[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Mar 22 08:53:00 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
50b1a680 by Moritz Muehlenhoff at 2019-03-22T08:52:37Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2019-9939 (The SHAREit application before 4.0.36 for Android allows a remote atta ...)
- TODO: check
+ NOT-FOR-US: SHAREit
CVE-2019-9938 (The SHAREit application before 4.0.42 for Android allows a remote atta ...)
- TODO: check
+ NOT-FOR-US: SHAREit
CVE-2019-9937 (In SQLite 3.27.2, interleaving reads and writes in a single transactio ...)
TODO: check
CVE-2019-9936 (In SQLite 3.27.2, running fts5 prefix queries inside a transaction cou ...)
@@ -27,7 +27,7 @@ CVE-2019-9927 (Caret before 2019-02-22 allows Remote Code Execution. ...)
CVE-2019-9926
RESERVED
CVE-2019-9925 (S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. ...)
- TODO: check
+ NOT-FOR-US: S-CMS PHP
CVE-2019-9924 (rbash in Bash before 4.4-beta2 did not prevent the shell user from mod ...)
TODO: check
CVE-2019-9923 (pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ...)
@@ -47,21 +47,21 @@ CVE-2019-9917
CVE-2019-9916
RESERVED
CVE-2019-9915 (GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redir ...)
- TODO: check
+ NOT-FOR-US: GetSimpleCMS
CVE-2019-9914 (The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php? ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-9913 (The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-adm ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-9912 (The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-9911 (The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-9910 (The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?pag ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-9909 (The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-9908 (The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-gen ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-9907
RESERVED
CVE-2019-9906
@@ -3134,7 +3134,7 @@ CVE-2019-8999
CVE-2019-8998
RESERVED
CVE-2019-8997 (An XML External Entity Injection (XXE) vulnerability in the Management ...)
- TODO: check
+ NOT-FOR-US: BlackBerry
CVE-2019-8996 (In Signiant Manager+Agents before 13.5, the implementation of the set ...)
NOT-FOR-US: Signiant
CVE-2019-8995
@@ -6374,7 +6374,7 @@ CVE-2019-7539 (A code injection issue was discovered in ipycache through 2016-05
CVE-2019-7538
RESERVED
CVE-2019-7537 (An issue was discovered in Donfig 0.3.0. There is a vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: Donfig
CVE-2019-7536
RESERVED
CVE-2019-7535 (index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive ...)
@@ -7203,7 +7203,7 @@ CVE-2019-7240
CVE-2019-7239
RESERVED
CVE-2019-7238 (Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access C ...)
- TODO: check
+ NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2019-7237 (An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/e ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2019-7236 (An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admin ...)
@@ -8921,7 +8921,7 @@ CVE-2019-6493
CVE-2019-6492 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
NOT-FOR-US: IObit Smart Defrag
CVE-2019-6491 (RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. ...)
- TODO: check
+ NOT-FOR-US: RISI Gestao de Horarios
CVE-2019-6490
RESERVED
CVE-2019-6489 (Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-0 ...)
@@ -11500,7 +11500,7 @@ CVE-2019-5492
CVE-2019-5491 (Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 a ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2019-5490 (Certain versions between 2.x to 5.x (refer to advisory) of the NetApp ...)
- TODO: check
+ NOT-FOR-US: NetApp
CVE-2019-5488 (EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac= ...)
NOT-FOR-US: EARCLINK ESPCMS-P8
CVE-2019-5489 (The mincore() implementation in mm/mincore.c in the Linux kernel throu ...)
@@ -12464,7 +12464,7 @@ CVE-2019-5013
CVE-2019-5012
RESERVED
CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the helper ...)
- TODO: check
+ NOT-FOR-US: CleanMyMac
CVE-2019-5010 [NULL pointer dereference using a specially crafted X509 certificate]
RESERVED
{DLA-1663-1}
@@ -15112,7 +15112,7 @@ CVE-2019-3780 (Cloud Foundry Container Runtime, versions prior to 0.28.0, deploy
CVE-2019-3779 (Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kub ...)
NOT-FOR-US: Cloud Foundry
CVE-2019-3778 (Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2 ...)
- TODO: check
+ NOT-FOR-US: Spring Security OAuth
CVE-2019-3777 (Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3 ...)
NOT-FOR-US: Pivotal
CVE-2019-3776 (Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x vers ...)
@@ -19942,13 +19942,13 @@ CVE-2018-20036
CVE-2018-20035
RESERVED
CVE-2018-20034 (A Denial of Service vulnerability related to adding an item to a list ...)
- TODO: check
+ NOT-FOR-US: FlexNet Publisher
CVE-2018-20033 (A Remote Code Execution vulnerability in lmgrd and vendor daemon compo ...)
NOT-FOR-US: FlexNet Publisher
CVE-2018-20032 (A Denial of Service vulnerability related to message decoding in lmgrd ...)
- TODO: check
+ NOT-FOR-US: FlexNet Publisher
CVE-2018-20031 (A Denial of Service vulnerability related to preemptive item deletion ...)
- TODO: check
+ NOT-FOR-US: FlexNet Publisher
CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EX ...)
- libexif 0.6.21-5.1 (bug #918730)
[stretch] - libexif <no-dsa> (Minor issue)
@@ -22576,7 +22576,7 @@ CVE-2018-19696
CVE-2018-19695
RESERVED
CVE-2018-19694 (HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous hav ...)
- TODO: check
+ NOT-FOR-US: HMS Industrial Networks Netbiter WS100
CVE-2018-19693 (An issue was discovered in tp5cms through 2017-05-25. admin.php/system ...)
NOT-FOR-US: tp5cms
CVE-2018-19692 (An issue was discovered in tp5cms through 2017-05-25. admin.php/upload ...)
@@ -25725,9 +25725,9 @@ CVE-2018-19527 (i4 assistant 7.85 allows XSS via a crafted machine name field wi
CVE-2018-19526
RESERVED
CVE-2018-19525 (An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1 ...)
- TODO: check
+ NOT-FOR-US: Systrome
CVE-2018-19524 (An issue was discovered on Shenzhen Skyworth DT741 Converged Intellige ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Skyworth
CVE-2018-19523 (DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows ...)
NOT-FOR-US: DriverAgent
CVE-2018-19522 (DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows ...)
@@ -25747,19 +25747,19 @@ CVE-2018-19516
NOTE: https://www.kde.org/info/security/advisory-20181128-1.txt
NOTE: https://cgit.kde.org/messagelib.git/commit/?id=34765909cdf8e55402a8567b48fb288839c61612
CVE-2018-19515 (In Webgalamb through 7.0, system/ajax.php functionality is supposed to ...)
- TODO: check
+ NOT-FOR-US: Webgalamb
CVE-2018-19514 (In Webgalamb through 7.0, an arbitrary code execution vulnerability co ...)
- TODO: check
+ NOT-FOR-US: Webgalamb
CVE-2018-19513 (In Webgalamb through 7.0, log files are exposed to the internet with p ...)
- TODO: check
+ NOT-FOR-US: Webgalamb
CVE-2018-19512 (In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" director ...)
- TODO: check
+ NOT-FOR-US: Webgalamb
CVE-2018-19511 (wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attac ...)
- TODO: check
+ NOT-FOR-US: Webgalamb
CVE-2018-19510 (subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection ...)
- TODO: check
+ NOT-FOR-US: Webgalamb
CVE-2018-19509 (wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars ...)
- TODO: check
+ NOT-FOR-US: Webgalamb
CVE-2018-19508 (CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?user ...)
NOT-FOR-US: CMSimple
CVE-2018-19507 (CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action ...)
@@ -25786,7 +25786,7 @@ CVE-2018-19500
CVE-2018-19499 (Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Executi ...)
NOT-FOR-US: Vanilla
CVE-2018-19498 (The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XS ...)
- TODO: check
+ NOT-FOR-US: Atlassian plugin
CVE-2018-19497 (In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs. ...)
{DLA-1610-1}
- sleuthkit <unfixed> (low; bug #914796)
@@ -25841,9 +25841,9 @@ CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to caus
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1d20398694a3b67a388d955b7a945ba4aa90a8a8 (master)
CVE-2018-19488 (The WP-jobhunt plugin before version 2.4 for WordPress does not contro ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-19487 (The WP-jobhunt plugin before version 2.4 for WordPress does not contro ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-19485
RESERVED
CVE-2018-19484
@@ -26190,7 +26190,7 @@ CVE-2018-19961 (An issue was discovered in Xen through 4.11.x on AMD x86 platfor
CVE-2018-19366
RESERVED
CVE-2018-19365 (The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of th ...)
- TODO: check
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2018-19364 (hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while ...)
{DLA-1646-1}
- qemu 1:3.1+dfsg-1 (bug #914599)
@@ -26518,7 +26518,7 @@ CVE-2019-0186
CVE-2018-19277 (securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypa ...)
NOT-FOR-US: PHPOffice
CVE-2018-19276 (OpenMRS before 2.24.0 is affected by an Insecure Object Deserializatio ...)
- TODO: check
+ NOT-FOR-US: OpenMRS
CVE-2018-19275
RESERVED
CVE-2018-19274 (Passing an absolute path to a file_exists check in phpBB before 3.2.4 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50b1a680ee01679811e57d7d48a9027a5f88b139
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/50b1a680ee01679811e57d7d48a9027a5f88b139
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190322/f0b4e2e9/attachment.html>
More information about the debian-security-tracker-commits
mailing list