Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e3ce8e06 by Salvatore Bonaccorso at 2020-01-07T21:54:26+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -639,7 +639,7 @@ CVE-2020-5845
CVE-2020-5844
RESERVED
CVE-2020-5843 (Codoforum 4.8.3 allows XSS in the admin dashboard via a
category to th ...)
- TODO: check
+ NOT-FOR-US: Codoforum
CVE-2020-5842
RESERVED
CVE-2020-5841
@@ -1604,7 +1604,7 @@ CVE-2014-10398 (Multiple cross-site scripting (XSS)
vulnerabilities in bsi.dll i
CVE-2020-5394
RESERVED
CVE-2020-5393 (In Appspace On-Prem through 7.1.3, an adversary can steal a
session to ...)
- TODO: check
+ NOT-FOR-US: Appspace On-Prem
CVE-2020-5392
RESERVED
CVE-2020-5391
@@ -1790,7 +1790,7 @@ CVE-2020-5309
CVE-2020-5308
RESERVED
CVE-2020-5307 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable
to SQL ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System
CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display
name, t ...)
NOT-FOR-US: Codoforum
CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name
field of ...)
@@ -1996,7 +1996,7 @@ CVE-2020-5206
CVE-2020-5205
RESERVED
CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability
in hand ...)
- TODO: check
+ NOT-FOR-US: uftpd
CVE-2020-5203
RESERVED
CVE-2020-5202
@@ -16289,7 +16289,7 @@ CVE-2019-18388 (A NULL pointer dereference in
vrend_renderer.c in virglrenderer
CVE-2019-18387 (Sourcecodester Hotel and Lodge Management System 1.0 is
vulnerable to ...)
NOT-FOR-US: Sourcecodester Hotel and Lodge Management System
CVE-2019-18386 (Systems management on Unisys Libra and Libra Software Series,
with MCP ...)
- TODO: check
+ NOT-FOR-US: Unisys
CVE-2019-18385 (An issue was discovered on TerraMaster FS-210 4.0.19 devices.
An unaut ...)
NOT-FOR-US: TerraMaster
CVE-2019-18384 (An issue was discovered on TerraMaster FS-210 4.0.19 devices.
An authe ...)
@@ -23097,7 +23097,7 @@ CVE-2019-16156
CVE-2019-16155
RESERVED
CVE-2019-16154 (An improper neutralization of input during web page generation
in Fort ...)
- TODO: check
+ NOT-FOR-US: FortiAuthenticator WEB UI
CVE-2019-16153
RESERVED
CVE-2019-16152
@@ -39988,7 +39988,7 @@ CVE-2019-10778
CVE-2019-10777
RESERVED
CVE-2019-10776 (In "index.js" file line 240, the run command executes the git
command ...)
- TODO: check
+ NOT-FOR-US: git-diff-apply
CVE-2019-10775 (ecstatic have a denial of service vulnerability. Successful
exploitati ...)
- node-ecstatic <itp> (bug #910614)
CVE-2019-10774 (php-shellcommand versions before 1.6.1 have a command
injection vulner ...)
@@ -51835,7 +51835,7 @@ CVE-2019-6702 (The MasterCard Qkr! app before 5.0.8 for
iOS has Missing SSL Cert
CVE-2019-6701
RESERVED
CVE-2019-6700 (An information exposure vulnerability in the external
authentication p ...)
- TODO: check
+ NOT-FOR-US: FortiSIEM (Fortiguard)
CVE-2019-6699
RESERVED
CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder
all versi ...)
@@ -94790,7 +94790,7 @@ CVE-2018-10467
CVE-2018-10466 (Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows
blind SQ ...)
NOT-FOR-US: Zoho
CVE-2018-10465 (Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf
Pro use ...)
- TODO: check
+ NOT-FOR-US: Jamf Pro
CVE-2018-10464
RESERVED
CVE-2018-10463
@@ -101551,7 +101551,7 @@ CVE-2018-7796 (A Buffer Error vulnerability exists in
PowerSuite 2, all released
CVE-2018-7795 (A Cross Protocol Injection vulnerability exists in Schneider
Electric' ...)
NOT-FOR-US: Schneider
CVE-2018-7794 (A CWE-754: Improper Check for Unusual or Exceptional Conditions
vulner ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2018-7793 (A Credential Management vulnerability exists in FoxView HMI
SCADA (All ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7792 (A Permissions, Privileges, and Access Control vulnerability
exists in ...)
@@ -214222,7 +214222,7 @@ CVE-2015-5953 (Cross-site scripting (XSS)
vulnerability in the activity applicat
CVE-2015-5952
RESERVED
CVE-2015-5951 (A file upload issue exists in the specid parameter in Thomson
Reuters ...)
