[Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b752470c by Salvatore Bonaccorso at 2022-11-21T22:44:52+01:00 Proces some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -956,7 +956,7 @@ CVE-2022-45424 CVE-2022-45423 RESERVED CVE-2022-45422 (When LG SmartShare is installed, local privilege escalation is possibl ...) - TODO: check + NOT-FOR-US: LG CVE-2022-45122 RESERVED CVE-2022-45113 @@ -2378,17 +2378,17 @@ CVE-2022-45019 CVE-2022-45018 RESERVED CVE-2022-45017 (A cross-site scripting (XSS) vulnerability in the Overview Page settin ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-45016 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-45015 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-45014 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-45013 (A cross-site scripting (XSS) vulnerability in the Show Advanced Option ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-45012 (A cross-site scripting (XSS) vulnerability in the Modify Page module o ...) - TODO: check + NOT-FOR-US: WBCE CMS CVE-2022-45011 RESERVED CVE-2022-45010 @@ -2752,7 +2752,7 @@ CVE-2022-44832 CVE-2022-44831 RESERVED CVE-2022-44830 (Sourcecodester Event Registration App v1.0 was discovered to contain m ...) - TODO: check + NOT-FOR-US: Sourcecodester Event Registration App CVE-2022-44829 RESERVED CVE-2022-44828 @@ -9279,7 +9279,7 @@ CVE-2022-3591 CVE-2022-3590 RESERVED CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...) - TODO: check + NOT-FOR-US: Miele's "AppWash" MobileApp CVE-2022-3588 RESERVED CVE-2022-3587 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...) @@ -9928,7 +9928,7 @@ CVE-2022-43119 (A cross-site scripting (XSS) vulnerability in Clansphere CMS v20 CVE-2022-43118 (A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allo ...) NOT-FOR-US: flatCore-CMS CVE-2022-43117 (Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 w ...) - TODO: check + NOT-FOR-US: Sourcecodester Password Storage Application in PHP/OOP and MySQL CVE-2022-43116 RESERVED CVE-2022-43115 @@ -12889,7 +12889,7 @@ CVE-2022-38143 CVE-2022-36354 RESERVED CVE-2022-3388 (Improper Input Validation vulnerability in Hitachi Energy MicroSCADA P ...) - TODO: check + NOT-FOR-US: MicroSCADA CVE-2022-3387 (Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path tr ...) NOT-FOR-US: Advantech R-SeeNet CVE-2022-3386 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b752470c8dcb8ddd353fafeea6fcc81dbff6679f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b752470c8dcb8ddd353fafeea6fcc81dbff6679f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8fde0213 by Salvatore Bonaccorso at 2022-11-13T21:17:01+01:00 Proces some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,25 +5,25 @@ CVE-2022-3977 CVE-2022-3976 (A vulnerability has been found in MZ Automation libiec61850 up to 1.4 ...) TODO: check CVE-2022-3975 (A vulnerability, which was classified as problematic, has been found i ...) - TODO: check + NOT-FOR-US: NukeViet CMS CVE-2022-3974 (A vulnerability classified as critical was found in Axiomatic Bento4. ...) - TODO: check + NOT-FOR-US: Bento4 CVE-2022-3973 (A vulnerability classified as critical has been found in Pingkon HMS-P ...) - TODO: check + NOT-FOR-US: Pingkon HMS-PHP CVE-2022-3972 (A vulnerability was found in Pingkon HMS-PHP. It has been rated as cri ...) - TODO: check + NOT-FOR-US: Pingkon HMS-PHP CVE-2022-3971 (A vulnerability was found in matrix-appservice-irc up to 0.35.1. It ha ...) TODO: check CVE-2022-3970 (A vulnerability was found in LibTIFF. It has been classified as critic ...) TODO: check CVE-2022-3969 (A vulnerability was found in OpenKM up to 6.3.11 and classified as pro ...) - TODO: check + NOT-FOR-US: OpenKM CVE-2022-3968 (A vulnerability has been found in emlog and classified as problematic. ...) - TODO: check + NOT-FOR-US: emlog CVE-2022-3967 (A vulnerability, which was classified as critical, was found in Vesta ...) - TODO: check + NOT-FOR-US: Vesta CVE-2022-3966 (A vulnerability, which was classified as critical, has been found in U ...) - TODO: check + NOT-FOR-US: Ultimate Member Plugin CVE-2022-3965 (A vulnerability classified as problematic was found in ffmpeg. This vu ...) TODO: check CVE-2022-3964 (A vulnerability classified as problematic has been found in ffmpeg. Th ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fde0213137c84788f46225a891fd47634b88146 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fde0213137c84788f46225a891fd47634b88146 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b7e0f5ca by Salvatore Bonaccorso at 2022-01-26T22:21:50+01:00 Proces some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,7 +21,7 @@ CVE-2022-23995 CVE-2022-23994 RESERVED CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...) - TODO: check + NOT-FOR-US: pfSense CVE-2022-23992 RESERVED CVE-2022-23991 @@ -76,15 +76,15 @@ CVE-2022-0377 CVE-2022-0376 RESERVED CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) - TODO: check + NOT-FOR-US: livehelperchat CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) - TODO: check + NOT-FOR-US: livehelperchat CVE-2022-0373 RESERVED CVE-2022-0372 RESERVED CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...) - TODO: check + NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API CVE-2018-25029 RESERVED CVE-2013-20003 @@ -184,7 +184,7 @@ CVE-2022-0364 CVE-2022-0363 RESERVED CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...) - TODO: check + NOT-FOR-US: showdoc CVE-2022-0361 (Heap-based Buffer Overflow in Conda vim prior to 8.2. ...) TODO: check CVE-2022-0360 