[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 27 20:34:56 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4a7bc341 by Salvatore Bonaccorso at 2019-03-27T20:34:39Z
Process NFUs
- - - - -
7aab800a by Salvatore Bonaccorso at 2019-03-27T20:34:40Z
Add CVE-2019-1023{1,2,3}/glpi
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2019-10239
RESERVED
CVE-2019-10238 (Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the file ...)
- TODO: check
+ NOT-FOR-US: Sitemagic CMS
CVE-2019-10237 (S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via th ...)
- TODO: check
+ NOT-FOR-US: S-CMS PHP
CVE-2019-10236
RESERVED
CVE-2019-10235
@@ -11,11 +11,17 @@ CVE-2019-10235
CVE-2019-10234
RESERVED
CVE-2019-10233 (Teclib GLPI before 9.4.1.1 is affected by a timing attack associated w ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/pull/5562
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-10232 (Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-10231 (Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerab ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/pull/5520
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-10230
RESERVED
CVE-2019-10229
@@ -283,7 +289,7 @@ CVE-2019-10101
CVE-2019-10100
RESERVED
CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...)
- TODO: check
+ NOT-FOR-US: article2pdf Wordpress plugin
CVE-2018-20815
RESERVED
CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other products, rich ...)
@@ -881,7 +887,7 @@ CVE-2019-1010259
CVE-2019-1010258
RESERVED
CVE-2019-1010257 (An Information Disclosure / Data Modification issue exists in article2 ...)
- TODO: check
+ NOT-FOR-US: article2pdf Wordpress plugin
CVE-2019-1010256
RESERVED
CVE-2019-1010255
@@ -1453,13 +1459,13 @@ CVE-2019-9865
CVE-2019-9864
RESERVED
CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in the ABUS ...)
- TODO: check
+ NOT-FOR-US: ABUS
CVE-2019-9862 (An issue was discovered on ABUS Secvest wireless alarm system FUAA5000 ...)
- TODO: check
+ NOT-FOR-US: ABUS
CVE-2019-9861
RESERVED
CVE-2019-9860 (Due to unencrypted signal communication and predictability of rolling ...)
- TODO: check
+ NOT-FOR-US: ABUS
CVE-2019-9859
RESERVED
CVE-2019-9858
@@ -11128,9 +11134,9 @@ CVE-2019-5929
CVE-2019-5928
RESERVED
CVE-2019-5927 (Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 an ...)
- TODO: check
+ NOT-FOR-US: 'an' App for iOS
CVE-2019-5926 (Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 ...)
- TODO: check
+ NOT-FOR-US: KinagaCMS
CVE-2019-5925 (Cross-site scripting vulnerability in Dradis Community Edition Dradis ...)
NOT-FOR-US: Dradis
CVE-2019-5924 (Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 ...)
@@ -28121,7 +28127,7 @@ CVE-2018-19018 (An access of uninitialized pointer vulnerability in CX-Superviso
CVE-2018-19017 (Several use after free vulnerabilities have been identified in CX-Supe ...)
NOT-FOR-US: CX-Supervisor
CVE-2018-19016 (Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2018-19015 (An attacker could inject commands to launch programs and create, write ...)
NOT-FOR-US: CX-Supervisor
CVE-2018-19014 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all ver ...)
@@ -28165,7 +28171,7 @@ CVE-2018-18996 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in u
CVE-2018-18995 (Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all ...)
NOT-FOR-US: ABB GATE-E2
CVE-2018-18994 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds ...)
- TODO: check
+ NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been discovered i ...)
NOT-FOR-US: CX-One
CVE-2018-18992 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user in ...)
@@ -35483,7 +35489,7 @@ CVE-2018-16209
CVE-2018-16208
RESERVED
CVE-2018-16207 (PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: PowerAct Pro Master Agent for Windows
CVE-2018-16206 (Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2 ...)
NOT-FOR-US: Wordpress plugin
CVE-2018-16205 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows ...)
@@ -36519,15 +36525,15 @@ CVE-2018-15819
CVE-2018-15818 (An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker ...)
NOT-FOR-US: Repute ARForms
CVE-2018-15817 (FastStone Image Viewer 6.5 has a Read Access Violation on Block Data M ...)
- TODO: check
+ NOT-FOR-US: FastStone Image Viewer
CVE-2018-15816 (FastStone Image Viewer 6.5 has a Read Access Violation on Block Data M ...)
- TODO: check
+ NOT-FOR-US: FastStone Image Viewer
CVE-2018-15815 (FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted is ...)
- TODO: check
+ NOT-FOR-US: FastStone Image Viewer
CVE-2018-15814 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at image0 ...)
- TODO: check
+ NOT-FOR-US: FastStone Image Viewer
CVE-2018-15813 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at image0 ...)
- TODO: check
+ NOT-FOR-US: FastStone Image Viewer
CVE-2018-15812
RESERVED
CVE-2018-15811
@@ -63862,15 +63868,15 @@ CVE-2018-5929
CVE-2018-5928
RESERVED
CVE-2018-5927 (HP Support Assistant before 8.7.50.3 allows an unauthorized person wit ...)
- TODO: check
+ NOT-FOR-US: HP Support Assistant
CVE-2018-5926 (A potential vulnerability has been identified in HP Remote Graphics So ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2018-5925 (A security vulnerability has been identified with certain HP Inkjet pr ...)
NOT-FOR-US: HP Inkjet printers
CVE-2018-5924 (A security vulnerability has been identified with certain HP Inkjet pr ...)
NOT-FOR-US: HP Inkjet printers
CVE-2018-5923 (In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2018-5922
RESERVED
CVE-2018-5921 (A potential security vulnerability has been identified with certain HP ...)
