[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 7 20:22:30 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8310201a by Salvatore Bonaccorso at 2019-03-07T20:22:02Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2019-9627
RESERVED
CVE-2019-9626 (PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to ...)
- TODO: check
+ NOT-FOR-US: PHPSHE
CVE-2019-9625 (JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to ...)
- TODO: check
+ NOT-FOR-US: JBMC DirectAdmin
CVE-2019-XXXX [high memory usage with long running sessions]
- proftpd-dfsg 1.3.5d-1 (bug #923926)
NOTE: https://github.com/proftpd/proftpd/issues/330#issuecomment-276891713
@@ -71,11 +71,11 @@ CVE-2019-9595 (AppCMS 2.0.101 allows XSS via the upload/callback.php params para
CVE-2019-9594 (BlueCMS 1.6 allows SQL Injection via the user_id parameter in an ...)
NOT-FOR-US: BlueCMS
CVE-2019-9593 (A reflected Cross-site scripting (XSS) vulnerability in ShoreTel ...)
- TODO: check
+ NOT-FOR-US: ShoreTel Connect
CVE-2019-9592 (A reflected Cross-site scripting (XSS) vulnerability in ShoreTel ...)
- TODO: check
+ NOT-FOR-US: ShoreTel Connect
CVE-2019-9591 (A reflected Cross-site scripting (XSS) vulnerability in ShoreTel ...)
- TODO: check
+ NOT-FOR-US: ShoreTel Connect
CVE-2019-9590 (An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It ...)
NOT-FOR-US: TENGCONTROL devices
CVE-2019-9589 (There is a NULL pointer dereference vulnerability in ...)
@@ -95,7 +95,7 @@ CVE-2019-9583
CVE-2019-9582
RESERVED
CVE-2019-9581 (phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via ...)
- TODO: check
+ NOT-FOR-US: phpscheduleit Booked Scheduler
CVE-2019-9580
RESERVED
CVE-2019-9579
@@ -175,13 +175,13 @@ CVE-2019-9557
CVE-2019-9556
RESERVED
CVE-2019-9555 (Sagemcom F at st 5260 routers using firmware version 0.4.39, in WPA mode, ...)
- TODO: check
+ NOT-FOR-US: Sagemcom routers
CVE-2019-9554
RESERVED
CVE-2019-9553
RESERVED
CVE-2019-9552 (Eloan V3.0 through 2018-09-20 allows remote attackers to list files via ...)
- TODO: check
+ NOT-FOR-US: Eloan
CVE-2019-9551 (An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. ...)
NOT-FOR-US: doyocms
CVE-2019-9550 (DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS. ...)
@@ -2966,7 +2966,7 @@ CVE-2019-8339
CVE-2019-8338
RESERVED
CVE-2019-8336 (HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Consul
CVE-2019-8335 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS ...)
NOT-FOR-US: SchoolCMS
CVE-2019-8334 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS ...)
@@ -7104,23 +7104,23 @@ CVE-2019-6567
CVE-2019-6566
RESERVED
CVE-2019-6565 (Moxa IKS and EDS fails to properly validate user input, giving ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-6564
RESERVED
CVE-2019-6563 (Moxa IKS and EDS generate a predictable cookie calculated with an MD5 ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-6562
RESERVED
CVE-2019-6561 (Cross-site request forgery has been identified in Moxa IKS and EDS, ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-6560
RESERVED
CVE-2019-6559 (Moxa IKS and EDS allow remote authenticated users to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-6558
RESERVED
CVE-2019-6557 (Several buffer overflow vulnerabilities have been identified in Moxa ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-6556
RESERVED
CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper input validation vulnerability ...)
@@ -7178,7 +7178,7 @@ CVE-2019-6530
CVE-2019-6529
RESERVED
CVE-2019-6528 (PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit ...)
- TODO: check
+ NOT-FOR-US: PSI GridConnect GmbH
CVE-2019-6527 (PR100088 Modbus gateway versions prior to Release R02 (or Software ...)
NOT-FOR-US: PR100088 Modbus
CVE-2019-6526
@@ -7187,19 +7187,19 @@ CVE-2019-6525
RESERVED
NOT-FOR-US: AVEVA Wonderware System Platform
CVE-2019-6524 (Moxa IKS and EDS do not implement sufficient measures to prevent ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-6523 (WebAccess/SCADA, Version 8.3. The software does not properly sanitize ...)
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6522 (Moxa IKS and EDS fails to properly check array bounds which may allow ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-6521 (WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a ...)
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6520 (Moxa IKS and EDS does not properly check authority on server side, ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-6519 (WebAccess/SCADA, Version 8.3. An improper authentication vulnerability ...)
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6518 (Moxa IKS and EDS store plaintext passwords, which may allow sensitive ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-6517 (BD FACSLyric Research Use Only, Windows 10 Professional Operating ...)
NOT-FOR-US: BD FACSLyric
CVE-2019-6516
@@ -8048,14 +8048,14 @@ CVE-2019-6233 (A memory corruption issue was addressed with improved memory hand
CVE-2019-6232
RESERVED
CVE-2019-6231 (An out-of-bounds read was addressed with improved bounds checking. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6230 (A memory initialization issue was addressed with improved memory ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6229 (A logic issue was addressed with improved validation. This issue is ...)
- webkit2gtk 2.22.5-1 (unimportant)
NOTE: Not covered by security support
CVE-2019-6228 (A cross-site scripting issue existed in Safari. This issue was ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2019-6227 (A memory corruption issue was addressed with improved memory handling. ...)
