[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 28 21:42:04 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f26ed2e8 by Salvatore Bonaccorso at 2019-03-28T21:40:57Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2019-10261
RESERVED
CVE-2019-10260 (Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html ( ...)
- TODO: check
+ NOT-FOR-US: Total.js CMS
CVE-2019-10259
RESERVED
CVE-2019-10258
@@ -13,15 +13,15 @@ CVE-2019-10256
CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...)
TODO: check
CVE-2019-10254 (In MISP before 2.4.105, the app/View/Layouts/default.ctp default layou ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2019-10253
RESERVED
CVE-2019-10252
RESERVED
CVE-2019-10251 (The UCWeb UC Browser application through 2019-03-26 for Android uses H ...)
- TODO: check
+ NOT-FOR-US: UCWeb UC Browser application for Android
CVE-2019-10250 (UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading cer ...)
- TODO: check
+ NOT-FOR-US: UCWeb UC Browser
CVE-2019-1003048 (A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attack ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-1003047 (A missing permission check in Jenkins Fortify on Demand Uploader Plugi ...)
@@ -647,7 +647,7 @@ CVE-2019-9963 (XnView MP 0.93.1 on Windows allows remote attackers to cause a de
CVE-2019-9962 (XnView MP 0.93.1 on Windows allows remote attackers to cause a denial ...)
NOT-FOR-US: XnView
CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view in core/m ...)
- TODO: check
+ NOT-FOR-US: Wikindx
CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.php i ...)
- limesurvey <itp> (bug #472802)
CVE-2019-9959
@@ -1527,7 +1527,7 @@ CVE-2019-9866 [Project Runner Token Exposed Through Issues Quick Actions]
CVE-2019-9865
RESERVED
CVE-2019-9864 (PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tamperi ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall Amazon Affiliate Store
CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in the ABUS ...)
NOT-FOR-US: ABUS
CVE-2019-9862 (An issue was discovered on ABUS Secvest wireless alarm system FUAA5000 ...)
@@ -1933,7 +1933,7 @@ CVE-2019-9746 (In libwebm before 2019-03-08, a NULL pointer dereference caused b
CVE-2019-9745
RESERVED
CVE-2019-9744 (An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN ...)
- TODO: check
+ NOT-FOR-US: PHOENIX
CVE-2019-9743 (An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211- ...)
NOT-FOR-US: PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices
CVE-2019-9742 (gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attac ...)
@@ -9630,19 +9630,19 @@ CVE-2019-6544
CVE-2019-6543 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and I ...)
NOT-FOR-US: AVEVA
CVE-2019-6542 (ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior t ...)
- TODO: check
+ NOT-FOR-US: ENTTEC firmware
CVE-2019-6541 (A memory corruption vulnerability has been identified in WECON LeviStu ...)
NOT-FOR-US: WECON
CVE-2019-6540 (The Conexus telemetry protocol utilized within Medtronic MyCareLink Mo ...)
- TODO: check
+ NOT-FOR-US: Medtronic
CVE-2019-6539 (Several heap-based buffer overflow vulnerabilities in WECON LeviStudio ...)
NOT-FOR-US: WECON
CVE-2019-6538 (The Conexus telemetry protocol utilized within Medtronic MyCareLink Mo ...)
- TODO: check
+ NOT-FOR-US: Medtronic
CVE-2019-6537 (Multiple stack-based buffer overflow vulnerabilities in WECON LeviStud ...)
NOT-FOR-US: WECON
CVE-2019-6536 (Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file ...)
- TODO: check
+ NOT-FOR-US: LCDS
CVE-2019-6535 (Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and pri ...)
NOT-FOR-US: Mitsubishi Electric MELSEC-Q Series PLCs
CVE-2019-6534
@@ -11760,7 +11760,7 @@ CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of boun
NOTE: https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06
NOTE: is needed to fix the issue completely.
CVE-2018-20678 (LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2019-8308 (Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc ...)
{DSA-4390-1}
- flatpak 1.2.3-1 (bug #922059)
@@ -16084,7 +16084,7 @@ CVE-2019-3712 (Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wy
CVE-2019-3711 (RSA Authentication Manager versions prior to 8.4 P1 contain an Insecur ...)
NOT-FOR-US: RSA
CVE-2019-3710 (Dell Networking OS10 has been updated to address a vulnerability which ...)
- TODO: check
+ NOT-FOR-US: Dell Networking OS10
CVE-2019-3709
RESERVED
CVE-2019-3708
@@ -22920,7 +22920,7 @@ CVE-2018-19881 (In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers t
CVE-2018-19880
RESERVED
CVE-2018-19879 (An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RU ...)
- TODO: check
+ NOT-FOR-US: Teltonika devices
CVE-2018-19878
RESERVED
CVE-2018-19877 (login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Bu ...)
@@ -23615,7 +23615,7 @@ CVE-2019-1535
CVE-2018-19649 (XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPor ...)
NOT-FOR-US: InfoVista VistaPortal
CVE-2018-19648 (An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETC ...)
- TODO: check
+ NOT-FOR-US: ADTRAN
CVE-2018-19647
RESERVED
CVE-2018-19646 (The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10 ...)
@@ -34771,7 +34771,7 @@ CVE-2018-16531
CVE-2018-16530
RESERVED
CVE-2018-16529 (A password reset vulnerability has been discovered in Forcepoint Email ...)
- TODO: check
+ NOT-FOR-US: Forcepoint Email Security
CVE-2018-16528 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attacke ...)
NOT-FOR-US: FreeRTOS
CVE-2018-16527 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
@@ -38976,7 +38976,7 @@ CVE-2018-14816 (Advantech WebAccess 8.3.1 and earlier has several stack-based bu
CVE-2018-14815 (Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14814 (WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio ...)
- TODO: check
+ NOT-FOR-US: WECON
CVE-2018-14813 (Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow ...)
NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14812 (An uncontrolled search path element (DLL Hijacking) vulnerability has ...)
@@ -62497,7 +62497,7 @@ CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of i
CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized obje ...)
NOT-FOR-US: Buck parser-cache
CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php ...)
- TODO: check
+ NOT-FOR-US: Laravel Framework
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpex ...)
NOT-FOR-US: Unitrends Backup
CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user in ...)
@@ -103778,7 +103778,7 @@ CVE-2017-9628 (An Information Exposure issue was discovered in Saia Burgess Cont
CVE-2017-9627 (An Uncontrolled Resource Consumption issue was discovered in Schneider ...)
NOT-FOR-US: Schneider Electric
CVE-2017-9626 (Systems using the Marel Food Processing Systems Pluto platform do not ...)
- TODO: check
+ NOT-FOR-US: Marel Food Processing Systems Pluto platform
CVE-2017-9625 (An Improper Authentication issue was discovered in Envitech EnviDAS Ul ...)
NOT-FOR-US: Envitech EnviDAS Ultimate
CVE-2017-9624 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f26ed2e8e867fe480dff97ae201158f6ca6ea59a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f26ed2e8e867fe480dff97ae201158f6ca6ea59a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190328/ed25d020/attachment.html>
More information about the debian-security-tracker-commits
mailing list