Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82281dc1 by Salvatore Bonaccorso at 2020-01-03T21:09:11+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -234,7 +234,7 @@ CVE-2019-20330 (FasterXML jackson-databind 2.x before
2.9.10.2 lacks certain net
- jackson-databind <unfixed>
NOTE: https://github.com/FasterXML/jackson-databind/issues/2526
CVE-2019-20329 (OpenLambda 2019-09-10 allows DNS rebinding attacks against the
OL serv ...)
- TODO: check
+ NOT-FOR-US: OpenLambda
CVE-2019-20328
RESERVED
CVE-2019-20327
@@ -14067,7 +14067,7 @@ CVE-2019-18570
CVE-2019-18569
RESERVED
CVE-2019-18568 (Avira Free Antivirus 15.0.1907.1514 is prone to a local
privilege esca ...)
- TODO: check
+ NOT-FOR-US: Avira Free Antivirus
CVE-2019-18567
RESERVED
CVE-2019-18566
@@ -39528,7 +39528,7 @@ CVE-2019-10231 (Teclib GLPI before 9.4.1.1 is affected
by a PHP type juggling vu
CVE-2019-10230
RESERVED
CVE-2019-10229 (An issue was discovered in MailStore Server (and Service
Provider Edit ...)
- TODO: check
+ NOT-FOR-US: MailStore
CVE-2019-10228
RESERVED
CVE-2019-10227 (openITCOCKPIT before 3.7.1 has reflected XSS in the
404-not-found comp ...)
@@ -47223,7 +47223,7 @@ CVE-2018-20781 (In pam/gkr-pam-module.c in GNOME
Keyring before 3.27.2, the user
CVE-2019-7752
RESERVED
CVE-2019-7751 (A directory traversal and local file inclusion vulnerability in
FPProd ...)
- TODO: check
+ NOT-FOR-US: Ricoh
CVE-2019-7750
RESERVED
CVE-2019-7749
@@ -56393,7 +56393,7 @@ CVE-2019-3986 (Blink XT2 Sync Module firmware prior to
2.13.11 allows remote att
CVE-2019-3985 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote
attacker ...)
NOT-FOR-US: Blink XT2
CVE-2019-3984 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote
attacker ...)
- TODO: check
+ NOT-FOR-US: Blink XT2 Sync Module firmware
CVE-2019-3983 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote
attacker ...)
NOT-FOR-US: Blink XT2
CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a
Denial of Se ...)
@@ -64593,15 +64593,15 @@ CVE-2018-19836 (In Metinfo 6.1.3,
include/interface/applogin.php allows setting
CVE-2018-19835 (Metinfo 6.1.3 has reflected XSS via the admin/column/move.php
lang_col ...)
NOT-FOR-US: Metinfo
CVE-2018-19834 (The quaker function of a smart contract implementation for
BOMBBA (BOM ...)
- TODO: check
+ NOT-FOR-US: BOMBBA (BOMB) (tradable Ethereum ERC20 token)
CVE-2018-19833 (The owned function of a smart contract implementation for DDQ,
an trad ...)
- TODO: check
+ NOT-FOR-US: DDQ (tradable Ethereum ERC20 token)
CVE-2018-19832 (The NETM() function of a smart contract implementation for
NewIntelTec ...)
- TODO: check
+ NOT-FOR-US: NewIntelTechMedia (NETM)
CVE-2018-19831 (The ToOwner() function of a smart contract implementation for
Cryptbon ...)
- TODO: check
+ NOT-FOR-US: Cryptbond Network (CBN)
CVE-2018-19830 (The UBSexToken() function of a smart contract implementation
for Busin ...)
- TODO: check
+ NOT-FOR-US: Business Alliance Financial Circle (BAFC)
CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in
godmode/usuarios/lista_usuarios ...)
NOT-FOR-US: Artica Integria IMS
CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string
parameter. ...)
@@ -81971,7 +81971,7 @@ CVE-2018-14478 (ecard.php in Coppermine Photo Gallery
(CPG) 1.5.46 has XSS via t
CVE-2018-14477
RESERVED
CVE-2018-14476 (GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter
during step ...)
- TODO: check
+ NOT-FOR-US: GeniXCMS
CVE-2018-14475
RESERVED
CVE-2018-14474 (views/auth.go in Orange Forum 1.4.0 allows Open Redirection
via the ne ...)
@@ -261602,7 +261602,7 @@ CVE-2013-4870 (SQL injection vulnerability in the
News Search (news_search) exte
CVE-2013-4869 (Cisco Unified Communications Manager (CUCM) 7.1(x) through
9.1(2) and ...)
NOT-FOR-US: Cisco
CVE-2013-4868 (Karotz API 12.07.19.00: Session Token Information Disclosure
...)
- TODO: check
+ NOT-FOR-US: Karotz API
CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python
module h ...)
