[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Fri, 10 Jan 2020 00:26:08 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
620ca5aa by Moritz Muehlenhoff at 2020-01-10T09:25:11+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2020-6760
 CVE-2020-6759
        RESERVED
 CVE-2020-6758 (A cross-site scripting (XSS) vulnerability in 
Option/optionsAll.php in ...)
-       TODO: check
+       NOT-FOR-US: Rasilient PixelStor
 CVE-2020-6757 (contentHostProperties.php in Rasilient PixelStor 5000 
K:4.0.1580-20150 ...)
-       TODO: check
+       NOT-FOR-US: Rasilient PixelStor
 CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000 
K:4.0.1580-20150629 (K ...)
-       TODO: check
+       NOT-FOR-US: Rasilient PixelStor
 CVE-2020-6755
        RESERVED
 CVE-2020-6754
@@ -31,11 +31,11 @@ CVE-2020-6752
 CVE-2020-6751
        RESERVED
 CVE-2019-20376 (A cross-site scripting (XSS) vulnerability in Electronic 
Logbook (ELOG ...)
-       TODO: check
+       NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2019-20375 (A cross-site scripting (XSS) vulnerability in Electronic 
Logbook (ELOG ...)
-       TODO: check
+       NOT-FOR-US: Electronic Logbook (ELOG)
 CVE-2019-20374 (A mutation cross-site scripting (XSS) issue in Typora through 
0.9.9.31 ...)
-       TODO: check
+       NOT-FOR-US: Typora
 CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations, 
allows HT ...)
        TODO: check
 CVE-2019-20373 (LTSP LDM through 2.18.06 allows fat-client root access because 
the LDM ...)
@@ -1243,11 +1243,11 @@ CVE-2020-6170 (An authentication bypass vulnerability 
on Genexis Platinum-4410 v
 CVE-2020-6169
        RESERVED
 CVE-2020-6168 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; 
Maintenance  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; 
Maintenance  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; 
Maintenance  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2020-6165
        RESERVED
 CVE-2020-6164
@@ -3738,17 +3738,17 @@ CVE-2019-20185
 CVE-2019-20184 (KeePass 2.4.1 allows CSV injection in the title field of a CSV 
export. ...)
        TODO: check
 CVE-2019-20183 (uploadimage.php in Employee Records System 1.0 allows upload 
and execu ...)
-       TODO: check
+       NOT-FOR-US: Employee Records System
 CVE-2019-20182 (The FooGallery plugin 1.8.12 for WordPress allow XSS via the 
post_titl ...)
-       TODO: check
+       NOT-FOR-US: Wordpress plugin
 CVE-2019-20181 (The awesome-support plugin 5.8.0 for WordPress allows XSS via 
the post ...)
-       TODO: check
+       NOT-FOR-US: Wordpress plugin
 CVE-2019-20180 (The TablePress plugin 1.9.2 for WordPress allows 
tablepress[data] CSV  ...)
-       TODO: check
+       NOT-FOR-US: Wordpress plugin
 CVE-2019-20179 (SOPlanning 1.45 has SQL injection via the user_list.php "by" 
parameter ...)
-       TODO: check
+       NOT-FOR-US: SOPlanning
 CVE-2019-20178 (Advisto PEEL Shopping 9.2.1 has CSRF via 
administrer/utilisateurs.php  ...)
-       TODO: check
+       NOT-FOR-US: Advisto PEEL Shopping
 CVE-2019-20177
        RESERVED
 CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered 
in the li ...)
@@ -14063,7 +14063,7 @@ CVE-2019-18861
 CVE-2019-18860
        RESERVED
 CVE-2019-18859 (Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. 
...)
-       TODO: check
+       NOT-FOR-US: Digi AnywhereUSB
 CVE-2019-18858 (CODESYS 3 web server before 3.5.15.20, as distributed with 
CODESYS Con ...)
        NOT-FOR-US: CODESYS 3 web server
 CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and 
data val ...)
@@ -19008,21 +19008,21 @@ CVE-2020-0010
 CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary 
write  ...)
        TODO: check
 CVE-2020-0008 (In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, 
there  ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2020-0007 (In flattenString8 of Sensor.cpp, there is a possible 
information discl ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2020-0006 (In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a 
possibl ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2020-0005
        RESERVED
 CVE-2020-0004 (In generateCrop of WallpaperManagerService.java, there is a 
possible s ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2020-0003 (In onCreate of InstallStart.java, there is a possible package 
validati ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2020-0002 (In ih264d_init_decoder of ih264d_api.c, there is a possible out 
of bou ...)
-       TODO: check
+       NOT-FOR-US: Android Media Framework
 CVE-2020-0001 (In getProcessRecordLocked of ActivityManagerService.java 
isolated apps ...)
-       TODO: check
+       NOT-FOR-US: Android
 CVE-2019-18192 (GNU Guix 1.0.1 allows local users to gain access to an 
arbitrary user' ...)
        - guix <itp> (bug #850644)
        NOTE: https://issues.guix.gnu.org/issue/37744
@@ -39889,7 +39889,7 @@ CVE-2019-11294 (Cloud Foundry Cloud Controller API 
(CAPI), version 1.88.0, allow
 CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when 
set to log ...)
        NOT-FOR-US: Cloud Foundry UAA Release
 CVE-2019-11292 (Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x 
prior to 2. ...)
-       TODO: check
+       NOT-FOR-US: Pivotal
 CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 
version prior  ...)
        - rabbitmq-server <unfixed> (bug #945601)
        [buster] - rabbitmq-server <no-dsa> (Minor issue)
@@ -41298,7 +41298,7 @@ CVE-2019-10779
 CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to 
execute arbi ...)
