Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d753c8d9 by Salvatore Bonaccorso at 2020-01-29T21:36:43+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2020-8418
CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows
CSRF becau ...)
NOT-FOR-US: Code Snippets plugin for WordPress
CVE-2020-8416 (BearFTP before 0.2.0 allows remote attackers to achieve denial
of serv ...)
- TODO: check
+ NOT-FOR-US: BearFTP
CVE-2020-8415
RESERVED
CVE-2020-8414
@@ -683,9 +683,9 @@ CVE-2020-8095
CVE-2020-8094
RESERVED
CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in
Bitdefender A ...)
- TODO: check
+ NOT-FOR-US: Bitdefender Antivirus for Mac
CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in
Bitdefend ...)
- TODO: check
+ NOT-FOR-US: Bitdefender Antivirus for Mac
CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could
allow a ...)
NOT-FOR-US: TYPO3
CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN
Box ADB ...)
@@ -997,7 +997,7 @@ CVE-2020-7967
CVE-2020-7966
RESERVED
CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that
the Con ...)
- TODO: check
+ NOT-FOR-US: webargs
CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1.
Incorrect ...)
NOT-FOR-US: Mirumee Saleor
CVE-2020-7963
@@ -6853,7 +6853,7 @@ CVE-2020-5229
CVE-2020-5228
RESERVED
CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML
Denial of ...)
- TODO: check
+ NOT-FOR-US: Feedgen
CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4.
The www/e ...)
- simplesamlphp 1.18.4-1
[buster] - simplesamlphp <not-affected> (Vulnerable code introduced
later)
@@ -6921,7 +6921,7 @@ CVE-2020-5209 (In NetHack before 3.6.5, unknown options
starting with -de and -i
CVE-2020-5208
RESERVED
CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when
running behin ...)
- TODO: check
+ NOT-FOR-US: Ktor
CVE-2020-5206
RESERVED
CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in
Pow.Plu ...)
@@ -7225,11 +7225,11 @@ CVE-2019-20218 (selectExpander in select.c in SQLite
3.30.1 proceeds with WITH s
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
CVE-2019-20217 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote
attackers ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-20216 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote
attackers ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-20215 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote
attackers ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-20214
RESERVED
CVE-2019-20213 (D-Link DIR-859 routers before v1.07b03_beta allow
Unauthenticated Info ...)
@@ -11030,7 +11030,7 @@ CVE-2020-3760
CVE-2020-3759
RESERVED
CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-3757
RESERVED
CVE-2020-3756
@@ -11108,25 +11108,25 @@ CVE-2020-3721
CVE-2020-3720
RESERVED
CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-3717 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-3716 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-3715 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier,
1.14.4.3 and e ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2020-3714 (Adobe Illustrator CC versions 24.0 and earlier have a memory
corruptio ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3713 (Adobe Illustrator CC versions 24.0 and earlier have a memory
corruptio ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3712 (Adobe Illustrator CC versions 24.0 and earlier have a memory
corruptio ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory
corruptio ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory
corruptio ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-3709
RESERVED
CVE-2020-3708
@@ -15562,7 +15562,7 @@ CVE-2019-19543 (In the Linux kernel before 5.1.6, there
is a use-after-free in s
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://git.kernel.org/linus/56cd26b618855c9af48c8301aa6754ced8dd0beb
CVE-2019-19539 (An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY
and L01AB ...)
- TODO: check
+ NOT-FOR-US: Idelji Web ViewPoint
CVE-2019-19538
RESERVED
CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition
bug that ...)
@@ -23979,7 +23979,7 @@ CVE-2019-17653
CVE-2019-17652
RESERVED
CVE-2019-17651 (An Improper Neutralization of Input vulnerability in the
description a ...)
- TODO: check
+ NOT-FOR-US: FortiSIEM
CVE-2019-17650 (An Improper Neutralization of Special Elements used in a
Command vulne ...)
NOT-FOR-US: Fortiguard
CVE-2019-17649
@@ -25548,7 +25548,7 @@ CVE-2019-17098
CVE-2019-17097
RESERVED
CVE-2019-17096 (A OS Command Injection vulnerability in the bootstrap stage of
Bitdefe ...)