NOT-FOR-US: Electronic Arts Karotz Smart Rabbit
CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for
Android h ...)
@@ -264413,37 +264413,37 @@ CVE-2013-3948 (Apple iOS 6.1.3 does not follow
redirects during determination of
CVE-2013-3947 (Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security
8.0.7.5 ...)
NOT-FOR-US: AhnLab V3 Internet Security
CVE-2013-3946 (Heap-based buffer overflow in the MrSID plugin (MrSID.dll)
before 4.37 ...)
- TODO: check
+ NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView
CVE-2013-3945 (The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows
remote a ...)
- TODO: check
+ NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView
CVE-2013-3944 (Stack-based buffer overflow in the MrSID plugin (MrSID.dll)
before 4.3 ...)
- TODO: check
+ NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView
CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN)
before 6. ...)
NOT-FOR-US: DotNetNukeDot
CVE-2013-3942
RESERVED
CVE-2013-3941 (Xjp2.dll in XnView before 2.13 allows remote attackers to
execute arbi ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in
Microsoft W ...)
NOT-FOR-US: Microsoft
CVE-2013-3939 (xnview.exe in XnView before 2.13 does not properly handle RLE
strip le ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2013-3938 (Integer overflow in xnview.exe in XnView 2.13 allows remote
attackers ...)
NOT-FOR-US: XnView
CVE-2013-3937 (Heap-based buffer overflow in xnview.exe in XnView before 2.13
allows ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2013-3936 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview
before ...)
- TODO: check
+ NOT-FOR-US: Opsview
CVE-2013-3935 (Cross-site request forgery (CSRF) vulnerability in Opsview
before 4.4. ...)
- TODO: check
+ NOT-FOR-US: Opsview
CVE-2013-3934 (Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030,
as use ...)
NOT-FOR-US: Kingsoft Office 2013
CVE-2013-3933 (Cross-site scripting (XSS) vulnerability in the JoomShopping
(com_joom ...)
NOT-FOR-US: Joomla component com_joomshopping
CVE-2013-3932 (SQL injection vulnerability in the Jomres (com_jomres)
component befor ...)
- TODO: check
+ NOT-FOR-US: Jomres (com_jomres) component for Joomla!
CVE-2013-3931 (Cross-site scripting (XSS) vulnerability in the Jomres
(com_jomres) co ...)
- TODO: check
+ NOT-FOR-US: Jomres (com_jomres) component for Joomla!
CVE-2013-3930 (Stack-based buffer overflow in Core FTP before 2.2 build 1785
allows r ...)
NOT-FOR-US: Core FTP (client)
CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php
in CMS ...)
@@ -266002,9 +266002,9 @@ CVE-2013-3249 (Stack-based buffer overflow in the
"Add from text file" feature i
CVE-2013-3248 (Untrusted search path vulnerability in Corel PDF Fusion 1.11
allows lo ...)
NOT-FOR-US: Corel PDF Fusion
CVE-2013-3247 (Heap-based buffer overflow in xnview.exe in XnView before 2.03
allows ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2013-3246 (Stack-based buffer overflow in xnview.exe in XnView before 2.03
allows ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2013-3245 (** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC
Media P ...)
- vlc 2.0.7-1 (unimportant)
NOTE: Harmless crasher
@@ -270856,7 +270856,7 @@ CVE-2013-1643 (The SOAP parser in PHP before 5.3.23
and 5.4.x before 5.4.13 allo
- php5 5.4.4-14 (bug #702221)
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36
CVE-2013-1642 (Multiple cross-site scripting (XSS) vulnerabilities in
QuiXplorer befo ...)
- TODO: check
+ NOT-FOR-US: QuiXplorer
CVE-2013-1641 (Directory traversal vulnerability in the zip download
functionality in ...)
NOT-FOR-US: QuiXplorer
CVE-2013-1640 (The (1) template and (2) inline_template functions in the
master serve ...)
@@ -271580,7 +271580,7 @@ CVE-2013-1422
CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen
WebCalendar ...)
- webcalendar <removed>
CVE-2013-1420 (Multiple cross-site scripting (XSS) vulnerabilities in
GetSimple CMS b ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2013-1419
RESERVED
CVE-2013-1418 (The setup_server_realm function in main.c in the Key
Distribution Cent ...)
@@ -273460,7 +273460,7 @@ CVE-2013-0739
CVE-2013-0738
RESERVED
CVE-2013-0737 (Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and
earlier a ...)
- TODO: check
+ NOT-FOR-US: BoltWire
CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Ming ...)
NOT-FOR-US: mingle forum plugin for wp
CVE-2013-0735 (Multiple SQL injection vulnerabilities in wpf.class.php in the
Mingle ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/82281dc13dba0ae167b7d4111b950bb97113ab3d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/82281dc13dba0ae167b7d4111b950bb97113ab3d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
