diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-27 22:05:26 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-27 22:05:26 +0100 |
| commit | bb9e68e5e5400c00b3f84d1f31eb543ca16ab13f (patch) | |
| tree | 01892d8f4704c3a925f422aed2a0a52dadde31e7 | |
| parent | 8d3b5bbf067f48053868e7c7b69899765d6ef865 (diff) | |
Process NFUs
| -rw-r--r-- | data/CVE/list.2013 | 4 | ||||
| -rw-r--r-- | data/CVE/list.2014 | 10 | ||||
| -rw-r--r-- | data/CVE/list.2015 | 2 | ||||
| -rw-r--r-- | data/CVE/list.2019 | 64 | ||||
| -rw-r--r-- | data/CVE/list.2020 | 8 |
5 files changed, 44 insertions, 44 deletions
diff --git a/data/CVE/list.2013 b/data/CVE/list.2013 index 3c5950e661..985f4229d7 100644 --- a/data/CVE/list.2013 +++ b/data/CVE/list.2013 @@ -356,7 +356,7 @@ CVE-2013-7392 (Gitlist allows remote attackers to execute arbitrary commands via CVE-2013-7391 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using th ...) NOT-FOR-US: Drupal contributed module Entity API CVE-2013-7390 (Unrestricted file upload vulnerability in AgentLogUploadServlet in Man ...) - TODO: check + NOT-FOR-US: ManageEngine DesktopCentral CVE-2013-7389 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 ...) NOT-FOR-US: D-Link router CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (f ...) @@ -10532,7 +10532,7 @@ CVE-2013-3488 CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the security lo ...) NOT-FOR-US: BulletProof Security plugin for WordPress CVE-2013-3486 (IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerabilit ...) - TODO: check + NOT-FOR-US: IrfanView FlashPix Plugin CVE-2013-3485 (Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.105 ...) NOT-FOR-US: Soda PDF CVE-2013-3484 (Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2 ...) diff --git a/data/CVE/list.2014 b/data/CVE/list.2014 index 9eaef3e73a..0ae94ac89c 100644 --- a/data/CVE/list.2014 +++ b/data/CVE/list.2014 @@ -4873,9 +4873,9 @@ CVE-2014-8767 (Integer underflow in the olsr_print function in tcpdump 3.9.6 thr - tcpdump 4.6.2-2 (bug #770434) NOTE: http://www.securityfocus.com/archive/1/534011/30/0/threaded CVE-2014-8742 (Directory traversal vulnerability in the ReportDownloadServlet servlet ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet servle ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2014-8740 RESERVED CVE-2014-8739 @@ -5337,7 +5337,7 @@ CVE-2014-8564 (The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuT NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 NOTE: in experimental fixed in 3.3.10-1 CVE-2014-8563 (Synacor Zimbra Collaboration before 8.0.9 allows plaintext command inj ...) - TODO: check + NOT-FOR-US: Synacor Zimbra Collaboration CVE-2014-8560 RESERVED CVE-2014-8558 (JExperts Channel Platform 5.0.33_CCB allows remote authenticated users ...) @@ -12735,7 +12735,7 @@ CVE-2014-5502 (The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA a CVE-2014-5501 (Stack-based buffer overflow in the diagnose service in the Sophos Cybe ...) NOT-FOR-US: Sophos Cyberoam CyberoamOS CVE-2014-5500 (Synacor Zimbra Collaboration before 8.0.8 has XSS. ...) - TODO: check + NOT-FOR-US: Synacor Zimbra Collaboration CVE-2014-5499 RESERVED CVE-2014-5498 @@ -16065,7 +16065,7 @@ CVE-2014-4159 (Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplie CVE-2014-4158 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to ...) NOT-FOR-US: Kolibri CVE-2014-4156 (Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerabi ...) - TODO: check + NOT-FOR-US: Proxmox VE CVE-2014-4155 (Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 ...) NOT-FOR-US: ZTE router CVE-2014-4154 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitiv ...) diff --git a/data/CVE/list.2015 b/data/CVE/list.2015 index 7ab58ff711..657aa3a5e8 100644 --- a/data/CVE/list.2015 +++ b/data/CVE/list.2015 @@ -20923,7 +20923,7 @@ CVE-2015-2251 (The DeviceManager in Huawei OceanStor UDS devices with software b CVE-2015-2250 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 befor ...) NOT-FOR-US: concrete5 CVE-2015-2249 (Zimbra Collaboration before 8.6.0 patch5 has XSS. ...) - TODO: check + NOT-FOR-US: Zimbra Collaboration CVE-2015-2248 (Cross-site request forgery (CSRF) vulnerability in the user portal in ...) NOT-FOR-US: Dell SonicWALL CVE-2015-2247 (Unspecified vulnerability in Boosted Boards skateboards allows physica ...) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 3970fa207a..cb9fff149a 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -1587,9 +1587,9 @@ CVE-2019-19827 CVE-2019-19826 (The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal make ...) NOT-FOR-US: Views Dynamic Fields module for Drupal CVE-2019-19825 (On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be ...) - TODO: check + NOT-FOR-US: TOTOLINK Realtek SDK based routers CVE-2019-19824 (On certain TOTOLINK Realtek SDK based routers, an authenticated attack ...) - TODO: check + NOT-FOR-US: TOTOLINK Realtek SDK based routers CVE-2019-19823 (A certain router administration interface (that includes Realtek APMIB ...) TODO: check CVE-2019-19822 (A certain router administration interface (that includes Realtek APMIB ...) @@ -3351,7 +3351,7 @@ CVE-2019-19145 CVE-2019-19144 RESERVED CVE-2019-19143 (TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to ...) - TODO: check + NOT-FOR-US: TP-LINK CVE-2019-19142 (Intelbras WRN240 devices do not require authentication to replace the ...) NOT-FOR-US: Intelbras CVE-2019-19141 (The Camera Upload functionality in Plex Media Server through 1.18.2.20 ...) @@ -7908,7 +7908,7 @@ CVE-2019-17192 (** DISPUTED ** The WebRTC component in the Signal Private Messen CVE-2019-17191 (The Signal Private Messenger application before 4.47.7 for Android all ...) NOT-FOR-US: Signal CVE-2019-17190 (A Local Privilege Escalation issue was discovered in Avast Secure Brow ...) - TODO: check + NOT-FOR-US: Avast Secure Browser CVE-2019-17189 (totemodata 3.0.0_b936 has XSS via a folder name. ...) NOT-FOR-US: totemodata CVE-2019-17188 (An unrestricted file upload vulnerability was discovered in catalog/pr ...) @@ -8098,15 +8098,15 @@ CVE-2019-17105 (The token generator in index.php in Centreon Web before 2.8.27 i CVE-2019-17104 (In Centreon VM through 19.04.3, the cookie configuration within the Ap ...) - centreon-web <itp> (bug #913903) CVE-2019-17103 (An Incorrect Default Permissions vulnerability in the BDLDaemon compon ...) - TODO: check + NOT-FOR-US: Bitdefender AV for Mac CVE-2019-17102 (An exploitable command execution vulnerability exists in the recovery ...) - TODO: check + NOT-FOR-US: Bitdefender BOX 2 CVE-2019-17101 RESERVED CVE-2019-17100 (An Untrusted Search Path vulnerability in bdserviceshost.exe as used i ...) - TODO: check + NOT-FOR-US: Bitdefender Total Security CVE-2019-17099 (An Untrusted Search Path vulnerability in EPSecurityService.exe as use ...) - TODO: check + NOT-FOR-US: Bitdefender Endpoint Security Tools CVE-2019-17098 RESERVED CVE-2019-17097 @@ -8114,9 +8114,9 @@ CVE-2019-17097 CVE-2019-17096 RESERVED CVE-2019-17095 (A command injection vulnerability has been discovered in the bootstrap ...) - TODO: check + NOT-FOR-US: Bitdefender BOX 2 CVE-2019-17094 (A Stack-based Buffer Overflow vulnerability in libbelkin_api.so compon ...) - TODO: check + NOT-FOR-US: Belkin CVE-2019-17093 (An issue was discovered in Avast antivirus before 19.8 and AVG antivir ...) NOT-FOR-US: Avast CVE-2019-17092 (An XSS vulnerability in project list in OpenProject before 9.0.4 and 1 ...) @@ -10775,35 +10775,35 @@ CVE-2019-16031 CVE-2019-16030 RESERVED CVE-2019-16029 (A vulnerability in the application programming interface (API) of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-16028 RESERVED CVE-2019-16027 (A vulnerability in the implementation of the Intermediate System&n ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-16026 (A vulnerability in the implementation of the Stream Control Transmissi ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-16025 RESERVED CVE-2019-16024 (A vulnerability in the web-based management interface of Cisco Crosswo ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-16023 RESERVED CVE-2019-16022 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-16021 RESERVED CVE-2019-16020 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-16019 RESERVED CVE-2019-16018 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-16017 RESERVED CVE-2019-16016 RESERVED CVE-2019-16015 (A vulnerability in the web-based management interface of the Cisco Dat ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-16014 RESERVED CVE-2019-16013 @@ -10817,17 +10817,17 @@ CVE-2019-16010 CVE-2019-16009 RESERVED CVE-2019-16008 (A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-16007 RESERVED CVE-2019-16006 RESERVED CVE-2019-16005 (A vulnerability in the web-based management interface of Cisco Webex V ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-16004 RESERVED CVE-2019-16003 (A vulnerability in the web-based management interface of Cisco UCS Dir ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-16002 (A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-W ...) NOT-FOR-US: Cisco CVE-2019-16001 (A vulnerability in the loading mechanism of specific dynamic link libr ...) @@ -10855,7 +10855,7 @@ CVE-2019-15991 CVE-2019-15990 (A