- TODO: check
+ NOT-FOR-US: Bitdefender BOX 2
CVE-2019-17095 (A command injection vulnerability has been discovered in the
bootstrap ...)
NOT-FOR-US: Bitdefender BOX 2
CVE-2019-17094 (A Stack-based Buffer Overflow vulnerability in
libbelkin_api.so compon ...)
@@ -37621,11 +37621,11 @@ CVE-2019-13523 (In Honeywell Performance IP Cameras
and Performance NVRs, the in
CVE-2019-13522 (An attacker could use a specially crafted project file to
corrupt the ...)
NOT-FOR-US: EZ PLC Editor
CVE-2019-13521 (A maliciously crafted program file opened by an unsuspecting
user of R ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5
Smart L ...)
NOT-FOR-US: Fuji Electric
CVE-2019-13519 (A maliciously crafted program file opened by an unsuspecting
user of R ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2019-13518 (An attacker could use a specially crafted project file to
overflow the ...)
NOT-FOR-US: EZAutomation
CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis
Enterprise Serve ...)
@@ -53380,7 +53380,7 @@ CVE-2019-8259 (UltraVNC revision 1198 contains multiple
memory leaks (CWE-655) i
CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer overflow vulnerability
in VNC ...)
NOT-FOR-US: UltraVNC
CVE-2019-8257 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier,
2019.0 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure
inherited pe ...)
NOT-FOR-US: ColdFusion
CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection
vulnerabil ...)
@@ -56207,7 +56207,7 @@ CVE-2019-7133 (Adobe Bridge CC versions 9.0.2 have an
out-of-bounds read vulnera
CVE-2019-7132 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds write
vulnerabili ...)
NOT-FOR-US: Adobe
CVE-2019-7131 (Adobe Acrobat and Reader versions 2019.010.20064 and earlier,
2019.010 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow
vulnerability. Suc ...)
NOT-FOR-US: Adobe
CVE-2019-7129 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a
stored ...)
@@ -58918,7 +58918,7 @@ CVE-2019-6038
CVE-2019-6037
RESERVED
CVE-2019-6036 (Cross-site scripting vulnerability in F-RevoCRM 6.0 to
F-RevoCRM 6.5 p ...)
- TODO: check
+ NOT-FOR-US: F-RevoCRM
CVE-2019-6035 (Open redirect vulnerability in Athenz v1.8.24 and earlier
allows remot ...)
NOT-FOR-US: Athenz
CVE-2019-6034 (a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x),
Ver.2.9.26 (Ver ...)
@@ -75602,7 +75602,7 @@ CVE-2018-19444 (A use after free in the TextBox field
Validate action in IReader
CVE-2018-19442 (A Buffer Overflow in
Network::AuthenticationClient::VerifySignature in ...)
NOT-FOR-US: Neato Botvac Connected
CVE-2018-19441 (An issue was discovered in Neato Botvac Connected 2.2.0. The
GenerateR ...)
- TODO: check
+ NOT-FOR-US: Neato Botvac Connected
CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...)
NOT-FOR-US: ARM Trusted Firmware-A
CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure
Global Deskt ...)
@@ -240700,7 +240700,7 @@ CVE-2014-8492 (Multiple cross-site scripting (XSS)
vulnerabilities in assets/mis
CVE-2014-8491 (The Grand Flagallery plugin before 4.25 for WordPress allows
remote at ...)
NOT-FOR-US: Grand Flagallery plugin for WordPress
CVE-2014-8490 (Cross-site scripting (XSS) vulnerability in TennisConnect
COMPONENTS 9 ...)
- TODO: check
+ NOT-FOR-US: TennisConnect COMPONENTS
CVE-2014-8990 (default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote
attacke ...)
{DSA-3130-1}
- lsyncd 2.1.5-2 (low; bug #767227)
@@ -253514,7 +253514,7 @@ CVE-2014-3447 (BSS Continuity CMS 4.2.22640.0 has a
Remote Denial Of Service vul
CVE-2014-3446 (SQL injection vulnerability in
wcm/system/pages/admin/getnode.aspx in ...)
