[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Jul 11 23:25:20 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c17b8d75 by Moritz Muehlenhoff at 2019-07-11T22:24:53Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -121,7 +121,7 @@ CVE-2019-13508
CVE-2019-13507 (hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. ...)
NOT-FOR-US: hidea.com AZ Admin
CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandle ...)
- TODO: check
+ NOT-FOR-US: Nuxt.js
CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS vi ...)
NOT-FOR-US: Appointment Hour Booking plugin for WordPress
CVE-2019-13504 (There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrw ...)
@@ -965,7 +965,7 @@ CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one NU
[jessie] - audiofile <postponed> (Minor issue, local DoS)
NOTE: https://github.com/mpruett/audiofile/issues/54
CVE-2019-13146 (The field_test gem 0.3.0 for Ruby has unvalidated input. A method call ...)
- TODO: check
+ NOT-FOR-US: field_test gem
CVE-2019-13145
RESERVED
CVE-2019-13144
@@ -1025,7 +1025,7 @@ CVE-2019-13124
CVE-2019-13123
RESERVED
CVE-2019-13122 (A Cross Site Scripting (XSS) vulnerability exists in the template tag ...)
- TODO: check
+ NOT-FOR-US: Patchwork
CVE-2019-13121 [SSRF Vulnerability in Project GitHub Integration]
RESERVED
[experimental] - gitlab 11.10.8+dfsg-1
@@ -1278,7 +1278,7 @@ CVE-2019-13032 (An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL
CVE-2019-13030
RESERVED
CVE-2019-13029 (Multiple stored Cross-site scripting (XSS) issues in the admin panel a ...)
- TODO: check
+ NOT-FOR-US: REDCap
CVE-2019-13028 (An incorrect implementation of a local web server in eID client (Windo ...)
NOT-FOR-US: local web server in eID client (Product from the Ministry of Interior of the Slovak Republic)
CVE-2019-13027
@@ -1865,9 +1865,9 @@ CVE-2019-12806
CVE-2019-12805
RESERVED
CVE-2019-12804 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to ...)
- TODO: check
+ NOT-FOR-US: Hunesion i-oneNet
CVE-2019-12803 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the sp ...)
- TODO: check
+ NOT-FOR-US: Hunesion i-oneNet
CVE-2019-12802 (In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lan ...)
- radare2 <unfixed> (bug #930510)
[buster] - radare2 <no-dsa> (Minor issue)
@@ -2110,9 +2110,9 @@ CVE-2019-12726
CVE-2019-12725
RESERVED
CVE-2019-12724 (An issue was discovered in the Teclib News plugin through 1.5.2 for GL ...)
- TODO: check
+ NOT-FOR-US: Teclib
CVE-2019-12723 (An issue was discovered in the Teclib Fields plugin through 1.9.2 for ...)
- TODO: check
+ NOT-FOR-US: Teclib
CVE-2019-12722
RESERVED
CVE-2019-12721
@@ -2984,7 +2984,7 @@ CVE-2019-12365
CVE-2019-12364
RESERVED
CVE-2019-12363 (An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2 ...)
- TODO: check
+ NOT-FOR-US: MyBB plugin
CVE-2019-12362 (EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doacti ...)
NOT-FOR-US: EmpireCMS
CVE-2019-12361 (EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.ph ...)
@@ -5846,7 +5846,7 @@ CVE-2019-11270
CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, ...)
NOT-FOR-US: Spring Security OAuth
CVE-2019-11268 (Cloud Foundry UAA version prior to 73.3.0, contain endpoints that cont ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry UAA
CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...)
{DSA-4460-1 DSA-4434-1 DLA-1797-1 DLA-1777-1}
- drupal7 <removed> (bug #927330)
@@ -6626,7 +6626,7 @@ CVE-2019-10968
CVE-2019-10967 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based ...)
NOT-FOR-US: Emerson
CVE-2019-10966 (In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exis ...)
- TODO: check
+ NOT-FOR-US: GE Aestiva and Aespire
CVE-2019-10965 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based b ...)
NOT-FOR-US: Emerson
CVE-2019-10964 (In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, ...)
@@ -8118,17 +8118,17 @@ CVE-2019-10353
CVE-2019-10352
RESERVED
CVE-2019-10351 (Jenkins Caliper CI Plugin stores credentials unencrypted in job config ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10350 (Jenkins Port Allocator Plugin stores credentials unencrypted in job co ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10349 (A stored cross site scripting vulnerability in Jenkins Dependency Grap ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10348 (Jenkins Gogs Plugin stored credentials unencrypted in job config.xml f ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10347 (Jenkins Mashup Portlets Plugin stored credentials unencrypted on the J ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10346 (A reflected cross site scripting vulnerability in Jenkins Embeddable B ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10345
RESERVED
CVE-2019-10344
@@ -8136,11 +8136,11 @@ CVE-2019-10344
CVE-2019-10343
RESERVED
CVE-2019-10342 (A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10341 (A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10340 (A cross-site request forgery vulnerability in Jenkins Docker Plugin 1. ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10339 (A missing permission check in Jenkins JX Resources Plugin 1.0.36 and e ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10338 (A cross-site request forgery vulnerability in Jenkins JX Resources Plu ...)
@@ -10043,7 +10043,7 @@ CVE-2019-1010005
CVE-2019-1010004
RESERVED
CVE-2019-1010003 (Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: Leanote
CVE-2019-1010002
RESERVED
CVE-2019-1010001
@@ -10059,7 +10059,7 @@ CVE-2019-9893 (libseccomp before 2.4.0 did not correctly generate 64-bit syscall
CVE-2019-9887
RESERVED
CVE-2019-9886 (Any URLs with download_attachment.php under templates or home folders ...)
- TODO: check
+ NOT-FOR-US: BroadLearning eClass
CVE-2019-9885
RESERVED
CVE-2019-9884
@@ -17485,7 +17485,7 @@ CVE-2019-7005
CVE-2019-7004
RESERVED
CVE-2019-7003 (A SQL injection vulnerability in the reporting component of Avaya Cont ...)
- TODO: check
+ NOT-FOR-US: Avaya
CVE-2019-7002
RESERVED
CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP Office Cont ...)
@@ -21382,11 +21382,11 @@ CVE-2019-5448
CVE-2019-5447
RESERVED
CVE-2019-5446 (Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin ...)
- TODO: check
+ NOT-FOR-US: EdgeSwitch
CVE-2019-5445 (DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash ...)
- TODO: check
+ NOT-FOR-US: EdgeSwitch
CVE-2019-5444 (Path traversal vulnerability in version up to v1.1.3 in serve-here.js ...)
- TODO: check
+ NOT-FOR-US: serve-here.js npm module
CVE-2019-5443 (A non-privileged user or program can put code and a config file in a k ...)
- curl <not-affected> (Windows-specific build issue)
CVE-2019-5442 (XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results i ...)
@@ -21866,7 +21866,7 @@ CVE-2019-5222
CVE-2019-5221 (There is a path traversal vulnerability on Huawei Share. The software ...)
NOT-FOR-US: Huawei
CVE-2019-5220 (There is a Factory Reset Protection (FRP) bypass vulnerability on seve ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5219 (There is a double free vulnerability on certain drivers of Huawei Mate ...)
NOT-FOR-US: Huawei
CVE-2019-5218
@@ -42425,17 +42425,17 @@ CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contai
CVE-2018-17153 (It was discovered that the Western Digital My Cloud device before 2.30 ...)
NOT-FOR-US: Western Digital My Cloud device
CVE-2018-17152 (Intersystems Cache 2017.2.2.865.0 allows XXE. ...)
- TODO: check
+ NOT-FOR-US: Intersystems Cache
CVE-2018-17151 (Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: Intersystems Cache
CVE-2018-17150 (Intersystems Cache 2017.2.2.865.0 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: Intersystems Cache
CVE-2018-17149
RESERVED
CVE-2018-17148 (An Insufficient Access Control vulnerability (leading to credential di ...)
NOT-FOR-US: Nagios XI
CVE-2018-17147 (Nagios XI before 5.5.4 has XSS in the auto login admin management page ...)
- TODO: check
+ NOT-FOR-US: Nagios XI
CVE-2018-17146 (A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 ...)
NOT-FOR-US: Nagios XI
CVE-2018-17145
@@ -56690,7 +56690,7 @@ CVE-2018-11746 (In Puppet Discovery prior to 1.2.0, when running Discovery again
CVE-2018-11745
RESERVED
CVE-2018-11744 (Cloudera Manager through 5.15 has Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes initialize_cop ...)
- mruby 1.4.1+20180622+git640fca32-1 (bug #900845)
[stretch] - mruby <no-dsa> (Minor issue)
@@ -60263,7 +60263,7 @@ CVE-2018-10533
CVE-2018-10532 (An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 dev ...)
NOT-FOR-US: EE 4GEE HH70VB-2BE8GB3s
CVE-2018-10531 (An issue was discovered in the America's Army Proving Grounds platform ...)
- TODO: check
+ NOT-FOR-US: America's Army Proving Grounds
CVE-2018-10530
RESERVED
CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds re ...)
@@ -124303,7 +124303,7 @@ CVE-2017-6219
CVE-2017-6218
RESERVED
CVE-2017-6217 (paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XS ...)
- TODO: check
+ NOT-FOR-US: paypal/adaptivepayments-sdk-php
CVE-2017-6216 (novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a ref ...)
NOT-FOR-US: novaksolutions/infusionsoft-php-sdk
CVE-2017-6215 (paypal/permissions-sdk-php is vulnerable to reflected XSS in the sampl ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c17b8d752eb3bb1aecd0fd972499dba2fa411b15
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c17b8d752eb3bb1aecd0fd972499dba2fa411b15
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190711/0c4925cb/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list