- webkit2gtk 2.22.5-1 (unimportant)
NOTE: Not covered by security support
@@ -8063,21 +8063,21 @@ CVE-2019-6226 (Multiple memory corruption issues were addressed with improved me
- webkit2gtk 2.22.0-2 (unimportant)
NOTE: Not covered by security support
CVE-2019-6225 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6224 (A buffer overflow issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6223 (A logic issue existed in the handling of Group FaceTime calls. The ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6222
RESERVED
CVE-2019-6221 (An out-of-bounds read was addressed with improved bounds checking. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6220 (An out-of-bounds read was addressed with improved input validation. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6219 (A denial of service issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6218 (A memory corruption issue was addressed with improved input ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6217 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.5-1 (unimportant)
NOTE: Not covered by security support
@@ -8088,36 +8088,36 @@ CVE-2019-6215 (A type confusion issue was addressed with improved memory handlin
- webkit2gtk 2.22.6-1 (unimportant)
NOTE: Not covered by security support
CVE-2019-6214 (A type confusion issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6213 (A buffer overflow was addressed with improved bounds checking. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6212 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.22.6-1 (unimportant)
NOTE: Not covered by security support
CVE-2019-6211 (A memory corruption issue was addressed with improved state ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6210 (A memory corruption issue was addressed with improved input ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6209 (An out-of-bounds read issue existed that led to the disclosure of ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6208 (A memory initialization issue was addressed with improved memory ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6207
RESERVED
CVE-2019-6206 (An issue existed with autofill resuming after it was canceled. The ...)
NOT-FOR-US: autofill in iOS
CVE-2019-6205 (A memory corruption issue was addressed with improved lock state ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6204
RESERVED
CVE-2019-6203
RESERVED
CVE-2019-6202 (An out-of-bounds read was addressed with improved bounds checking. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6201
RESERVED
CVE-2019-6200 (An out-of-bounds read was addressed with improved input validation. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6199
RESERVED
CVE-2019-6198
@@ -13000,17 +13000,17 @@ CVE-2019-3924 (MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term)
CVE-2019-3923 (Nessus versions 8.2.1 and earlier were found to contain a stored XSS ...)
NOT-FOR-US: Nessus
CVE-2019-3922 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version ...)
- TODO: check
+ NOT-FOR-US: Alcatel Lucent
CVE-2019-3921 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version ...)
- TODO: check
+ NOT-FOR-US: Alcatel Lucent
CVE-2019-3920 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version ...)
- TODO: check
+ NOT-FOR-US: Alcatel Lucent
CVE-2019-3919 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version ...)
- TODO: check
+ NOT-FOR-US: Alcatel Lucent
CVE-2019-3918 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version ...)
- TODO: check
+ NOT-FOR-US: Alcatel Lucent
CVE-2019-3917 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version ...)
- TODO: check
+ NOT-FOR-US: Alcatel Lucent
CVE-2019-3916
RESERVED
CVE-2019-3915
@@ -20139,31 +20139,31 @@ CVE-2019-1599
CVE-2019-1598
RESERVED
CVE-2019-1597 (Multiple vulnerabilities in the implementation of the Lightweight ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1596 (A vulnerability in the Bash shell implementation for Cisco NX-OS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1595 (A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1594 (A vulnerability in the 802.1X implementation for Cisco NX-OS Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1593 (A vulnerability in the Bash shell implementation for Cisco NX-OS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1592
RESERVED
CVE-2019-1591 (A vulnerability in a specific CLI command implementation of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1590
RESERVED
CVE-2019-1589
RESERVED
CVE-2019-1588 (A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1587
RESERVED
CVE-2019-1586
RESERVED
CVE-2019-1585 (A vulnerability in the controller authorization functionality of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-19960 (The debug_mode function in web/web.py in OnionShare through 1.3.1, when ...)
- onionshare 1.3.2-1 (bug #915859; unimportant)
[jessie] - onionshare <no-dsa> (contrib not supported)
@@ -21059,15 +21059,15 @@ CVE-2018-19642
CVE-2018-19641
RESERVED
CVE-2018-19640 (If the attacker manages to create files in the directory used to ...)
- TODO: check
+ NOT-FOR-US: SLES support scripts
CVE-2018-19639 (If supportutils before version 3.1-5.7.1 is run with -v to perform rpm ...)
- TODO: check
+ NOT-FOR-US: SLES support scripts
CVE-2018-19638 (In supportutils, before version 3.1-5.7.1 and if pacemaker is ...)
- TODO: check
+ NOT-FOR-US: SLES support scripts
CVE-2018-19637 (Supportutils, before version 3.1-5.7.1, wrote data to static file ...)
- TODO: check
+ NOT-FOR-US: SLES support scripts
CVE-2018-19636 (Supportutils, before version 3.1-5.7.1, when run with command line ...)
- TODO: check
+ NOT-FOR-US: SLES support scripts
CVE-2018-19635 (CA Service Desk Manager 14.1 and 17 contain a vulnerability that can ...)
NOT-FOR-US: CA Service Desk Manager
CVE-2018-19634 (CA Service Desk Manager 14.1 and 17 contain a vulnerability that can ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8310201ab4253942c35c7c138f4b3ea886a1c794
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8310201ab4253942c35c7c138f4b3ea886a1c794
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190307/2314d154/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list