NOT-FOR-US: BSS Continuity CMS
CVE-2014-3445 (backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not
require ...)
- TODO: check
+ NOT-FOR-US: HandsomeWeb SOS Webpages
CVE-2014-3730 (The django.util.http.is_safe_url function in Django 1.4 before
1.4.13, ...)
{DSA-2934-1}
- python-django 1.6.5-1
@@ -263698,9 +263698,9 @@ CVE-2013-6870 (Cross-site scripting (XSS)
vulnerability in Splunk Web in Splunk
CVE-2012-6611
RESERVED
CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before
2.7.1.J al ...)
- TODO: check
+ NOT-FOR-US: Polycom HDX Video End Points
CVE-2012-6609 (Directory traversal vulnerability in a_getlog.cgi in Polycom
HDX Video ...)
- TODO: check
+ NOT-FOR-US: Polycom HDX Video End Points
CVE-2012-6608 (Cross-site scripting (XSS) vulnerability in
xmlservices/E_book.php in ...)
NOT-FOR-US: Elastix
CVE-2013-6885 (The microcode on AMD 16h 00h through 0Fh processors does not
properly ...)
@@ -268730,15 +268730,15 @@ CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit
12.07.19.00 allows Python mod
CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for
Android h ...)
NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for
Android
CVE-2013-4865 (Cross-site request forgery (CSRF) vulnerability in
upgrade_step2.sh in ...)
- TODO: check
+ NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4864 (MiCasaVerde VeraLite with firmware 1.5.408 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4863 (The HomeAutomationGateway service in MiCasaVerde VeraLite with
firmwar ...)
- TODO: check
+ NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4862 (MiCasaVerde VeraLite with firmware 1.5.408 does not properly
restrict ...)
- TODO: check
+ NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4861 (Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in
MiCasa ...)
- TODO: check
+ NOT-FOR-US: MiCasaVerde VeraLite
CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier
does n ...)
NOT-FOR-US: Radio Thermostat
CVE-2013-4859 (INSTEON Hub 2242-222 lacks Web and API authentication ...)
@@ -272598,9 +272598,9 @@ CVE-2013-3495 (The Intel VT-d Interrupt Remapping
engine in Xen 3.3.x through 4.
CVE-2013-3494
RESERVED
CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Shar ...)
NOT-FOR-US: WordPress plugin sharebar
CVE-2013-3490
@@ -273225,13 +273225,13 @@ CVE-2013-3217
CVE-2013-3216
RESERVED
CVE-2013-3215 (vtiger CRM 5.4.0 and earlier contain an Authentication Bypass
Vulnerab ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2013-3214 (vtiger CRM 5.4.0 and earlier contain a PHP Code Injection
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0
through 5.4 ...)
NOT-FOR-US: vTiger CRM
CVE-2013-3212 (vtiger CRM 5.4.0 and earlier contain local file-include
vulnerabilitie ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2012-6551 (The default configuration of Apache ActiveMQ before 5.8.0
enables a sa ...)
- activemq <not-affected> (Example code not shipped in .deb)
CVE-2013-3211 (Unspecified vulnerability in Opera before 12.15 has unknown
impact and ...)
@@ -273471,7 +273471,7 @@ CVE-2013-3095 (Multiple cross-site request forgery
(CSRF) vulnerabilities in D-L
CVE-2013-3094
RESERVED
CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...)
- TODO: check
+ NOT-FOR-US: ASUS RT-N56U devices
CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to
bypass a ...)
NOT-FOR-US: Belkin router
CVE-2013-3091
@@ -273516,13 +273516,13 @@ CVE-2013-3076 (The crypto API in the Linux kernel
through 3.9-rc8 does not initi
CVE-2013-3075 (Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi
MX Comp ...)
NOT-FOR-US: Mitsubishi MX Component 3
CVE-2013-3074 (NetGear WNDR4700 Media Server devices with firmware 1.0.0.34
allow rem ...)
