Commit c29eb453 authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso

Process some NFUs

parent daf1747c
...@@ -9,7 +9,7 @@ CVE-2019-15030 ...@@ -9,7 +9,7 @@ CVE-2019-15030
CVE-2019-15029 CVE-2019-15029
RESERVED RESERVED
CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...) CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...)
TODO: check NOT-FOR-US: Joomla!
CVE-2019-15027 CVE-2019-15027
RESERVED RESERVED
CVE-2019-15026 CVE-2019-15026
...@@ -153,11 +153,11 @@ CVE-2019-14988 ...@@ -153,11 +153,11 @@ CVE-2019-14988
CVE-2019-14987 (Adive Framework through 2.0.7 is affected by XSS in the Create New Tab ...) CVE-2019-14987 (Adive Framework through 2.0.7 is affected by XSS in the Create New Tab ...)
NOT-FOR-US: Adive Framework NOT-FOR-US: Adive Framework
CVE-2019-14986 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installe ...) CVE-2019-14986 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installe ...)
TODO: check NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14985 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remot ...) CVE-2019-14985 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remot ...)
TODO: check NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14984 (eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn inst ...) CVE-2019-14984 (eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn inst ...)
TODO: check NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14983 CVE-2019-14983
RESERVED RESERVED
CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...) CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...)
...@@ -1294,7 +1294,7 @@ CVE-2019-14531 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is ...@@ -1294,7 +1294,7 @@ CVE-2019-14531 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1576 NOTE: https://github.com/sleuthkit/sleuthkit/issues/1576
NOTE: Negligible security impact NOTE: Negligible security impact
CVE-2019-14530 (An issue was discovered in custom/ajax_download.php in OpenEMR before ...) CVE-2019-14530 (An issue was discovered in custom/ajax_download.php in OpenEMR before ...)
TODO: check NOT-FOR-US: OpenEMR
CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/s ...) CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/s ...)
NOT-FOR-US: OpenEMR NOT-FOR-US: OpenEMR
CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/ ...) CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/ ...)
...@@ -1335,7 +1335,7 @@ CVE-2019-14518 ...@@ -1335,7 +1335,7 @@ CVE-2019-14518
CVE-2019-14517 (pandao Editor.md 1.5.0 allows XSS via the Javascript: string. ...) CVE-2019-14517 (pandao Editor.md 1.5.0 allows XSS via the Javascript: string. ...)
NOT-FOR-US: pandao Editor.md NOT-FOR-US: pandao Editor.md
CVE-2019-14516 (The mAadhaar application 1.2.7 for Android lacks SSL Certificate Valid ...) CVE-2019-14516 (The mAadhaar application 1.2.7 for Android lacks SSL Certificate Valid ...)
TODO: check NOT-FOR-US: mAadhaar application for Android
CVE-2019-14515 CVE-2019-14515
RESERVED RESERVED
CVE-2019-14514 CVE-2019-14514
...@@ -2325,7 +2325,7 @@ CVE-2019-14361 ...@@ -2325,7 +2325,7 @@ CVE-2019-14361
CVE-2019-14360 CVE-2019-14360
RESERVED RESERVED
CVE-2019-14359 (** DISPUTED ** On BC Vault devices, a side channel for the row-based S ...) CVE-2019-14359 (** DISPUTED ** On BC Vault devices, a side channel for the row-based S ...)
TODO: check NOT-FOR-US: BC Vault devices
CVE-2019-14358 CVE-2019-14358
RESERVED RESERVED
CVE-2019-14357 (** DISPUTED ** On Mooltipass Mini devices, a side channel for the row- ...) CVE-2019-14357 (** DISPUTED ** On Mooltipass Mini devices, a side channel for the row- ...)
...@@ -5425,7 +5425,7 @@ CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) ...@@ -5425,7 +5425,7 @@ CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS)
CVE-2019-13463 CVE-2019-13463
RESERVED RESERVED
CVE-2019-13462 (Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. ...) CVE-2019-13462 (Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. ...)
TODO: check NOT-FOR-US: Lansweeper
CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...) CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...)
