diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-02-18 21:19:29 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-02-18 21:33:22 +0100 |
commit | 2aaa52e627ea7da33f58e9acc669d26172397d88 (patch) | |
tree | 31a639b80d6ac0b2f83cacbcba92375764572841 /data | |
parent | 1eeb4a2bb1ab2175e4eca42b8823f9e11e209354 (diff) |
Process NFUs
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2012.list | 6 | ||||
-rw-r--r-- | data/CVE/2013.list | 36 | ||||
-rw-r--r-- | data/CVE/2014.list | 10 | ||||
-rw-r--r-- | data/CVE/2015.list | 8 | ||||
-rw-r--r-- | data/CVE/2019.list | 16 | ||||
-rw-r--r-- | data/CVE/2020.list | 20 |
6 files changed, 48 insertions, 48 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 4b3204d264..75bb7dd7a0 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -197,7 +197,7 @@ CVE-2012-6668 (Multiple cross-site scripting (XSS) vulnerabilities in the Shout CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte ...) NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin CVE-2012-6666 (vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. ...) - TODO: check + NOT-FOR-US: vBSeo CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 ...) NOT-FOR-US: phpMoneyBooks CVE-2012-6664 @@ -11191,7 +11191,7 @@ CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Editi CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7. ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2204 (InfoSphere Guardium aix_ktap module: DoS ...) - TODO: check + NOT-FOR-US: InfoSphere Guardium aix_ktap module CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM R ...) NOT-FOR-US: IBM Global Security Kit CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus ...) @@ -14733,7 +14733,7 @@ CVE-2012-0720 (Cross-site scripting (XSS) vulnerability in the Integration Solut CVE-2012-0719 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manage ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2012-0718 (IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookie ...) - TODO: check + NOT-FOR-US: IBM CVE-2012-0717 (IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain S ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-0716 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 7e379a9ac2..9b34b47232 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -663,9 +663,9 @@ CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb) CVE-2013-7287 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encrypti ...) - TODO: check + NOT-FOR-US: MobileIron CVE-2013-7286 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfu ...) - TODO: check + NOT-FOR-US: MobileIron CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise Linu ...) - libreswan <not-affected> (Fixed before initial upload in Debian; /tmp-race in libreswan.spec for rpm based systems) CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router with fir ...) @@ -923,7 +923,7 @@ CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS be ...) NOT-FOR-US: QNAP QTS CVE-2013-7173 (Belkin n750 routers have a buffer overflow. ...) - TODO: check + NOT-FOR-US: Belkin CVE-2013-7172 (Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permission ...) - libiodbc2 <not-affected> (RPATH issue slackware specific) CVE-2013-7171 (Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, ...) @@ -1659,7 +1659,7 @@ CVE-2013-6929 (SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier CVE-2013-6928 RESERVED CVE-2013-6927 (Internet TRiLOGI Server (unknown versions) could allow a local user to ...) - TODO: check + NOT-FOR-US: Internet TRiLOGI Server CVE-2013-6926 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...) NOT-FOR-US: Siemens CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...) @@ -2198,7 +2198,7 @@ CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle n CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance (A ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-6681 (Tube Map Live Underground for Android before 3.0.22 has an Information ...) - TODO: check + NOT-FOR-US: Tube Map Live Underground for Android CVE-2013-6680 REJECTED CVE-2013-6679 @@ -3246,11 +3246,11 @@ CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM su CVE-2013-6363 RESERVED CVE-2013-6362 (Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and s ...) - TODO: check + NOT-FOR-US: Xerox CVE-2013-6361 RESERVED CVE-2013-6360 (TRENDnet TS-S402 has a backdoor to enable TELNET. ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attackers to ...) {DSA-2815-1 DLA-20-1} - munin 2.0.18-1 @@ -3413,7 +3413,7 @@ CVE-2013-6297 CVE-2013-6296 RESERVED CVE-2013-6295 (PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman acc ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2013-6294 RESERVED CVE-2013-6293 @@ -3449,7 +3449,7 @@ CVE-2013-6279 CVE-2013-6278 RESERVED CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...) - TODO: check + NOT-FOR-US: QNAP CVE-2013-6276 RESERVED CVE-2013-6274 @@ -4823,7 +4823,7 @@ CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Ap ...) NOT-FOR-US: Open-Xchange CVE-2013-5687 (RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean ...) - TODO: check + NOT-FOR-US: RiskNet Acquirer CVE-2013-5686 RESERVED CVE-2013-5685 @@ -6868,9 +6868,9 @@ CVE-2013-4794 CVE-2013-4793 (The update function in umbraco.webservices/templates/templateService.c ...) NOT-FOR-US: Umbraco CVE-2013-4792 (PrestaShop before 1.4.11 allows logout CSRF. ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2013-4791 (PrestaShop before 1.4.11 allows Logistician, translators and other low ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 be ...) NOT-FOR-US: Open-Xchange CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0 ...) @@ -9445,7 +9445,7 @@ CVE-2013-3944 (Stack-based buffer overflow in the MrSID plugin (MrSID.dll) befor CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6. ...) NOT-FOR-US: DotNetNukeDot CVE-2013-3942 (Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vul ...) - TODO: check + NOT-FOR-US: Potplayer CVE-2013-3941 (Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbi ...) NOT-FOR-US: XnView CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in Microsoft W ...) @@ -10836,7 +10836,7 @@ CVE-2013-3325 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.20 CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3323 (A Privilege Escalation Vulnerability exists in IBM Maximo Asset Manage ...) - TODO: check + NOT-FOR-US: IBM CVE-2013-3322 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...) NOT-FOR-US: NetApp OnCommand System Manager CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...) @@ -12406,7 +12406,7 @@ CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Byp CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartex ...) NOT-FOR-US: Cisco CVE-2013-2679 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E ...) - TODO: check + NOT-FOR-US: Cisco CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...) NOT-FOR-US: Cisco CVE-2013-2677 @@ -16444,7 +16444,7 @@ CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbi CVE-2013-1411 RESERVED CVE-2013-1410 (Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities ...) - TODO: check + NOT-FOR-US: Perforce CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin befo ...) NOT-FOR-US: CommentLuv plugin for Wordpress CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija Newsletters plugi ...) @@ -16462,9 +16462,9 @@ CVE-2013-1403 CVE-2013-1402 (DigiLIBE 3.4 and possibly other versions sends a redirect but does not ...) NOT-FOR-US: DigiLIBE CVE-2013-1401 (Multiple security bypass vulnerabilities in the editAnswer, deleteAnsw ...) - TODO: check + NOT-FOR-US: WordPress Poll Plugin for WordPress CVE-2013-1400 (Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll ...) - TODO: check + NOT-FOR-US: WordPress Poll Plugin for WordPress CVE-2013-0243 (haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnera ...) - haskell-tls-extra 0.4.6.1-1 (bug #698545) CVE-2013-1399 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 8cf855544e..7310ba7ce7 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -14071,7 +14071,7 @@ CVE-2014-4983 CVE-2014-4982 (LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection ...) NOT-FOR-US: LPAR2RRD CVE-2014-4981 (LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitra ...) - TODO: check + NOT-FOR-US: LPAR2RRD CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for Nes ...) NOT-FOR-US: Tenable Web UI for Nessus CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or c ...) @@ -16862,9 +16862,9 @@ CVE-2014-3829 (displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterpris CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon ...) - centreon-web <itp> (bug #913903) CVE-2014-3827 (Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka M ...) - TODO: check + NOT-FOR-US: MyBB CVE-2014-3826 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows ...) - TODO: check + NOT-FOR-US: MyBB CVE-2014-3825 (The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1 ...) NOT-FOR-US: Juniper Junos CVE-2014-3824 (Cross-site scripting (XSS) vulnerability in the web server in the Juni ...) @@ -20324,7 +20324,7 @@ CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to ca CVE-2014-2596 RESERVED CVE-2014-2595 (Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attac ...) - TODO: check + NOT-FOR-US: Barracuda Web Application Firewall (WAF) CVE-2014-2594 RESERVED CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy Manager 6.3. ...) @@ -22898,7 +22898,7 @@ CVE-2014-1619 (Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, CVE-2014-1618 (Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script a ...) NOT-FOR-US: UAEPD Shopping Cart Script CVE-2014-1617 (Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Over ...) - TODO: check + NOT-FOR-US: Microsys CVE-2014-1616 RESERVED CVE-2014-1615 (Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon B ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index b1cf31c655..22e637b268 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -7684,7 +7684,7 @@ CVE-2015-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Rea CVE-2015-6971 (Lenovo System Update (formerly ThinkVantage System Update) before 5.07 ...) NOT-FOR-US: Lenovo CVE-2015-6970 (The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night ...) - TODO: check + NOT-FOR-US: Bosch CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 ...) - serendipity <removed> CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the serendipity_isAct ...) @@ -7810,7 +7810,7 @@ CVE-2015-6924 