[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Thu, 23 Jan 2020 12:44:27 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f3236774 by Salvatore Bonaccorso at 2020-01-23T21:42:44+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2020-7933
 CVE-2020-7932
        RESERVED
 CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template 
process ...)
-       TODO: check
+       NOT-FOR-US: JFrog Artifactory
 CVE-2020-7930
        RESERVED
 CVE-2020-7929
@@ -1538,7 +1538,7 @@ CVE-2020-7222 (An issue was discovered in Amcrest Web 
Server 2.520.AC00.18.R 201
 CVE-2020-7221
        RESERVED
 CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in 
certain circ ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp Vault
 CVE-2020-7219
        RESERVED
 CVE-2020-7218
@@ -1560,7 +1560,7 @@ CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 
4.2.0, does not prevent
        NOTE: https://bugs.launchpad.net/qemu/+bug/1812451
        NOTE: 
https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
 CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user 
account ...)
-       TODO: check
+       NOT-FOR-US: Umbraco CMS
 CVE-2020-7209
        RESERVED
 CVE-2020-7208
@@ -2339,7 +2339,7 @@ CVE-2020-6845
 CVE-2020-6844
        RESERVED
 CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. 
...)
-       TODO: check
+       NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
 CVE-2020-6842
        RESERVED
 CVE-2020-6841
@@ -10277,15 +10277,15 @@ CVE-2019-19841 (emfd in Ruckus Wireless Unleashed 
through 200.7.10.102.64 allows
 CVE-2019-19840 (A stack-based buffer overflow in zap_parse_args in zap.c in 
zap in Ruc ...)
        NOT-FOR-US: Ruckus devices
 CVE-2019-19839 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 
allows remot ...)
-       TODO: check
+       NOT-FOR-US: Ruckus devices
 CVE-2019-19838 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 
allows remot ...)
-       TODO: check
+       NOT-FOR-US: Ruckus devices
 CVE-2019-19837 (Incorrect access control in the web interface in Ruckus 
Wireless Unlea ...)
-       TODO: check
+       NOT-FOR-US: Ruckus devices
 CVE-2019-19836 (AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed 
through 200. ...)
        NOT-FOR-US: Ruckus devices
 CVE-2019-19835 (SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless 
Unleashed thro ...)
-       TODO: check
+       NOT-FOR-US: Ruckus devices
 CVE-2019-19834 (Directory Traversal in ruckus_cli2 in Ruckus Wireless 
Unleashed throug ...)
        NOT-FOR-US: Ruckus devices
 CVE-2019-20043 (In in 
wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...)
@@ -24171,9 +24171,9 @@ CVE-2019-17204 (TeamPass 2.1.27.36 allows Stored XSS by 
setting a crafted Knowle
 CVE-2019-17203 (TeamPass 2.1.27.36 allows Stored XSS at the Search page by 
setting a c ...)
        - teampass <itp> (bug #730180)
 CVE-2019-17202 (FastTrack Admin By Request 6.1.0.0 supports group policies 
that are su ...)
-       TODO: check
+       NOT-FOR-US: FastTrack Admin By Request
 CVE-2019-17201 (FastTrack Admin By Request 6.1.0.0 supports group policies 
that are su ...)
-       TODO: check
+       NOT-FOR-US: FastTrack Admin By Request
 CVE-2019-17200
        RESERVED
 CVE-2017-18637
@@ -26079,17 +26079,17 @@ CVE-2019-16519 (ESET Cyber Security 6.7.900.0 for 
macOS allows a local attacker
 CVE-2019-16518 (An issue was discovered on Swell Kit Mod devices that use the 
Vandy Va ...)
        NOT-FOR-US: Swell Kit Mod devices
 CVE-2019-16517 (An issue was discovered in ConnectWise Control (formerly known 
as Scre ...)
-       TODO: check
+       NOT-FOR-US: ConnectWise Control
 CVE-2019-16516 (An issue was discovered in ConnectWise Control (formerly known 
as Scre ...)
-       TODO: check
+       NOT-FOR-US: ConnectWise Control
 CVE-2019-16515 (An issue was discovered in ConnectWise Control (formerly known 
as Scre ...)
-       TODO: check
+       NOT-FOR-US: ConnectWise Control
 CVE-2019-16514 (An issue was discovered in ConnectWise Control (formerly known 
as Scre ...)
-       TODO: check
+       NOT-FOR-US: ConnectWise Control
 CVE-2019-16513 (An issue was discovered in ConnectWise Control (formerly known 
as Scre ...)
-       TODO: check
+       NOT-FOR-US: ConnectWise Control
 CVE-2019-16512 (An issue was discovered in ConnectWise Control (formerly known 
as Scre ...)
-       TODO: check
+       NOT-FOR-US: ConnectWise Control
 CVE-2019-16511 (An issue was discovered in DTF in FireGiant WiX Toolset before 
3.11.2. ...)