NOT-FOR-US: PrestaShop NOT-FOR-US: PrestaShop
CVE-2019-13460 CVE-2019-13460
...@@ -5543,17 +5543,17 @@ CVE-2019-13422 ...@@ -5543,17 +5543,17 @@ CVE-2019-13422
CVE-2019-13421 CVE-2019-13421
RESERVED RESERVED
CVE-2019-13420 (Search Guard versions before 21.0 had an timing side channel issue whe ...) CVE-2019-13420 (Search Guard versions before 21.0 had an timing side channel issue whe ...)
TODO: check NOT-FOR-US: Search Guard
CVE-2019-13419 (Search Guard versions before 23.1 had an issue that for aggregations c ...) CVE-2019-13419 (Search Guard versions before 23.1 had an issue that for aggregations c ...)
TODO: check NOT-FOR-US: Search Guard
CVE-2019-13418 (Search Guard versions before 24.0 had an issue that values of string a ...) CVE-2019-13418 (Search Guard versions before 24.0 had an issue that values of string a ...)
TODO: check NOT-FOR-US: Search Guard
CVE-2019-13417 (Search Guard versions before 24.0 had an issue that field caps and map ...) CVE-2019-13417 (Search Guard versions before 24.0 had an issue that field caps and map ...)
TODO: check NOT-FOR-US: Search Guard
CVE-2019-13416 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...) CVE-2019-13416 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...)
TODO: check NOT-FOR-US: Search Guard
CVE-2019-13415 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...) CVE-2019-13415 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...)
TODO: check NOT-FOR-US: Search Guard
CVE-2019-13414 (The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/ren ...) CVE-2019-13414 (The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/ren ...)
NOT-FOR-US: Wordpress plugin NOT-FOR-US: Wordpress plugin
CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection v ...) CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection v ...)
...@@ -7195,7 +7195,7 @@ CVE-2019-12810 ...@@ -7195,7 +7195,7 @@ CVE-2019-12810
CVE-2019-12809 CVE-2019-12809
RESERVED RESERVED
CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...) CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...)
TODO: check NOT-FOR-US: ALTOOLS update service
CVE-2019-12807 (Alzip 10.83 and earlier version contains a stack-based buffer overflow ...) CVE-2019-12807 (Alzip 10.83 and earlier version contains a stack-based buffer overflow ...)
TODO: check TODO: check
CVE-2019-12806 (UniSign 2.0.4.0 and earlier version contains a stack-based buffer over ...) CVE-2019-12806 (UniSign 2.0.4.0 and earlier version contains a stack-based buffer over ...)
...@@ -8003,7 +8003,7 @@ CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d ...@@ -8003,7 +8003,7 @@ CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer d
CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault leading t ...) CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault leading t ...)
NOT-FOR-US: BACnet Protocol Stack NOT-FOR-US: BACnet Protocol Stack
CVE-2019-12479 (An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vuln ...) CVE-2019-12479 (An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vuln ...)
TODO: check NOT-FOR-US: 20|20 Storage
CVE-2019-12478 CVE-2019-12478
RESERVED RESERVED
CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiveURL f ...) CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiveURL f ...)
...@@ -11399,7 +11399,7 @@ CVE-2019-11209 ...@@ -11399,7 +11399,7 @@ CVE-2019-11209
CVE-2019-11208 (The authorization component of TIBCO Software Inc.'s TIBCO API Exchang ...) CVE-2019-11208 (The authorization component of TIBCO Software Inc.'s TIBCO API Exchang ...)
NOT-FOR-US: TIBCO NOT-FOR-US: TIBCO
CVE-2019-11207 (The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enter ...) CVE-2019-11207 (The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enter ...)
TODO: check NOT-FOR-US: TIBCO
CVE-2019-11206 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...) CVE-2019-11206 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
NOT-FOR-US: TIBCO NOT-FOR-US: TIBCO
CVE-2019-11205 (The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analy ...) CVE-2019-11205 (The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analy ...)
...@@ -12077,9 +12077,9 @@ CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media Manag ...@@ -12077,9 +12077,9 @@ CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media Manag
CVE-2019-10944 CVE-2019-10944
RESERVED RESERVED
CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
TODO: check NOT-FOR-US: Siemens
CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All versions), ...) CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All versions), ...)
TODO: check NOT-FOR-US: Siemens
CVE-2019-10941 CVE-2019-10941
RESERVED RESERVED
CVE-2019-10940 CVE-2019-10940
...@@ -12105,11 +12105,11 @@ CVE-2019-10931 (A vulnerability has been identified in SIPROTEC 5 device types 6 ...@@ -12105,11 +12105,11 @@ CVE-2019-10931 (A vulnerability has been identified in SIPROTEC 5 device types 6
CVE-2019-10930 (A vulnerability has been identified in SIPROTEC 5 device types 6MD85, ...) CVE-2019-10930 (A vulnerability has been identified in SIPROTEC 5 device types 6MD85, ...)
NOT-FOR-US: Siemens NOT-FOR-US: Siemens
CVE-2019-10929 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) CVE-2019-10929 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
TODO: check NOT-FOR-US: Siemens
CVE-2019-10928 (A vulnerability has been identified in SCALANCE SC-600 (V2.0). An auth ...) CVE-2019-10928 (A vulnerability has been identified in SCALANCE SC-600 (V2.0). An auth ...)
TODO: check NOT-FOR-US: Siemens
CVE-2019-10927 (A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANC ...) CVE-2019-10927 (A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANC ...)
TODO: check NOT-FOR-US: Siemens
CVE-2019-10926 (A vulnerability has been identified in SIMATIC Ident MV420 family (All ...) CVE-2019-10926 (A vulnerability has been identified in SIMATIC Ident MV420 family (All ...)
NOT-FOR-US: Siemens NOT-FOR-US: Siemens
CVE-2019-10925 (A vulnerability has been identified in SIMATIC Ident MV420 family (All ...) CVE-2019-10925 (A vulnerability has been identified in SIMATIC Ident MV420 family (All ...)
...@@ -19512,7 +19512,7 @@ CVE-2019-8450 ...@@ -19512,7 +19512,7 @@ CVE-2019-8450
CVE-2019-8449 CVE-2019-8449
RESERVED RESERVED
CVE-2019-8448 (The login.jsp resource in Jira before version 7.13.4, and from version ...) CVE-2019-8448 (The login.jsp resource in Jira before version 7.13.4, and from version ...)
TODO: check NOT-FOR-US: Atlassian Jira
CVE-2019-8447 CVE-2019-8447
RESERVED RESERVED
CVE-2019-8446 CVE-2019-8446
...@@ -27425,7 +27425,7 @@ CVE-2019-5301 (Huawei smart phones Honor V20 with the versions before 9.0.1.161( ...@@ -27425,7 +27425,7 @@ CVE-2019-5301 (Huawei smart phones Honor V20 with the versions before 9.0.1.161(
CVE-2019-5300 (There is a digital signature verification bypass vulnerability in AR12 ...) CVE-2019-5300 (There is a digital signature verification bypass vulnerability in AR12 ...)
NOT-FOR-US: Huawei NOT-FOR-US: Huawei
CVE-2019-5299 (Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL0 ...) CVE-2019-5299 (Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL0 ...)
TODO: check NOT-FOR-US: Huawei
CVE-2019-5298 (There is an improper authentication vulnerability in some Huawei AP pr ...) CVE-2019-5298 (There is an improper authentication vulnerability in some Huawei AP pr ...)
NOT-FOR-US: Huawei NOT-FOR-US: Huawei
CVE-2019-5297 (Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T ...) CVE-2019-5297 (Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T ...)
...@@ -27463,7 +27463,7 @@ CVE-2019-5282 ...@@ -27463,7 +27463,7 @@ CVE-2019-5282
CVE-2019-5281 (There is an information leak vulnerability in some Huawei phones, vers ...) CVE-2019-5281 (There is an information leak vulnerability in some Huawei phones, vers ...)
NOT-FOR-US: Huawei NOT-FOR-US: Huawei
CVE-2019-5280 (The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has ...) CVE-2019-5280 (The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has ...)
TODO: check NOT-FOR-US: Huawei
CVE-2019-5279 CVE-2019-5279
RESERVED RESERVED
CVE-2019-5278 CVE-2019-5278
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment