Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6fe3d5ec by Moritz Muehlenhoff at 2020-02-10T11:13:49+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,9 +13,9 @@ CVE-2020-8825
CVE-2020-8824
RESERVED
CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: SockJS
CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9
devices ...)
- TODO: check
+ NOT-FOR-US: Digi TransPort
CVE-2020-8821
RESERVED
CVE-2020-8820
@@ -16809,7 +16809,7 @@ CVE-2020-1930 (A command execution issue was found in
Apache SpamAssassin prior
NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3
NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648
(restricted)
CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0
has an ...)
- TODO: check
+ NOT-FOR-US: Apache Beam MongoDB connector
CVE-2020-1928 (An information disclosure vulnerability was found in Apache
NiFi 1.10. ...)
NOT-FOR-US: Apache NiFi
CVE-2020-1927
@@ -18766,7 +18766,7 @@ CVE-2019-18990
CVE-2019-18989
RESERVED
CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of
remote-login a ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through
1.34 for ...)
NOT-FOR-US: AbuseFilter MediaWiki extension
CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess)
valid user ...)
@@ -22580,7 +22580,7 @@ CVE-2019-18414 (Sourcecodester Restaurant Management
System 1.0 is affected by a
CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input
validation can b ...)
NOT-FOR-US: TypeStack class-validator
CVE-2019-18412 (JetBrains IDETalk plugin before version 193.4099.10 allows XXE
...)
- TODO: check
+ NOT-FOR-US: JetBrains IDETalk plugin
CVE-2019-18411 (Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF
on the ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2019-18410
@@ -26366,7 +26366,7 @@ CVE-2019-17270 (Yachtcontrol through 2019-10-06: It's
possible to perform direct
CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to
execute arbitr ...)
NOT-FOR-US: Intellian Remote Access
CVE-2019-17268 (The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed
on RubyGe ...)
- TODO: check
+ NOT-FOR-US: omniauth-weibo-oauth2 gem
CVE-2019-17267 (A Polymorphic Typing issue was discovered in FasterXML
jackson-databin ...)
{DLA-2030-1}
- jackson-databind 2.10.0-1
@@ -26676,11 +26676,11 @@ CVE-2019-17129
CVE-2019-17128 (Netreo OmniCenter through 12.1.1 allows unauthenticated SQL
Injection ...)
NOT-FOR-US: Netreo OmniCenter
CVE-2019-17127 (A Stored Client Side Template Injection (CSTI) with Angular
was discov ...)
- TODO: check
+ NOT-FOR-US: SolarWinds Orion Platform
CVE-2019-17126
RESERVED
CVE-2019-17125 (A Reflected Client Side Template Injection (CSTI) with Angular
was dis ...)
- TODO: check
+ NOT-FOR-US: SolarWinds Orion Platform
CVE-2019-17124 (Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. ...)
NOT-FOR-US: Kramer VIAware
CVE-2019-17123 (The eGain Web Email API 11+ allows spoofed messages because
the fromNa ...)
@@ -31101,15 +31101,15 @@ CVE-2019-15622 (Not strictly enough sanitization in
the Nextcloud Android app 3.
CVE-2019-15621 (Improper permissions preservation in Nextcloud Server 16.0.1
causes sh ...)
- nextcloud-server <itp> (bug #941708)
CVE-2019-15620 (Improper access control in Nextcloud Talk 6.0.3 leaks the
existance an ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Talk
CVE-2019-15619 (Improper neutralization of file names, conversation names and
board na ...)
- nextcloud-server <itp> (bug #941708)
CVE-2019-15618 (Missing escaping of HTML in the Updater of Nextcloud 15.0.5
allowed a ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2019-15617 (A missing check in Nextcloud Server 17.0.0 allowed an attacker
to set ...)
- nextcloud-server <itp> (bug #941708)
CVE-2019-15616 (Dangling remote share attempts in Nextcloud 16 allow a DNS
pollution w ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2019-15615 (A wrong check for the system time in the Android App 3.9.0
causes a by ...)
