[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 7 22:08:37 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
962dac95 by Salvatore Bonaccorso at 2019-08-07T21:08:20Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,21 +5,21 @@ CVE-2019-14752
CVE-2019-14751
RESERVED
CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2019-14749 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2019-14748 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2019-14747 (DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-de ...)
TODO: check
CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by ...)
- TODO: check
+ NOT-FOR-US: KuaiFanCMS
CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exists in b ...)
TODO: check
CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...)
TODO: check
CVE-2019-14743 (** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, H ...)
- TODO: check
+ NOT-FOR-US: Valve Steam Client for Windows
CVE-2019-14742
RESERVED
CVE-2019-14741
@@ -208,9 +208,9 @@ CVE-2018-20961 (In the Linux kernel before 4.16.4, a double free vulnerability i
CVE-2018-20960
RESERVED
CVE-2018-20959 (Jura E8 devices lack Bluetooth connection security. ...)
- TODO: check
+ NOT-FOR-US: Jura E8 devices
CVE-2018-20958 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...)
- TODO: check
+ NOT-FOR-US: Tapplock devices
CVE-2018-20957
RESERVED
CVE-2018-20956
@@ -490,11 +490,11 @@ CVE-2019-14537 (YOURLS through 1.7.3 is affected by a type juggling vulnerabilit
CVE-2019-14536
RESERVED
CVE-2017-18483 (ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a ...)
- TODO: check
+ NOT-FOR-US: ANNKE SP1 HD wireless camera devices
CVE-2016-10862
RESERVED
CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settin ...)
- TODO: check
+ NOT-FOR-US: Neet AirStream NAS1.1 devices
CVE-2019-14535
RESERVED
CVE-2019-14534
@@ -647,7 +647,7 @@ CVE-2019-14476
CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use s ...)
NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in ...)
- TODO: check
+ NOT-FOR-US: eQ-3 Homematic CCU3
CVE-2019-14473 (eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but la ...)
NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. ...)
@@ -1177,35 +1177,35 @@ CVE-2016-10814 (cPanel before 57.9999.54 allows demo-mode escape via show_templa
CVE-2016-10813 (cPanel before 57.9999.54 allows self XSS during ftp account creation u ...)
NOT-FOR-US: cPanel
CVE-2016-10812 (In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs ( ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10811 (In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC- ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10810 (In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10809 (In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10808 (In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop expos ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10807 (cPanel before 57.9999.54 allows certain denial-of-service outcomes via ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10806 (cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10805 (cPanel before 57.9999.54 allows demo accounts to execute arbitrary cod ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10804 (The SQLite journal feature in cPanel before 57.9999.54 allows arbitrar ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10803 (cPanel before 57.9999.105 allows newline injection via LOC records (CP ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10802 (cPanel before 58.0.4 allows code execution in the context of other use ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10801 (cPanel before 58.0.4 has improper session handling for shared users (S ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10800 (cPanel before 58.0.4 allows demo-mode escape via Site Templates and Bo ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10799 (cPanel before 58.0.4 does not set the Pear tmp directory during a PHP ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10798 (cPanel before 58.0.4 allows a file-ownership change (to nobody) via re ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2016-10797 (cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certifica ...)
NOT-FOR-US: cPanel
CVE-2016-10796 (cPanel before 58.0.4 initially uses weak permissions for Apache HTTP S ...)
@@ -1333,7 +1333,7 @@ CVE-2019-14433 [Nova Server Resource Faults Leak External Exception Details]
NOTE: https://security.openstack.org/ossa/OSSA-2019-003.html
NOTE: https://launchpad.net/bugs/1837877
CVE-2019-14432 (Incorrect authentication of application WebSocket connections in Loom ...)
- TODO: check
+ NOT-FOR-US: Loom Desktop for Mac
CVE-2019-14431 (In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles ...)
- matrixssl <removed>
CVE-2019-14430
@@ -9348,7 +9348,7 @@ CVE-2019-11655
CVE-2019-11654
RESERVED
CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2019-11652
RESERVED
CVE-2019-11651
@@ -13425,7 +13425,7 @@ CVE-2016-10749 (parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer
CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other products, rich ...)
NOT-FOR-US: Snipe-IT
CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write user dat ...)
- TODO: check
+ NOT-FOR-US: Apache Spark
CVE-2019-10098
RESERVED
CVE-2019-10097
@@ -36123,11 +36123,11 @@ CVE-2019-1916
CVE-2019-1915
RESERVED
CVE-2019-1914 (A vulnerability in the web management interface of Cisco Small Busines ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1913 (Multiple vulnerabilities in the web management interface of Cisco Smal ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1912 (A vulnerability in the web management interface of Cisco Small Busines ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1911 (A vulnerability in the CLI of Cisco Unified Communications Domain Mana ...)
NOT-FOR-US: Cisco
CVE-2019-1910
@@ -54641,7 +54641,7 @@ CVE-2018-14385
CVE-2018-14384
RESERVED
CVE-2018-14383 (The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows ...)
- TODO: check
+ NOT-FOR-US: Transition Technologies "The Scheduler" app for Jira
CVE-2018-14382 (InstantCMS 2.10.1 has /redirect?url= XSS. ...)
NOT-FOR-US: InstantCMS
CVE-2018-14381 (Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulner ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/962dac955ed729d63dc6f1eb58e87f0317da9207
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/962dac955ed729d63dc6f1eb58e87f0317da9207
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190807/cd16106e/attachment.html>
More information about the debian-security-tracker-commits
mailing list