Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d8ba4b1e by Salvatore Bonaccorso at 2020-05-09T10:32:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -94,11 +94,11 @@ CVE-2020-12709
CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion
9.03.50 al ...)
NOT-FOR-US: PHP-Fusion
CVE-2020-12707 (An XSS vulnerability exists in modules/wysiwyg/save.php of
LeptonCMS 4 ...)
- TODO: check
+ NOT-FOR-US: LeptonCMS
CVE-2020-12706 (Multiple Cross-site scripting vulnerabilities in PHP-Fusion
9.03.50 al ...)
NOT-FOR-US: PHP-Fusion
CVE-2020-12705 (Multiple cross-site scripting (XSS) vulnerabilities exist in
LeptonCMS ...)
- TODO: check
+ NOT-FOR-US: LeptonCMS
CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS. ...)
NOT-FOR-US: UliCMS
CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController
uninstall. ...)
@@ -4042,7 +4042,7 @@ CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a
backdoor account vadmin with
CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow
Authenticat ...)
NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices
CVE-2020-11541 (In TechSmith SnagIt before 20.1.1, an XML External Entity
(XXE) inject ...)
- TODO: check
+ NOT-FOR-US: TechSmith SnagIt
CVE-2020-11540
RESERVED
CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12
devices. It ...)
@@ -4060,11 +4060,11 @@ CVE-2020-11534 (An issue was discovered in ONLYOFFICE
Document Server 5.5.0. An
CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM
integration is en ...)
NOT-FOR-US: Ivanti Workspace Control
CVE-2020-11532 (Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses
default admin ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine DataSecurity Plus
CVE-2020-11531 (The DataEngine Xnode Server application in Zoho ManageEngine
DataSecur ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine DataSecurity Plus
CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider
3, a Wor ...)
- TODO: check
+ NOT-FOR-US: Chop Slider 3 WordPress plugin
CVE-2020-11529 (Common/Grav.php in Grav before 1.6.23 has an Open Redirect.
...)
NOT-FOR-US: Grav CMS
CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte
write) ...)
@@ -4281,7 +4281,7 @@ CVE-2020-11433
CVE-2020-11432
RESERVED
CVE-2020-11431 (The documentation component in i-net Clear Reports 16.0 to
19.2, HelpD ...)
- TODO: check
+ NOT-FOR-US: i-net
CVE-2020-11430
RESERVED
CVE-2020-11429
@@ -6022,9 +6022,9 @@ CVE-2020-10797 (An XSS vulnerability resides in the
hostname field of the diag_p
CVE-2020-10796
RESERVED
CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated
remote code ...)
- TODO: check
+ NOT-FOR-US: Gira TKS-IP-Gateway
CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated
path trav ...)
- TODO: check
+ NOT-FOR-US: Gira TKS-IP-Gateway
CVE-2020-10793 (** DISPUTED ** CodeIgniter through 4.0.0 allows remote
attackers to ga ...)
- codeigniter <itp> (bug #471583)
CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to
configure the s ...)
@@ -9065,11 +9065,11 @@ CVE-2020-9477 (An issue was discovered on HUMAX
HGA12R-02 BRGCAA 1.1.53 devices.
CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the
administr ...)
NOT-FOR-US: ARRIS TG1692A devices
CVE-2020-9475 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4
allows ...)
- TODO: check
+ NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway
CVE-2020-9474 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4
allows ...)
- TODO: check
+ NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway
CVE-2020-9473 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4
has a p ...)
- TODO: check
+ NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway
CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and
consequentl ...)
NOT-FOR-US: Umbraco CMS
CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and
consequen ...)
@@ -17094,7 +17094,7 @@ CVE-2020-6095 (An exploitable denial of service
vulnerability exists in the GstR
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018
NOTE:
https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a
CVE-2020-6094 (An exploitable code execution vulnerability exists in the TIFF
fillinr ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2020-6093
RESERVED
CVE-2020-6092
@@ -17120,7 +17120,7 @@ CVE-2020-6083
CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the
ico_rea ...)
NOT-FOR-US: Accusoft
CVE-2020-6081 (An exploitable code execution vulnerability exists in the
PLC_Task fun ...)
- TODO: check
+ NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Runtime
CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the
resource ...)