NOT-FOR-US: Nextcloud Android app
CVE-2019-15614 (Missing sanitization in the iOS App 2.24.4 causes an XSS when
opening ...)
@@ -31121,13 +31121,13 @@ CVE-2019-15612 (A bug in Nextcloud Server 15.0.2
causes pending 2FA logins to no
CVE-2019-15611 (Violation of Secure Design Principles in the iOS App 2.23.0
causes the ...)
NOT-FOR-US: Nextcloud iOS App
CVE-2019-15610 (Improper authorization in the Circles app 0.17.7 causes
retaining acce ...)
- TODO: check
+ NOT-FOR-US: Circles app
CVE-2019-15609
RESERVED
CVE-2019-15608
RESERVED
CVE-2019-15607 (A stored XSS vulnerability is present within node-red
(version: <= ...)
- TODO: check
+ NOT-FOR-US: node-red
CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs
10, 12, ...)
- nodejs <unfixed>
NOTE: https://hackerone.com/reports/730779
@@ -32607,7 +32607,7 @@ CVE-2019-15128 (iF.SVNAdmin through 1.6.2 allows
svnadmin/usercreate.php CSRF to
CVE-2019-15127 (REDCap before 9.3.0 allows XSS attacks against
non-administrator accou ...)
NOT-FOR-US: REDCap
CVE-2019-15126 (An issue was discovered on Broadcom Wi-Fi client devices.
Specifically ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2019-15125
RESERVED
CVE-2018-20975 (Fat Free CRM before 0.18.1 has XSS in the tags_helper in
app/helpers/t ...)
@@ -34502,7 +34502,7 @@ CVE-2019-14598
CVE-2019-14597
RESERVED
CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset
Device S ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14595
RESERVED
CVE-2019-14594
@@ -40516,11 +40516,11 @@ CVE-2019-13001 [Ability to Write a Note to a Private
Snippet]
- gitlab <not-affected> (Only affects 11.9 and later)
NOTE:
https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13000 (Eclair through 0.3 allows attackers to trigger loss of funds
because o ...)
- TODO: check
+ NOT-FOR-US: Eclair
CVE-2019-12999 (Lightning Network Daemon (lnd) before 0.7 allows attackers to
trigger ...)
- TODO: check
+ - lnd <itp> (bug #886577)
CVE-2019-12998 (c-lightning before 0.7.1 allows attackers to trigger loss of
funds bec ...)
- TODO: check
+ NOT-FOR-US: c-lightning
CVE-2019-12997 (In Loopchain through 2.2.1.3, an attacker can escalate
privileges from ...)
NOT-FOR-US: Loopchain
CVE-2019-12996 (In Mendix 7.23.5 and earlier, issue in XML import mappings
allow DOCTY ...)
@@ -44686,7 +44686,7 @@ CVE-2019-11518 (An issue was discovered in SEMCMS 3.8.
SEMCMS_Inquiry.php allows
CVE-2019-11517 (WampServer before 3.1.9 has CSRF in add_vhost.php because the
synchron ...)
NOT-FOR-US: WampServer
CVE-2019-11516 (An issue was discovered in the Bluetooth component of the
Cypress (for ...)
- TODO: check
+ NOT-FOR-US: Cypress
CVE-2018-20823 (The gyroscope on Xiaomi Mi 5s devices allows attackers to
cause a deni ...)
NOT-FOR-US: Xiaomi Mi 5s devices
CVE-2019-11515 (core/classes/db_backup.php in Gila CMS 1.10.1 allows
admin/db_backup?d ...)
@@ -46712,7 +46712,7 @@ CVE-2019-10791
CVE-2019-10790
RESERVED
CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection
via the ...)
- TODO: check
+ NOT-FOR-US: curling.js
CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute
arbitrary ...)
TODO: check
CVE-2019-10787 (im-resize through 2.3.2 allows remote attackers to execute
arbitrary c ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fe3d5ec62403815898844dd365c9c3c324f0a22
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fe3d5ec62403815898844dd365c9c3c324f0a22
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
