[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Mon May 13 21:30:48 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e9cc08fa by Salvatore Bonaccorso at 2019-05-13T20:29:47Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -71,7 +71,7 @@ CVE-2019-12049
CVE-2019-12048
RESERVED
CVE-2019-12047 (Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module ...)
- TODO: check
+ NOT-FOR-US: Gridea
CVE-2019-12045
RESERVED
CVE-2019-12044
@@ -399,7 +399,7 @@ CVE-2019-11886 (The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual
CVE-2018-20838 (ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for ...)
NOT-FOR-US: AMP for WP plugin for WordPress
CVE-2019-11885 (eyeDisk implements the unlock feature by sending a cleartext password. ...)
- TODO: check
+ NOT-FOR-US: eyeDisk
CVE-2019-11884 (The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Li ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a1616a5ac99ede5d605047a9012481ce7ff18b16
@@ -832,7 +832,7 @@ CVE-2019-11682 (A buffer overflow in the SMTP response service in MailCarrier 2.
CVE-2019-11681
RESERVED
CVE-2019-11680 (KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a ...)
- TODO: check
+ NOT-FOR-US: KonaKart
CVE-2019-11679
RESERVED
CVE-2019-11678 (The "default reports" feature in Zoho ManageEngine Firewall Analyzer b ...)
@@ -1514,7 +1514,7 @@ CVE-2019-11431
CVE-2019-11430
RESERVED
CVE-2019-11429 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open So ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com
CVE-2019-11428 (I, Librarian 4.10 has XSS via the export.php export_files parameter. ...)
- i-librarian <itp> (bug #649291)
CVE-2019-11427 (An XSS issue was discovered in app/search/search.app.php in idreamsoft ...)
@@ -6379,9 +6379,9 @@ CVE-2019-9729 (In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allo
CVE-2019-9728
RESERVED
CVE-2019-9727 (Unauthenticated password hash disclosure in the User.getUserPWD method ...)
- TODO: check
+ NOT-FOR-US: eQ-3 AG Homematic CCU3
CVE-2019-9726 (Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3. ...)
- TODO: check
+ NOT-FOR-US: eQ-3 AG Homematic CCU3
CVE-2019-9725 (The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devi ...)
NOT-FOR-US: Korenix JetPort devices
CVE-2019-9724 (aquaverde Aquarius CMS through 4.3.5 allows Information Exposure throu ...)
@@ -9815,7 +9815,7 @@ CVE-2019-8352
CVE-2019-8351 (Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certif ...)
NOT-FOR-US: Heimdal Thor Agent
CVE-2019-8350 (The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed i ...)
- TODO: check
+ NOT-FOR-US: Simple - Better Banking application for Android
CVE-2019-8349 (Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 all ...)
NOT-FOR-US: HTMLy
CVE-2019-8348
@@ -9833,7 +9833,7 @@ CVE-2019-8343 (In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392556
NOTE: Crash in CLI tool, no security impact
CVE-2019-8342 (A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0. ...)
- TODO: check
+ NOT-FOR-US: Foxit Reader
CVE-2019-8341 (An issue was discovered in Jinja2 2.10. The from_string function is pr ...)
- jinja2 <unfixed> (unimportant)
NOTE: https://github.com/JameelNabbo/Jinja2-Code-execution
@@ -11249,7 +11249,7 @@ CVE-2019-7692 (install/install.php in CIM 0.9.3 allows remote attackers to execu
CVE-2019-7691
RESERVED
CVE-2019-7690 (In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH privat ...)
- TODO: check
+ NOT-FOR-US: MobaTek MobaXterm
CVE-2019-7689
RESERVED
CVE-2019-7688
@@ -12038,11 +12038,11 @@ CVE-2019-7413 (In the Parallax Scroll (aka adamrob-parallax-scroll) plugin befor
CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles san ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher ...)
- TODO: check
+ NOT-FOR-US: MyThemeShop Launcher plugin for WordPress
CVE-2019-7410
RESERVED
CVE-2019-7409 (Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign C ...)
- TODO: check
+ NOT-FOR-US: ProfileDesign CMS
CVE-2019-7408
RESERVED
CVE-2019-7407
@@ -12052,7 +12052,7 @@ CVE-2019-7406
CVE-2019-7405
RESERVED
CVE-2019-7404 (An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 rout ...)
- TODO: check
+ NOT-FOR-US: LG routers
CVE-2019-7403 (An issue was discovered in PHPMyWind 5.5. It allows remote attackers t ...)
NOT-FOR-US: PHPMyWind
CVE-2019-7402 (An issue was discovered in PHPMyWind 5.5. The GetQQ function in includ ...)
@@ -19444,7 +19444,7 @@ CVE-2019-4261
CVE-2019-4260
RESERVED
CVE-2019-4259 (A security vulnerability has been identified in IBM Spectrum Scale 4.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vu ...)
