Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b63cc0ba by Salvatore Bonaccorso at 2020-03-09T21:38:52+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1042,7 +1042,7 @@ CVE-2020-9760 CVE-2020-9759 RESERVED CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...) - TODO: check + NOT-FOR-US: LiveZilla Live Chat CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows Server-Side ...) NOT-FOR-US: Seomatic component for Craft CMS CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...) @@ -2815,7 +2815,7 @@ CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of da CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...) NOT-FOR-US: Voatz application for Android CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 pr ...) - TODO: check + NOT-FOR-US: Avast AntiTrack CVE-2020-8986 RESERVED CVE-2020-8985 @@ -3591,9 +3591,9 @@ CVE-2020-8637 CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...) NOT-FOR-US: OpServices OpMon CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) - TODO: check + NOT-FOR-US: Wing FTP Server CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) - TODO: check + NOT-FOR-US: Wing FTP Server CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8 ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...) @@ -10964,7 +10964,7 @@ CVE-2020-5329 CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized ...) NOT-FOR-US: EMC CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 contain a Ja ...) - TODO: check + NOT-FOR-US: Dell CVE-2020-5326 (Affected Dell Client platforms contain a BIOS Setup configuration auth ...) NOT-FOR-US: Dell CVE-2020-5325 @@ -13976,7 +13976,7 @@ CVE-2020-4086 CVE-2020-4085 RESERVED CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scri ...) - TODO: check + NOT-FOR-US: HCL Connections CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...) NOT-FOR-US: HCL Connections CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...) @@ -14371,7 +14371,7 @@ CVE-2019-20109 CVE-2019-20108 RESERVED CVE-2019-20107 (Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allo ...) - TODO: check + NOT-FOR-US: TestLink CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center before ver ...) NOT-FOR-US: Atlassian CVE-2019-20105 @@ -16011,9 +16011,9 @@ CVE-2019-19775 (The image thumbnailing handler in Zulip Server versions 1.9.0 to CVE-2019-19774 (An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP ...) NOT-FOR-US: Zoho ManageEngine EventLog Analyzer CVE-2019-19773 (Various Lexmark products have stored XSS in the embedded web server us ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2019-19772 (Various Lexmark products have reflected XSS in the embedded web server ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2019-19771 (The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have b ...) NOT-FOR-US: lodahs malicious package on npm CVE-2019-19830 (_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authent ...) @@ -18752,7 +18752,7 @@ CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the CVE-2019-19615 RESERVED CVE-2019-19614 (An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login p ...) - TODO: check + NOT-FOR-US: Halvotec RAQuest CVE-2019-19613 RESERVED CVE-2019-19612 @@ -19469,57 +19469,57 @@ CVE-2020-2161 CVE-2020-2160 RESERVED CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job ...) - TODO: check + NOT-FOR-US: Jenkins CryptoMove Plugin CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its YAML pa ...) - TODO: check + NOT-FOR-US: Jenkins Literate Plugin CVE-2020-2157 (Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured c ...) - TODO: check + NOT-FOR-US: Jenkins Skytap Cloud CI Plugin CVE-2020-2156 (Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured crede ...) - TODO: check + NOT-FOR-US: Jenkins DeployHub Plugin CVE-2020-2155 (Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configur ...) - TODO: check + NOT-FOR-US: Jenkins OpenShift Deployer Plugin CVE-2020-2154 (Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores ...) - TODO: check + NOT-FOR-US: Jenkins Zephyr for JIRA Test Management Plugin CVE-2020-2153 (Jenkins Backlog Plugin 2.4 and earlier transmits configured credential ...) - TODO: check + NOT-FOR-US: Jenkins Backlog Plugin CVE-2020-2152 (Jenkins Subversion Release Manager Plugin 1.2 and earlier does not esc ...) - TODO: check + NOT-FOR-US: Jenkins Subversion Release Manager Plugin CVE-2020-2151 (Jenkins Quality Gates Plugin 2.5 and earlier transmits configured cred ...) - TODO: check + NOT-FOR-US: Jenkins Quality Gates Plugin CVE-2020-2150 (Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configu ...) - TODO: check + NOT-FOR-US: Jenkins Sonar Quality Gates Plugin CVE-2020-2149 (Jenkins Repository Connector Plugin 1.2.6 and earlier transmits config ...) - TODO: check + NOT-FOR-US: Jenkins Repository Connector Plugin CVE-2020-2148 (A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier all ...) - TODO: check + NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2147 (A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 ...) - TODO: check + NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2146 (Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys w ...) - TODO: check + NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2145 (Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier sto ...) - TODO: check + NOT-FOR-US: Jenkins Zephyr Enterprise Test Management Plugin CVE-2020-2144 (Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML pa ...) - TODO: check + NOT-FOR-US: Jenkins Rundeck Plugin CVE-2020-2143 (Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credent ...) - TODO: check + NOT-FOR-US: Jenkins Logstash Plugin CVE-2020-2142 (A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier al ...) - TODO: check + NOT-FOR-US: Jenkins P4 Plugin CVE-2020-2141 (A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.1 ...) - TODO: check + NOT-FOR-US: Jenkins P4 Plugin CVE-2020-2140 (Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error m ...) - TODO: check + NOT-FOR-US: Jenkins Audit Trail Plugin CVE-2020-2139 (An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 ...) - TODO: check + NOT-FOR-US: Jenkins Cobertura Plugin CVE-2020-2138 (Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML p ...) - TODO: check + NOT-FOR-US: Jenkins Cobertura Plugin CVE-2020-2137 (Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML f ...) - TODO: check + NOT-FOR-US: Jenkins Timestamper Plugin CVE-2020-2136 (Jenkins Git Plugin 4.2.0 and earlier does not escape the error message ...) - TODO: check + NOT-FOR-US: Jenkins Git Plugin CVE-2020-2135 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier ...) - TODO: check + NOT-FOR-US: Jenkins Script Security Plugin CVE-2020-2134 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier ...) - TODO: check + NOT-FOR-US: Jenkins Script Security Plugin CVE-2020-2133 (Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2020-2132 (Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b63cc0ba007ee1d6c9dd3d54ca4f118f56848aba -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b63cc0ba007ee1d6c9dd3d54ca4f118f56848aba You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits