Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
009ba117 by Salvatore Bonaccorso at 2020-01-10T22:07:31+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18198,7 +18198,7 @@ CVE-2019-18198 (In the Linux kernel before 5.3.4, a
reference count usage error
CVE-2019-18195 (An issue was discovered on TerraMaster FS-210 4.0.19 devices.
Normal u ...)
NOT-FOR-US: TerraMaster FS-210 devices
CVE-2019-18194 (TotalAV 2020 4.14.31 has a quarantine flaw that allows
privilege escal ...)
- TODO: check
+ NOT-FOR-US: TotalAV
CVE-2019-18193
RESERVED
CVE-2020-0500
@@ -30803,17 +30803,17 @@ CVE-2019-14308 (Several Ricoh printers have multiple
buffer overflows parsing LP
CVE-2019-14307 (Several Ricoh printers have multiple buffer overflows parsing
HTTP par ...)
NOT-FOR-US: Ricoh
CVE-2019-14306 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control
(issue 2 of ...)
- TODO: check
+ NOT-FOR-US: Ricoh SP C250DN 1.06 devices
CVE-2019-14305 (Several Ricoh printers have multiple buffer overflows parsing
HTTP par ...)
NOT-FOR-US: Ricoh
CVE-2019-14304 (Ricoh SP C250DN 1.06 devices allow CSRF. ...)
- TODO: check
+ NOT-FOR-US: Ricoh SP C250DN 1.06 devices
CVE-2019-14303
RESERVED
CVE-2019-14302 (On Ricoh SP C250DN 1.06 devices, a debug port can be used. ...)
- TODO: check
+ NOT-FOR-US: Ricoh SP C250DN 1.06 devices
CVE-2019-14301 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control
(issue 1 of ...)
- TODO: check
+ NOT-FOR-US: Ricoh SP C250DN 1.06 devices
CVE-2019-14300 (Several Ricoh printers have multiple buffer overflows parsing
HTTP coo ...)
NOT-FOR-US: Ricoh
CVE-2019-14299
@@ -245266,9 +245266,9 @@ CVE-2014-5095
CVE-2014-5094 (Status2k allows remote attackers to obtain configuration
information v ...)
NOT-FOR-US: Status2k
CVE-2014-5093 (Status2k does not remove the install directory allowing
credential res ...)
- TODO: check
+ NOT-FOR-US: Status2k
CVE-2014-5092 (Status2k allows Remote Command Execution in
admin/options/editpl.php. ...)
- TODO: check
+ NOT-FOR-US: Status2k
CVE-2014-5091
RESERVED
CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated
adminis ...)
@@ -245552,11 +245552,11 @@ CVE-2014-4986 (Multiple cross-site scripting (XSS)
vulnerabilities in js/functio
CVE-2014-4985
RESERVED
CVE-2014-4984 (Déjà Vu Crescendo Sales CRM has remote SQL Injection
...)
- TODO: check
+ NOT-FOR-US: Deja Vu Crescendo Sales CRM
CVE-2014-4983
RESERVED
CVE-2014-4982 (LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command
injection ...)
- TODO: check
+ NOT-FOR-US: LPAR2RRD
CVE-2014-4981
RESERVED
CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5
for Nes ...)
@@ -246657,7 +246657,7 @@ CVE-2014-4532 (Cross-site scripting (XSS)
vulnerability in templates/printAdminU
CVE-2014-4531 (Cross-site scripting (XSS) vulnerability in main_page.php in
the Game ...)
NOT-FOR-US: WordPress plugin Game tabs
CVE-2014-4530 (flog plugin 0.1 for WordPress has XSS ...)
- TODO: check
+ NOT-FOR-US: flog plugin for WordPress
CVE-2014-4529 (Cross-site scripting (XSS) vulnerability in fpg_preview.php in
the Fla ...)
NOT-FOR-US: WordPress plugin Flash Photo Gallery
CVE-2014-4528 (Multiple cross-site scripting (XSS) vulnerabilities in
admin/swarm-set ...)
@@ -249597,7 +249597,7 @@ CVE-2013-7382 (VICIDIAL dialer (aka Asterisk GUI
client) 2.8-403a, 2.7, 2.7RC1,
CVE-2013-7381
RESERVED
CVE-2013-7380 (The Etherpad Lite ep_imageconvert Plugin has a Remote Command
Injectio ...)
- TODO: check
+ NOT-FOR-US: Etherpad Lite ep_imageconvert Plugin
CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js
does not p ...)
NOT-FOR-US: tomato module for Node.js
CVE-2013-7378
@@ -285283,7 +285283,7 @@ CVE-2012-4032 (Open redirect vulnerability in the
login page in WebsitePanel bef
CVE-2012-4031 (Multiple directory traversal vulnerabilities in
src/acloglogin.php in ...)
NOT-FOR-US: Wangkongbao not in Debian
CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied
input ...)
- TODO: check
+ NOT-FOR-US: Chamilo LMS
CVE-2012-4029
RESERVED
CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential
data, ...)
@@ -285845,11 +285845,11 @@ CVE-2012-3825 (Multiple integer overflows in
Wireshark 1.4.x before 1.4.13 and 1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125
NOTE: leftover of CVE-2012-2392
CVE-2012-3824 (In Arial Campaign Enterprise before 11.0.551, multiple pages
are acces ...)
- TODO: check
+ NOT-FOR-US: Arial Campaign Enterprise
CVE-2012-3823 (Arial Campaign Enterprise before 11.0.551 stores passwords in
clear te ...)
- TODO: check
+ NOT-FOR-US: Arial Campaign Enterprise
CVE-2012-3822 (Arial Campaign Enterprise before 11.0.551 has unauthorized
access to t ...)
- TODO: check
+ NOT-FOR-US: Arial Campaign Enterprise
CVE-2012-3821
RESERVED
CVE-2012-3820 (Multiple SQL injection vulnerabilities in Campaign11.exe in
Arial Soft ...)
@@ -294973,7 +294973,7 @@ CVE-2011-5022 (SQL injection vulnerability in
search.php in Pligg CMS 1.1.2 allo
CVE-2011-5021 (PHPIDS before 0.7 does not properly implement Regular
Expression Denia ...)
- php-ids <itp> (bug #488848)
CVE-2011-5020 (An SQL Injection vulnerability exists in the ID parameter in
Online TV ...)
- TODO: check
+ NOT-FOR-US: Online TV Database
CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in
Textpat ...)
- textpattern <unfixed> (low)
[squeeze] - textpattern <no-dsa> (Vulnerability is in setup.php, which
becomes inaccessible after installation)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/009ba117067be88c281f3e48074e74dbdd1302b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/009ba117067be88c281f3e48074e74dbdd1302b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
