Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
28e2adca by Salvatore Bonaccorso at 2020-02-18T21:33:22+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user
creation via s ...)
- TODO: check
+ NOT-FOR-US: ICE Hrm
CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password
reset via ...)
- TODO: check
+ NOT-FOR-US: ICE Hrm
CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection
that lead ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy
clause, ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for
arbitra ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for
arbitra ...)
- TODO: check
+ NOT-FOR-US: SOPlanning
CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections
against t ...)
- TODO: check
+ NOT-FOR-US: phpMyChat-Plus
CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection
bypass ...)
- TODO: check
+ NOT-FOR-US: ESET
CVE-2020-9263
RESERVED
CVE-2020-9262
@@ -5364,9 +5364,9 @@ CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based
XSS vulnerability that is
CVE-2020-6846
RESERVED
CVE-2020-6845 (An issue was discovered in TopManage OLK 2020. As there is no
ReadOnly ...)
- TODO: check
+ NOT-FOR-US: TopManage
CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another
vulnerab ...)
- TODO: check
+ NOT-FOR-US: TopManage
CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS.
This i ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2020-6842
@@ -41750,7 +41750,7 @@ CVE-2019-12956
CVE-2019-12955
RESERVED
CVE-2019-12954 (SolarWinds Network Performance Monitor (Orion Platform 2018,
NPM 12.3, ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2019-12953
RESERVED
CVE-2019-12952
@@ -44585,7 +44585,7 @@ CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94
for WordPress has XSS beca
CVE-2019-11868 (See.sys, up to version 4.25, in SoftEther VPN Server versions
4.29 or ...)
NOT-FOR-US: SoftEther VPN Server
CVE-2019-11867 (Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015,
fails to ...)
- TODO: check
+ NOT-FOR-US: Realtek NDIS driver rt640x64.sys
CVE-2019-11866
RESERVED
CVE-2019-11865
@@ -47781,7 +47781,7 @@ CVE-2019-10797
CVE-2019-10796
RESERVED
CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution.
The 'a' f ...)
- TODO: check
+ NOT-FOR-US: undefsafe
CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype
Pollutio ...)
TODO: check
CVE-2019-10793 (dot-object before 2.1.3 is vulnerable to Prototype Pollution.
The set ...)
@@ -61056,15 +61056,15 @@ CVE-2019-6196
CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller
(XCC) ver ...)
TODO: check
CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was
reported in ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6193 (An information disclosure vulnerability was reported in Lenovo
XClarit ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6192 (A potential vulnerability has been reported in Lenovo Power
Management ...)
NOT-FOR-US: Lenovo
CVE-2019-6191 (A potential vulnerability in the discontinued LenovoPaper
software ver ...)
NOT-FOR-US: Lenovo
CVE-2019-6190 (Lenovo was notified of a potential denial of service
vulnerability, af ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6189 (A potential vulnerability was reported in Lenovo System
Interface Foun ...)
NOT-FOR-US: Lenovo
CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo
ThinkP ...)
@@ -63305,7 +63305,7 @@ CVE-2019-5324
CVE-2019-5323
RESERVED
CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is
present ...)
- TODO: check
+ NOT-FOR-US: Edge Switch models
CVE-2019-5321
RESERVED
CVE-2019-5320
@@ -66099,7 +66099,7 @@ CVE-2019-4000
CVE-2019-3999
RESERVED
CVE-2019-3998 (Authentication bypass using an alternate path or channel in
SimpliSafe ...)
- TODO: check
+ NOT-FOR-US: SimpliSafe SS3 firmware
CVE-2019-3997 (Authentication bypass using an alternate path or channel in
SimpliSafe ...)
NOT-FOR-US: SimpliSafe SS3 firmware
CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request
proxy ...)
@@ -219375,7 +219375,7 @@ CVE-2015-6972 (Multiple cross-site scripting (XSS)
vulnerabilities in Ignite Rea
CVE-2015-6971 (Lenovo System Update (formerly ThinkVantage System Update)
before 5.07 ...)
NOT-FOR-US: Lenovo
CVE-2015-6970 (The web interface in Bosch Security Systems NBN-498 Dinion2X
Day/Night ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in
the 2k11 ...)
- serendipity <removed>
CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the
serendipity_isAct ...)
@@ -219501,7 +219501,7 @@ CVE-2015-6924
CVE-2015-6923 (The ndvbs module in VBox Communications Satellite Express
Protocol 2.3 ...)
NOT-FOR-US: VBox Communications Satellite Express Protocol
CVE-2015-6922 (Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33,
8.x bef ...)
- TODO: check
+ NOT-FOR-US: Kaseya Virtual System Administrator
CVE-2015-6921 (Cross-site scripting (XSS) vulnerability in the Zendesk
Feedback Tab m ...)
NOT-FOR-US: Zendesk Feedback Tab for Drupal
CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in
the sourc ...)
@@ -220497,7 +220497,7 @@ CVE-2015-6591 (Directory traversal vulnerability in
application/templates/amelia
CVE-2015-6590
RESERVED
CVE-2015-6589 (Directory traversal vulnerability in Kaseya Virtual System
Administrat ...)
- TODO: check
+ NOT-FOR-US: Kaseya Virtual System Administrator
CVE-2015-6588 (Cross-site scripting (XSS) vulnerability in login-fsp.html in
MODX Rev ...)
NOT-FOR-US: MODX Revolution
CVE-2015-6587 (The vlserver in OpenAFS before 1.6.13 allows remote
authenticated user ...)
@@ -235596,7 +235596,7 @@ CVE-2015-1430 (Buffer overflow in xymon 4.3.17-1. ...)
NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/
NOTE: http://www.openwall.com/lists/oss-security/2015/01/30/17
CVE-2015-1425 (JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities
...)
- TODO: check
+ NOT-FOR-US: JAKWEB Gecko CMS
CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS
2.2 and 2 ...)
NOT-FOR-US: Gecko CMS
CVE-2015-1423 (Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3
allow ...)
@@ -240849,7 +240849,7 @@ CVE-2012-6668 (Multiple cross-site scripting (XSS)
vulnerabilities in the Shout
CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in
DragonByte ...)
NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
CVE-2012-6666 (vBSeo before 3.6.0PL2 allows XSS via the member.php u
parameter. ...)
- TODO: check
+ NOT-FOR-US: vBSeo
CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before
2.6.38 ...)
- linux 2.6.38-1
- linux-2.6 2.6.38-1
@@ -251781,7 +251781,7 @@ CVE-2014-4983
CVE-2014-4982 (LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command
injection ...)
NOT-FOR-US: LPAR2RRD
CVE-2014-4981 (LPAR2RRD in 3.5 and earlier allows remote attackers to execute
arbitra ...)
- TODO: check
+ NOT-FOR-US: LPAR2RRD
CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5
for Nes ...)
NOT-FOR-US: Tenable Web UI for Nessus
CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary
code or c ...)
@@ -254598,9 +254598,9 @@ CVE-2014-3829 (displayServiceStatus.php in Centreon
2.5.1 and Centreon Enterpris
CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and
Centreon ...)
- centreon-web <itp> (bug #913903)
CVE-2014-3827 (Multiple cross-site scripting (XSS) vulnerabilities in the MyBB
(aka M ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2014-3826 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13
allows ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2014-3825 (The Juniper SRX Series devices with Junos 11.4 before
11.4R12-S4, 12.1 ...)
NOT-FOR-US: Juniper Junos
CVE-2014-3824 (Cross-site scripting (XSS) vulnerability in the web server in
the Juni ...)
@@ -258182,7 +258182,7 @@ CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and
4.0.5 allows local users to ca
CVE-2014-2596
RESERVED
CVE-2014-2595 (Barracuda Web Application Firewall (WAF) 7.8.1.013 allows
remote attac ...)
- TODO: check
+ NOT-FOR-US: Barracuda Web Application Firewall (WAF)
CVE-2014-2594
RESERVED
CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy
Manager 6.3. ...)