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7e0f5ca92fa4727396365dfee0f019eec23355d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7e0f5ca92fa4727396365dfee0f019eec23355d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 846eec16 by Salvatore Bonaccorso at 2021-06-29T22:29:38+02:00 Proces some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -2350,7 +2350,7 @@ CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches NOTE: https://bugs.quassel-irc.org/issues/1728 NOTE: '--require-ssl' flag added in https://github.com/quassel/quassel/pull/43 CVE-2021-34824 (Istio before 1.9.6 and 1.10.x before 1.10.2 has Incorrect Access Contr ...) - TODO: check + NOT-FOR-US: Istio CVE-2021-34823 RESERVED CVE-2021-34822 @@ -6538,15 +6538,15 @@ CVE-2021-32994 CVE-2021-32993 RESERVED CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not properly ...) - TODO: check + NOT-FOR-US: FATEK Automation WinProladder CVE-2021-32991 RESERVED CVE-2021-32990 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...) - TODO: check + NOT-FOR-US: FATEK Automation WinProladder CVE-2021-32989 RESERVED CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...) - TODO: check + NOT-FOR-US: FATEK Automation WinProladder CVE-2021-32987 RESERVED CVE-2021-32986 @@ -9293,7 +9293,7 @@ CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent for Window ...) NOT-FOR-US: McAfee CVE-2021-31838 (A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4. ...) - TODO: check + NOT-FOR-US: MVISION EDR (MVEDR) CVE-2021-31837 (Memory corruption vulnerability in the driver file component in McAfee ...) NOT-FOR-US: McAfee CVE-2021-31836 @@ -10069,9 +10069,9 @@ CVE-2021-31533 CVE-2021-31532 (NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 ...) NOT-FOR-US: NXP CVE-2021-31531 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to S ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2021-31530 (Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to I ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2021-31529 RESERVED CVE-2021-31528 @@ -10195,29 +10195,29 @@ CVE-2021-3503 RESERVED - wildfly (bug #752018) CVE-2021-31516 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Vector 35 Binary Ninja CVE-2021-31515 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Vector 35 Binary Ninja CVE-2021-31514 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31513 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31512 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31511 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31510 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31509 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31508 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31507 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31506 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: OpenText Brava! Desktop CVE-2021-31505 (This vulnerability allows attackers with physical access to escalate p ...) - TODO: check + NOT-FOR-US: Arlo Q Plus CVE-2021-31504 RESERVED CVE-2021-31503 @@ -11011,7 +11011,7 @@ CVE-2021-31162 (In the standard library in Rust before 1.52.0, a double free can CVE-2021-31161 RESERVED CVE-2021-31160 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2021-31159 (Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a ...) NOT-FOR-US: Zoho ManageEngine CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through
[Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 33a89b35 by Salvatore Bonaccorso at 2021-01-13T21:20:37+01:00 Proces some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -76456,27 +76456,27 @@ CVE-2020-4606 (IBM Security Verify Privilege Manager 10.8 is vulnerable to an XM CVE-2020-4605 RESERVED CVE-2020-4604 (IBM Security Guardium Insights 2.0.2 stores user credentials in plain ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4603 (IBM Security Guardium Insights 2.0.1 performs an operation at a privil ...) NOT-FOR-US: IBM CVE-2020-4602 (IBM Security Guardium Insights 2.0.2 stores user credentials in plain ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4601 RESERVED CVE-2020-4600 (IBM Security Guardium Insights 2.0.2 could allow a remote attacker to ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4599 (IBM Security Guardium Insights 2.0.2 could allow a remote attacker to ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4598 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2020-4597 (IBM Security Guardium Insights 2.0.2 does not set the secure attribute ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4596 (IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptog ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4595 (IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptog ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4594 (IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptog ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4593 (IBM Security Guardium Insights 2.0.1 stores user credentials in plain ...) NOT-FOR-US: IBM CVE-2020-4592 (IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, und ...) @@ -131722,7 +131722,7 @@ CVE-2019-4704 (IBM Security Identity Manager Virtual Appliance 7.0.2 does not se CVE-2019-4703 (IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft ...) NOT-FOR-US: IBM CVE-2019-4702 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissi ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4701 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with a ...) NOT-FOR-US: IBM CVE-2019-4700 @@ -131752,7 +131752,7 @@ CVE-2019-4689 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a