{DSA-4671-1}
- libmicrodns <removed>
@@ -17843,27 +17843,27 @@ CVE-2020-5753
CVE-2020-5752
RESERVED
CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, aut ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, una ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5749 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, aut ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5748 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, una ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5747 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, aut ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5746 (Insufficient output sanitization in TCExam 14.2.2 allows a
remote, aut ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5745 (Cross-site request forgery in TCExam 14.2.2 allows a remote
attacker t ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5744 (Relative Path Traversal in TCExam 14.2.2 allows a remote,
authenticate ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5743 (Improper Control of Resource Identifiers in TCExam 14.2.2
allows a rem ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2020-5742
RESERVED
CVE-2020-5741 (Deserialization of Untrusted Data in Plex Media Server on
Windows allo ...)
- TODO: check
+ NOT-FOR-US: Plex Media Server on Windows
CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows
allows a loc ...)
NOT-FOR-US: Plex Media Server
CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is
vulnerable ...)
@@ -24545,37 +24545,37 @@ CVE-2020-3315 (Multiple Cisco products are affected
by a vulnerability in the Sn
CVE-2020-3314
RESERVED
CVE-2020-3313 (A vulnerability in the web UI of Cisco Firepower Management
Center (FM ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3312 (A vulnerability in the application policy configuration of
Cisco Firep ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3311 (A vulnerability in the web interface of Cisco Firepower
Management Cen ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3310 (A vulnerability in the XML parser code of Cisco Firepower
Device Manag ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3309 (A vulnerability in Cisco Firepower Device Manager (FDM) On-Box
softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3308 (A vulnerability in the Image Signature Verification feature of
Cisco F ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3307 (A vulnerability in the web UI of Cisco Firepower Management
Center (FM ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3306 (A vulnerability in the DHCP module of Cisco Adaptive Security
Applianc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3305 (A vulnerability in the implementation of the Border Gateway
Protocol ( ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3304
RESERVED
CVE-2020-3303 (A vulnerability in the Internet Key Exchange version 1 (IKEv1)
feature ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3302 (A vulnerability in the web UI of Cisco Firepower Management
Center (FM ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3301 (Multiple vulnerabilities in Cisco Firepower Management Center
(FMC) So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3300
RESERVED
CVE-2020-3299
RESERVED
CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF)
implementation ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3297
RESERVED
CVE-2020-3296
@@ -24601,11 +24601,11 @@ CVE-2020-3287
CVE-2020-3286
RESERVED
CVE-2020-3285 (A vulnerability in the Transport Layer Security version 1.3
(TLS 1.3) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3284
RESERVED
CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport
Layer Secu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3282
RESERVED
CVE-2020-3281
@@ -24653,19 +24653,19 @@ CVE-2020-3261 (A vulnerability in the web-based
management interface of Cisco Mo
CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software
could a ...)
NOT-FOR-US: Cisco
CVE-2020-3259 (A vulnerability in the web services interface of Cisco Adaptive
Securi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3258
RESERVED
CVE-2020-3257
RESERVED
CVE-2020-3256 (A vulnerability in the web-based management interface of Cisco
Hosted ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3255 (A vulnerability in the packet processing functionality of Cisco
Firepo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3254 (Multiple vulnerabilities in the Media Gateway Control Protocol
(MGCP) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3253 (A vulnerability in the support tunnel feature of Cisco
Firepower Threa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3252 (Multiple vulnerabilities in the REST API of Cisco UCS Director
and Cis ...)
NOT-FOR-US: Cisco
CVE-2020-3251 (Multiple vulnerabilities in the REST API of Cisco UCS Director
and Cis ...)
@@ -24679,7 +24679,7 @@ CVE-2020-3248 (Multiple vulnerabilities in the REST API
of Cisco UCS Director an
CVE-2020-3247 (Multiple vulnerabilities in the REST API of Cisco UCS Director
and Cis ...)
NOT-FOR-US: Cisco
CVE-2020-3246 (A vulnerability in the web server of Cisco Umbrella could allow
an una ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3245
RESERVED
CVE-2020-3244
@@ -24779,9 +24779,9 @@ CVE-2020-3198
CVE-2020-3197
RESERVED
CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport
Layer Secu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3195 (A vulnerability in the Open Shortest Path First (OSPF)
implementation ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3194 (A vulnerability in Cisco Webex Network Recording Player for
Microsoft ...)
