[Git][security-tracker-team/security-tracker][master] Track NFUs

Salvatore Bonaccorso Wed, 01 Jan 2020 00:04:59 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0fd56a32 by Salvatore Bonaccorso at 2020-01-01T08:03:33Z
Track NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -99,7 +99,7 @@ CVE-2020-5130
 CVE-2020-5129
        RESERVED
 CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute 
arbitrary ...)
-       TODO: check
+       NOT-FOR-US: Nagios XI
 CVE-2019-20196
        RESERVED
 CVE-2019-20195
@@ -18869,7 +18869,7 @@ CVE-2019-16792
 CVE-2019-16791
        RESERVED
 CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code 
execution vi ...)
-       TODO: check
+       NOT-FOR-US: Tiny File Manager
 CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used 
in front  ...)
        - waitress <unfixed> (bug #947433)
        [buster] - waitress <no-dsa> (Minor issue)
@@ -31794,7 +31794,7 @@ CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 
18.08.7, and 19.05.0 allo
        [stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
        NOTE: 
https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
 CVE-2019-12837 (The Java API in Generalitat de Catalunya 
accesuniversitat.gencat.cat 1 ...)
-       TODO: check
+       NOT-FOR-US: Java API in Generalitat de Catalunya 
accesuniversitat.gencat.cat
 CVE-2019-12836 (The Bobronix JEditor editor before 3.0.6 for Jira allows an 
attacker t ...)
        NOT-FOR-US: Bobronix JEditor editor for Jira
 CVE-2019-12835 (formats/xml.cpp in Leanify 0.4.3 allows for a controlled 
out-of-bounds ...)
@@ -33311,7 +33311,7 @@ CVE-2016-10750 (In Hazelcast before 3.11, the cluster 
join procedure is vulnerab
 CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if 
allowed to de ...)
        NOT-FOR-US: Rancher
 CVE-2019-12273 (OutSystems Platform 10 through 11 allows 
ImageResourceDetail.aspx CSRF ...)
-       TODO: check
+       NOT-FOR-US: OutSystems Platform
 CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints 
admin/status/realtime/band ...)
        NOT-FOR-US: OpenWrt LuCI
 CVE-2019-12271 (Sandline Centraleyezer (On Premises) allows unrestricted File 
Upload w ...)
@@ -33586,7 +33586,7 @@ CVE-2019-12188
 CVE-2019-12187
        RESERVED
 CVE-2019-12186 (An issue was discovered in Sylius products. Missing input 
sanitization ...)
-       TODO: check
+       NOT-FOR-US: Sylius
 CVE-2019-12185 (eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the 
/app/con ...)
        NOT-FOR-US: eLabFTW
 CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in 
BoostIO Boost ...)
@@ -38912,7 +38912,7 @@ CVE-2019-10229 (An issue was discovered in MailStore 
Server (and Service Provide
 CVE-2019-10228
        RESERVED
 CVE-2019-10227 (openITCOCKPIT before 3.7.1 has reflected XSS in the 
404-not-found comp ...)
-       TODO: check
+       NOT-FOR-US: openITCOCKPIT
 CVE-2019-10226 (HTML Injection has been discovered in the v0.19.0 version of 
the Fat F ...)
        NOT-FOR-US: Fat Free CRM
 CVE-2019-10225
@@ -41593,7 +41593,7 @@ CVE-2019-9670 (mailboxd component in Synacor Zimbra 
Collaboration Suite 8.7.x be
 CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a 
unique attac ...)
        NOT-FOR-US: Wordfence plugin for WordPress
 CVE-2019-9668 (An issue was discovered in rovinbhandari FTP through 
2012-03-28. recei ...)
-       TODO: check
+       NOT-FOR-US: rovinbhandari FTP
 CVE-2019-9667
        RESERVED
 CVE-2019-9666
@@ -41952,13 +41952,13 @@ CVE-2019-9558 (Mailtraq WebMail version 2.17.7.3550 
has Persistent Cross Site Sc
 CVE-2019-9557 (Ability Mail Server 4.2.6 has Persistent Cross Site Scripting 
(XSS) vi ...)
        NOT-FOR-US: Ability Mail Server
 CVE-2019-9556 (FiberHome an5506-04-f RP2669 devices have XSS. ...)
-       TODO: check
+       NOT-FOR-US: FiberHome an5506-04-f RP2669 devices
 CVE-2019-9555 (Sagemcom F@st 5260 routers using firmware version 0.4.39, in 
WPA mode, ...)
        NOT-FOR-US: Sagemcom routers
 CVE-2019-9554 (In the 3.1.12 Pro version of Craft CMS, XSS has been discovered 
in the ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2019-9553 (Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to 
editcon ...)
-       TODO: check
+       NOT-FOR-US: Bolt CMS
 CVE-2019-9552 (Eloan V3.0 through 2018-09-20 allows remote attackers to list 
files vi ...)
        NOT-FOR-US: Eloan
 CVE-2019-9551 (An issue was discovered in DOYO (aka doyocms) 2.3 through 
2015-05-06.  ...)
@@ -42892,9 +42892,9 @@ CVE-2019-9208 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 
to 2.6.6, the TCAP dissect
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2
        NOTE: https://www.wireshark.org/security/wnpa-sec-2019-07.html
 CVE-2019-9207 (PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm 
search ...)
-       TODO: check
+       NOT-FOR-US: PRTG Network Monitor
 CVE-2019-9206 (PRTG Network Monitor v7.1.3.3378 allows XSS via the 
/public/login.htm  ...)
-       TODO: check
+       NOT-FOR-US: PRTG Network Monitor
 CVE-2019-9205
        RESERVED
 CVE-2019-9204 (SQL injection vulnerability in Nagios IM (component of Nagios 
XI) befo ...)
@@ -42919,7 +42919,7 @@ CVE-2019-9199 
(PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp i
 CVE-2019-9198
        RESERVED
 CVE-2019-9197 (The com.unity3d.kharma protocol handler in Unity Editor 2018.3 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Unity Editor
 CVE-2019-9196 (The Face authentication component in Aware mobile liveness 
2.2.1 sdk 2 ...)
        NOT-FOR-US: Aware mobile liveness
 CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious 
files. An a ...)
@@ -48312,7 +48312,7 @@ CVE-2019-7164 (SQLAlchemy through 1.2.17 and 1.3.x 
through 1.3.0b2 allows SQL In
 CVE-2019-7163 (The web interface of Alcatel LINKZONE MW40-V-V1.0 
MW40_LU_02.00_02 dev ...)
        NOT-FOR-US: Alcatel
 CVE-2019-7162 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 
5.6 Bu ...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine
 CVE-2019-7161 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 
5.x th ...)
        NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
 CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ 
Directory Trav ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fd56a32f5977158783c22d7b718bdf0d45d0ba0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0fd56a32f5977158783c22d7b718bdf0d45d0ba0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track NFUs

Reply via email to