diff options
author | Moritz Mühlenhoff <jmm@debian.org> | 2021-02-26 22:38:37 +0100 |
---|---|---|
committer | Moritz Mühlenhoff <jmm@debian.org> | 2021-02-26 22:56:29 +0100 |
commit | 36f148e78720ed9703374ac2f54e5ca618640459 (patch) | |
tree | 246b84f9b1753cce8c6cb16aad383c94439de1d8 | |
parent | a299a8b34a7e7885dc262102f44276be54a63c21 (diff) |
bullseye triage
remove undetermined entries for intellij-community-idea, the issues are for
the fullblown IDE, which is ITPd, while this just provides some general classes
-rw-r--r-- | data/CVE/2019.list | 8 | ||||
-rw-r--r-- | data/CVE/2020.list | 19 |
2 files changed, 8 insertions, 19 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 4b545f68ad..365e6d938d 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -6852,7 +6852,6 @@ CVE-2019-18362 (JetBrains MPS before 2019.2.2 exposed listening ports to the net NOT-FOR-US: JetBrains CVE-2019-18361 (JetBrains IntelliJ IDEA before 2019.2 allows local user privilege esca ...) - intellij-idea <itp> (bug #747616) - - intellij-community-idea <undetermined> CVE-2019-18360 (In JetBrains Hub versions earlier than 2019.1.11738, username enumerat ...) NOT-FOR-US: JetBrains CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3G ...) @@ -15186,7 +15185,6 @@ CVE-2019-14955 (In JetBrains Hub versions earlier than 2018.4.11436, there was n NOT-FOR-US: JetBrains Hub CVE-2019-14954 (JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plant ...) - intellij-idea <itp> (bug #747616) - - intellij-community-idea <undetermined> CVE-2019-14953 (JetBrains YouTrack versions before 2019.2.53938 had a possible XSS thr ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-14952 (JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in ...) @@ -28665,11 +28663,9 @@ CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layo NOT-FOR-US: CMS Made Simple CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Application S ...) - intellij-idea <itp> (bug #747616) - - intellij-community-idea <undetermined> CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ...) - intellij-idea <itp> (bug #747616) - intellij-community-idea <undetermined> -CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...) NOT-FOR-US: JetBrains CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving artifacts using ...) - kotlin <itp> (bug #892842) @@ -30148,10 +30144,8 @@ CVE-2019-9874 (Deserialization of Untrusted Data in the Sitecore.Security.AntiCS NOT-FOR-US: Sitecore CMS CVE-2019-9873 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task ...) - intellij-idea <itp> (bug #747616) - - intellij-community-idea <undetermined> CVE-2019-9872 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating run ...) - intellij-idea <itp> (bug #747616) - - intellij-community-idea <undetermined> CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution because the ...) NOT-FOR-US: Jector Smart TV FM-K75 devices CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor m ...) @@ -30291,7 +30285,6 @@ CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3. NOTE: https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113 CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote run confi ...) - intellij-idea <itp> (bug #747616) - - intellij-community-idea <undetermined> CVE-2019-9822 RESERVED CVE-2019-9821 (A use-after-free vulnerability can occur in AssertWorkerThread due to ...) @@ -32208,7 +32201,6 @@ CVE-2019-9187 (ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.2019 NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9a275b2 CVE-2019-9186 (In several JetBrains IntelliJ IDEA versions, a Spring Boot run configu ...) - intellij-idea <itp> (bug #747616) - - intellij-community-idea <undetermined> CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in Bolt befo ...) NOT-FOR-US: Bolt CMS CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 1acc69c9e4..056699d974 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -38605,19 +38605,19 @@ CVE-2020-13580 (An exploitable heap-based buffer overflow vulnerability exists i CVE-2020-13579 (An exploitable integer overflow vulnerability exists in the PlanMaker ...) NOT-FOR-US: SoftMaker CVE-2020-13578 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) - - gsoap <unfixed> + - gsoap <unfixed> (bug #983596) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189 CVE-2020-13577 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) - - gsoap <unfixed> + - gsoap <unfixed> (bug #983596) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188 CVE-2020-13576 (A code execution vulnerability exists in the WS-Addressing plugin func ...) - - gsoap <unfixed> + - gsoap <unfixed> (bug #983596) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1187 CVE-2020-13575 (A denial-of-service vulnerability exists in the WS-Addressing plugin f ...) - - gsoap <unfixed> + - gsoap <unfixed> (bug #983596) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186 CVE-2020-13574 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) - - gsoap <unfixed> + - gsoap <unfixed> (bug #983596) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185 CVE-2020-13573 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...) NOT-FOR-US: Rockwell Automation RSLinx Classic @@ -43363,7 +43363,6 @@ CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, content spoofing in the Hu NOT-FOR-US: JetBrains Hub CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server could be ...) - intellij-idea <itp> (bug #747616) - - intellij-community-idea <undetermined> CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without appropriate perm ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state is kept a ...) @@ -52660,7 +52659,6 @@ CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SA NOT-FOR-US: Eaton devices CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...) - intellij-idea <itp> (bug #747616) - - intellij-community-idea <undetermined> CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...) NOT-FOR-US: JetBrains CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could ...) @@ -52679,10 +52677,8 @@ CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, ther NOT-FOR-US: JetBrains CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...) - intellij-idea <itp> (bug #747616) - - intellij-community-idea <undetermined> CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ...) - intellij-idea <itp> (bug #747616) - - intellij-community-idea <undetermined> CVE-2020-7903 RESERVED CVE-2020-7902 @@ -59148,13 +59144,14 @@ CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0. [buster] - python-cmarkgfm <no-dsa> (Minor issue) - ruby-commonmarker 0.21.0-1 (bug #965981) [buster] - ruby-commonmarker <no-dsa> (Minor issue) - - haskell-cmark-gfm <unfixed> (bug #965982) + - haskell-cmark-gfm 0.2.1+ds1-1 (bug #965982) [buster] - haskell-cmark-gfm <no-dsa> (Minor issue) - r-cran-commonmark <unfixed> (bug #965980) [buster] - r-cran-commonmark <no-dsa> (Minor issue) + [bullseye] - r-cran-commonmark <no-dsa> (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85 NOTE: https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4 - NOTE: haskell-cmark-gfm switched to src:cmark-gfm in 0.2.1+ds1-1 + NOTE: haskell-cmark-gfm switched to src:cmark-gfm in 0.2.1+ds1-1, marking that as fixed (despite cmark-gfm not fixed yet) CVE-2020-5237 (Multiple relative path traversal vulnerabilities in the oneup/uploader ...) NOT-FOR-US: oneup/uploader-bundle CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...) |