@@ -260940,7 +260940,7 @@ CVE-2014-1619 (Multiple SQL injection vulnerabilities
in Cubic CMS 5.1.1, 5.1.2,
CVE-2014-1618 (Multiple SQL injection vulnerabilities in UAEPD Shopping Cart
Script a ...)
NOT-FOR-US: UAEPD Shopping Cart Script
CVE-2014-1617 (Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start
Buffer Over ...)
- TODO: check
+ NOT-FOR-US: Microsys
CVE-2014-1616
RESERVED
CVE-2014-1615 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Carbon B ...)
@@ -262354,9 +262354,9 @@ CVE-2013-7290 (The do_item_get function in items.c in
memcached 1.4.4 and other
CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in
register.php in ...)
NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb)
CVE-2013-7287 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure
encrypti ...)
- TODO: check
+ NOT-FOR-US: MobileIron
CVE-2013-7286 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak
password obfu ...)
- TODO: check
+ NOT-FOR-US: MobileIron
CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat
Enterprise Linu ...)
- libreswan <not-affected> (Fixed before initial upload in Debian;
/tmp-race in libreswan.spec for rpm based systems)
CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router
with fir ...)
@@ -263761,7 +263761,7 @@ CVE-2013-7175 (Multiple SQL injection vulnerabilities
in Avanset Visual CertExam
CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP
QTS be ...)
NOT-FOR-US: QNAP QTS
CVE-2013-7173 (Belkin n750 routers have a buffer overflow. ...)
- TODO: check
+ NOT-FOR-US: Belkin
CVE-2013-7172 (Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable
permission ...)
- libiodbc2 <not-affected> (RPATH issue slackware specific)
CVE-2013-7171 (Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and
3.3-i486-2, ...)
@@ -264893,7 +264893,7 @@ CVE-2013-6929 (SQL injection vulnerability in Cybozu
Garoon 3.7 SP2 and earlier
CVE-2013-6928
RESERVED
CVE-2013-6927 (Internet TRiLOGI Server (unknown versions) could allow a local
user to ...)
- TODO: check
+ NOT-FOR-US: Internet TRiLOGI Server
CVE-2013-6926 (The integrated HTTPS server in Siemens RuggedCom ROS before
3.12.2 all ...)
NOT-FOR-US: Siemens
CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before
3.12.2 all ...)
@@ -266524,7 +266524,7 @@ CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS
does not properly handle n
CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security
Appliance (A ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-6681 (Tube Map Live Underground for Android before 3.0.22 has an
Information ...)
- TODO: check
+ NOT-FOR-US: Tube Map Live Underground for Android
CVE-2013-6680
REJECTED
CVE-2013-6679
@@ -267574,11 +267574,11 @@ CVE-2013-6367 (The apic_get_tmcct function in
arch/x86/kvm/lapic.c in the KVM su
CVE-2013-6363
RESERVED
CVE-2013-6362 (Xerox ColorCube and WorkCenter devices in 2013 had hardcoded
FTP and s ...)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2013-6361
RESERVED
CVE-2013-6360 (TRENDnet TS-S402 has a backdoor to enable TELNET. ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote
attackers to ...)
{DSA-2815-1 DLA-20-1}
- munin 2.0.18-1
@@ -267744,7 +267744,7 @@ CVE-2013-6297
CVE-2013-6296
RESERVED
CVE-2013-6295 (PrestaShop 1.5.5 vulnerable to privilege escalation via a
Salesman acc ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2013-6294
RESERVED
CVE-2013-6293
@@ -267780,7 +267780,7 @@ CVE-2013-6279
CVE-2013-6278
RESERVED
CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2013-6276
RESERVED
CVE-2013-6274
@@ -269164,7 +269164,7 @@ CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request
handlers in the kernel in
CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in
Open-Xchange Ap ...)
NOT-FOR-US: Open-Xchange
CVE-2013-5687 (RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443
ApplicationServiceBean ...)
- TODO: check
+ NOT-FOR-US: RiskNet Acquirer
CVE-2013-5686
RESERVED
CVE-2013-5685
@@ -271287,9 +271287,9 @@ CVE-2013-4793 (The update function in
umbraco.webservices/templates/templateServ
CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before
12-august-2 ...)
