[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Tue Feb 5 09:53:49 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e533b55b by Moritz Muehlenhoff at 2019-02-05T09:53:23Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2019-7400 (Rukovoditel before 2.4.1 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: Rukovoditel
CVE-2019-7399
RESERVED
CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage ...)
@@ -133,7 +133,7 @@ CVE-2019-1000010 (phpIPAM version 1.3.2 and earlier contains a Cross Site Script
CVE-2019-1000009 (Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: ...)
NOT-FOR-US: Helm ChartMuseum
CVE-2019-1000008 (All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a ...)
- TODO: check
+ NOT-FOR-US: Helm Kubernetes package manager, different from src:helm
CVE-2019-1000007 (aioxmpp version 0.10.2 and earlier contains a Improper Handling of ...)
TODO: check
CVE-2019-1000006 (RIOT RIOT-OS version after commit ...)
@@ -15296,7 +15296,7 @@ CVE-2018-19784 (The str_rot_pass function in ...)
CVE-2018-19783
RESERVED
CVE-2018-19782 (Multiple cross-site scripting (XSS) vulnerabilities in GET requests in ...)
- TODO: check
+ NOT-FOR-US: FreshRSS
CVE-2018-19781
RESERVED
CVE-2018-19780
@@ -18856,7 +18856,7 @@ CVE-2018-19442
CVE-2018-19441
RESERVED
CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...)
- TODO: check
+ NOT-FOR-US: ARM Trusted Firmware-A
CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure Global ...)
NOT-FOR-US: Oracle
CVE-2018-19438
@@ -20187,13 +20187,13 @@ CVE-2018-19044 (keepalived 2.0.8 didn't check for pathnames with symlinks when w
NOTE: https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
NOTE: https://github.com/acassen/keepalived/issues/1048
CVE-2018-19043 (The Media File Manager plugin 1.4.2 for WordPress allows arbitrary ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-19042 (The Media File Manager plugin 1.4.2 for WordPress allows arbitrary ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-19041 (The Media File Manager plugin 1.4.2 for WordPress allows XSS via the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-19040 (The Media File Manager plugin 1.4.2 for WordPress allows directory ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-19039 (Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated ...)
- grafana <removed>
NOTE: https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961
@@ -20220,7 +20220,7 @@ CVE-2018-19029
CVE-2018-19028
RESERVED
CVE-2018-19027 (Three type confusion vulnerabilities exist in CX-One Versions 4.50 and ...)
- TODO: check
+ NOT-FOR-US: CX-One
CVE-2018-19026
RESERVED
CVE-2018-19025
@@ -20244,7 +20244,7 @@ CVE-2018-19017 (Several use after free vulnerabilities have been identified in .
CVE-2018-19016
RESERVED
CVE-2018-19015 (An attacker could inject commands to launch programs and create, ...)
- TODO: check
+ NOT-FOR-US: CX-Supervisor
CVE-2018-19014 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all ...)
NOT-FOR-US: Drager patient monitoring medical devices
CVE-2018-19013 (An attacker could inject commands to delete files and/or delete the ...)
@@ -20266,7 +20266,7 @@ CVE-2018-19006
CVE-2018-19005 (Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation ...)
NOT-FOR-US: Cscape
CVE-2018-19004 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds ...)
- TODO: check
+ NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-19003 (GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to ...)
NOT-FOR-US: GE Mark
CVE-2018-19002
@@ -20298,7 +20298,7 @@ CVE-2018-18990
CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and ...)
NOT-FOR-US: CX-One
CVE-2018-18988 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of ...)
- TODO: check
+ NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program populating ...)
NOT-FOR-US: VT-Designer
CVE-2018-18986
@@ -20411,9 +20411,9 @@ CVE-2018-18943 (An issue was discovered in baserCMS before 4.1.4. In the Registe
CVE-2018-18942 (In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote ...)
NOT-FOR-US: baserCMS
CVE-2018-18941 (In Vignette Content Management version 6, it is possible to gain ...)
- TODO: check
+ NOT-FOR-US: Vignette Content Management
CVE-2018-18940 (servlet/SnoopServlet (a servlet installed by default) in Netscape ...)
- TODO: check
+ NOT-FOR-US: Netscape Enterprise
CVE-2018-18939 (An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in ...)
NOT-FOR-US: WUZHI CMS
CVE-2018-18938 (An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in ...)
@@ -20514,7 +20514,7 @@ CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory lea
CVE-2018-18896
RESERVED
CVE-2018-18895 (A version of Castor XML, as used in Cisco WebEx Meetings Server before ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-18894
RESERVED
CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, related to ...)
@@ -24335,7 +24335,7 @@ CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace
- hdf5 <undetermined>
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
CVE-2018-17431 (Web Console in Comodo UTM Firewall before 2.7.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Comodo UTM
CVE-2018-17430
RESERVED
CVE-2018-17429
@@ -28632,7 +28632,7 @@ CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper access
CVE-2018-15779
REJECTED
CVE-2018-15778 (Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-15777
RESERVED
CVE-2018-15776 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an ...)
@@ -28921,15 +28921,15 @@ CVE-2018-15661 (** DISPUTED ** An issue was discovered in the Ola Money (aka ...
CVE-2018-15660 (** DISPUTED ** An issue was discovered in the Ola Money (aka ...)
NOT-FOR-US: Ola Money application for Android
CVE-2018-15659 (An issue was discovered in 42Gears SureMDM before 2018-11-27, related ...)
- TODO: check
+ NOT-FOR-US: 42Gears
CVE-2018-15658 (An issue was discovered in 42Gears SureMDM before 2018-11-27. By ...)
- TODO: check
+ NOT-FOR-US: 42Gears
CVE-2018-15657 (An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via ...)
- TODO: check
+ NOT-FOR-US: 42Gears
CVE-2018-15656 (An issue was discovered in the registration API endpoint in 42Gears ...)
- TODO: check
+ NOT-FOR-US: 42Gears
CVE-2018-15655 (An issue was discovered in 42Gears SureMDM before 2018-11-27, related ...)
- TODO: check
+ NOT-FOR-US: 42Gears
CVE-2018-15654
RESERVED
CVE-2018-15653
@@ -29341,11 +29341,11 @@ CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corrupti
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/236691/
CVE-2018-15517 (The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-15516 (The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-15515 (The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-15514 (HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 ...)
NOT-FOR-US: Docker for Windows
CVE-2018-15513
@@ -30150,7 +30150,7 @@ CVE-2018-15138 (Ericsson-LG iPECS NMS 30M allows directory traversal via ...)
CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload any file ...)
NOT-FOR-US: CeLa Link CLR-M20 devices
CVE-2018-15136 (TitanHQ SpamTitan before 7.01 has Improper input validation. This ...)
- TODO: check
+ NOT-FOR-US: TitanHQ
CVE-2018-15135
RESERVED
CVE-2018-15134
@@ -36600,11 +36600,11 @@ CVE-2018-12613 (An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in whi
CVE-2018-12612
RESERVED
CVE-2018-12611 (OX App Suite 7.8.4 and earlier allows Directory Traversal. ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2018-12610 (OX App Suite 7.8.4 and earlier allows Information Exposure. ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2018-12609 (OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2018-12608 (An issue was discovered in Docker Moby before 17.06.0. The Docker ...)
- docker.io 18.03.1+dfsg1-2
NOTE: https://github.com/moby/moby/pull/33182
@@ -54551,7 +54551,7 @@ CVE-2018-6243
CVE-2018-6242 (Some NVIDIA Tegra mobile processors released prior to 2016 contain a ...)
NOT-FOR-US: NVIDIA
CVE-2018-6241 (NVIDIA Tegra Gralloc module contains a vulnerability in driver in ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2018-6240
RESERVED
CVE-2018-6239
@@ -56976,7 +56976,7 @@ CVE-2018-5500 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1
CVE-2018-5499
RESERVED
CVE-2018-5498 (Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a ...)
- TODO: check
+ NOT-FOR-US: Clustered Data ONTAP
CVE-2018-5497 (Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e533b55bade942938b02fe0776f81b994f4aa17f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e533b55bade942938b02fe0776f81b994f4aa17f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190205/770497a9/attachment.html>
More information about the debian-security-tracker-commits
mailing list