Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da603d62 by Salvatore Bonaccorso at 2019-12-30T20:33:48Z
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2397,7 +2397,7 @@ CVE-2019-20141 (An XSS issue was discovered in the
Laborator Neon theme 2.0 for
CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a
heap-based buffe ...)
TODO: check
CVE-2019-20139 (In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host,
hostgrou ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2019-20138 (The HTTP Authentication library before 2019-12-27 for Nim has
weak pas ...)
TODO: check
CVE-2019-20137
@@ -3870,9 +3870,9 @@ CVE-2019-3467 (Debian-edu-config all versions <
2.11.10, a set of configurati
CVE-2019-19808
RESERVED
CVE-2019-19806 (_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2
through ...)
- TODO: check
+ NOT-FOR-US: MFScripts YetiShare
CVE-2019-19805 (_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2
through ...)
- TODO: check
+ NOT-FOR-US: MFScripts YetiShare
CVE-2019-19804
RESERVED
CVE-2019-19803
@@ -5048,21 +5048,21 @@ CVE-2019-19741
CVE-2019-19740 (Octeth Oempro 4.7 allows SQL injection. The parameter
CampaignID in Ca ...)
NOT-FOR-US: Octeth Oempro
CVE-2019-19739 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the
Secure flag o ...)
- TODO: check
+ NOT-FOR-US: MFScripts YetiShare
CVE-2019-19738 (log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3
does no ...)
- TODO: check
+ NOT-FOR-US: MFScripts YetiShare
CVE-2019-19737 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the
SameSite flag ...)
- TODO: check
+ NOT-FOR-US: MFScripts YetiShare
CVE-2019-19736 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the
HttpOnly flag ...)
- TODO: check
+ NOT-FOR-US: MFScripts YetiShare
CVE-2019-19735 (class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3
uses an ...)
- TODO: check
+ NOT-FOR-US: MFScripts YetiShare
CVE-2019-19734 (_account_move_file_in_folder.ajax.php in MFScripts YetiShare
3.5.2 dir ...)
- TODO: check
+ NOT-FOR-US: MFScripts YetiShare
CVE-2019-19733 (_get_all_file_server_paths.ajax.php (aka
get_all_file_server_paths.aja ...)
- TODO: check
+ NOT-FOR-US: MFScripts YetiShare
CVE-2019-19732 (translation_manage_text.ajax.php and various *_manage.ajax.php
in MFSc ...)
- TODO: check
+ NOT-FOR-US: MFScripts YetiShare
CVE-2019-19731 (Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A
remote ...)
NOT-FOR-US: Roxy Fileman
CVE-2019-19730
@@ -8206,7 +8206,7 @@ CVE-2019-19472
CVE-2019-19471
RESERVED
CVE-2019-19470 (An attacker who has already compromised the local system could
use Tin ...)
- TODO: check
+ NOT-FOR-US: TinyWall Controller
CVE-2019-19469 (In Zmanda Management Console 3.3.9,
ZMC_Admin_Advanced?form=adminTasks ...)
NOT-FOR-US: Zmanda Management Console
CVE-2019-19468 (Free Photo Viewer 1.3 allows remote attackers to execute
arbitrary cod ...)
@@ -8624,7 +8624,7 @@ CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5,
as used in Moonjit befor
CVE-2019-19390
RESERVED
CVE-2019-19389 (JetBrains Ktor framework before version 1.2.6 was vulnerable
to HTTP R ...)
- TODO: check
+ NOT-FOR-US: JetBrains Ktor framework
CVE-2019-19388 (A cross-site scripting (XSS) vulnerability in
app/dialplans/dialplan_d ...)
NOT-FOR-US: FusionPBX
CVE-2019-19387 (A cross-site scripting (XSS) vulnerability in
app/fifo_list/fifo_inter ...)
@@ -16302,7 +16302,7 @@ CVE-2019-17669 (WordPress before 5.2.4 has a Server
Side Request Forgery (SSRF)
NOTE:
https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea
NOTE:
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
CVE-2019-17621 (The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi
router 1.0 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-17620
RESERVED
CVE-2019-17619
@@ -19305,7 +19305,7 @@ CVE-2019-16537
CVE-2019-16536
RESERVED
CVE-2019-16535 (In all versions of ClickHouse before 19.14, an OOB read, OOB
write and ...)
- TODO: check
+ NOT-FOR-US: ClickHouse
CVE-2019-16534 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists
via a c ...)
NOT-FOR-US: DrayTek Vigor2925 devices
CVE-2019-16533 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect
Access C ...)
@@ -23900,7 +23900,7 @@ CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip
before 5.0.0 mishandles
CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in
the admi ...)
NOT-FOR-US: simple-fields plugin for WordPress
CVE-2019-15024 (In all versions of ClickHouse before 19.14.3, an attacker
having write ...)
- TODO: check
+ NOT-FOR-US: ClickHouse
CVE-2019-15023 (A security vulnerability exists in Zingbox Inspector versions
1.294 an ...)
NOT-FOR-US: Zingbox Inspector
CVE-2019-15022 (A security vulnerability exists in Zingbox Inspector versions
1.294 an ...)
@@ -47769,9 +47769,9 @@ CVE-2019-7292 (A validation issue was addressed with
improved logic. This issue
CVE-2019-7291
RESERVED
CVE-2019-7290 (An access issue was addressed with additional sandbox
restrictions. Th ...)
