Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
370e4481 by Moritz Muehlenhoff at 2020-01-06T09:57:01+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2020-5508
CVE-2019-20355
RESERVED
CVE-2019-20354 (The web application component of piSignage before 2.6.4 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: piSignage
CVE-2019-20353
RESERVED
CVE-2019-20352 (In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer
over-read occ ...)
@@ -57,9 +57,9 @@ CVE-2019-20339
CVE-2019-20338
RESERVED
CVE-2019-20337 (In PHP Scripts Mall advanced-real-estate-script 4.0.9, the
news_edit.p ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall advanced-real-estate-script
CVE-2019-20336 (In PHP Scripts Mall advanced-real-estate-script 4.0.9, the
search-resu ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall advanced-real-estate-script
CVE-2019-20335
RESERVED
CVE-2020-5507
@@ -494,9 +494,9 @@ CVE-2020-5308
CVE-2020-5307
RESERVED
CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display
name, t ...)
- TODO: check
+ NOT-FOR-US: Codoforum
CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name
field of ...)
- TODO: check
+ NOT-FOR-US: Codoforum
CVE-2020-5304
RESERVED
CVE-2020-5303
@@ -948,9 +948,9 @@ CVE-2013-7485 (Cross-site scripting (XSS) vulnerability in
the backend in Open-X
CVE-2020-5193
RESERVED
CVE-2020-5192 (PHPGurukul Hospital Management System in PHP v4.0 suffers from
multipl ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2020-5191 (PHPGurukul Hospital Management System in PHP v4.0 suffers from
multipl ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Hospital Management System
CVE-2020-5190
RESERVED
CVE-2020-5189
@@ -1028,15 +1028,15 @@ CVE-2019-20203 (The Authorized Addresses feature in the
Postie plugin 1.9.40 for
CVE-2020-5179 (Comtech Stampede FX-1010 7.4.3 devices allow remote
authenticated admi ...)
NOT-FOR-US: Comtech Stampede FX-1010 7.4.3 devices
CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
function ezx ...)
- TODO: check
+ NOT-FOR-US: ezXML
CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
ezxml_parse_ ...)
- TODO: check
+ NOT-FOR-US: ezXML
CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
function ezx ...)
- TODO: check
+ NOT-FOR-US: ezXML
CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
function ezx ...)
- TODO: check
+ NOT-FOR-US: ezXML
CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
function ezx ...)
- TODO: check
+ NOT-FOR-US: ezXML
CVE-2020-5178
RESERVED
CVE-2020-5177
@@ -1246,11 +1246,11 @@ CVE-2019-20157
CVE-2019-20156
RESERVED
CVE-2019-20155 (An issue was discovered in report_edit.jsp in Determine
(formerly Sele ...)
- TODO: check
+ NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
CVE-2019-20154 (An issue was discovered in Determine (formerly Selectica)
Contract Lif ...)
- TODO: check
+ NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
CVE-2019-20153 (An issue was discovered in Determine (formerly Selectica)
Contract Lif ...)
- TODO: check
+ NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
CVE-2019-20152
RESERVED
CVE-2019-20151
@@ -3824,7 +3824,7 @@ CVE-2019-20079 (The autocmd feature in window.c in Vim
before 8.1.2136 accesses
CVE-2019-20078
RESERVED
CVE-2019-20077 (The Typesetter CMS 5.1 logout functionality is affected by a
CSRF vuln ...)
- TODO: check
+ NOT-FOR-US: Typesetter CMS
CVE-2019-20076 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi
username par ...)
NOT-FOR-US: Netis DL4323 devices
CVE-2019-20075 (On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6
Diagnostic). ...)
@@ -4009,13 +4009,13 @@ CVE-2019-20009 (An issue was discovered in GNU LibreDWG
before 0.93. Crafted inp
CVE-2019-20008 (In Archery before 1.3, inserting an XSS payload into a project
name (e ...)
NOT-FOR-US: Archery
CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The
function ezx ...)
- TODO: check
+ NOT-FOR-US: ezXML
CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
function ezx ...)
- TODO: check
+ NOT-FOR-US: ezXML
CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The
function ezx ...)
- TODO: check
+ NOT-FOR-US: ezXML
CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices.
When the ...)
- TODO: check
+ NOT-FOR-US: Intelbras
CVE-2019-20003
RESERVED
CVE-2019-20002
@@ -10419,9 +10419,9 @@ CVE-2019-19268
CVE-2019-19267
RESERVED
CVE-2019-19266 (IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and
probably ...)
- TODO: check
+ NOT-FOR-US: IceWarp WebMail Server
CVE-2019-19265 (IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and
probably ...)
- TODO: check
+ NOT-FOR-US: IceWarp WebMail Server
CVE-2019-19264 (In Simplifile RecordFusion through 2019-11-25, the logs and
hist param ...)
NOT-FOR-US: Simplifile RecordFusion
CVE-2019-19263 (GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has
Insecure ...)
@@ -46699,7 +46699,7 @@ CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer
overflow vulnerability i
CVE-2019-8257
RESERVED
CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure
inherited pe ...)