NOT-FOR-US: Cisco
CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco
Prime C ...)
@@ -24789,17 +24789,17 @@ CVE-2020-3193 (A vulnerability in the web-based
management interface of Cisco Pr
CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco
Prime C ...)
NOT-FOR-US: Cisco
CVE-2020-3191 (A vulnerability in DNS over IPv6 packet processing for Cisco
Adaptive ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR
Software ...)
NOT-FOR-US: Cisco
CVE-2020-3189 (A vulnerability in the VPN System Logging functionality for
Cisco Fire ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3188 (A vulnerability in how Cisco Firepower Threat Defense (FTD)
Software h ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3187 (A vulnerability in the web services interface of Cisco Adaptive
Securi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3186 (A vulnerability in the management access list configuration of
Cisco F ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco
TelePre ...)
NOT-FOR-US: Cisco
CVE-2020-3184
@@ -24813,9 +24813,9 @@ CVE-2020-3181 (A vulnerability in the malware detection
functionality in Cisco A
CVE-2020-3180
RESERVED
CVE-2020-3179 (A vulnerability in the generic routing encapsulation (GRE)
tunnel deca ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3178 (Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS
Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3177 (A vulnerability in the Tool for Auto-Registered Phones Support
(TAPS) ...)
NOT-FOR-US: Cisco
CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow
an aut ...)
@@ -24921,7 +24921,7 @@ CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex
Network Recording Player
CVE-2020-3126 (vulnerability within the Multimedia Viewer feature of Cisco
Webex Meet ...)
NOT-FOR-US: Cisco
CVE-2020-3125 (A vulnerability in the Kerberos authentication feature of Cisco
Adapti ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3124
RESERVED
CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in
Clam AntiV ...)
@@ -29887,9 +29887,9 @@ CVE-2019-19169 (Dext5.ocx ActiveX 5.0.0.116 and eariler
versions contain a vulne
CVE-2019-19168 (Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a
vulnerabili ...)
TODO: check
CVE-2019-19167 (Tobesoft Nexacro v2019.9.25.1 and earlier version have an
arbitrary co ...)
- TODO: check
+ NOT-FOR-US: Tobesoft Nexacro
CVE-2019-19166 (Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Tobesoft XPlatform
CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a
vulnerability ...)
NOT-FOR-US: Inogard Ebiz4u
CVE-2019-19164 (dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and
earlier versio ...)
@@ -30704,23 +30704,23 @@ CVE-2019-18874 (psutil (aka python-psutil) through
5.6.5 can have a double free.
CVE-2019-18873 (FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent
HTTP hea ...)
NOT-FOR-US: FUDForum
CVE-2019-18872 (Weak password requirements in Blaauw Remote Kiln Control
through v3.00 ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18871 (A path traversal in debug.php accessed via default.php in
Blaauw Remot ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18870 (A path traversal via the iniFile parameter in excel.php in
Blaauw Remo ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18869 (Leftover Debug Code in Blaauw Remote Kiln Control through
v3.00r4 allo ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18868 (Blaauw Remote Kiln Control through v3.00r4 allows an
unauthenticated a ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18867 (Browsable directories in Blaauw Remote Kiln Control through
v3.00r4 al ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18866 (Unauthenticated SQL injection via the username in the login
mechanism ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18865 (Information disclosure via error message discrepancies in
authenticati ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18864 (/server-info and /server-status in Blaauw Remote Kiln Control
through ...)
- TODO: check
+ NOT-FOR-US: Blaauw Remote Kiln Control
CVE-2019-18863 (A key length vulnerability in the implementation of the SRTP
128-bit k ...)
NOT-FOR-US: Mitel
CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and
allows loca ...)
@@ -52759,7 +52759,7 @@ CVE-2012-6711 (A heap-based buffer overflow exists in
GNU Bash before 4.3 when w
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1721071
NOTE:
https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=863d31ae775d56b785dc5b0105b6d251515d81d5
(bash-4.3-alpha)
CVE-2019-12864 (SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4)
is vuln ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2019-12863 (SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4)
allows ...)
NOT-FOR-US: SolarWinds
CVE-2019-12862
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8ba4b1ee4cc9abaf9e39aee58fea84f8c629b37
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8ba4b1ee4cc9abaf9e39aee58fea84f8c629b37
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
