[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 23 21:47:50 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4e50f6a by Salvatore Bonaccorso at 2019-08-23T20:47:23Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2019-15537 (The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL I ...)
TODO: check
CVE-2019-15536 (The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injec ...)
- TODO: check
+ NOT-FOR-US: Acclaim block plugin for Moodle
CVE-2019-15535 (Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. ...)
TODO: check
CVE-2019-15534
@@ -13,15 +13,15 @@ CVE-2019-15532
CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read in the ...)
TODO: check
CVE-2019-15530 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-15529 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-15528 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-15527 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-15526 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-15525 (There is Missing SSL Certificate Validation in the pw3270 terminal emu ...)
TODO: check
CVE-2019-15524
@@ -47,7 +47,7 @@ CVE-2019-15515
CVE-2019-15514 (The Privacy > Phone Number feature in the Telegram app 5.10 for And ...)
TODO: check
CVE-2019-15513 (An issue was discovered in OpenWrt libuci (aka Library for the Unified ...)
- TODO: check
+ NOT-FOR-US: OpenWrt libuci
CVE-2019-15512
RESERVED
CVE-2019-15511
@@ -77,7 +77,7 @@ CVE-2019-15500
CVE-2019-15499 (CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element wi ...)
TODO: check
CVE-2019-15498 (cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows rem ...)
- TODO: check
+ NOT-FOR-US: Vera Edge Home Controller
CVE-2019-15497
RESERVED
CVE-2019-15496
@@ -85,21 +85,21 @@ CVE-2019-15496
CVE-2019-15495
RESERVED
CVE-2019-15494 (openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. ...)
- TODO: check
+ NOT-FOR-US: openITCOCKPIT
CVE-2019-15493 (openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21 ...)
- TODO: check
+ NOT-FOR-US: openITCOCKPIT
CVE-2019-15492 (openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. ...)
- TODO: check
+ NOT-FOR-US: openITCOCKPIT
CVE-2019-15491 (openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. ...)
- TODO: check
+ NOT-FOR-US: openITCOCKPIT
CVE-2019-15490 (openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. ...)
- TODO: check
+ NOT-FOR-US: openITCOCKPIT
CVE-2019-15489
RESERVED
CVE-2019-15488 (Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP se ...)
TODO: check
CVE-2019-15487 (DfE School Experience before v16333-GA has XSS via a teacher training ...)
- TODO: check
+ NOT-FOR-US: DfE School Experience
CVE-2019-15486 (django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_ ...)
TODO: check
CVE-2019-15485 (Bolt before 3.6.10 has XSS via createFolder or createFile in Controlle ...)
@@ -423,7 +423,7 @@ CVE-2019-15327 (The import-users-from-csv-with-meta plugin before 1.14.1.3 for W
CVE-2019-15326 (The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPre ...)
NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress
CVE-2019-15325 (In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/1 ...)
- TODO: check
+ NOT-FOR-US: GalliumOS
CVE-2018-20988 (The wpgform plugin before 0.94 for WordPress has eval injection in the ...)
NOT-FOR-US: wpgform plugin for WordPress
CVE-2018-20987 (The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP objec ...)
@@ -1597,7 +1597,7 @@ CVE-2019-15001
CVE-2019-15000
RESERVED
CVE-2019-14999 (The Uninstall REST endpoint in Atlassian Universal Plugin Manager befo ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-14998
RESERVED
CVE-2019-14997
@@ -7103,7 +7103,7 @@ CVE-2019-13423 (Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.
CVE-2019-13422 (Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 ...)
TODO: check
CVE-2019-13421 (Search Guard versions before 23.1 had an issue that an administrative ...)
- TODO: check
+ NOT-FOR-US: Search Guard
CVE-2019-13420 (Search Guard versions before 21.0 had an timing side channel issue whe ...)
NOT-FOR-US: Search Guard
CVE-2019-13419 (Search Guard versions before 23.1 had an issue that for aggregations c ...)
@@ -11976,17 +11976,17 @@ CVE-2019-11593 (In Adblock Plus before 3.5.2, the $rewrite filter option allows
CVE-2019-11592 (WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews ...)
NOT-FOR-US: WeBid Auction Script
CVE-2019-11589 (The ChangeSharedFilterOwner resource in Jira before version 7.13.6, fr ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2019-11588 (The ViewSystemInfo class doGarbageCollection method in Jira before ver ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2019-11587 (Various exposed resources of the ViewLogging class in Jira before vers ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2019-11586 (The AddResolution.jspa resource in Jira before version 7.13.6, from ve ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2019-11585 (The startup.jsp resource in Jira before version 7.13.6, from version 8 ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2019-11584 (The MigratePriorityScheme resource in Jira before version 8.3.2 allows ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2019-11583 (The issue searching component in Jira before version 8.1.0 allows remo ...)
NOT-FOR-US: issue searching component in Jira
CVE-2019-11582 (An argument injection vulnerability in Atlassian Sourcetree for Window ...)
@@ -21240,13 +21240,13 @@ CVE-2019-8449
CVE-2019-8448 (The login.jsp resource in Jira before version 7.13.4, and from version ...)
NOT-FOR-US: Atlassian Jira
CVE-2019-8447 (The ServiceExecutor resource in Jira before version 8.3.2 allows remot ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2019-8446 (The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2019-8445 (Several worklog rest resources in Jira before version 7.13.7, and from ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2019-8444 (The wikirenderer component in Jira before version 7.13.6, and from ver ...)
- TODO: check
+ NOT-FOR-US: Atlassian Jira
CVE-2019-8443 (The ViewUpgrades resource in Jira before version 7.13.4, from version ...)
NOT-FOR-US: Atlassian Jira
CVE-2019-8442 (The CachingResourceDownloadRewriteRule class in Jira before version 7. ...)
@@ -26905,7 +26905,7 @@ CVE-2019-6179
CVE-2019-6178 (An information leakage vulnerability in Iomega and LenovoEMC NAS produ ...)
NOT-FOR-US: Iomega and LenovoEMC NAS products
CVE-2019-6177 (A vulnerability reported in Lenovo Solution Center version 03.12.003, ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6176
RESERVED
CVE-2019-6175
@@ -26973,7 +26973,7 @@ CVE-2019-6145
CVE-2019-6144
RESERVED
CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4 ...)
- TODO: check
+ NOT-FOR-US: Forcepoint Next Generation Firewall (Forcepoint NGFW)
CVE-2019-6142
RESERVED
CVE-2019-6141
@@ -28382,7 +28382,7 @@ CVE-2019-5640
CVE-2019-5639
RESERVED
CVE-2019-5638 (Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient sess ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Nexpose
CVE-2019-5637
RESERVED
CVE-2019-5636
@@ -28396,7 +28396,7 @@ CVE-2019-5633 (An insecure storage of sensitive information vulnerability is pre
CVE-2019-5632 (An insecure storage of sensitive information vulnerability is present ...)
TODO: check
CVE-2019-5631 (The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Rapid7 InsightAppSec broker
CVE-2019-5630 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 ...)
NOT-FOR-US: Rapid7 Nexpose InsightVM Security Console
CVE-2019-5629 (Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local pr ...)
@@ -31911,17 +31911,17 @@ CVE-2019-3970 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arb
CVE-2019-3969 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Pr ...)
NOT-FOR-US: Comodo Antivirus
CVE-2019-3968 (In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute ar ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2019-3967 (In OpenEMR 5.0.1 and earlier, the patient file download interface cont ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2019-3966 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2019-3965 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2019-3964 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2019-3963 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2019-3962 (Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may a ...)
NOT-FOR-US: Nessus
CVE-2019-3961 (Nessus versions 8.4.0 and earlier were found to contain a reflected XS ...)
@@ -32862,7 +32862,7 @@ CVE-2019-3635 (Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to
CVE-2019-3634 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x ...)
TODO: check
CVE-2019-3633 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3632 (Directory Traversal vulnerability in McAfee Enterprise Security Manage ...)
NOT-FOR-US: McAfee
CVE-2019-3631 (Command Injection vulnerability in McAfee Enterprise Security Manager ...)
@@ -38767,7 +38767,7 @@ CVE-2019-1950
CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco Firepow ...)
NOT-FOR-US: Cisco
CVE-2019-1948 (A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an un ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1947
RESERVED
CVE-2019-1946 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
@@ -38787,13 +38787,13 @@ CVE-2019-1940 (A vulnerability in the Web Services Management Agent (WSMA) featu
CVE-2019-1939
RESERVED
CVE-2019-1938 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1937 (A vulnerability in the web-based management interface of Cisco Integra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1936 (A vulnerability in the web-based management interface of Cisco Integra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1935 (A vulnerability in Cisco Integrated Management Controller (IMC) Superv ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1934 (A vulnerability in the web-based management interface of Cisco Adaptiv ...)
NOT-FOR-US: Cisco
CVE-2019-1933 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...)
@@ -38847,9 +38847,9 @@ CVE-2019-1910 (A vulnerability in the implementation of the Intermediate System&
CVE-2019-1909 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
NOT-FOR-US: Cisco
CVE-2019-1908 (A vulnerability in the Intelligent Platform Management Interface (IPMI ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1907 (A vulnerability in the web server of Cisco Integrated Management Contr ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1906 (A vulnerability in the Virtual Domain system of Cisco Prime Infrastruc ...)
NOT-FOR-US: Cisco
CVE-2019-1905 (A vulnerability in the GZIP decompression engine of Cisco AsyncOS Soft ...)
@@ -38863,7 +38863,7 @@ CVE-2019-1902
CVE-2019-1901 (A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem ...)
NOT-FOR-US: Cisco
CVE-2019-1900 (A vulnerability in the web server of Cisco Integrated Management Contr ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1899 (A vulnerability in the web interface of Cisco RV110W, RV130W, and RV21 ...)