- TODO: check
+ NOT-FOR-US: Shortcuts for iOS
CVE-2019-7289 (A parsing issue in the handling of directory paths was
addressed with ...)
- TODO: check
+ NOT-FOR-US: Shortcuts for iOS
CVE-2019-7288
RESERVED
CVE-2019-7287 (A memory corruption issue was addressed with improved input
validation ...)
@@ -183744,9 +183744,9 @@ CVE-2016-6251
CVE-2016-6248
RESERVED
CVE-2016-1000029 (Tenable Nessus before 6.8 has a stored XSS issue that
requires admin-l ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2016-1000028 (Tenable Nessus before 6.8 has a stored XSS issue that
requires admin-l ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2016-6247 (OpenBSD 5.8 and 5.9 allows certain local users to cause a
denial of se ...)
NOT-FOR-US: OpenBSD kernel
CVE-2016-6246 (OpenBSD 5.8 and 5.9 allows certain local users with
kern.usermount pri ...)
@@ -237857,7 +237857,7 @@ CVE-2014-6434 (gpExec in GoPro HERO 3+ allows remote
attackers to execute arbitr
CVE-2014-6433 (gpExec in GoPro HERO 3+ allows remote attackers to execute
arbitrary f ...)
NOT-FOR-US: GoPro
CVE-2014-6420 (Cross-site scripting (XSS) vulnerability in Livefyre
LiveComments 3.0 ...)
- TODO: check
+ NOT-FOR-US: Livefyre LiveComments
CVE-2014-6419
RESERVED
CVE-2014-6415
@@ -240437,7 +240437,7 @@ CVE-2014-5291
CVE-2014-5290
RESERVED
CVE-2014-5289 (Buffer overflow in Senkas Kolibri 2.0 allows remote attackers
to execu ...)
- TODO: check
+ NOT-FOR-US: Senkas Kolibri
CVE-2014-5288
RESERVED
CVE-2014-5287
@@ -242366,7 +242366,7 @@ CVE-2014-4552 (Cross-site scripting (XSS)
vulnerability in library/includes/paym
CVE-2014-4551 (Cross-site scripting (XSS) vulnerability in
diagnostics/test.php in th ...)
NOT-FOR-US: WordPress plugin Social Connect
CVE-2014-4550 (Cross-site scripting (XSS) vulnerability in
preview-shortcode-external ...)
- TODO: check
+ NOT-FOR-US: Shortcode Ninja plugin for WordPress
CVE-2014-4549 (Multiple cross-site scripting (XSS) vulnerabilities in
pages/3DComplet ...)
NOT-FOR-US: WordPress plugin WooCommerce SagePay Direct Payment Gateway
CVE-2014-4548 (Cross-site scripting (XSS) vulnerability in tinymce/popup.php
in the R ...)
@@ -242396,7 +242396,7 @@ CVE-2014-4537 (Cross-site scripting (XSS)
vulnerability in inpage.tpl.php in the
CVE-2014-4536 (Multiple cross-site scripting (XSS) vulnerabilities in
tests/notAuto_t ...)
NOT-FOR-US: Infusionsoft Gravity Forms plugin for WordPress
CVE-2014-4535 (Cross-site scripting (XSS) vulnerability in the Import Legacy
Media pl ...)
- TODO: check
+ NOT-FOR-US: Import Legacy Media plugin for WordPress
CVE-2014-4534 (Multiple cross-site scripting (XSS) vulnerabilities in
videoplayer/aut ...)
NOT-FOR-US: WordPress plugin HTML5 Video Player with Playlist
CVE-2014-4533 (Cross-site scripting (XSS) vulnerability in ajax_functions.php
in the ...)
@@ -246318,7 +246318,7 @@ CVE-2014-3139 (recoveryconsole/bpl/snmpd.php in
Unitrends Enterprise Backup 7.3.
CVE-2014-3138 (SQL injection vulnerability in Xerox DocuShare before 6.53
Patch 6 Hot ...)
NOT-FOR-US: Xerox DocuShare
CVE-2014-3136 (Cross-site request forgery (CSRF) vulnerability in D-Link
DWR-113 (Rev ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2014-3135 (Multiple cross-site scripting (XSS) vulnerabilities in
vBulletin 5.1.1 ...)
NOT-FOR-US: vBulletin
CVE-2014-3134 (Cross-site scripting (XSS) vulnerability in the InfoView
application i ...)
@@ -260734,7 +260734,7 @@ CVE-2013-4861
CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier
does n ...)
NOT-FOR-US: Radio Thermostat
CVE-2013-4859 (INSTEON Hub 2242-222 lacks Web and API authentication ...)
- TODO: check
+ NOT-FOR-US: INSTEON Hub
CVE-2013-4858 (Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3
allows remo ...)
NOT-FOR-US: Microsoft Windows Movie Maker
CVE-2013-4857 (D-Link DIR-865L has PHP File Inclusion in the router xml file.
...)
@@ -278223,7 +278223,7 @@ CVE-2012-4982 (Open redirect vulnerability in
assets/login on the Forescout Coun
CVE-2012-4981
RESERVED
CVE-2012-4980 (Multiple stack-based buffer overflows in CFProfile.exe in
Toshiba Conf ...)
- TODO: check
+ NOT-FOR-US: Toshiba ConfigFree Utility
CVE-2012-4979
RESERVED
CVE-2012-4978
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/da603d620237f578c49e6a5aab0336f6c897a500
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/da603d620237f578c49e6a5aab0336f6c897a500
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