        TODO: check
 CVE-2019-10777 (In aws-lambda versions prior to version 1.0.5, the 
"config.FunctioName ...)
-       TODO: check
+       NOT-FOR-US: aws-lambda
 CVE-2019-10776 (In "index.js" file line 240, the run command executes the git 
command  ...)
        NOT-FOR-US: git-diff-apply
 CVE-2019-10775 (ecstatic have a denial of service vulnerability. Successful 
exploitati ...)
@@ -54076,7 +54076,7 @@ CVE-2019-6333 (A potential security vulnerability has 
been identified with certa
 CVE-2019-6332 (A potential security vulnerability has been identified with 
certain HP ...)
        NOT-FOR-US: HP InkJet printers
 CVE-2019-6331 (An issue was found in Samsung Mobile Print (Android) versions 
prior to ...)
-       TODO: check
+       NOT-FOR-US: HP
 CVE-2019-6330 (A potential security vulnerability has been identified in the 
software ...)
        NOT-FOR-US: HP Access Control
 CVE-2019-6329 (HP Support Assistant 8.7.50 and earlier allows a user to gain 
system p ...)
@@ -190757,7 +190757,7 @@ CVE-2016-5313 (Symantec Web Gateway (SWG) before 
5.2.5 allows remote authenticat
 CVE-2016-5312 (Directory traversal vulnerability in the charting component in 
Symante ...)
        NOT-FOR-US: Symantec
 CVE-2016-5311 (A Privilege Escalation vulnerability exists in Symantec Norton 
Antivir ...)
-       TODO: check
+       NOT-FOR-US: Symantec
 CVE-2016-5310 (The RAR file parser component in the AntiVirus Decomposer 
engine in Sy ...)
        NOT-FOR-US: Symantec
 CVE-2016-5309 (The RAR file parser component in the AntiVirus Decomposer 
engine in Sy ...)
@@ -254596,7 +254596,7 @@ CVE-2014-1600
 CVE-2014-1599 (Multiple cross-site scripting (XSS) vulnerabilities in the SFR 
Box rou ...)
        NOT-FOR-US: SFR Box router
 CVE-2014-1598 (centurystar 7.12 ActiveX Control has a Stack Buffer Overflow 
...)
-       TODO: check
+       NOT-FOR-US: centurystar
 CVE-2014-1597 (SQL injection vulnerability in the CMDB web application in 
synetics i- ...)
        NOT-FOR-US: i-doit
 CVE-2014-1596
@@ -285694,15 +285694,15 @@ CVE-2012-3812 (Double free vulnerability in 
apps/app_voicemail.c in Asterisk Ope
 CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in 
the Wall ...)
        NOT-FOR-US: Avaya IP Office Customer Call Reporter
 CVE-2012-3810 (Samsung Kies before 2.5.0.12094_27_11 has registry 
modification. ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2012-3809 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory 
modifica ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2012-3808 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file 
modification. ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2012-3807 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file 
execution. ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2012-3806 (Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer 
derefere ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2012-3805 (Multiple cross-site scripting (XSS) vulnerabilities in the 
getAllPasse ...)
        NOT-FOR-US: Kajona
 CVE-2012-3804
@@ -287746,7 +287746,7 @@ CVE-2012-2952 (SQL injection vulnerability in 
add_ons.php in Jaow 2.4.5 and earl
 CVE-2012-2951
        REJECTED
 CVE-2012-2950 (Gateway Geomatics MapServer for Windows before 3.0.6 contains a 
Local  ...)
-       TODO: check
+       NOT-FOR-US: Gateway Geomatics MapServer
 CVE-2012-2949 (The ZTE sync_agent program for Android 2.3.4 on the Score M 
device use ...)
        NOT-FOR-US: Android
 CVE-2012-2948 (chan_skinny.c in the Skinny (aka SCCP) channel driver in 
Certified Ast ...)
@@ -287801,7 +287801,7 @@ CVE-2012-2933
 CVE-2012-2932 (Multiple cross-site scripting (XSS) vulnerabilities in 
TinyWebGallery  ...)
        NOT-FOR-US: TinyWebGallery
 CVE-2012-2931 (PHP code injection in TinyWebGallery before 1.8.8 allows remote 
authen ...)
-       TODO: check
+       NOT-FOR-US: TinyWebGallery
 CVE-2012-2930 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
TinyWebG ...)
        NOT-FOR-US: TinyWebGallery
 CVE-2012-2929
@@ -289740,7 +289740,7 @@ CVE-2012-2228
 CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml 
before ...)
        NOT-FOR-US: PluXml
 CVE-2012-2226 (Invision Power Board before 3.3.1 fails to sanitize 
user-supplied inpu ...)
-       TODO: check
+       NOT-FOR-US: Invision Power Board
 CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary 
code via  ...)
        NOT-FOR-US: 360zip
 CVE-2012-2224 (Xunlei Thunder before 7.2.6 allows remote attackers to execute 
arbitra ...)
@@ -290591,7 +290591,7 @@ CVE-2012-1916 (@Mail WebMail Client in AtMail 
Open-Source before 1.05 allows rem
 CVE-2007-6752 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability 
in Drup ...)
        - drupal7 <removed> (unimportant)
 CVE-2012-1915 (EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass 
the xss_c ...)
-       TODO: check
+       NOT-FOR-US: EllisLab CodeIgniter
 CVE-2012-1914
        RESERVED
 CVE-2012-1913



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/620ca5aa06f75482150d2960449a9654635f8c20

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/620ca5aa06f75482150d2960449a9654635f8c20
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to