NOT-FOR-US: Cisco
CVE-2019-1898 (A vulnerability in the web-based management interface of Cisco RV110W, ...)
@@ -38871,7 +38871,7 @@ CVE-2019-1898 (A vulnerability in the web-based management interface of Cisco RV
CVE-2019-1897 (A vulnerability in the web-based management interface of Cisco RV110W, ...)
NOT-FOR-US: Cisco
CVE-2019-1896 (A vulnerability in the web-based management interface of Cisco Integra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1895 (A vulnerability in the Virtual Network Computing (VNC) console impleme ...)
NOT-FOR-US: Cisco
CVE-2019-1894 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
@@ -38893,11 +38893,11 @@ CVE-2019-1887 (A vulnerability in the Session Initiation Protocol (SIP) protocol
CVE-2019-1886 (A vulnerability in the HTTPS decryption feature of Cisco Web Security ...)
NOT-FOR-US: Cisco
CVE-2019-1885 (A vulnerability in the Redfish protocol of Cisco Integrated Management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1884 (A vulnerability in the web proxy functionality of Cisco AsyncOS Softwa ...)
NOT-FOR-US: Cisco
CVE-2019-1883 (A vulnerability in the command-line interface of Cisco Integrated Mana ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1882 (A vulnerability in Cisco Industrial Network Director could allow an au ...)
NOT-FOR-US: Cisco
CVE-2019-1881 (A vulnerability in the web-based management interface of Cisco Industr ...)
@@ -38921,7 +38921,7 @@ CVE-2019-1873 (A vulnerability in the cryptographic driver for Cisco Adaptive Se
CVE-2019-1872 (A vulnerability in Cisco TelePresence Video Communication Server (VCS) ...)
NOT-FOR-US: Cisco
CVE-2019-1871 (A vulnerability in the Import Cisco IMC configuration utility of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1870 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
NOT-FOR-US: Cisco
CVE-2019-1869 (A vulnerability in the internal packet-processing functionality of the ...)
@@ -38933,11 +38933,11 @@ CVE-2019-1867 (A vulnerability in the REST API of Cisco Elastic Services Control
CVE-2019-1866
RESERVED
CVE-2019-1865 (A vulnerability in the web-based management interface of Cisco Integra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1864 (A vulnerability in the web-based management interface of Cisco Integra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1863 (A vulnerability in the web-based management interface of Cisco Integra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1862 (A vulnerability in the web-based user interface (Web UI) of Cisco IOS ...)
NOT-FOR-US: Cisco
CVE-2019-1861 (A vulnerability in the software update feature of Cisco Industrial Net ...)
@@ -38963,7 +38963,7 @@ CVE-2019-1852 (A vulnerability in the web-based management interface of Cisco Pr
CVE-2019-1851 (A vulnerability in the External RESTful Services (ERS) API of the Cisc ...)
NOT-FOR-US: Cisco
CVE-2019-1850 (A vulnerability in the web-based management interface of Cisco Integra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1849 (A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label ...)
NOT-FOR-US: Cisco
CVE-2019-1848 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
@@ -38985,7 +38985,7 @@ CVE-2019-1841 (A vulnerability in the Software Image Management feature of Cisco
CVE-2019-1840 (A vulnerability in the DHCPv6 input packet processor of Cisco Prime Ne ...)
NOT-FOR-US: Cisco
CVE-2019-1839 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1838 (A vulnerability in the web-based management interface of Cisco Applica ...)
NOT-FOR-US: Cisco
CVE-2019-1837 (A vulnerability in the User Data Services (UDS) API of Cisco Unified C ...)
@@ -39420,7 +39420,7 @@ CVE-2019-1636 (A vulnerability in the Cisco Webex Teams client, formerly Cisco S
CVE-2019-1635 (A vulnerability in the call-handling functionality of Session Initiati ...)
NOT-FOR-US: Cisco
CVE-2019-1634 (A vulnerability in the Intelligent Platform Management Interface (IPMI ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1633
RESERVED
CVE-2019-1632 (A vulnerability in the web-based management interface of Cisco Integra ...)
@@ -39574,13 +39574,13 @@ CVE-2018-19918 (CuppaCMS has XSS via an SVG document uploaded to the administrat
CVE-2019-1584
RESERVED
CVE-2019-1583 (Escalation of privilege vulnerability in the Palo Alto Networks Twistl ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2019-1582 (Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and ea ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2019-1581 (Mitigation bypass in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earl ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2019-1580 (Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earl ...)
- TODO: check
+ NOT-FOR-US: PAN-OS
CVE-2019-1579 (Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 a ...)
NOT-FOR-US: PAN-OS
CVE-2019-1578 (Cross-site scripting vulnerability in Palo Alto Networks MineMeld vers ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4e50f6a73b58c41b2c6a0f633999d7d5f553a77
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d4e50f6a73b58c41b2c6a0f633999d7d5f553a77
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190823/291592e6/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list