diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-02-08 21:42:26 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-02-08 21:42:26 +0100 |
commit | 6dda58fe17497cc54790b0451da1d97642895e35 (patch) | |
tree | c54e78af5201db07994b2fe9a32ed016f6646904 | |
parent | a136ab7dc92ad401be2b3037f7cf16e68b9ed3f1 (diff) |
Process NFUs
-rw-r--r-- | data/CVE/2012.list | 4 | ||||
-rw-r--r-- | data/CVE/2013.list | 12 | ||||
-rw-r--r-- | data/CVE/2014.list | 12 | ||||
-rw-r--r-- | data/CVE/2015.list | 8 | ||||
-rw-r--r-- | data/CVE/2019.list | 38 |
5 files changed, 37 insertions, 37 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 92ef83dc8e..bdd025e7d0 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -6652,7 +6652,7 @@ CVE-2012-4031 (Multiple directory traversal vulnerabilities in src/acloglogin.ph CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied input ...) NOT-FOR-US: Chamilo LMS CVE-2012-4029 (Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in ...) - TODO: check + NOT-FOR-US: Chamilo LMS CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data, ...) NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework allo ...) @@ -10252,7 +10252,7 @@ CVE-2012-2595 (Multiple cross-site scripting (XSS) vulnerabilities in unspecifie CVE-2012-2594 RESERVED CVE-2012-2593 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...) - TODO: check + NOT-FOR-US: Atmail Webmail Server CVE-2012-2592 (Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 a ...) NOT-FOR-US: AXIGEN Mail Server CVE-2012-2591 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 36110a0979..ba6a72475e 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -10193,7 +10193,7 @@ CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators t NOTE: https://tracker.moodle.org/browse/MDL-41449 NOTE: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats CVE-2013-3629 (ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution ...) - TODO: check + NOT-FOR-US: ISPConfig CVE-2013-3628 (Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability ...) TODO: check CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed Age ...) @@ -10269,7 +10269,7 @@ CVE-2013-3593 (Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) CVE-2013-3592 RESERVED CVE-2013-3591 (vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execu ...) - TODO: check + NOT-FOR-US: vTiger CRM CVE-2013-3590 (Unrestricted file upload vulnerability in admin/uploadImage.html in Se ...) NOT-FOR-US: SearchBlox CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in the Admi ...) @@ -11365,7 +11365,7 @@ CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRE CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FI ...) NOT-FOR-US: Verizon CVE-2013-3096 (D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking ...) - TODO: check + NOT-FOR-US: D-Link CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...) NOT-FOR-US: D-Link CVE-2013-3094 @@ -11375,7 +11375,7 @@ CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...) CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass a ...) NOT-FOR-US: Belkin router CVE-2013-3091 (An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) rout ...) - TODO: check + NOT-FOR-US: Belkin N300 router CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 rou ...) NOT-FOR-US: Belkin N300 router CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin ...) @@ -11430,7 +11430,7 @@ CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WN CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksy ...) NOT-FOR-US: Linksys CVE-2013-3067 (Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. ...) - TODO: check + NOT-FOR-US: Linksys CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict ...) NOT-FOR-US: Linksys CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental Controls sect ...) @@ -16894,7 +16894,7 @@ CVE-2013-1204 (Memory leak in the SNMP process in Cisco IOS XR allows remote att CVE-2013-1203 (Cisco ASA CX Context-Aware Security Software allows remote attackers t ...) NOT-FOR-US: Cisco ASA CVE-2013-1202 (Cisco ACE A2(3.6) allows log retention DoS. ...) - TODO: check + NOT-FOR-US: Cisco CVE-2013-1201 RESERVED CVE-2013-1200 (Session fixation vulnerability in Cisco Secure Access Control System ( ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 0473fc6b1c..6ce4f68aeb 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -2908,7 +2908,7 @@ CVE-2014-9472 (The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x b - request-tracker4 4.2.8-3 - request-tracker3.8 <removed> (unimportant) CVE-2014-9470 (Cross-site scripting (XSS) vulnerability in the loadForm function in F ...) - TODO: check + NOT-FOR-US: Fork CMS CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3. ...) NOT-FOR-US: vBulletin CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP Inst ...) @@ -3883,9 +3883,9 @@ CVE-2014-9131 CVE-2014-9128 RESERVED CVE-2014-9127 (Open-School Community Edition 2.2 does not properly restrict access to ...) - TODO: check + NOT-FOR-US: Open-School Community Edition CVE-2014-9126 (Multiple cross-site scripting (XSS) vulnerabilities in Open-School Com ...) - TODO: check + NOT-FOR-US: Open-School Community Edition CVE-2014-9125 RESERVED CVE-2014-9124 @@ -7425,7 +7425,7 @@ CVE-2014-7865 CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServlet (a ...) NOT-FOR-US: ZOHO ManageEngine OpManager CVE-2014-7863 (The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngi ...) - TODO: check + NOT-FOR-US: ZOHO ManageEngine CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and Deskt ...) NOT-FOR-US: ManageEngine CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly v ...) @@ -13255,7 +13255,7 @@ CVE-2014-5290 CVE-2014-5289 (Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execu ...) NOT-FOR-US: Senkas Kolibri CVE-2014-5288 (A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via uns ...) - TODO: check + NOT-FOR-US: Kemp Load Master CVE-2014-5287 (A Bash script injection vulnerability exists in Kemp Load Master 7.1-1 ...) NOT-FOR-US: Kemp Load Master CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveM ...) @@ -13797,7 +13797,7 @@ CVE-2014-5093 (Status2k does not remove the install directory allowing credentia CVE-2014-5092 (Status2k allows Remote Command Execution in admin/options/editpl.php. ...) NOT-FOR-US: Status2k CVE-2014-5091 (A vulnerability exits in Status2K 2.5 Server Monitoring Software via t ...) - TODO: check + NOT-FOR-US: Status2K Server Monitoring Software CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated adminis ...) NOT-FOR-US: Status2k CVE-2014-5089 (SQL injection vulnerability in admin/options/logs.php in Status2k allo ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 90b2b49182..873dcb4c02 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -17299,7 +17299,7 @@ CVE-2015-3425 (Cross-site scripting (XSS) vulnerability in Accentis Content Reso CVE-2015-3424 (SQL injection vulnerability in Accentis Content Resource Management Sy ...) NOT-FOR-US: Accentis Content Resource Management System CVE-2015-3423 (Multiple SQL injection vulnerabilities in NetCracker Resource Manageme ...) - TODO: check + NOT-FOR-US: NetCracker Resource Management System CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 al ...) NOT-FOR-US: SearchBlox CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress Eshop plu ...) @@ -18886,7 +18886,7 @@ CVE-2015-2911 CVE-2015-2910 RESERVED CVE-2015-2909 (Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 dev ...) - TODO: check + NOT-FOR-US: Dedicated Micros DVR products CVE-2015-2908 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmwar ...) NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles CVE-2015-2907 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with firmwar ...) @@ -21041,7 +21041,7 @@ CVE-2015-2209 (DLGuard 4.5 allows remote attackers to obtain the installation pa CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remo ...) NOT-FOR-US: phpMoAdmin CVE-2015-2207 (Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Reso ...) - TODO: check + NOT-FOR-US: NetCracker Resource Management System CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2 ...) {DSA-3382-1 DLA-336-1} - phpmyadmin 4:4.4.4-1 (unimportant) @@ -21455,7 +21455,7 @@ CVE-2015-2080 (The exception handling code in Eclipse Jetty before 9.2.9.v201502 NOTE: https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md NOTE: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html CVE-2015-2062 (Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-i ...) - TODO: check + NOT-FOR-US: Huge-IT Slider (slider- image) plugin for WordPress CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo View all ...) NOT-FOR-US: PTC Creo View CVE-2015-2057 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 73789594cd..92f72c11ba 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -8187,9 +8187,9 @@ CVE-2019-17138 (This vulnerability allows remote attackers to disclose sensitive CVE-2019-17137 RESERVED CVE-2019-17136 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit PhantomPDF CVE-2019-17135 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit PhantomPDF CVE-2019-17134 (Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 ...) - octavia 4.0.0-6 (bug #941897) [buster] - octavia <no-dsa> (Minor issue in regular setups, can be fixed via point release) @@ -10665,7 +10665,7 @@ CVE-2019-16157 CVE-2019-16156 RESERVED CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...) - TODO: check + NOT-FOR-US: Fortiguard FortiClient CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...) NOT-FOR-US: FortiAuthenticator WEB UI CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM database ...) @@ -16186,7 +16186,7 @@ CVE-2019-14090 CVE-2019-14089 RESERVED CVE-2019-14088 (Possible use after free issue while CRM is accessing the link pointer ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14087 RESERVED CVE-2019-14086 @@ -16236,23 +16236,23 @@ CVE-2019-14065 CVE-2019-14064 RESERVED CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14062 RESERVED CVE-2019-14061 RESERVED CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14059 RESERVED CVE-2019-14058 RESERVED CVE-2019-14057 (Buffer Over read of codec private data while parsing an mkv file due t ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14056 RESERVED CVE-2019-14055 (Possibility of use-after-free and double free because of not marking b ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14054 RESERVED CVE-2019-14053 @@ -16260,29 +16260,29 @@ CVE-2019-14053 CVE-2019-14052 RESERVED CVE-2019-14051 (Subsequent additions performed during Module loading while allocating ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14050 RESERVED CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocation whi ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14048 RESERVED CVE-2019-14047 RESERVED CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14045 RESERVED CVE-2019-14044 (Out of bound access due to access of uninitialized memory segment in a ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14043 RESERVED CVE-2019-14042 RESERVED CVE-2019-14041 (During listener modified response processing, a buffer overrun occurs ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14040 (Using memory after being freed in qsee due to wrong implementation can ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-14039 RESERVED CVE-2019-14038 @@ -18136,9 +18136,9 @@ CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has ...) NOT-FOR-US: SalesAgility SuiteCRM CVE-2019-13334 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit PhantomPDF CVE-2019-13333 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit PhantomPDF CVE-2019-13332 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-13331 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -18631,7 +18631,7 @@ CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a networ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6f5d8671225dc77190647f18a27a0d156d4ca97a CVE-2019-13163 (The Fujitsu TLS library allows a man-in-the-middle attack. This affect ...) - TODO: check + NOT-FOR-US: Fujitsu CVE-2019-13162 RESERVED CVE-2019-13161 (An issue was discovered in Asterisk Open Source through 13.27.0, 14.x ...) @@ -25673,7 +25673,7 @@ CVE-2019-10592 (Possible integer overflow while multiplying two integers of 32 b CVE-2019-10591 RESERVED CVE-2019-10590 (Out of bound access while parsing dts atom, which is non-standard as i ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-10589 RESERVED CVE-2019-10588 @@ -25719,7 +25719,7 @@ CVE-2019-10569 CVE-2019-10568 RESERVED CVE-2019-10567 (There is a way to deceive the GPU kernel driver into thinking there is ...) - TODO: check + NOT-FOR-US: Snapdragon CVE-2019-10566 (Buffer overflow can occur in wlan module if supported rates or extende ...) NOT-FOR-US: Snapdragon CVE-2019-10565 (Double free issue can happen when sensor power settings is freed by so ...) |