[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 3 21:21:36 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
11e6f47a by Salvatore Bonaccorso at 2019-07-03T20:21:05Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2019-13188
CVE-2019-13187
RESERVED
CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php. An a ...)
- TODO: check
+ NOT-FOR-US: MiniCMS
CVE-2019-13185
RESERVED
CVE-2019-13184
@@ -832,9 +832,9 @@ CVE-2019-12869 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86,
CVE-2019-12868 (app/Model/Server.php in MISP 2.4.109 allows remote command execution b ...)
NOT-FOR-US: MISP
CVE-2019-12867 (Certain actions could cause privilege escalation for issue attachments ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2019-12866 (An Insecure Direct Object Reference, with Authorization Bypass through ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2019-12865 (In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a dou ...)
- radare2 <unfixed> (bug #930704)
[buster] - radare2 <no-dsa> (Minor issue)
@@ -878,15 +878,15 @@ CVE-2019-12853
CVE-2019-12852
RESERVED
CVE-2019-12851 (A CSRF vulnerability was detected in one of the admin endpoints of Jet ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2019-12850 (A query injection was possible in JetBrains YouTrack. The issue was fi ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2019-12849
RESERVED
CVE-2019-12848
RESERVED
CVE-2019-12847 (In JetBrains Hub versions earlier than 2018.4.11298, the audit events ...)
- TODO: check
+ NOT-FOR-US: JetBrains Hub
CVE-2019-12846
RESERVED
CVE-2019-12845
@@ -1544,7 +1544,7 @@ CVE-2019-12572 (A vulnerability in the London Trust Media Private Internet Acces
CVE-2019-12571
RESERVED
CVE-2019-12570 (A SQL injection vulnerability in the Xpert Solution "Server Status by ...)
- TODO: check
+ NOT-FOR-US: Xpert Solution "Server Status by Hostname/IP" plugin for WordPress
CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows) could all ...)
NOT-FOR-US: Viber
CVE-2019-12568
@@ -6392,7 +6392,7 @@ CVE-2019-10868 (In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.
CVE-2019-10722
RESERVED
CVE-2019-10721 (BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the Retur ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2019-10720 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remo ...)
NOT-FOR-US: BlogEngine.NET
CVE-2019-10719 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remo ...)
@@ -6400,7 +6400,7 @@ CVE-2019-10719 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal an
CVE-2019-10718 (BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind In ...)
NOT-FOR-US: BlogEngine.NET
CVE-2019-10717 (BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2019-10716
RESERVED
CVE-2019-10715
@@ -7849,7 +7849,7 @@ CVE-2019-10106 (CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Nam
CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Des ...)
NOT-FOR-US: CMS Made Simple
CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Application S ...)
- TODO: check
+ NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate
CVE-2019-10103
RESERVED
CVE-2019-10102
@@ -7857,7 +7857,7 @@ CVE-2019-10102
CVE-2019-10101
RESERVED
CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it wa ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack Confluence plugin
CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...)
NOT-FOR-US: article2pdf Wordpress plugin
CVE-2018-20815 (In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated ...)
@@ -9099,9 +9099,9 @@ CVE-2019-9875 (Deserialization of Untrusted Data in the anti CSRF module in Site
CVE-2019-9874 (Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (a ...)
NOT-FOR-US: Sitecore CMS
CVE-2019-9873 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task ...)
- TODO: check
+ NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate
CVE-2019-9872 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating run ...)
- TODO: check
+ NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate
CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution because the ...)
NOT-FOR-US: Jector Smart TV FM-K75 devices
CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor m ...)
@@ -9250,7 +9250,7 @@ CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.
NOTE: https://www.openwall.com/lists/oss-security/2019/03/18/1
NOTE: https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113
CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote run confi ...)
- TODO: check
+ NOT-FOR-US: JetBrains IntelliJ IDEA
CVE-2019-9822
RESERVED
CVE-2019-9821
@@ -10989,7 +10989,7 @@ CVE-2019-9187 (ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.2019
NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=d283e4c
NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9a275b2
CVE-2019-9186 (In several JetBrains IntelliJ IDEA versions, a Spring Boot run configu ...)
- TODO: check
+ NOT-FOR-US: JetBrains IntelliJ IDEA
CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in Bolt befo ...)
NOT-FOR-US: Bolt CMS
CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for ...)
@@ -17346,39 +17346,39 @@ CVE-2019-6643
CVE-2019-6642 (In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, a ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6641 (On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl RES ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6640 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6639 (On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6638 (On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6637 (On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6636 (On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6635 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6634 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6633 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6632 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6631 (On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation ma ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6630 (On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclose ...)
- TODO: check
+ NOT-FOR-US: F5 SSL Orchestrator
CVE-2019-6629 (On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6628 (On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain condi ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6627 (On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to ...)
- TODO: check
+ NOT-FOR-US: F5 SSL Orchestrator
CVE-2019-6626 (On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6625 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6624 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6623 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...)
@@ -20003,7 +20003,7 @@ CVE-2019-5632
CVE-2019-5631
RESERVED
CVE-2019-5630 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Nexpose InsightVM Security Console
CVE-2019-5629
RESERVED
CVE-2019-5628
@@ -24376,7 +24376,7 @@ CVE-2019-3621
CVE-2019-3620
RESERVED
CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in McAfee eP ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3618
RESERVED
CVE-2019-3617
@@ -38332,9 +38332,9 @@ CVE-2018-18328 (A KERedirect Untrusted Pointer Dereference Privilege Escalation
CVE-2018-18327 (A KERedirect Untrusted Pointer Dereference Privilege Escalation vulner ...)
