c629b37
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8ba4b1ee4cc9abaf9e39aee58fea84f8c629b37
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200509/eaaf4c12/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list