Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec8fffbc by Salvatore Bonaccorso at 2020-03-16T21:50:48+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -105,7 +105,7 @@ CVE-2018-21037
CVE-2020-10595
RESERVED
CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It
allows att ...)
- TODO: check
+ NOT-FOR-US: drf-jwt
CVE-2020-10593
RESERVED
CVE-2020-10592
@@ -186,7 +186,7 @@ CVE-2020-10559
CVE-2020-10558
RESERVED
CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the
user to ...)
- TODO: check
+ NOT-FOR-US: AContent
CVE-2020-10556
RESERVED
CVE-2020-10555
@@ -838,17 +838,17 @@ CVE-2020-10245
CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local
tokens. ...)
NOT-FOR-US: JPaseto
CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of
type cas ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2020-10242 (An issue was discovered in Joomla! before 3.9.16. Inadequate
handling ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2020-10241 (An issue was discovered in Joomla! before 3.9.16. Missing
token checks ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2020-10240 (An issue was discovered in Joomla! before 3.9.16. Missing
length check ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2020-10239 (An issue was discovered in Joomla! before 3.9.16. Incorrect
Access Con ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2020-10238 (An issue was discovered in Joomla! before 3.9.16. Various
actions in c ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The
installer wrot ...)
NOT-FOR-US: Froxlor
CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created
files wi ...)
@@ -871,7 +871,7 @@ CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth
Kit (TSK), there is a
CVE-2020-10231
RESERVED
CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6
and 7) al ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com
CVE-2020-10229
RESERVED
CVE-2020-10228
@@ -2914,7 +2914,7 @@ CVE-2020-9323
CVE-2020-9322
RESERVED
CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and
TraefikEE 2.0. ...)
- TODO: check
+ NOT-FOR-US: Traefik
CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass
via a ...)
NOT-FOR-US: Avira
CVE-2020-9319
@@ -8247,11 +8247,11 @@ CVE-2020-6992
CVE-2020-6991
RESERVED
CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B
v21.001 and p ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2020-6989
RESERVED
CVE-2020-6988 (Rockwell Automation MicroLogix 1400 Controllers Series B
v21.001 and p ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2020-6987
RESERVED
CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a
series ...)
@@ -8259,7 +8259,7 @@ CVE-2020-6986 (In all versions of Omron PLC CJ Series, an
attacker can send a se
CVE-2020-6985
RESERVED
CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B
v21.001 and p ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2020-6983
RESERVED
CVE-2020-6982
@@ -8267,7 +8267,7 @@ CVE-2020-6982
CVE-2020-6981
RESERVED
CVE-2020-6980 (Rockwell Automation MicroLogix 1400 Controllers Series B
v21.001 and p ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2020-6979
RESERVED
CVE-2020-6978
@@ -9222,11 +9222,11 @@ CVE-2020-6588
CVE-2020-6587
RESERVED
CVE-2020-6586 (Nagios Log Server 2.1.3 allows XSS by visiting /profile and
entering a ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2020-6585 (Nagios Log Server 2.1.3 has CSRF. ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2020-6584 (Nagios Log Server 2.1.3 has Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2019-20371
RESERVED
CVE-2019-20370
@@ -10826,17 +10826,17 @@ CVE-2020-5851 (On impacted versions and platforms the
Trusted Platform Module (T
CVE-2020-5850
RESERVED
CVE-2020-5849 (Unraid 6.8.0 allows authentication bypass. ...)
- TODO: check
+ NOT-FOR-US: Unraid
CVE-2020-5848
RESERVED
CVE-2020-5847 (Unraid through 6.8.0 allows Remote Code Execution. ...)
- TODO: check
+ NOT-FOR-US: Unraid
CVE-2020-5846 (An insecure file upload and code execution issue was discovered
in Ahs ...)
NOT-FOR-US: Ahsay Cloud Backup Suite
CVE-2020-5845
RESERVED
CVE-2020-5844 (index.php?sec=godmode/extensions&sec2=extensions/files_repo
in Pan ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2020-5843 (Codoforum 4.8.3 allows XSS in the admin dashboard via a
category to th ...)
NOT-FOR-US: Codoforum
CVE-2020-5842 (Codoforum 4.8.3 allows XSS in the user registration page: via
the user ...)
@@ -15258,9 +15258,9 @@ CVE-2020-3950
CVE-2020-3949
RESERVED
CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before
15.5.2) and ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3947 (VMware Workstation (15.x before 15.5.2) and Fusion (11.x before
11.5.2 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3946
RESERVED
CVE-2020-3945 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1
and 6.6. ...)
@@ -15836,7 +15836,7 @@ CVE-2019-19947 (In the Linux kernel through 5.4.6,
there are information leaks o
[stretch] - linux 4.9.210-1
NOTE:
https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9
CVE-2019-19946 (The API in Dradis Pro 3.4.1 allows any user to extract the
content of ...)
- TODO: check
+ NOT-FOR-US: Dradis Pro
CVE-2019-19945 (uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2
has an ...)
TODO: check
CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in
mms/asn1/ber_decode.c ...)
@@ -15844,11 +15844,11 @@ CVE-2019-19944 (In libIEC61850 1.4.0,
BerDecoder_decodeUint32 in mms/asn1/ber_de
CVE-2019-19943 (The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web
Server 3.3 ...)
NOT-FOR-US: Pablo Quick 'n Easy Web Server
CVE-2019-19942 (Missing output sanitation in Swisscom Centro Grande Centro
Grande befo ...)
- TODO: check
+ NOT-FOR-US: Swisscom
CVE-2019-19941 (Missing hostname validation in Swisscom Centro Grande before
6.16.12 a ...)
- TODO: check
+ NOT-FOR-US: Swisscom
CVE-2019-19940 (Incorrect input sanitation in text-oriented user interfaces
(telnet, s ...)
- TODO: check
+ NOT-FOR-US: Swisscom
CVE-2019-19939
RESERVED
CVE-2019-19938
@@ -16890,7 +16890,7 @@ CVE-2019-19823 (A certain router administration
interface (that includes Realtek
CVE-2019-19822 (A certain router administration interface (that includes
Realtek APMIB ...)
NOT-FOR-US: Realtek
CVE-2019-19821 (A post-authentication privilege escalation in the web
application of C ...)
- TODO: check
+ NOT-FOR-US: Combodo iTop
CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the
kyrld.sys dr ...)
NOT-FOR-US: Kyrol Internet Security
CVE-2019-19819 (The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader
12.0.0.1 ...)
@@ -22636,7 +22636,7 @@ CVE-2019-19210 (Dolibarr ERP/CRM before 10.0.3 allows
XSS because uploaded HTML
CVE-2019-19209 (Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. ...)
TODO: check
CVE-2019-19208 (Codiad Web IDE through 2.8.4 allows PHP Code injection. ...)
- TODO: check
+ NOT-FOR-US: Codiad Web IDE
CVE-2019-19207 (rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.
...)
NOT-FOR-US: rConfig
CVE-2019-19206 (Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS
due to J ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec8fffbc8c585e8c85b8c006731373f8675b96d7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec8fffbc8c585e8c85b8c006731373f8675b96d7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