- TODO: check
+ NOT-FOR-US: NetGear WNDR4700 Media Server devices
CVE-2013-3073 (A Symlink Traversal vulnerability exists in NETGEAR Centria
WNDR4700 F ...)
NOT-FOR-US: NETGEAR
CVE-2013-3072 (An Authentication Bypass vulnerability exists in NETGEAR
Centria WNDR4 ...)
NOT-FOR-US: NETGEAR
CVE-2013-3071 (NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow
authenti ...)
- TODO: check
+ NOT-FOR-US: NETGEAR Centria WNDR4700 devices
CVE-2013-3070 (An Information Disclosure vulnerability exists in Netgear
WNDR4700 run ...)
NOT-FOR-US: NETGEAR
CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR
WNDR470 ...)
@@ -274379,7 +274379,7 @@ CVE-2013-2750 (Cross-site scripting (XSS)
vulnerability in e107_plugins/content/
CVE-2013-2749
REJECTED
CVE-2013-2748 (Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow
remote att ...)
- TODO: check
+ NOT-FOR-US: Belkin
CVE-2013-2747 (The password reset feature in Courion Access Risk Management
Suite Ver ...)
NOT-FOR-US: Courion Access Risk Management Suite
CVE-2013-2746
@@ -274458,7 +274458,7 @@ CVE-2013-2716 (Puppet Labs Puppet Enterprise before
2.8.0 does not use a "random
CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in
the Sear ...)
NOT-FOR-US: Drupal module search_api
CVE-2013-2714 (Cross-site Scripting (XSS) in WordPress podPress Plugin
8.8.10.13 coul ...)
- TODO: check
+ NOT-FOR-US: WordPress podPress Plugin
CVE-2013-2713 (Cross-site request forgery (CSRF) vulnerability in
users_maint.html in ...)
NOT-FOR-US: KrisonAV
CVE-2013-2712 (Cross-site scripting (XSS) vulnerability in
services/get_article.php i ...)
@@ -274680,7 +274680,7 @@ CVE-2013-2614
CVE-2013-2613
RESERVED
CVE-2013-2612 (Command-injection vulnerability in Huawei E587 3G Mobile
Hotspot 11.20 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2013-2611
RESERVED
CVE-2013-2610
@@ -274763,19 +274763,19 @@ CVE-2013-2575
CVE-2013-2574 (An Access vulnerability exists in FOSCAM IP Camera FI8620 due
to insuf ...)
NOT-FOR-US: Foscam
CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to
the /c ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras
TL-SC 313 ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale
(POS) syst ...)
TODO: check
CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras
through 1 ...)
- TODO: check
+ NOT-FOR-US: Zavio
CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras
through 1.6 ...)
- TODO: check
+ NOT-FOR-US: Zavio
CVE-2013-2568 (A Command Injection vulnerability exists in Zavio IP Cameras
through 1 ...)
- TODO: check
+ NOT-FOR-US: Zavio
CVE-2013-2567 (An Authentication Bypass vulnerability exists in the web
interface in ...)
- TODO: check
+ NOT-FOR-US: Zavio
CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL
protocol, has m ...)
NOTE: Generic protocol flaw in RC4
CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the
Linux ...)
@@ -278072,9 +278072,9 @@ CVE-2013-1602 (An Information Disclosure
vulnerability exists due to insufficien
CVE-2013-1601 (An Information Disclosure vulnerability exists due to a failure
to res ...)
TODO: check
CVE-2013-1600 (An Authentication Bypass vulnerability exists in
upnp/asf-mp4.asf when ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2013-1599 (A Command Injection vulnerability exists in the
/var/www/cgi-bin/rtpd. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2013-1598 (A Command Injection vulnerability exists in Vivotek PT7135 IP
Cameras ...)
NOT-FOR-US: Vivotek PT7135 IP Cameras
CVE-2013-1597 (A Directory Traversal vulnerability exists in Vivotek PT7135 IP
Camera ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d753c8d92822983d4908be4fdee90631dfd95a7b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/d753c8d92822983d4908be4fdee90631dfd95a7b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