vulnerability in the web-based management interface of certain Cisco ...) NOT-FOR-US: Cisco CVE-2019-15989 (A vulnerability in the implementation of the Border Gateway Protocol ( ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-15988 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2019-15987 (A vulnerability in web interface of the Cisco Webex Event Center, Cisc ...) @@ -12504,7 +12504,7 @@ CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privile CVE-2019-15314 (tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to uplo ...) - tikiwiki <removed> CVE-2019-15313 (In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persiste ...) - TODO: check + NOT-FOR-US: Zimbra Collaboration CVE-2019-15312 RESERVED CVE-2019-15311 @@ -12575,7 +12575,7 @@ CVE-2019-15280 (A vulnerability in the web-based management interface of Cisco F CVE-2019-15279 RESERVED CVE-2019-15278 (A vulnerability in the web-based management interface of Cisco Finesse ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-15277 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...) NOT-FOR-US: Cisco CVE-2019-15276 (A vulnerability in the web interface of Cisco Wireless LAN Controller ...) @@ -12621,7 +12621,7 @@ CVE-2019-15257 (A vulnerability in the web-based management interface of Cisco S CVE-2019-15256 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...) NOT-FOR-US: Cisco CVE-2019-15255 (A vulnerability in the web-based management interface of Cisco Identit ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-15254 RESERVED CVE-2019-15253 @@ -19666,7 +19666,7 @@ CVE-2019-12631 (A vulnerability in the web-based guest portal of Cisco Identity CVE-2019-12630 (A vulnerability in the Java deserialization function used by Cisco Sec ...) NOT-FOR-US: Cisco CVE-2019-12629 (A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-12628 RESERVED CVE-2019-12627 (A vulnerability in the application policy configuration of the Cisco F ...) @@ -19684,7 +19684,7 @@ CVE-2019-12621 (A vulnerability in Cisco HyperFlex Software could allow an unaut CVE-2019-12620 (A vulnerability in the statistics collection service of Cisco HyperFle ...) NOT-FOR-US: Cisco CVE-2019-12619 (A vulnerability in the web interface for Cisco SD-WAN Solution vManage ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via t ...) - nomad <not-affected> (Vulnerability introduced in 0.9.0) NOTE: https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2 @@ -20235,7 +20235,7 @@ CVE-2019-12428 [Mandatory External Authentication Provider Sign-In Restrictions - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12427 (Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-pers ...) - TODO: check + NOT-FOR-US: Zimbra Collaboration CVE-2019-12426 RESERVED CVE-2019-12425 @@ -23295,7 +23295,7 @@ CVE-2019-11320 (In Motorola CX2 1.01 and M2 1.01, users can access the router's CVE-2019-11319 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a c ...) NOT-FOR-US: Motorola CVE-2019-11318 (Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. ...) - TODO: check + NOT-FOR-US: Zimbra Collaboration CVE-2019-11317 RESERVED CVE-2019-11316 @@ -30765,11 +30765,11 @@ CVE-2019-8949 CVE-2019-8948 (PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script i ...) NOT-FOR-US: PaperCut MF CVE-2019-8947 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. ...) - TODO: check + NOT-FOR-US: Zimbra Collaboration CVE-2019-8946 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. ...) - TODO: check + NOT-FOR-US: Zimbra Collaboration CVE-2019-8945 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. ...) - TODO: check + NOT-FOR-US: Zimbra Collaboration CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step in Octo ...) NOT-FOR-US: Terraform CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index af12f7bfa1..8cf7e6e79e 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -153,7 +153,7 @@ CVE-2020-8011 CVE-2020-8010 RESERVED CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...) - TODO: check + NOT-FOR-US: AVB MOTU devices CVE-2020-8008 RESERVED CVE-2020-8007 @@ -5240,11 +5240,11 @@ CVE-2020-5524 CVE-2020-5523 RESERVED CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not verify ...) - TODO: check + NOT-FOR-US: kantan netprint App for Android CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not verify X.50 ...) - TODO: check + NOT-FOR-US: kantan netprint App for iOS CVE-2020-5520 (The netprint App for iOS 3.2.3 and earlier does not verify X.509 certi ...) - TODO: check + NOT-FOR-US: netprint App for iOS CVE-2020-5519 (The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly ...) NOT-FOR-US: OpenLiteSpeed CVE-2020-5518 |