NOT-FOR-US: Imperva SecureSphere Web Application Firewall (WAF)
CVE-2013-4792 (PrestaShop before 1.4.11 allows logout CSRF. ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2013-4791 (PrestaShop before 1.4.11 allows Logistician, translators and
other low ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11,
7.2.1 be ...)
NOT-FOR-US: Open-Xchange
CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti
before 0 ...)
@@ -273916,7 +273916,7 @@ CVE-2013-3944 (Stack-based buffer overflow in the
MrSID plugin (MrSID.dll) befor
CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN)
before 6. ...)
NOT-FOR-US: DotNetNukeDot
CVE-2013-3942 (Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code
Execution Vul ...)
- TODO: check
+ NOT-FOR-US: Potplayer
CVE-2013-3941 (Xjp2.dll in XnView before 2.13 allows remote attackers to
execute arbi ...)
NOT-FOR-US: XnView
CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in
Microsoft W ...)
@@ -275331,7 +275331,7 @@ CVE-2013-3325 (Adobe Flash Player before 10.3.183.86
and 11.x before 11.7.700.20
CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before
11.7.700.202 on ...)
NOT-FOR-US: Adobe Flash Player
CVE-2013-3323 (A Privilege Escalation Vulnerability exists in IBM Maximo Asset
Manage ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-3322 (NetApp OnCommand System Manager 2.1 and earlier allows remote
attacker ...)
NOT-FOR-US: NetApp OnCommand System Manager
CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote
attacker ...)
@@ -276910,7 +276910,7 @@ CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7
devices contain a Security Byp
CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in
cleartex ...)
NOT-FOR-US: Cisco
CVE-2013-2679 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco
Linksys E ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File
Includ ...)
NOT-FOR-US: Cisco
CVE-2013-2677
@@ -281124,7 +281124,7 @@ CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows
remote attackers to execute arbi
CVE-2013-1411
RESERVED
CVE-2013-1410 (Perforce P4web 2011.1 and 2012.1 has multiple XSS
vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: Perforce
CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv
plugin befo ...)
NOT-FOR-US: CommentLuv plugin for Wordpress
CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija
Newsletters plugi ...)
@@ -281142,9 +281142,9 @@ CVE-2013-1403
CVE-2013-1402 (DigiLIBE 3.4 and possibly other versions sends a redirect but
does not ...)
NOT-FOR-US: DigiLIBE
CVE-2013-1401 (Multiple security bypass vulnerabilities in the editAnswer,
deleteAnsw ...)
- TODO: check
+ NOT-FOR-US: WordPress Poll Plugin for WordPress
CVE-2013-1400 (Multiple SQL injection vulnerabilities in CWPPoll.js in
WordPress Poll ...)
- TODO: check
+ NOT-FOR-US: WordPress Poll Plugin for WordPress
CVE-2009-5134 (Buffer overflow in the "create torrent dialog" functionality in
uTorre ...)
NOT-FOR-US: uTorrent
CVE-2013-0243 (haskell-tls-extra before 0.6.1 has Basic Constraints attribute
vulnera ...)
@@ -296099,7 +296099,7 @@ CVE-2012-2206 (The Web Gateway component in IBM
WebSphere MQ File Transfer Editi
CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational
ClearQuest 7. ...)
NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2204 (InfoSphere Guardium aix_ktap module: DoS ...)
- TODO: check
+ NOT-FOR-US: InfoSphere Guardium aix_ktap module
CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used
in IBM R ...)
NOT-FOR-US: IBM Global Security Kit
CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM
Lotus ...)
@@ -299710,7 +299710,7 @@ CVE-2012-0720 (Cross-site scripting (XSS)
vulnerability in the Integration Solut
CVE-2012-0719 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint
Manage ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2012-0718 (IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on
cookie ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2012-0717 (IBM WebSphere Application Server 7.0 before 7.0.0.23, when a
certain S ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-0716 (Cross-site scripting (XSS) vulnerability in the Administration
Console ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/28e2adca1247a5eff44866a6b6bc1e03df9f6c7b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/28e2adca1247a5eff44866a6b6bc1e03df9f6c7b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
