Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6982b4a6 by Salvatore Bonaccorso at 2020-02-03T21:30:02+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -83,13 +83,13 @@ CVE-2020-8550
CVE-2020-8549 (Stored XSS in the Strong Testimonials plugin before 2.40.1 for
WordPre ...)
NOT-FOR-US: Strong Testimonials plugin for WordPress
CVE-2020-8548 (massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text,
with resu ...)
- TODO: check
+ NOT-FOR-US: massCode
CVE-2020-8547 (phpList 3.5.0 allows type juggling for admin login bypass
because == i ...)
TODO: check
CVE-2020-8546
RESERVED
CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...)
- TODO: check
+ NOT-FOR-US: AIL framework
CVE-2020-8544
RESERVED
CVE-2020-8543
@@ -167,7 +167,7 @@ CVE-2020-8510 (An issue was discovered in phpABook 0.9
Intermediate. On the logi
CVE-2020-8509
RESERVED
CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to
call arbi ...)
- TODO: check
+ NOT-FOR-US: Norman Malware Cleaner
CVE-2020-8507
RESERVED
CVE-2020-8506
@@ -7607,7 +7607,7 @@ CVE-2020-5184
CVE-2020-5183 (FTPGetter Professional 5.97.0.223 is vulnerable to a memory
corruption ...)
NOT-FOR-US: FTPGetter Professional
CVE-2020-5182 (The J-BusinessDirectory extension before 5.2.9 for Joomla!
allows Reve ...)
- TODO: check
+ NOT-FOR-US: J-BusinessDirectory extension for Joomla!
CVE-2020-5181
RESERVED
CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged
user to se ...)
@@ -10969,11 +10969,11 @@ CVE-2020-3929
CVE-2020-3928
RESERVED
CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign
security pl ...)
- TODO: check
+ NOT-FOR-US: ServiSign security plugin
CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign
security pl ...)
- TODO: check
+ NOT-FOR-US: ServiSign security plugin
CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some
designated a ...)
- TODO: check
+ NOT-FOR-US: ServiSign security plugin
CVE-2020-3924
RESERVED
CVE-2020-3923
@@ -15946,7 +15946,7 @@ CVE-2020-1966
CVE-2020-1965
RESERVED
CVE-2019-19550 (Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and
6.2.34.37 ...)
- TODO: check
+ NOT-FOR-US: Senior Rubiweb
CVE-2019-19549
RESERVED
CVE-2019-19548 (Norton Power Eraser, prior to 5.3.0.67, may be susceptible to
a privil ...)
@@ -17651,7 +17651,7 @@ CVE-2019-19121
CVE-2019-19120
RESERVED
CVE-2019-19119 (An issue was discovered in PRTG 7.x through 19.4.53. Due to
insufficie ...)
- TODO: check
+ NOT-FOR-US: PRTG Network Monitor
CVE-2019-19118 (Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows
unintended model ...)
- python-django 2:2.2.8-1 (bug #946011)
[buster] - python-django <not-affected> (Vulnerable code introduced
later)
@@ -22345,7 +22345,7 @@ CVE-2019-18195 (An issue was discovered on TerraMaster
FS-210 4.0.19 devices. No
CVE-2019-18194 (TotalAV 2020 4.14.31 has a quarantine flaw that allows
privilege escal ...)
NOT-FOR-US: TotalAV
CVE-2019-18193 (In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and
4.0.114, ...)
- TODO: check
+ NOT-FOR-US: Unisys Stealth
CVE-2020-0500
RESERVED
CVE-2020-0499
@@ -26603,7 +26603,7 @@ CVE-2019-16895
CVE-2019-16894 (download.php in inoERP 4.15 allows SQL injection through
insecure dese ...)
NOT-FOR-US: inoERP
CVE-2019-16893 (The Web Management of TP-Link TP-SG105E V4 1.0.0 Build
20181120 device ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass
application che ...)
- ruby-zip 2.0.0-1 (low; bug #941222)
[buster] - ruby-zip <no-dsa> (Minor issue)
@@ -206235,11 +206235,11 @@ CVE-2016-2035
CVE-2016-2034 (SQL injection vulnerability in ClearPass Policy Manager 6.5.x
through ...)