        NOT-FOR-US: FireGiant
 CVE-2019-16510 (libIEC61850 through 1.3.3 has a use-after-free in 
MmsServer_waitReady  ...)
@@ -27202,7 +27202,7 @@ CVE-2019-16155
 CVE-2019-16154 (An improper neutralization of input during web page generation 
in Fort ...)
        NOT-FOR-US: FortiAuthenticator WEB UI
 CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM 
database ...)
-       TODO: check
+       NOT-FOR-US: Fortinet
 CVE-2019-16152
        RESERVED
 CVE-2019-16151
@@ -28435,7 +28435,7 @@ CVE-2012-6717 (The redirection plugin before 2.2.12 for 
WordPress has XSS, a dif
 CVE-2011-5329 (The redirection plugin before 2.2.9 for WordPress has XSS in 
the admin ...)
        NOT-FOR-US: redirection plugin for WordPress
 CVE-2019-15712 (An improper access control vulnerability in FortiMail admin 
webUI 6.2. ...)
-       TODO: check
+       NOT-FOR-US: FortiMail admin webUI
 CVE-2019-15711
        RESERVED
 CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 
to 4.1.1, ...)
@@ -28445,7 +28445,7 @@ CVE-2019-15709
 CVE-2019-15708
        RESERVED
 CVE-2019-15707 (An improper access control vulnerability in FortiMail admin 
webUI 6.2. ...)
-       TODO: check
+       NOT-FOR-US: FortiMail admin webUI
 CVE-2019-15706
        RESERVED
 CVE-2019-15705 (An Improper Input Validation vulnerability in the SSL VPN 
portal of Fo ...)
@@ -58995,7 +58995,7 @@ CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782), 
11.2-RELEASE-p9, 12.0-STA
 CVE-2019-5594 (An Improper Neutralization of Input During Web Page Generation 
("Cross ...)
        NOT-FOR-US: Fortinet
 CVE-2019-5593 (Improper permission or value checking in the CLI console may 
allow a n ...)
-       TODO: check
+       NOT-FOR-US: FortiOS
 CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, 
GOLDENDOODLE,  ...)
        NOT-FOR-US: Fortinet
 CVE-2019-5591
@@ -78842,7 +78842,7 @@ CVE-2018-17984 (An unanchored /[a-z]{2}/ regular 
expression in ISPConfig before
 CVE-2018-17982
        RESERVED
 CVE-2018-17981 (Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via 
the int ...)
-       TODO: check
+       NOT-FOR-US: Lifesize Express
 CVE-2018-17980 (NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers 
to gain  ...)
        NOT-FOR-US: NoMachine
 CVE-2015-9273 (The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 
for Wor ...)
@@ -83360,13 +83360,13 @@ CVE-2018-16274
 CVE-2018-16273
        RESERVED
 CVE-2018-16272 (The wpa_supplicant system service in Samsung Galaxy Gear 
series allows ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2018-16271 (The wemail_consumer_service (from the built-in application 
wemail) in  ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2018-16270 (Samsung Galaxy Gear series before build RE2 includes the 
hcidump utili ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2018-16269 (The wnoti system service in Samsung Galaxy Gear series allows 
an unpri ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2018-16268 (The SoundServer/FocusServer system services in Tizen allow an 
unprivil ...)
        TODO: check
 CVE-2018-16267 (The system-popup system service in Tizen allows an 
unprivileged proces ...)
@@ -242881,7 +242881,7 @@ CVE-2014-7240 (Cross-site scripting (XSS) 
vulnerability in the Easy Contact Form
 CVE-2014-7239
        RESERVED
 CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps 
1.0-2.4  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin Contact Form Integrated With Google Maps
 CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running 
on Windo ...)
        - twiki <removed>
        NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237
@@ -262825,7 +262825,7 @@ CVE-2013-6787 (SQL injection vulnerability in the 
check_user_password function i
 CVE-2013-6786 (Cross-site scripting (XSS) vulnerability in Allegro RomPager 
before 4. ...)
        NOT-FOR-US: Allegro RomPager
 CVE-2013-6785 (Directory traversal vulnerability in url_redirect.cgi in 
Supermicro IP ...)
-       TODO: check
+       NOT-FOR-US: Supermicro IPMI
 CVE-2013-6784
        RESERVED
 CVE-2013-6783
@@ -264106,7 +264106,7 @@ CVE-2013-6359 (Munin::Master::Node in Munin before 
2.0.18 allows remote attacker
        [squeeze] - munin 1.4.5-3+deb6u1
        NOTE: http://munin-monitoring.org/ticket/1397
 CVE-2013-6358 (PrestaShop 1.5.5 allows remote authenticated attackers to 
execute arbi ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop
 CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability 
in the  ...)
        NOT-FOR-US: Disputed non-issue in Tomcat
 CVE-2013-6356
@@ -277018,7 +277018,7 @@ CVE-2013-1594
 CVE-2013-1593
        RESERVED
 CVE-2013-1592 (A Buffer Overflow vulnerability exists in the Message Server 
service _ ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2013-1591 (Stack-based buffer overflow in libpixman, as used in Pale Moon 
before  ...)
        - pixman 0.26.0-4 (bug #700308)
        [squeeze] - pixman <not-affected> (Vulnerable code not present)
@@ -282862,7 +282862,7 @@ CVE-2012-5868 (WordPress 3.4.2 does not invalidate a 
wordpress_sec session cooki
        - wordpress <unfixed> (unimportant; bug #696868)
        NOTE: non-issue, see 
https://wordpress.org/support/topic/old-bug-cve-2012-5868
 CVE-2012-5867 (HT Editor 2.0.20 has a Remote Stack Buffer Overflow 
Vulnerability ...)
-       TODO: check
+       NOT-FOR-US: HT Editor
 CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in 
Achievo 1.4 ...)
        NOT-FOR-US: Achievo
 CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5 
allows re ...)
@@ -283272,9 +283272,9 @@ CVE-2012-5701 (Multiple SQL injection vulnerabilities 
in dotProject before 2.1.7
 CVE-2012-5700 (Multiple cross-site scripting (XSS) vulnerabilities in Baby 
Gekko befo ...)
        NOT-FOR-US: Baby Gekko
 CVE-2012-5699 (BabyGekko before 1.2.4 allows PHP file inclusion. ...)
-       TODO: check
+       NOT-FOR-US: BabyGekko
 CVE-2012-5698 (BabyGekko before 1.2.4 has SQL injection. ...)
-       TODO: check
+       NOT-FOR-US: BabyGekko
 CVE-2012-5979
        REJECTED
 CVE-2012-5697 (The btinstall installation script in Bulb Security Smartphone 
Pentest  ...)
@@ -285136,7 +285136,7 @@ CVE-2012-4983 (Multiple cross-site scripting (XSS) 
vulnerabilities on the Foresc
 CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout 
CounterAC ...)
        NOT-FOR-US: Forescout device
 CVE-2012-4981 (Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command 
Execution Vuln ...)
-       TODO: check
+       NOT-FOR-US: Toshiba ConfigFree
 CVE-2012-4980 (Multiple stack-based buffer overflows in CFProfile.exe in 
Toshiba Conf ...)
        NOT-FOR-US: Toshiba ConfigFree Utility
 CVE-2012-4979
@@ -285301,7 +285301,7 @@ CVE-2012-4921 (Multiple cross-site request forgery 
(CSRF) vulnerabilities in the
 CVE-2012-4920 (Directory traversal vulnerability in the zing_forum_output 
function in ...)
        NOT-FOR-US: Wordpress plugin Zingiri Forum
 CVE-2012-4919 (Gallery Plugin1.4 for WordPress has a Remote File Include 
Vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Gallery Plugin1.4 for WordPress
 CVE-2012-4918 (Call of Duty Elite for iOS 2.0.1 does not properly validate the 
server ...)
        NOT-FOR-US: Call of Duty Elite for iOS
 CVE-2012-4917 (The TripAdvisor app 6.6 for iOS sends cleartext credentials, 
which all ...)
@@ -285375,7 +285375,7 @@ CVE-2012-4902 (Multiple cross-site request forgery 
(CSRF) vulnerabilities in Tem
 CVE-2012-4901 (Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 
and ear ...)
        NOT-FOR-US: Template CMS (http://template-cms.ru)
 CVE-2012-4900 (Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability 
via unt ...)
-       TODO: check
+       NOT-FOR-US: Corel WordPerfect Office X6
 CVE-2012-4899 (WellinTech KingView 6.5.3 and earlier uses a weak 
password-hashing alg ...)
        NOT-FOR-US: WellinTech KingView
 CVE-2012-4898 (Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not 
use a  ...)
@@ -285458,7 +285458,7 @@ CVE-2012-4865 (Buffer overflow in Oreans Themida 
2.1.8.0 allows remote attackers
 CVE-2012-4864 (Oreans WinLicense 2.1.8.0 allows remote attackers to cause a 
denial of ...)
        NOT-FOR-US: Oreans WinLicense
 CVE-2012-4863 (IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2012-4862 (The Host Connect emulator in IBM Rational Developer for System 
z 7.1 t ...)
        NOT-FOR-US: IBM Rational
 CVE-2012-4861 (The web server in InfoSphere Data Replication Dashboard in IBM 
InfoSph ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f323677494e1ff66e532a1c2dca36cdbd2889e61

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f323677494e1ff66e532a1c2dca36cdbd2889e61
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to