- TODO: check
+ NOT-FOR-US: Thomson Reuters FATCH
CVE-2015-5950 (The NVIDIA display driver R352 before 353.82 and R340 before
341.81 on ...)
- nvidia-graphics-drivers 340.93-1 (bug #800566)
[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -218280,7 +218280,7 @@ CVE-2015-4555 (Buffer overflow in the HTTP
administrative interface in TIBCO Ren
CVE-2015-4554 (Multiple unspecified vulnerabilities in TIBCO Spotfire Client
and Spot ...)
NOT-FOR-US: TIBCO
CVE-2015-4553 (A file upload issue exists in DeDeCMS before 5.7-sp1, which
allows mal ...)
- TODO: check
+ NOT-FOR-US: DeDeCMS
CVE-2015-4552 (Cross-site scripting (XSS) vulnerability in the quick edit
function in ...)
NOT-FOR-US: MyBB
CVE-2015-4551 (LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2
uses the s ...)
@@ -234786,9 +234786,9 @@ CVE-2014-8676 (Directory traversal vulnerability in
the file_get_contents functi
CVE-2014-8675 (Soplanning 1.32 and earlier generates static links for sharing
ICAL ca ...)
NOT-FOR-US: SOPlanning
CVE-2014-8674 (Multiple Cross-Site Scripting (XSS) vulnerabilities exist in
Simple On ...)
- TODO: check
+ NOT-FOR-US: Simple Online Planning
CVE-2014-8673 (Multiple SQL vulnerabilities exist in planning.php,
user_list.php, pro ...)
- TODO: check
+ NOT-FOR-US: Simple Online Planning
CVE-2014-8672 (Cross-site scripting (XSS) vulnerability in the
RewardingYourself appl ...)
NOT-FOR-US: RewardingYourself application for Android and BlackBerry
CVE-2014-8671 (Cross-site scripting (XSS) vulnerability in the GWT Mobile
PhoneGap Sh ...)
@@ -261543,11 +261543,11 @@ CVE-2013-5660 (Buffer overflow in Power Software
WinArchiver 3.2 allows remote a
CVE-2013-5659
RESERVED
CVE-2013-5658 (AultWare pwStore 2010.8.30.0 has XSS ...)
- TODO: check
+ NOT-FOR-US: AultWare pwStore
CVE-2013-5657 (AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request
...)
- TODO: check
+ NOT-FOR-US: AultWare pwStore
CVE-2013-5656 (FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability
...)
- TODO: check
+ NOT-FOR-US: FuzeZip
CVE-2012-6632 (Multiple cross-site scripting (XSS) vulnerabilities in Vessio
NetBill ...)
NOT-FOR-US: Vessio NetBill
CVE-2012-6631 (Cross-site request forgery (CSRF) vulnerability in
accounts/admin/inde ...)
@@ -261675,9 +261675,9 @@ CVE-2013-5641 (The SIP channel driver
(channels/chan_sip.c) in Asterisk Open Sou
- asterisk 1:11.5.1~dfsg-1 (bug #721220)
NOTE: http://downloads.asterisk.org/pub/security/AST-2013-004.html
CVE-2013-5638 (Transcend WiFiSD 1.8 has persistent XSS ...)
- TODO: check
+ NOT-FOR-US: Transcend WiFiSD
CVE-2013-5637 (PQI AirCard has persistent XSS ...)
- TODO: check
+ NOT-FOR-US: PQI AirCard
CVE-2013-5636 (Unlock.exe in Media Encryption EPM Explorer in Check Point
Endpoint Se ...)
NOT-FOR-US: Check Point Endpoint Security
CVE-2013-5635 (Media Encryption EPM Explorer in Check Point Endpoint Security
through ...)
@@ -261921,7 +261921,7 @@ CVE-2013-5572 (Zabbix 2.0.5 allows remote
authenticated users to discover the LD
NOTE: http://seclists.org/fulldisclosure/2013/Sep/151
NOTE: Non-issue
CVE-2013-5571 (HMailServer 5.3.x and prior: Memory Corruption which could
cause DOS ...)
- TODO: check
+ NOT-FOR-US: HMailServer
CVE-2013-5570 (Cross-site scripting (XSS) vulnerability in the Javascript and
CSS Opt ...)
NOT-FOR-US: TYPO3 extension (js_css_optimizer)
CVE-2013-5569 (SQL injection vulnerability in the Slideshare extension 0.1.0
for TYPO ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3ce8e065625c5ad217a4212d52744a9019d6240
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3ce8e065625c5ad217a4212d52744a9019d6240
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