- TODO: check
+ NOT-FOR-US: ColdFusion
CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection
vulnerabil ...)
NOT-FOR-US: Adobe
CVE-2019-8254 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before
21.0.2 hav ...)
@@ -52237,7 +52237,7 @@ CVE-2019-6037
CVE-2019-6036
RESERVED
CVE-2019-6035 (Open redirect vulnerability in Athenz v1.8.24 and earlier
allows remot ...)
- TODO: check
+ NOT-FOR-US: Athenz
CVE-2019-6034 (a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x),
Ver.2.9.26 (Ver ...)
NOT-FOR-US: a-blog cms
CVE-2019-6033 (Cross-site scripting vulnerability in a-blog cms versions prior
to Ver ...)
@@ -52327,13 +52327,13 @@ CVE-2019-5992 (Cross-site request forgery (CSRF)
vulnerability in WordPress Ultr
CVE-2019-5991 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to
4.10.3 allow ...)
NOT-FOR-US: Cybozu Garoon
CVE-2019-5990 (Access analysis CGI An-Analyzer released in 2019 June 24 and
earlier a ...)
- TODO: check
+ NOT-FOR-US: CGI An-Analyzer
CVE-2019-5989 (DOM-based cross-site scripting vulnerability in Access analysis
CGI An ...)
- TODO: check
+ NOT-FOR-US: CGI An-Analyzer
CVE-2019-5988 (Stored cross-site scripting vulnerability in Access analysis
CGI An-An ...)
- TODO: check
+ NOT-FOR-US: CGI An-Analyzer
CVE-2019-5987 (Access analysis CGI An-Analyzer released in 2019 June 24 and
earlier a ...)
- TODO: check
+ NOT-FOR-US: CGI An-Analyzer
CVE-2019-5986 (Cross-site request forgery (CSRF) vulnerability in Hikari Denwa
router ...)
NOT-FOR-US: Hikari
CVE-2019-5985 (Cross-site scripting vulnerability in Hikari Denwa router/Home
GateWay ...)
@@ -54243,7 +54243,7 @@ CVE-2019-5250 (Mate 20 Pro smartphones with versions
earlier than 9.1.0.135(C00E
CVE-2019-5249
RESERVED
CVE-2019-5248 (CloudEngine 12800 has a DoS vulnerability. An attacker of a
neighborin ...)
- TODO: check
+ NOT-FOR-US: CloudEngine 12800
CVE-2019-5247 (Huawei Atlas 300, Atlas 500 have a buffer overflow
vulnerability. A lo ...)
NOT-FOR-US: Huawei
CVE-2019-5246 (Smartphones with software of ELLE-AL00B
9.1.0.109(C00E106R1P21), 9.1.0 ...)
@@ -93628,11 +93628,11 @@ CVE-2018-10391 (An issue was discovered in WUZHI CMS
4.1.0. There is XSS via the
CVE-2018-10390
RESERVED
CVE-2018-10389 (Format string vulnerability in the logMess function in TFTP
Server MT ...)
- TODO: check
+ NOT-FOR-US: TFTP Server SP
CVE-2018-10388 (Format string vulnerability in the logMess function in TFTP
Server SP ...)
- TODO: check
+ NOT-FOR-US: TFTP Server SP
CVE-2018-10387 (Heap-based overflow vulnerability in TFTP Server SP 1.66 and
earlier a ...)
- TODO: check
+ NOT-FOR-US: TFTP Server SP
CVE-2018-10386
RESERVED
CVE-2018-10385
@@ -277313,7 +277313,7 @@ CVE-2012-5880
CVE-2012-5879 (An ActiveX control in McHealthCheck.dll in McAfee Virtual
Technician ( ...)
NOT-FOR-US: McAfee Virtual Technician
CVE-2012-5878 (Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through
0.1.4 a ...)
- TODO: check
+ NOT-FOR-US: Bulb Security Smartphone Pentest Framework
CVE-2012-5877 (Nero MediaHome 4.5.8.0 and earlier allows remote attackers to
cause a ...)
NOT-FOR-US: Nero MediaHome
CVE-2012-5876 (Multiple off-by-one errors in NMMediaServerService.dll in Nero
MediaHo ...)
@@ -277760,7 +277760,7 @@ CVE-2012-5695 (Multiple cross-site request forgery
(CSRF) vulnerabilities in Bul
CVE-2012-5694 (Multiple SQL injection vulnerabilities in Bulb Security
Smartphone Pen ...)
NOT-FOR-US: Smartphone Pentest Framework
CVE-2012-5693 (Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3
allows r ...)
- TODO: check
+ NOT-FOR-US: Bulb Security Smartphone Pentest Framework
CVE-2012-5692 (Unspecified vulnerability in admin/sources/base/core.php in
Invision P ...)
NOT-FOR-US: Invision Power Board
CVE-2012-5691 (Buffer overflow in RealNetworks RealPlayer before 16.0.0.282
and RealP ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/370e44819b431d67d5c59ff2405d7a66535b474e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/370e44819b431d67d5c59ff2405d7a66535b474e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
