[Git][security-tracker-team/security-tracker][master] Process some NFUs
Neil Williams (@codehelp)
codehelp at debian.org
Mon Jul 4 09:35:12 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ebca431c by Neil Williams at 2022-07-04T09:34:51+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -604,7 +604,7 @@ CVE-2017-20125 (A vulnerability classified as critical was found in Online Hotel
CVE-2017-20124 (A vulnerability classified as critical has been found in Online Hotel ...)
NOT-FOR-US: WordPress plugin
CVE-2017-20123 (A vulnerability was found in Viscosity 1.6.7. It has been classified a ...)
- TODO: check
+ NOT-FOR-US: Viscosity on Windows and macOS
CVE-2017-20122 (A vulnerability classified as problematic was found in Bitrix Site Man ...)
NOT-FOR-US: Bitrix Site Manager
CVE-2022-34734
@@ -115345,7 +115345,7 @@ CVE-2020-28867
CVE-2020-28866
RESERVED
CVE-2020-28865 (An issue was discovered in PowerJob through 3.2.2, allows attackers to ...)
- TODO: check
+ NOT-FOR-US: PowerJob
CVE-2020-28864 (Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to caus ...)
NOT-FOR-US: WinSCP
CVE-2020-28863
@@ -122274,7 +122274,7 @@ CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML compon
CVE-2020-27510
RESERVED
CVE-2020-27509 (Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11 ...)
- TODO: check
+ NOT-FOR-US: Galaxkey
CVE-2020-27508 (In two-factor authentication, the system also sending 2fa secret key i ...)
NOT-FOR-US: Frappe Framework
CVE-2020-27507
@@ -123737,7 +123737,7 @@ CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hard
CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command injection. An ...)
NOT-FOR-US: Ruckus
CVE-2020-26877 (ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in a ...)
- TODO: check
+ NOT-FOR-US: ApiFest OAuth 2.0
CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows remote attac ...)
NOT-FOR-US: WordPress plugin
CVE-2020-26875
@@ -127326,7 +127326,7 @@ CVE-2020-25461 (Invalid Memory Access in the fxProxyGetter function in moddable/
CVE-2020-25460
RESERVED
CVE-2020-25459 (An issue was discovered in function sync_tree in hetero_decision_tree_ ...)
- TODO: check
+ NOT-FOR-US: FederatedAI/FATE
CVE-2020-25458
RESERVED
CVE-2020-25457
@@ -136856,7 +136856,7 @@ CVE-2020-21163
CVE-2020-21162
RESERVED
CVE-2020-21161 (Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirect ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2020-21160
RESERVED
CVE-2020-21159
@@ -137099,7 +137099,7 @@ CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 a
CVE-2020-21047
RESERVED
CVE-2020-21046 (A local privilege escalation vulnerability was identified within the " ...)
- TODO: check
+ NOT-FOR-US: EagleGet for Windows
CVE-2020-21045
RESERVED
CVE-2020-21044
@@ -139469,9 +139469,9 @@ CVE-2020-19899
CVE-2020-19898
RESERVED
CVE-2020-19897 (A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remot ...)
- TODO: check
+ NOT-FOR-US: Wuzhicms
CVE-2020-19896 (File inclusion vulnerability in Minicms v1.9 allows remote attackers t ...)
- TODO: check
+ NOT-FOR-US: MiniCMS
CVE-2020-19895
RESERVED
CVE-2020-19894
@@ -166211,7 +166211,7 @@ CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows i
CVE-2020-9755
RESERVED
CVE-2020-9754 (NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to ...)
- TODO: check
+ NOT-FOR-US: Whale Browser
CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support signatur ...)
NOT-FOR-US: Whale Browser
CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...)
@@ -177990,7 +177990,7 @@ CVE-2020-5182 (The J-BusinessDirectory extension before 5.2.9 for Joomla! allows
CVE-2020-5181
RESERVED
CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to se ...)
- NOT-FOR-US: Viscosity on Widnows and macOS
+ NOT-FOR-US: Viscosity on Windows and macOS
CVE-2019-20224 (netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows ...)
NOT-FOR-US: Pandora FMS
CVE-2019-20223 (In Support Incident Tracker (SiT!) 3.67, the id parameter is affected ...)
@@ -425351,7 +425351,8 @@ CVE-2014-3650 (Multiple persistent cross-site scripting (XSS) flaws were found i
CVE-2014-3649 (JBoss AeroGear has reflected XSS via the password field ...)
NOT-FOR-US: JBoss AeroGear
CVE-2014-3648 (The simplepush server iterates through the application installations a ...)
- TODO: check
+ NOTE: https://issues.redhat.com/browse/AEROGEAR-6091 (private)
+ TODO: check, if more information becomes available.
CVE-2014-3647 (arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel throug ...)
{DSA-3060-1}
- linux 3.16.7-1
@@ -443623,7 +443624,7 @@ CVE-2013-4172 (The Red Hat CloudForms Management Engine 5.1 allow remote adminis
CVE-2013-4171 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller b ...)
NOT-FOR-US: Apache Roller
CVE-2013-4170 (In general, Ember.js escapes or strips any user-supplied content befor ...)
- TODO: check
+ NOT-FOR-US: ember.js
CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to change ...)
- gdm <removed> (unimportant)
- gdm3 <not-affected> (Only affected older gdm < 2.21.1)
@@ -443734,7 +443735,8 @@ CVE-2013-4146
CVE-2013-4145
REJECTED
CVE-2013-4144 (There is an object injection vulnerability in swfupload plugin for wor ...)
- TODO: check
+ - libjs-swfupload <removed>
+ NOTE: https://github.com/wordpress/secure-swfupload/issues/1
CVE-2013-4143 (The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockm ...)
- xlockmore <removed>
NOTE: http://openwall.com/lists/oss-security/2013/07/16/8
@@ -449629,7 +449631,7 @@ CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly val
[squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is EOLed)
NOTE: https://www.openwall.com/lists/oss-security/2013/03/25/7
CVE-2013-1891 (In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filem ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...)
- owncloud <not-affected> (only affecting 5.0 branch)
CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly handles file descriptors which allow ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebca431c2a12a86e255d31a18a3eccb503b4daef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebca431c2a12a86e255d31a18a3eccb503b4daef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220704/23c82160/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list