[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Tue Feb 12 21:52:28 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9c8ea93b by Moritz Muehlenhoff at 2019-02-12T21:52:08Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2019-7754
RESERVED
CVE-2019-7753 (Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count referrer ...)
- TODO: check
+ NOT-FOR-US: Verydows
CVE-2018-20781 (In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's ...)
- gnome-keyring 3.28.0-1
NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919
@@ -16,9 +16,9 @@ CVE-2019-7750
CVE-2019-7749
RESERVED
CVE-2019-7748 (_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task ...)
- TODO: check
+ NOT-FOR-US: DbNinja
CVE-2019-7747 (DbNinja 3.2.7 allows session fixation via the data.php sessid ...)
- TODO: check
+ NOT-FOR-US: DbNinja
CVE-2019-7746
RESERVED
CVE-2019-7745
@@ -36,9 +36,9 @@ CVE-2019-7740 (An issue was discovered in Joomla! before 3.9.3. Inadequate param
CVE-2019-7739 (An issue was discovered in Joomla! before 3.9.3. The "No Filtering" ...)
NOT-FOR-US: Joomla!
CVE-2019-7738 (C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. ...)
- TODO: check
+ NOT-FOR-US: C.P.Sub
CVE-2019-7737 (A CSRF vulnerability was found in Verydows v2.0 that can add an admin ...)
- TODO: check
+ NOT-FOR-US: Verydows
CVE-2019-7736 (D-Link DIR-600M C1 3.04 devices allow authentication bypass via a ...)
NOT-FOR-US: D-Link
CVE-2019-7735
@@ -68,7 +68,7 @@ CVE-2019-7724
CVE-2019-7723
RESERVED
CVE-2019-7722 (PMD 5.8.1 and earlier processes XML external entities in ruleset files ...)
- TODO: check
+ NOT-FOR-US: PMD
CVE-2019-XXXX [fuse mount exposes backup to unauthorized users]
- borgbackup 1.1.9-1 (bug #922080)
NOTE: https://github.com/borgbackup/borg/issues/3903
@@ -875,7 +875,7 @@ CVE-2019-7403 (An issue was discovered in PHPMyWind 5.5. It allows remote attack
CVE-2019-7402 (An issue was discovered in PHPMyWind 5.5. The GetQQ function in ...)
NOT-FOR-US: PHPMyWind
CVE-2019-7401 (NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based ...)
- TODO: check
+ NOT-FOR-US: NGINX Unit (different from FLOSS nginx)
CVE-2017-1000000
RESERVED
CVE-2014-1000000
@@ -2911,7 +2911,7 @@ CVE-2019-6551
CVE-2019-6550
RESERVED
CVE-2019-6549 (An attacker could retrieve plain-text credentials stored in a XML file ...)
- TODO: check
+ NOT-FOR-US: PR100088 Modbus
CVE-2019-6548
RESERVED
CVE-2019-6547
@@ -2943,7 +2943,7 @@ CVE-2019-6535 (Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 an
CVE-2019-6534
RESERVED
CVE-2019-6533 (Registers used to store Modbus values can be read and written from the ...)
- TODO: check
+ NOT-FOR-US: PR100088 Modbus
CVE-2019-6532
RESERVED
CVE-2019-6531
@@ -2955,7 +2955,7 @@ CVE-2019-6529
CVE-2019-6528
RESERVED
CVE-2019-6527 (PR100088 Modbus gateway versions prior to Release R02 (or Software ...)
- TODO: check
+ NOT-FOR-US: PR100088 Modbus
CVE-2019-6526
RESERVED
CVE-2019-6525
@@ -3057,7 +3057,7 @@ CVE-2019-6491
CVE-2019-6490
RESERVED
CVE-2019-6489 (Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2018-20741
RESERVED
CVE-2018-20740
@@ -8727,7 +8727,7 @@ CVE-2019-3925
CVE-2019-3924
RESERVED
CVE-2019-3923 (Nessus versions 8.2.1 and earlier were found to contain a stored XSS ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2019-3922
RESERVED
CVE-2019-3921
@@ -22322,7 +22322,7 @@ CVE-2018-18571
CVE-2018-18570
RESERVED
CVE-2018-18569 (The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side ...)
- TODO: check
+ NOT-FOR-US: Dundas BI
CVE-2018-18568 (Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows ...)
NOT-FOR-US: Polycom
CVE-2018-18567 (AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows ...)
@@ -25038,7 +25038,7 @@ CVE-2018-17544
CVE-2018-17543
RESERVED
CVE-2018-17542 (SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds ...)
- TODO: check
+ NOT-FOR-US: MailSherlock
CVE-2018-17541
RESERVED
CVE-2018-17540 (The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a ...)
@@ -37847,11 +37847,11 @@ CVE-2018-12550
NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
NOTE: https://mosquitto.org/files/cve/2018-12550
CVE-2018-12549 (In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may ...)
- TODO: check
+ NOT-FOR-US: OpenJDK + Eclipse OpenJ9
CVE-2018-12548 (In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public ...)
NOT-FOR-US: OpenJDK + Eclipse OpenJ9
CVE-2018-12547 (In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and ...)
- TODO: check
+ NOT-FOR-US: OpenJDK + Eclipse OpenJ9
CVE-2018-12546
RESERVED
{DSA-4388-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c8ea93be2704757e6363c58de3da30c374a0691
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c8ea93be2704757e6363c58de3da30c374a0691
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190212/01668c46/attachment.html>
More information about the debian-security-tracker-commits
mailing list