CVE-2015-6923 (The ndvbs module in VBox Communications Satellite Express Protocol 2.3 ...) NOT-FOR-US: VBox Communications Satellite Express Protocol CVE-2015-6922 (Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x bef ...) - TODO: check + NOT-FOR-US: Kaseya Virtual System Administrator CVE-2015-6921 (Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab m ...) NOT-FOR-US: Zendesk Feedback Tab for Drupal CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in the sourc ...) @@ -8778,7 +8778,7 @@ CVE-2015-6591 (Directory traversal vulnerability in application/templates/amelia CVE-2015-6590 RESERVED CVE-2015-6589 (Directory traversal vulnerability in Kaseya Virtual System Administrat ...) - TODO: check + NOT-FOR-US: Kaseya Virtual System Administrator CVE-2015-6588 (Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Rev ...) NOT-FOR-US: MODX Revolution CVE-2015-6587 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated user ...) @@ -23211,7 +23211,7 @@ CVE-2015-1430 (Buffer overflow in xymon 4.3.17-1. ...) NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/ NOTE: http://www.openwall.com/lists/oss-security/2015/01/30/17 CVE-2015-1425 (JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities ...) - TODO: check + NOT-FOR-US: JAKWEB Gecko CMS CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2 ...) NOT-FOR-US: Gecko CMS CVE-2015-1423 (Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index e89ae29aeb..36ab217840 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -19329,7 +19329,7 @@ CVE-2019-12956 CVE-2019-12955 RESERVED CVE-2019-12954 (SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2019-12953 RESERVED CVE-2019-12952 @@ -22082,7 +22082,7 @@ CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS beca CVE-2019-11868 (See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or ...) NOT-FOR-US: SoftEther VPN Server CVE-2019-11867 (Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to ...) - TODO: check + NOT-FOR-US: Realtek NDIS driver rt640x64.sys CVE-2019-11866 RESERVED CVE-2019-11865 @@ -25163,7 +25163,7 @@ CVE-2019-10797 CVE-2019-10796 RESERVED CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...) - TODO: check + NOT-FOR-US: undefsafe CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype Pollutio ...) TODO: check CVE-2019-10793 (dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set ...) @@ -37985,15 +37985,15 @@ CVE-2019-6196 CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...) TODO: check CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was reported in ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2019-6193 (An information disclosure vulnerability was reported in Lenovo XClarit ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2019-6192 (A potential vulnerability has been reported in Lenovo Power Management ...) NOT-FOR-US: Lenovo CVE-2019-6191 (A potential vulnerability in the discontinued LenovoPaper software ver ...) NOT-FOR-US: Lenovo CVE-2019-6190 (Lenovo was notified of a potential denial of service vulnerability, af ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2019-6189 (A potential vulnerability was reported in Lenovo System Interface Foun ...) NOT-FOR-US: Lenovo CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) @@ -40081,7 +40081,7 @@ CVE-2019-5324 CVE-2019-5323 RESERVED CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is present ...) - TODO: check + NOT-FOR-US: Edge Switch models CVE-2019-5321 RESERVED CVE-2019-5320 @@ -42862,7 +42862,7 @@ CVE-2019-4000 CVE-2019-3999 RESERVED CVE-2019-3998 (Authentication bypass using an alternate path or channel in SimpliSafe ...) - TODO: check + NOT-FOR-US: SimpliSafe SS3 firmware CVE-2019-3997 (Authentication bypass using an alternate path or channel in SimpliSafe ...) NOT-FOR-US: SimpliSafe SS3 firmware CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 3611882345..4a11d601a2 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,19 +1,19 @@ CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...) - TODO: check + NOT-FOR-US: ICE Hrm CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via ...) - TODO: check + NOT-FOR-US: ICE Hrm CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection that lead ...) - TODO: check + NOT-FOR-US: SOPlanning CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, ...) - TODO: check + NOT-FOR-US: SOPlanning CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) - TODO: check + NOT-FOR-US: SOPlanning CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) - TODO: check + NOT-FOR-US: SOPlanning CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against t ...) - TODO: check + NOT-FOR-US: phpMyChat-Plus CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass ...) - TODO: check + NOT-FOR-US: ESET CVE-2020-9263 RESERVED CVE-2020-9262 @@ -5079,9 +5079,9 @@ CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is CVE-2020-6846 RESERVED CVE-2020-6845 (An issue was discovered in TopManage OLK 2020. As there is no ReadOnly ...) - TODO: check + NOT-FOR-US: TopManage CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another vulnerab ...) - TODO: check + NOT-FOR-US: TopManage CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This i ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2020-6842 |