NOT-FOR-US: Trend Micro
CVE-2018-18326 (DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption ...)
- TODO: check
+ NOT-FOR-US: DNN
CVE-2018-18325 (DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorith ...)
- TODO: check
+ NOT-FOR-US: DNN
CVE-2018-18324 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via t ...)
NOT-FOR-US: CentOS Web Panel
CVE-2018-18323 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local Fil ...)
@@ -44731,7 +44731,7 @@ CVE-2018-15889 (In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() i
CVE-2018-15888 (An issue was discovered in ASPCMS 2.5.6. When registering ordinary use ...)
NOT-FOR-US: ASPCMS
CVE-2017-18346 (SQL injection vulnerability in /wbg/core/_includes/authorization.inc.p ...)
- TODO: check
+ NOT-FOR-US: CMS Web-Gooroo
CVE-2015-9265
REJECTED
CVE-2015-9264 (Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute ...)
@@ -45015,9 +45015,9 @@ CVE-2018-15814 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at
CVE-2018-15813 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at image0 ...)
NOT-FOR-US: FastStone Image Viewer
CVE-2018-15812 (DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption ...)
- TODO: check
+ NOT-FOR-US: DNN
CVE-2018-15811 (DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorith ...)
- TODO: check
+ NOT-FOR-US: DNN
CVE-2018-15810 (Visiology Flipbox Software Suite before 2.7.0 allows directory travers ...)
NOT-FOR-US: Visiology Flipbox Software Suite
CVE-2018-15809 (AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Mo ...)
@@ -47238,19 +47238,19 @@ CVE-2018-14867 (Incorrect access control in the portal messaging system in Odoo
CVE-2018-14866 (Incorrect access control in the TransientModel framework in Odoo Commu ...)
TODO: check
CVE-2018-14865 (Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14864 (Incorrect access control in asset bundles in Odoo Community 9.0 throug ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14863 (Incorrect access control in the RPC framework in Odoo Community 8.0 th ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14862 (Incorrect access control in the mail templating system in Odoo Communi ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14861 (Improper data access control in Odoo Community 10.0 and 11.0 and Odoo ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14860 (Improper sanitization of dynamic user expressions in Odoo Community 11 ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14859 (Incorrect access control in the password reset component in Odoo Commu ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2018-14857 (Unrestricted file upload (with remote code execution) in require/mail/ ...)
@@ -52696,7 +52696,7 @@ CVE-2018-12717
CVE-2018-12716 (The API service on Google Home and Chromecast devices before mid-July ...)
NOT-FOR-US: Google services
CVE-2018-12715 (DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid ...)
- TODO: check
+ NOT-FOR-US: DIGISOL DG-HR3400 devices
CVE-2018-12714 (An issue was discovered in the Linux kernel through 4.17.2. The filter ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/70303420b5721c38998cf987e6b7d30cc62d4ff1
@@ -54312,7 +54312,7 @@ CVE-2018-12252
CVE-2018-12251
RESERVED
CVE-2018-12250 (An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.p ...)
- TODO: check
+ NOT-FOR-US: Elite CMS
CVE-2018-12249 (An issue was discovered in mruby 1.4.1. There is a NULL pointer derefe ...)
- mruby 1.4.1+20180622+git640fca32-1 (bug #901652)
[stretch] - mruby <no-dsa> (Minor issue)
@@ -56587,21 +56587,21 @@ CVE-2018-11429 (ATLANT (ATL) is a smart contract running on Ethereum. The mint f
CVE-2018-11428
RESERVED
CVE-2018-11427 (CSRF tokens are not used in the web application of Moxa OnCell G3100-H ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11426 (A weak Cookie parameter is used in the web application of Moxa OnCell ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11425 (Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Serie ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11424 (There is Memory corruption in the web interface of Moxa OnCell G3470A- ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11423 (There is Memory corruption in the web interface Moxa OnCell G3100-HSPA ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11422 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11421 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11420 (There is Memory corruption in the web interface of Moxa OnCell G3100-H ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
NOT-FOR-US: JerryScript
CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
@@ -56930,7 +56930,7 @@ CVE-2018-1000180 (Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and e
CVE-2018-11318
RESERVED
CVE-2018-11317 (Subrion CMS before 4.1.4 has XSS. ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2018-11316 (The UPnP HTTP server on Sonos wireless speaker products allow unauthor ...)
NOT-FOR-US: Sonos
CVE-2018-11315 (The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below ...)
@@ -57202,7 +57202,7 @@ CVE-2018-11229 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, an
CVE-2018-11228 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW- ...)
NOT-FOR-US: Crestron devices
CVE-2018-11227 (Monstra CMS before 3.0.4 has XSS via index.php. ...)
- TODO: check
+ NOT-FOR-US: Monstra CMS
CVE-2018-11226 (The getString function in decompile.c in libming through 0.4.8 mishand ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/144
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/11e6f47a63013b95b807309d0b4b0ebe8ecc645e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/11e6f47a63013b95b807309d0b4b0ebe8ecc645e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190703/469cd005/attachment.html>
More information about the debian-security-tracker-commits
mailing list