Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02dadd14 by Salvatore Bonaccorso at 2020-01-22T21:23:50+01:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1955,9 +1955,9 @@ CVE-2020-6962
CVE-2020-6961
RESERVED
CVE-2020-6960 (The following versions of MAXPRO VMS and NVR, MAXPRO
VMS:HNMSWVMS prio ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2020-6959 (The following versions of MAXPRO VMS and NVR, MAXPRO
VMS:HNMSWVMS prio ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2020-6958 (An XXE vulnerability in JnlpSupport in Yet Another Java Service
Wrappe ...)
NOT-FOR-US: Yet Another Java Service Wrapper (YAJSW)
CVE-2020-6957
@@ -2164,7 +2164,7 @@ CVE-2020-6859 (Multiple Insecure Direct Object Reference
vulnerabilities in incl
CVE-2020-6858
RESERVED
CVE-2020-6857 (CarbonFTP v1.4 uses insecure proprietary password encryption
with a ha ...)
- TODO: check
+ NOT-FOR-US: CarbonFTP
CVE-2020-6856
RESERVED
CVE-2020-6855
@@ -5637,7 +5637,7 @@ CVE-2020-5223
CVE-2020-5222
RESERVED
CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated
user to pe ...)
- TODO: check
+ NOT-FOR-US: uftpd
CVE-2020-5220
RESERVED
CVE-2020-5219
@@ -10123,7 +10123,7 @@ CVE-2019-19844 (Django before 1.11.27, 2.x before
2.2.9, and 3.x before 3.0.1 al
NOTE:
https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e
(2.2.x branch)
NOTE:
https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2
(1.11.x branch)
CVE-2019-19843 (Incorrect access control in the web interface in Ruckus
Wireless Unlea ...)
- TODO: check
+ NOT-FOR-US: Ruckus devices
CVE-2019-19842
RESERVED
CVE-2019-19841
@@ -10137,11 +10137,11 @@ CVE-2019-19838
CVE-2019-19837
RESERVED
CVE-2019-19836 (AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed
through 200. ...)
- TODO: check
+ NOT-FOR-US: Ruckus devices
CVE-2019-19835
RESERVED
CVE-2019-19834 (Directory Traversal in ruckus_cli2 in Ruckus Wireless
Unleashed throug ...)
- TODO: check
+ NOT-FOR-US: Ruckus devices
CVE-2019-20043 (In in
wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...)
{DSA-4599-1}
- wordpress 5.3.2+dfsg1-1 (bug #946905)
@@ -14856,7 +14856,7 @@ CVE-2020-1790
CVE-2020-1789
RESERVED
CVE-2020-1788 (Honor V30 smartphones with versions earlier than
10.0.1.135(C00E130R4P ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than
9.1.0.139(C00E133R3P1 ...)
NOT-FOR-US: Huawei
CVE-2020-1786 (HUAWEI Mate 20 Pro smartphones versions earlier than
10.0.0.175(C00E69 ...)
@@ -14977,9 +14977,9 @@ CVE-2019-19416
CVE-2019-19415
RESERVED
CVE-2019-19414 (There is an integer overflow vulnerability in LDAP server of
some Huaw ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of
some Huaw ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-19412
RESERVED
CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200,
V500R00 ...)
@@ -15080,7 +15080,7 @@ CVE-2019-19394
CVE-2019-19393
RESERVED
CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN
(formerly Dot ...)
- TODO: check
+ NOT-FOR-US: forDNN.UsersExportImport module for DNN
CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit
before 2.1. ...)
- luajit <unfixed> (bug #946053; unimportant)
NOTE: https://github.com/LuaJIT/LuaJIT/pull/526
@@ -22931,7 +22931,7 @@ CVE-2019-17586
CVE-2019-17585
RESERVED
CVE-2019-17584 (The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys
which all ...)
- TODO: check
+ NOT-FOR-US: Meinberg SyncBox/PTP/PTPv2 devices
CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a
denial of se ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2019-17582
@@ -39119,7 +39119,7 @@ CVE-2019-12492 (Gallagher Command Centre before
7.80.939, 7.90.x before 7.90.961
CVE-2019-12491 (OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an
attacker to r ...)
NOT-FOR-US: OnApp
CVE-2019-12490 (An issue was discovered in Simple Machines Forum (SMF) before
2.0.16. ...)
- TODO: check
+ NOT-FOR-US: Simple Machines Forum (SMF)
CVE-2019-12489 (An issue was discovered on Fastweb Askey RTV1907VW
0.00.81_FW_200_Aske ...)
NOT-FOR-US: Fastweb Askey RTV1907VW devices
CVE-2019-12488
@@ -55511,7 +55511,7 @@ CVE-2019-6860
CVE-2019-6859
RESERVED
CVE-2019-6858 (A CWE-427:Uncontrolled Search Path Element vulnerability exists
in MSX ...)
- TODO: check
+ NOT-FOR-US: MSX Configurator
CVE-2019-6857 (A CWE-754: Improper Check for Unusual or Exceptional Conditions
vulner ...)
NOT-FOR-US: Modicon
CVE-2019-6856 (A CWE-754: Improper Check for Unusual or Exceptional Conditions
vulner ...)
@@ -57314,7 +57314,7 @@ CVE-2019-6148
CVE-2019-6147 (Forcepoint NGFW Security Management Center (SMC) versions lower
than 6 ...)
NOT-FOR-US: Forcepoint NGFW Security Management Center
CVE-2019-6146 (It has been reported that cross-site scripting (XSS) is
possible in Fo ...)
- TODO: check
+ NOT-FOR-US: Forcepoint Web Security
CVE-2019-6145 (Forcepoint VPN Client for Windows versions lower than 6.6.1
have an un ...)
NOT-FOR-US: Forcepoint
CVE-2019-6144 (This vulnerability allows a normal (non-admin) user to disable
the For ...)
@@ -58707,7 +58707,7 @@ CVE-2019-5649
CVE-2019-5648
RESERVED
CVE-2019-5647 (The Chrome Plugin for Rapid7 AppSpider can incorrectly keep
browser se ...)
- TODO: check
+ NOT-FOR-US: Chrome Plugin for Rapid7 AppSpider
CVE-2019-5646
RESERVED
CVE-2019-5645
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02dadd140b8c710a1e7e4bb2f00a6cf7b78fb6df
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/02dadd140b8c710a1e7e4bb2f00a6cf7b78fb6df
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