NOT-FOR-US: ClearPass Policy Manager
CVE-2016-2033 (Multiple vulnerabilities exist in Aruba ClearPass Policy
Manager up to ...)
- TODO: check
+ NOT-FOR-US: Aruba ClearPass Policy Manager
CVE-2016-2032 (A vulnerability exists in the Aruba AirWave Management Platform
8.x pr ...)
- TODO: check
+ NOT-FOR-US: Aruba AirWave Management Platform
CVE-2016-2031 (Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0
and 4. ...)
- TODO: check
+ NOT-FOR-US: Aruba Instate
CVE-2016-2030 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote
authentic ...)
NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2029 (HPE Matrix Operating Environment before 7.5.1 allows remote
attackers ...)
@@ -241576,7 +241576,7 @@ CVE-2014-8340 (SQL injection vulnerability in
Php/Functions/log_function.php in
CVE-2014-8339 (SQL injection vulnerability in midroll.php in Nuevolab
Nuevoplayer for ...)
NOT-FOR-US: Nuevolabs Nuevoplayer for clipshare
CVE-2014-8338 (Cross-site scripting (XSS) vulnerability in
vwrooms/js/jsor-jcarousel/ ...)
- TODO: check
+ NOT-FOR-US: VideoWhisper Webcam plugins for Drupal
CVE-2014-8337 (Unrestricted file upload vulnerability in
includes/classes/uploadify-v ...)
NOT-FOR-US: HelpDEZk
CVE-2014-8336 (The "Sql Run Query" panel in WP-DBManager (aka Database
Manager) plugi ...)
@@ -273043,9 +273043,9 @@ CVE-2013-3491 (Multiple cross-site request forgery
(CSRF) vulnerabilities in the
CVE-2013-3490
RESERVED
CVE-2013-3489 (Buffer overflow in Media Player Classic - Home Cinema (MPC-HC)
before ...)
- TODO: check
+ NOT-FOR-US: Media Player Classic - Home Cinema (MPC-HC)
CVE-2013-3488 (Stack-based buffer overflow in Media Player Classic - Home
Cinema (MPC ...)
- TODO: check
+ NOT-FOR-US: Media Player Classic - Home Cinema (MPC-HC)
CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the
security lo ...)
NOT-FOR-US: BulletProof Security plugin for WordPress
CVE-2013-3486 (IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow
Vulnerabilit ...)
@@ -274978,11 +274978,11 @@ CVE-2013-2676
CVE-2013-2675
RESERVED
CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an
information dis ...)
- TODO: check
+ NOT-FOR-US: Brother MFC-9970CDW 1.10 firmware L devices
CVE-2013-2673 (Brother MFC-9970CDW 1.10 firmware L devices contain a security
bypass ...)
- TODO: check
+ NOT-FOR-US: Brother MFC-9970CDW 1.10 firmware L devices
CVE-2013-2672 (Brother MFC-9970CDW devices with firmware 0D allow cleartext
submissio ...)
- TODO: check
+ NOT-FOR-US: Brother MFC-9970CDW devices
CVE-2013-2671 (Multiple cross-site scripting (XSS) vulnerabilities in the
Brother MFC ...)
NOT-FOR-US: Brother printer
CVE-2013-2670 (Cross-site scripting (XSS) vulnerability in the Brother
MFC-9970CDW pr ...)
@@ -275034,7 +275034,7 @@ CVE-2013-2648
CVE-2013-2647
RESERVED
CVE-2013-2646 (TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified
denial of ...)
- TODO: check
+ NOT-FOR-US: TP-LINK
CVE-2013-2645 (Multiple cross-site request forgery (CSRF) vulnerabilities on
the TP-L ...)
NOT-FOR-US: TP-LINK Router
CVE-2013-2644
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6982b4a644c8b5cbd32a60c1b3966a226e29b683
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6982b4a644c8b5cbd32a60c1b3966a226e29b683
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