CVE-2019-4688 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the s ...) NOT-FOR-US: IBM CVE-2019-4687 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive i ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4686 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the s ...) NOT-FOR-US: IBM CVE-2019-4685 @@ -132806,7 +132806,7 @@ CVE-2019-4162 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is CVE-2019-4161 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 disclose ...) NOT-FOR-US: IBM CVE-2019-4160 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than e ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4159 REJECTED CVE-2019-4158 (IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33a89b35723100ee7749d495e80091ce105b36f5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33a89b35723100ee7749d495e80091ce105b36f5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 493889bd by Salvatore Bonaccorso at 2020-05-14T22:14:20+02:00 Proces some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21421,9 +21421,9 @@ CVE-2020-4470 CVE-2020-4469 RESERVED CVE-2020-4468 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4467 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4466 RESERVED CVE-2020-4465 @@ -21513,7 +21513,7 @@ CVE-2020-4424 CVE-2020-4423 RESERVED CVE-2020-4422 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allo ...) NOT-FOR-US: IBM CVE-2020-4420 @@ -21627,7 +21627,7 @@ CVE-2020-4367 CVE-2020-4366 RESERVED CVE-2020-4365 (IBM WebSphere Application Server 8.5 is vulnerable to server-side requ ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4364 RESERVED CVE-2020-4363 @@ -21671,7 +21671,7 @@ CVE-2020-4345 CVE-2020-4344 RESERVED CVE-2020-4343 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4342 RESERVED CVE-2020-4341 @@ -21759,7 +21759,7 @@ CVE-2020-4301 CVE-2020-4300 RESERVED CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 c ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4298 RESERVED CVE-2020-4297 @@ -21781,13 +21781,13 @@ CVE-2020-4290 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, CVE-2020-4289 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4288 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4287 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4286 RESERVED CVE-2020-4285 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4284 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4283 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and ...) @@ -21825,25 +21825,25 @@ CVE-2020-4268 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scr CVE-2020-4267 (IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authen ...) NOT-FOR-US: IBM CVE-2020-4266 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4265 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4264 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4263 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4262 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4261 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4260 (IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permi ...) NOT-FOR-US: IBM CVE-2020-4259 (IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authe ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4258 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4257 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4256 RESERVED CVE-2020-4255 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/493889bd64f8075d153ac106cbb73727fb982064 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/493889bd64f8075d153ac106cbb73727fb982064 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a2aec6b by Salvatore Bonaccorso at 2019-08-15T20:24:28Z Proces some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -812,7 +812,7 @@ CVE-2017-18486 (Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate CVE-2019-14801 (The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress ...) NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress CVE-2019-14800 (The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress ...) - TODO: check + NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress CVE-2019-14799 (The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress ...) NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress CVE-2019-14798 (The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authent ...) @@ -822,7 +822,7 @@ CVE-2019-14797 (The 10Web Photo Gallery plugin before 1.5.23 for WordPress has a CVE-2019-14796 (The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products ...) NOT-FOR-US: mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin for WordPress CVE-2019-14795 (The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress h ...) - TODO: check + NOT-FOR-US: toggle-the-title (aka Toggle The Title) plugin for WordPress CVE-2019-14794 (The Meta Box plugin before 4.16.2 for WordPress mishandles the uploadi ...) NOT-FOR-US: Meta Box plugin for WordPress CVE-2019-14793 (The Meta Box plugin before 4.16.3 for WordPress allows file deletion v ...) @@ -832,19 +832,19 @@ CVE-2019-14792 (The WP Google Maps plugin before 7.11.35 for WordPress allows XS CVE-2019-14791 (The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XS ...) NOT-FOR-US: Appointment Booking Calendar plugin for WordPress CVE-2019-14790 (The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS ...) - TODO: check + NOT-FOR-US: limb-gallery (aka Limb Gallery) plugin for WordPress CVE-2019-14789 (The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin ...) - TODO: check + NOT-FOR-US: Custom 404 Pro plugin for WordPress CVE-2019-14788 (wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribu ...) - TODO: check + NOT-FOR-US: Tribulant Newsletters plugin for WordPress CVE-2019-14787 (The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XS ...) NOT-FOR-US: Tribulant Newsletters plugin for WordPress CVE-2019-14786 (The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users t ...) - TODO: check + NOT-FOR-US: Rank Math SEO plugin for WordPress CVE-2019-14785 (The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress h ...) NOT-FOR-US: "CP Contact Form with PayPal" plugin for WordPress CVE-2019-14784 (The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress h ...) - TODO: check + NOT-FOR-US: "CP Contact Form with PayPal" plugin for WordPress CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, Fo ...) NOT-FOR-US: Samsung CVE-2019-14782 @@ -5311,7 +5311,7 @@ CVE-2019-13580 CVE-2019-13579 RESERVED CVE-2019-13578 (A SQL injection vulnerability exists in the Impress GiveWP Give plugin ...) - TODO: check + NOT-FOR-US: Impress GiveWP Give plugin for WordPress CVE-2019-13577 (SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthe ...) NOT-FOR-US: SnmpAdm.exe in MAPLE WBT SNMP Administrator CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a2aec6b4027780b86de2dea18f8cb133749dcbd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a2aec6b4027780b86de2dea18f8cb133749dcbd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8dedb45a by Salvatore Bonaccorso at 2019-07-26T22:28:19Z Proces some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -43,7 +43,7 @@ CVE-2019-1020002 CVE-2019-1020001 RESERVED CVE-2018-20857 (Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as ...) - TODO: check + NOT-FOR-US: Zendesk Samlr CVE-2019-14282 (The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org ...) TODO: check CVE-2019-14281 (The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, inclu ...) @@ -168,7 +168,7 @@ CVE-2019-14230 (An issue was discovered in the Viral Quiz Maker - OnionBuzz plug CVE-2019-14229 RESERVED CVE-2019-14228 (Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based ...) - TODO: check + NOT-FOR-US: Xavier PHP Management Panel CVE-2019-14227 RESERVED CVE-2019-14226 @@ -719,9 +719,9 @@ CVE-2019-13957 CVE-2019-13956 (Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Discuz!ML CVE-2019-13955 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable ...) - TODO: check + NOT-FOR-US: Mikrotik RouterOS CVE-2019-13954 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable ...) - TODO: check + NOT-FOR-US: Mikrotik RouterOS CVE-2019-13953 RESERVED CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and ...) @@ -2968,17 +2968,17 @@ CVE-2019-13389 CVE-2019-13388 RESERVED CVE-2019-13387 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected ...) - TODO: check + NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13386 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden ...) - TODO: check + NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13385 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and ...) - TODO: check + NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13384 RESERVED CVE-2019-13383 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13382 (UploaderService in SnagIT 2019.1.2 allows elevation of privilege by pl ...) - TODO: check + NOT-FOR-US: SnagIT CVE-2019-13381 REJECTED CVE-2019-13380 (KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from ...) @@ -14113,7 +14113,7 @@ CVE-2019-9494 (The implementations of SAE in hostapd and wpa_supplicant are vuln CVE-2019-9493 RESERVED CVE-2019-9492 (A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 an ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2019-9491 RESERVED CVE-2019-9490 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) @@ -22833,7 +22833,7 @@ CVE-2019-6004 CVE-2019-6003 RESERVED CVE-2019-6002 (Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 a ...) - TODO: check + NOT-FOR-US: Central Dogma CVE-2019-6001 RESERVED CVE-2019-6000 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8dedb45a88af338d22eb931e293cb9d9da300c6f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8dedb45a88af338d22eb931e293cb9d9da300c6f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Proces some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 63438823 by Salvatore Bonaccorso at 2019-05-07T20:42:49Z Proces some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,7 +11,7 @@ CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There i - linux NOTE: Fixed by: https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a cryptograp ...) - TODO: check + NOT-FOR-US: Ratpack CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for WordPress allow ...) NOT-FOR-US: WooCommerce Checkout Manager plugin for WordPress CVE-2019-11806 @@ -396,7 +396,7 @@ CVE-2019-11631 (Moodle 3.6.3 allows remote authenticated administrators to execu CVE-2019-11630 RESERVED CVE-2019-11629 (Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. ...) - TODO: check + NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2019-11628 (An issue was discovered in QlikView Server before 11.20 SR19, 12.00 an ...) NOT-FOR-US: Qlik products CVE-2019-11626 (routers/ajaxRouter.php in doorGets 7.0 has a web site physical path le ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/63438823251412bcf54f4ac7f78b03678c1d9eeb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/63438823251412bcf54f4ac7f78b03678c1d9eeb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits