[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 19 21:39:31 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b472a9ea by Salvatore Bonaccorso at 2019-06-19T20:38:59Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2019-12892
CVE-2019-12891
RESERVED
CVE-2019-12890 (RedwoodHQ 2.5.5 does not require any authentication for database opera ...)
- TODO: check
+ NOT-FOR-US: RedwoodHQ
CVE-2019-12889
RESERVED
CVE-2019-12888
@@ -701,7 +701,7 @@ CVE-2019-12594
CVE-2019-12593 (IceWarp Mail Server through 10.4.4 is prone to a local file inclusion ...)
NOT-FOR-US: IceWarp Mail Server
CVE-2019-12592 (A universal Cross-site scripting (UXSS) vulnerability in the Evernote ...)
- TODO: check
+ NOT-FOR-US: Evernote
CVE-2019-12591 (NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote a ...)
NOT-FOR-US: NETGEAR
CVE-2019-12590
@@ -912,7 +912,7 @@ CVE-2019-12493 (A stack-based buffer over-read exists in PostScriptFunction::tra
CVE-2019-12492 (Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and ...)
NOT-FOR-US: Gallagher Command Centre
CVE-2019-12491 (OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to r ...)
- TODO: check
+ NOT-FOR-US: OnApp
CVE-2019-12490
RESERVED
CVE-2019-12489
@@ -3028,7 +3028,7 @@ CVE-2019-11651
CVE-2019-11650
RESERVED
CVE-2019-11649 (Cross-site scripting in Micro Focus Fortify software security center s ...)
- TODO: check
+ NOT-FOR-US: Micro Focus Fortify software security center server
CVE-2019-11648
RESERVED
CVE-2019-11647
@@ -4141,9 +4141,9 @@ CVE-2019-11234 (FreeRADIUS before 3.0.19 does not prevent use of reflection for
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769
CVE-2019-11233 (EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user i ...)
- TODO: check
+ NOT-FOR-US: EXCELLENT INFOTEK BiYan
CVE-2019-11232 (EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user i ...)
- TODO: check
+ NOT-FOR-US: EXCELLENT INFOTEK BiYan
CVE-2019-11231 (An issue was discovered in GetSimple CMS through 3.3.15. insufficient ...)
NOT-FOR-US: GetSimple CMS
CVE-2019-11230
@@ -6509,7 +6509,7 @@ CVE-2019-10259
CVE-2019-10258
RESERVED
CVE-2019-10257 (Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Una ...)
- TODO: check
+ NOT-FOR-US: Zucchetti HR Portal
CVE-2019-10256
RESERVED
CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...)
@@ -15708,9 +15708,9 @@ CVE-2019-6974 (In the Linux kernel before 4.20.8, kvm_ioctl_create_device in vir
CVE-2019-6973 (Sricam IP CCTV cameras are vulnerable to denial of service via multipl ...)
NOT-FOR-US: Sricam IP CCTV cameras
CVE-2019-6972 (An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credent ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2019-6971 (An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2019-6970 (Moodle 3.5.x before 3.5.4 allows SSRF. ...)
- moodle <removed>
CVE-2019-6969
@@ -17840,7 +17840,7 @@ CVE-2019-6116 (In Artifex Ghostscript through 9.26, ephemeral or transient proce
CVE-2019-6115
RESERVED
CVE-2019-6114 (An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An int ...)
- TODO: check
+ NOT-FOR-US: Corel PaintShop Pro
CVE-2019-6113
RESERVED
CVE-2019-6112
@@ -21701,9 +21701,9 @@ CVE-2019-4387
CVE-2019-4386
RESERVED
CVE-2019-4385 (IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password i ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4384 (IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4383
RESERVED
CVE-2019-4382
@@ -21743,7 +21743,7 @@ CVE-2019-4366
CVE-2019-4365
RESERVED
CVE-2019-4364 (IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4363
RESERVED
CVE-2019-4362
@@ -21865,7 +21865,7 @@ CVE-2019-4305
CVE-2019-4304
RESERVED
CVE-2019-4303 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4302
RESERVED
CVE-2019-4301
@@ -30267,7 +30267,7 @@ CVE-2018-19880
CVE-2018-19879 (An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RU ...)
NOT-FOR-US: Teltonika devices
CVE-2018-19878 (An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The ap ...)
- TODO: check
+ NOT-FOR-US: Teltonika devices
CVE-2018-19877 (login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Bu ...)
NOT-FOR-US: Adiscon LogAnalyzer
CVE-2018-19876 (cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would ...)
@@ -36276,9 +36276,9 @@ CVE-2018-18760 (RhinOS 3.0 build 1190 allows CSRF. ...)
CVE-2018-18759 (Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. ...)
NOT-FOR-US: Modbus Slave
CVE-2018-18758 (Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php ...)
- TODO: check
+ NOT-FOR-US: Open Faculty Evaluation System
CVE-2018-18757 (Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback. ...)
- TODO: check
+ NOT-FOR-US: Open Faculty Evaluation System
CVE-2018-18756 (Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008 ...)
NOT-FOR-US: Local Server
CVE-2018-18755 (K-iwi Framework 1775 has SQL Injection via the admin/user/group/update ...)
@@ -37066,7 +37066,7 @@ CVE-2018-18474
CVE-2018-18473 (A hidden backdoor on PATLITE NBM-D88N, NHL-3FB1, and NHL-3FV1N devices ...)
NOT-FOR-US: PATLITE NBM-D88N
CVE-2018-18472 (Western Digital WD My Book Live (all versions) has a root Remote Comma ...)
- TODO: check
+ NOT-FOR-US: Western Digital WD My Book Live
CVE-2018-18471 (/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stor ...)
TODO: check
CVE-2018-18470
@@ -38867,11 +38867,11 @@ CVE-2018-17844
CVE-2018-17843 (SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Soft ...)
NOT-FOR-US: ADD Clicking MLM
CVE-2018-17842 (SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hot ...)
- TODO: check
+ NOT-FOR-US: Scriptzee Hotel Booking Engine
CVE-2018-17841 (SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the ...)
- TODO: check
+ NOT-FOR-US: Scriptzee Flippa Marketplace Clone
CVE-2018-17840 (SQL injection exists in Scriptzee Education Website 1.0 via the colleg ...)
- TODO: check
+ NOT-FOR-US: Scriptzee Education Website
CVE-2018-17839
RESERVED
CVE-2018-17838 (An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read oper ...)
@@ -39875,7 +39875,7 @@ CVE-2018-17425 (WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I wa
CVE-2018-17424
RESERVED
CVE-2018-17423 (An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_ ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2018-17422 (dotCMS before 5.0.2 has open redirects via the html/common/forward_js. ...)
NOT-FOR-US: dotCMS
CVE-2018-17421 (An issue was discovered in ZrLog 2.0.3. There is stored XSS in the fil ...)
@@ -39933,7 +39933,7 @@ CVE-2018-17395
CVE-2018-17394 (SQL Injection exists in the Timetable Schedule 3.6.8 component for Joo ...)
NOT-FOR-US: Timetable Schedule component for Joomla!
CVE-2018-17393 (SQL Injection exists in HealthNode Hospital Management System 1.0 via ...)
- TODO: check
+ NOT-FOR-US: HealthNode Hospital Management System
CVE-2018-17392
RESERVED
CVE-2018-17391 (SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via ...)
@@ -39941,13 +39941,13 @@ CVE-2018-17391 (SQL Injection exists in authors_post.php in Super Cms Blog Pro 1
CVE-2018-17390
RESERVED
CVE-2018-17389 (CSRF exists in server.php in Live Call Support Application 1.5 for add ...)
- TODO: check
+ NOT-FOR-US: Live Call Support Application
CVE-2018-17388 (SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the e ...)
- TODO: check
+ NOT-FOR-US: Twilio WEB To Fax Machine System
CVE-2018-17387 (CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for ...)
- TODO: check
+ NOT-FOR-US: Nimble Messaging Bulk SMS Marketing Application
CVE-2018-17386 (SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joo ...)
- TODO: check
+ NOT-FOR-US: Micro Deal Factory component for Joomla!
CVE-2018-17385 (SQL Injection exists in the Social Factory 3.8.3 component for Joomla! ...)
NOT-FOR-US: Social Factory component for Joomla!
CVE-2018-17384 (SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! v ...)
@@ -39957,7 +39957,7 @@ CVE-2018-17383 (SQL Injection exists in the Collection Factory 4.1.9 component f
CVE-2018-17382 (SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! v ...)
NOT-FOR-US: Jobs Factory component for Joomla!
CVE-2018-17381 (SQL Injection exists in the Dutch Auction Factory 2.0.2 component for ...)
- TODO: check
+ NOT-FOR-US: Dutch Auction Factory component for Joomla!
CVE-2018-17380 (SQL Injection exists in the Article Factory Manager 4.3.9 component fo ...)
NOT-FOR-US: Article Factory Manager component for Joomla!
CVE-2018-17379 (SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! ...)
@@ -39971,7 +39971,7 @@ CVE-2018-17376 (SQL Injection exists in the Reverse Auction Factory 4.3.8 compon
CVE-2018-17375 (SQL Injection exists in the Music Collection 3.0.3 component for Jooml ...)
NOT-FOR-US: Music Collection component for Joomla!
CVE-2018-17374 (SQL Injection exists in the Auction Factory 4.5.5 component for Joomla ...)
- TODO: check
+ NOT-FOR-US: Auction Factory component for Joomla!
CVE-2018-17373
RESERVED
CVE-2018-17372
@@ -42042,7 +42042,7 @@ CVE-2018-16620 (Sonatype Nexus Repository Manager before 3.14 has Incorrect Acce
CVE-2018-16619 (Sonatype Nexus Repository Manager before 3.14 allows XSS. ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-16618 (VTech Storio Max before 56.D3JM6 allows remote command execution via s ...)
- TODO: check
+ NOT-FOR-US: VTech
CVE-2018-1000670 (KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (u ...)
- koha <itp> (bug #702134)
NOTE: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086
@@ -42058,7 +42058,7 @@ CVE-2018-16615
CVE-2018-16614
RESERVED
CVE-2018-16613 (An issue was discovered in the update function in the wpForo Forum plu ...)
- TODO: check
+ NOT-FOR-US: update function in the wpForo Forum plugin for WordPress
CVE-2018-16612
RESERVED
CVE-2018-16611
@@ -42097,11 +42097,11 @@ CVE-2018-16597 (An issue was discovered in the Linux kernel before 4.8. Incorrec
CVE-2018-16596 (A stack-based buffer overflow in the LAN UPnP service running on UDP p ...)
NOT-FOR-US: Swisscom
CVE-2018-16595 (The Photo Sharing Plus component on Sony Bravia TV through 8.587 devic ...)
- TODO: check
+ NOT-FOR-US: Sony Bravia TV devices
CVE-2018-16594 (The Photo Sharing Plus component on Sony Bravia TV through 8.587 devic ...)
- TODO: check
+ NOT-FOR-US: Sony Bravia TV devices
CVE-2018-16593 (The Photo Sharing Plus component on Sony Bravia TV through 8.587 devic ...)
- TODO: check
+ NOT-FOR-US: Sony Bravia TV devices
CVE-2018-16592
RESERVED
CVE-2018-16591 (FURUNO FELCOM 250 and 500 devices allow unauthenticated users to chang ...)
@@ -108233,19 +108233,19 @@ CVE-2017-10726 (Winamp 5.666 Build 3516(x86) might allow attackers to execute ar
CVE-2017-10725 (Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary cod ...)
NOT-FOR-US: Winamp
CVE-2017-10724 (Recently it was discovered as a part of the research on IoT devices in ...)
- TODO: check
+ NOT-FOR-US: Shekar Endoscope
CVE-2017-10723 (Recently it was discovered as a part of the research on IoT devices in ...)
- TODO: check
+ NOT-FOR-US: Shekar Endoscope
CVE-2017-10722 (Recently it was discovered as a part of the research on IoT devices in ...)
- TODO: check
+ NOT-FOR-US: Shekar Endoscope
CVE-2017-10721 (Recently it was discovered as a part of the research on IoT devices in ...)
- TODO: check
+ NOT-FOR-US: Shekar Endoscope
CVE-2017-10720 (Recently it was discovered as a part of the research on IoT devices in ...)
- TODO: check
+ NOT-FOR-US: Shekar Endoscope
CVE-2017-10719 (Recently it was discovered as a part of the research on IoT devices in ...)
- TODO: check
+ NOT-FOR-US: Shekar Endoscope
CVE-2017-10718 (Recently it was discovered as a part of the research on IoT devices in ...)
- TODO: check
+ NOT-FOR-US: Shekar Endoscope
CVE-2017-10717
RESERVED
CVE-2017-10716
@@ -115372,25 +115372,25 @@ CVE-2017-8339 (PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cau
CVE-2017-8338 (A vulnerability in MikroTik Version 6.38.5 could allow an unauthentica ...)
NOT-FOR-US: MikroTik
CVE-2017-8337 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
- TODO: check
+ NOT-FOR-US: Securifi
CVE-2017-8336 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
- TODO: check
+ NOT-FOR-US: Securifi
CVE-2017-8335 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
- TODO: check
+ NOT-FOR-US: Securifi
CVE-2017-8334 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
- TODO: check
+ NOT-FOR-US: Securifi
CVE-2017-8333 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
- TODO: check
+ NOT-FOR-US: Securifi
CVE-2017-8332 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
- TODO: check
+ NOT-FOR-US: Securifi
CVE-2017-8331 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
- TODO: check
+ NOT-FOR-US: Securifi
CVE-2017-8330 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
- TODO: check
+ NOT-FOR-US: Securifi
CVE-2017-8329 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
- TODO: check
+ NOT-FOR-US: Securifi
CVE-2017-8328 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...)
- TODO: check
+ NOT-FOR-US: Securifi
CVE-2016-10351 (Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesk ...)
- telegram-desktop 1.1.19-2
NOTE: https://github.com/telegramdesktop/tdesktop/issues/2666
@@ -136671,7 +136671,7 @@ CVE-2017-1109
CVE-2017-1108
RESERVED
CVE-2017-1107 (IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2017-1106 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2017-1105 (IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (include ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b472a9eaed546c0f78d237679b8cf2b9aa2f05ba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b472a9eaed546c0f78d237679b8cf2b9aa2f05ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190619/2dcad770/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list