@@ -125487,7 +125493,7 @@ CVE-2017-2754
CVE-2017-2753
RESERVED
CVE-2017-2752 (A potential security vulnerability caused by incomplete obfuscation of ...)
- TODO: check
+ NOT-FOR-US: Tommy Hilfiger TH24/7 Android app
CVE-2017-2751 (A BIOS password extraction vulnerability has been reported on certain ...)
NOT-FOR-US: firmware on HP notebooks
CVE-2017-2750 (Insufficient Solution DLL Signature Validation allows potential execut ...)
@@ -125495,7 +125501,7 @@ CVE-2017-2750 (Insufficient Solution DLL Signature Validation allows potential e
CVE-2017-2749
RESERVED
CVE-2017-2748 (A potential security vulnerability caused by the use of insecure (http ...)
- TODO: check
+ NOT-FOR-US: Isaac Mizrahi Smartwatch mobile app
CVE-2017-2747 (HP has identified a potential security vulnerability before IG_11_00_0 ...)
NOT-FOR-US: HP printers
CVE-2017-2746 (Potential security vulnerabilities have been identified with HP JetAdv ...)
@@ -176084,15 +176090,15 @@ CVE-2015-3958 (Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibl
CVE-2015-3957 (Hospira LifeCare PCA Infusion System before 7.0 stores private keys an ...)
NOT-FOR-US: Hospira LifeCare
CVE-2015-3956 (Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infus ...)
- TODO: check
+ NOT-FOR-US: Hospira
CVE-2015-3955 (Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5. ...)
NOT-FOR-US: Hospira LifeCare
CVE-2015-3954 (Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infus ...)
- TODO: check
+ NOT-FOR-US: Hospira
CVE-2015-3953 (Hard-coded accounts may be used to access Hospira Plum A+ Infusion Sys ...)
- TODO: check
+ NOT-FOR-US: Hospira
CVE-2015-3952 (Wireless keys are stored in plain text on Hospira Plum A+ Infusion Sys ...)
- TODO: check
+ NOT-FOR-US: Hospira
CVE-2015-3951 (RLE Nova-Wind Turbine HMI devices store cleartext credentials, which a ...)
NOT-FOR-US: RLE Nova-Wind Turbines
CVE-2015-3950 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on ...)
@@ -185500,7 +185506,7 @@ CVE-2015-1014 (A successful exploit of these vulnerabilities requires the local
CVE-2015-1013 (OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure tha ...)
NOT-FOR-US: OSIsoft PI AF and OSIsoft PI SQL for AF
CVE-2015-1012 (Wireless keys are stored in plain text on version 5 of the Hospira Lif ...)
- TODO: check
+ NOT-FOR-US: Hospira
CVE-2015-1011 (Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credenti ...)
NOT-FOR-US: Hospira LifeCare
CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does n ...)
@@ -188667,11 +188673,11 @@ CVE-2014-9191 (The CodeWrights HART Device Type Manager (DTM) library in Emerson
CVE-2014-9190 (Stack-based buffer overflow in Schneider Electric Wonderware InTouch A ...)
NOT-FOR-US: Schneider Electric
CVE-2014-9189 (Multiple stack-based buffer overflow vulnerabilities were found in Hon ...)
- TODO: check
+ NOT-FOR-US: Honeywell Experion PKS
CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Elec ...)
NOT-FOR-US: Schneider Electric ProClima
CVE-2014-9187 (Multiple heap-based buffer overflow vulnerabilities exist in Honeywell ...)
- TODO: check
+ NOT-FOR-US: Honeywell Experion PKS
CVE-2014-9186
RESERVED
CVE-2014-9185 (Static code injection vulnerability in install.php in Morfy CMS 1.05 a ...)
@@ -197237,7 +197243,7 @@ CVE-2014-6229 (The HashContext class in hphp/runtime/ext/ext_hash.cpp in Faceboo
CVE-2014-6228 (Integer overflow in the string_chunk_split function in hphp/runtime/ba ...)
NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2010-5305 (The potential exists for exposure of the product's password used to re ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail 3.22 al ...)
{DSA-3019-1 DLA-46-1}
- procmail 3.22-22 (bug #760443)
@@ -198897,13 +198903,13 @@ CVE-2014-5436
CVE-2014-5435
RESERVED
CVE-2014-5434 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...)
- TODO: check
+ NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
CVE-2014-5433 (An unauthenticated remote attacker may be able to execute commands to ...)
- TODO: check
+ NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
CVE-2014-5432 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...)
- TODO: check
+ NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
CVE-2014-5431 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...)
- TODO: check
+ NOT-FOR-US: Baxter SIGMA Spectrum Infusion System
CVE-2014-5430 (Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.6 ...)
NOT-FOR-US: ABB RobotStudio
CVE-2014-5429 (DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and ...)
@@ -198963,7 +198969,7 @@ CVE-2014-5403 (Hospira MedNet before 6.1 uses hardcoded cryptographic keys for p
CVE-2014-5402
REJECTED
CVE-2014-5401 (Hospira MedNet software version 5.8 and prior uses vulnerable versions ...)
- TODO: check
+ NOT-FOR-US: Hospira
CVE-2014-5400 (The installation component in Hospira MedNet before 6.1 places clearte ...)
NOT-FOR-US: Hospira MedNet
CVE-2014-5399 (SQL injection vulnerability in Schneider Electric Wonderware Informati ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/16ed31f7b4a0349ead68b6d7002d630dd8d9ea75...7aab800a599cf472b1bdf5d7fd4d2e46bc522c60
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/16ed31f7b4a0349ead68b6d7002d630dd8d9ea75...7aab800a599cf472b1bdf5d7fd4d2e46bc522c60
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190327/b6180a9f/attachment.html>
More information about the debian-security-tracker-commits
mailing list