[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Mar 21 11:12:19 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3b64713d by Moritz Muehlenhoff at 2019-03-21T11:11:44Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2019-9891
CVE-2019-9890
RESERVED
CVE-2019-9889 (In Vanilla before 2.6.4, a flaw exists within the getSingleIndex funct ...)
- TODO: check
+ NOT-FOR-US: Vanilla Forums
CVE-2019-9888
RESERVED
CVE-2019-1010319
@@ -1073,7 +1073,6 @@ CVE-2018-20800 (An issue was discovered in Open Ticket Request System (OTRS) 5.0
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8d17d58029efbb0bba25c4208e09e2d320eeb0c3
NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/7d3c56d5b9bb38207695dae174dbba89a132e7b9
NOTE: For upstream versions only did affect OTRS 6.0.13 and OTRS 5.0.31.
- TODO: check, if for the older series broken patches were backported and thus as well affected
CVE-2019-9750 (In IoTivity through 1.3.1, the CoAP server interface can be used for D ...)
- iotivity <itp> (bug #824155)
CVE-2019-9749 (An issue was discovered in the MQTT input plugin in Fluent Bit through ...)
@@ -6539,31 +6538,31 @@ CVE-2019-7443 [Insecure handling of arguments in helpers]
CVE-2019-7442
RESERVED
CVE-2019-7441 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Ga ...)
- TODO: check
+ NOT-FOR-US: WooCommerce
CVE-2019-7440 (JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Ke ...)
- TODO: check
+ NOT-FOR-US: JioFi
CVE-2019-7439 (cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang ...)
- TODO: check
+ NOT-FOR-US: JioFi
CVE-2019-7438 (cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML i ...)
- TODO: check
+ NOT-FOR-US: JioFi
CVE-2019-7437 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7436 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7435 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7434 (PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7433 (PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forge ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7432 (PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the S ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7431 (PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal vi ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7430 (PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7429 (PHP Scripts Mall Property Rental Software 2.1.4 has directory traversa ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7428
RESERVED
CVE-2019-7427
@@ -6589,7 +6588,7 @@ CVE-2019-7418 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.0
CVE-2019-7417 (XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple ...)
NOT-FOR-US: Ericsson Active Library Explorer (ALEX)
CVE-2019-7416 (XSS and/or a Client Side URL Redirect exists in OpenText Documentum We ...)
- TODO: check
+ NOT-FOR-US: OpenText Documentum Webtop
CVE-2019-7415
RESERVED
CVE-2019-7414
@@ -8337,7 +8336,7 @@ CVE-2019-6716 (An unauthenticated Insecure Direct Object Reference (IDOR) in Wic
CVE-2019-6715
RESERVED
CVE-2019-6714 (An issue was discovered in BlogEngine.NET through 3.3.6.0. A path trav ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2019-6713 (app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows ...)
NOT-FOR-US: ThinkCMF
CVE-2019-6712
@@ -10857,7 +10856,7 @@ CVE-2019-5731
CVE-2019-5730
RESERVED
CVE-2019-5729 (Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2019-5728
RESERVED
CVE-2019-5727 (Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9 ...)
@@ -10869,9 +10868,9 @@ CVE-2019-5725 (qibosoft through V7 allows remote attackers to read arbitrary fil
CVE-2019-5724
RESERVED
CVE-2019-5723 (An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwor ...)
- TODO: check
+ NOT-FOR-US: portier vision
CVE-2019-5722 (An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to ...)
- TODO: check
+ NOT-FOR-US: portier vision
CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was ...)
- wireshark 2.6.1-1
[stretch] - wireshark 2.6.3-1~deb9u1
@@ -15649,15 +15648,15 @@ CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allow
CVE-2018-20649
RESERVED
CVE-2018-20648 (PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forger ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2018-20647 (PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2018-20646 (PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal vi ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2018-20645 (PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the Fir ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2018-20644 (PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2018-20643 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory tr ...)
NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-20642 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote at ...)
@@ -16207,9 +16206,9 @@ CVE-2018-20528 (JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile par
CVE-2018-20527
RESERVED
CVE-2018-20526 (Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php. ...)
- TODO: check
+ NOT-FOR-US: Roxy Fileman
CVE-2018-20525 (Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile ...)
- TODO: check
+ NOT-FOR-US: Roxy Fileman
CVE-2018-20524 (The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted us ...)
NOT-FOR-US: Chat Anywhere Chrome extension
CVE-2018-20523
@@ -16794,7 +16793,7 @@ CVE-2018-20325 (There is a vulnerability in load() method in definitions/parser.
CVE-2018-20324
RESERVED
CVE-2018-20323 (www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition ...)
- TODO: check
+ NOT-FOR-US: MailCleaner
CVE-2018-20322 (LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulner ...)
- limesurvey <itp> (bug #472802)
CVE-2018-20321
@@ -17233,7 +17232,7 @@ CVE-2018-20223
CVE-2018-20222
RESERVED
CVE-2018-20221 (Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are ...)
- TODO: check
+ NOT-FOR-US: Deltek
CVE-2018-20220 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56 ...)
NOT-FOR-US: Teracue ENC-400 devices
CVE-2018-20219 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56 ...)
@@ -17443,7 +17442,7 @@ CVE-2018-20164 (An issue was discovered in regex.yaml (aka regexes.yaml) in UA-P
CVE-2018-20163
RESERVED
CVE-2018-20162 (Digi TransPort LR54 4.4.0.26 and possible earlier devices have Imprope ...)
- TODO: check
+ NOT-FOR-US: Digi TransPort
CVE-2018-20161 (A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.1 ...)
NOT-FOR-US: BlinkForHome (aka Blink For Home) Sync Module
CVE-2018-20160
@@ -19549,9 +19548,9 @@ CVE-2018-20143
CVE-2018-20142
RESERVED
CVE-2018-20141 (AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sor ...)
- TODO: check
+ NOT-FOR-US: AbanteCart
CVE-2018-20140 (Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilitie ...)
- TODO: check
+ NOT-FOR-US: Zenphoto
CVE-2018-20139
RESERVED
CVE-2018-20138 (PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via A ...)
@@ -19620,7 +19619,7 @@ CVE-2018-20145 (Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the o
CVE-2018-20122 (The web interface on FASTGate Fastweb devices with firmware through 0. ...)
NOT-FOR-US: FASTGate Fastweb
CVE-2018-20121 (Podcast Generator 2.7 has stored cross-site scripting (XSS) via the UR ...)
- TODO: check
+ NOT-FOR-US: Podcast Generator
CVE-2018-20120
RESERVED
CVE-2018-20119
@@ -20976,7 +20975,7 @@ CVE-2018-19937 (A local, authenticated attacker can bypass the passcode in the V
CVE-2018-19936 (PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. ...)
NOT-FOR-US: PrinterOn Enterprise
CVE-2018-19934 (SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2018-19933 (Bolt CMS <3.6.2 allows XSS via text input click preview button as d ...)
NOT-FOR-US: Bolt CMS
CVE-2019-1984
@@ -21874,7 +21873,7 @@ CVE-2019-1566 (The PAN-OS management web interface in PAN-OS 7.1.21 and earlier,
CVE-2019-1565 (The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-O ...)
NOT-FOR-US: PAN-OS
CVE-2018-19917 (Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2018-19916
RESERVED
CVE-2018-19915 (DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Hos ...)
@@ -22276,7 +22275,7 @@ CVE-2018-19785 (PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the U
CVE-2018-19784 (The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.p ...)
NOT-FOR-US: PHP-Proxy
CVE-2018-19783 (Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authenticati ...)
- TODO: check
+ NOT-FOR-US: Kentix MultiSensor-LAN
CVE-2018-19782 (Multiple cross-site scripting (XSS) vulnerabilities in GET requests in ...)
NOT-FOR-US: FreshRSS
CVE-2018-19781
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b64713dfee588337cf58f263ffd17650da1095f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b64713dfee588337cf58f263ffd17650da1095f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190321/b3f8f1ea/attachment.html>
More information about the debian-security-tracker-commits
mailing list