NOT-FOR-US: IBM
CVE-2019-4257
@@ -20815,7 +20815,7 @@ CVE-2019-3704 (VNX Control Station in Dell EMC VNX2 OE for File versions prior t
CVE-2019-3703
RESERVED
CVE-2019-3702 (A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon ...)
- TODO: check
+ NOT-FOR-US: Lifesize
CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux ...)
{DLA-1771-1 DLA-1731-1}
- linux 4.19.20-1 (unimportant)
@@ -26580,15 +26580,15 @@ CVE-2018-19992 (A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.
CVE-2018-19991 (VeryNginx 0.3.3 allows remote attackers to bypass the Web Application ...)
NOT-FOR-US: VeryNginx
CVE-2018-19990 (In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vuln ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-19989 (In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerab ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-19988 (In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-19987 (D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-19986 (In the /HNAP1/SetRouterSettings message, the RemotePort parameter is v ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-19985 (The function hso_get_config_data in drivers/net/usb/hso.c in the Linux ...)
{DLA-1771-1 DLA-1731-1}
- linux 4.19.13-1
@@ -33078,7 +33078,7 @@ CVE-2018-19039 (Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenti
CVE-2018-19038
RESERVED
CVE-2018-19037 (On Virgin Media wireless router 3.0 hub devices, the web interface is ...)
- TODO: check
+ NOT-FOR-US: Virgin Media wireless router
CVE-2018-19036 (An issue was discovered in several Bosch IP cameras for firmware versi ...)
NOT-FOR-US: Bosch
CVE-2018-19035
@@ -33444,7 +33444,7 @@ CVE-2018-18873 (An issue was discovered in JasPer 2.0.14. There is a NULL pointe
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/184
CVE-2018-18872 (The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stor ...)
- TODO: check
+ NOT-FOR-US: Kieran O'Shea Calendar plugin for WordPress
CVE-2018-18871 (Missing password verification in the web interface on Gigaset Maxwell ...)
NOT-FOR-US: Gigaset
CVE-2018-18870
@@ -39443,9 +39443,9 @@ CVE-2018-16626 (index.php/Admin/Classes in Typesetter 5.1 allows XSS via the des
CVE-2018-16625 (index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file ...)
TODO: check
CVE-2018-16624 (panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a n ...)
- TODO: check
+ NOT-FOR-US: Kirby
CVE-2018-16623 (Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the ...)
- TODO: check
+ NOT-FOR-US: Kirby
CVE-2018-16622 (Multiple cross-site scripting (XSS) vulnerabilities in /api/content/ad ...)
NOT-FOR-US: DoraCMS
CVE-2018-16621 (Sonatype Nexus Repository Manager before 3.14 allows Java Expression L ...)
@@ -42320,7 +42320,7 @@ CVE-2018-15532 (SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows
CVE-2018-15531 (JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javam ...)
NOT-FOR-US: JavaMelody
CVE-2018-15530 (Cross-site scripting (XSS) in the web interface of the Xerox ColorQube ...)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2018-15529 (A command injection vulnerability in maintenance.cgi in Mutiny "Monito ...)
NOT-FOR-US: Mutiny appliance
CVE-2018-15528 (Reflected Cross-Site Scripting exists in the Java System Solutions SSO ...)
@@ -44202,15 +44202,15 @@ CVE-2018-14716 (A Server Side Template Injection (SSTI) was discovered in the SE
CVE-2018-14715 (The endCoinFlip function and throwSlammer function of the smart contra ...)
NOT-FOR-US: smart contract implementations for Cryptogs
CVE-2018-14714 (System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0 ...)
- TODO: check
+ NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14713 (Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3. ...)
- TODO: check
+ NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14712 (Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50 ...)
- TODO: check
+ NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14711 (Missing cross-site request forgery protection in appGet.cgi on ASUS RT ...)
- TODO: check
+ NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14710 (Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.3 ...)
- TODO: check
+ NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14709 (Incorrect access control in the Dashboard API on Drobo 5N2 NAS version ...)
NOT-FOR-US: Dashboard API on Drobo 5N2 NAS
CVE-2018-14708 (An insecure transport protocol used by Drobo Dashboard API on Drobo 5N ...)
@@ -50737,25 +50737,25 @@ CVE-2018-12306 (Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.
CVE-2018-12305 (Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 all ...)
NOT-FOR-US: ASUSTOR ADM
CVE-2018-12304 (Cross-site scripting in Application Manager in Seagate NAS OS version ...)
- TODO: check
+ NOT-FOR-US: Seagate NAS OS
CVE-2018-12303 (Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 ...)
- TODO: check
+ NOT-FOR-US: Seagate NAS OS
CVE-2018-12302 (Missing HTTPOnly flag on session cookies in the Seagate NAS OS version ...)
- TODO: check
+ NOT-FOR-US: Seagate NAS OS
CVE-2018-12301 (Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 ...)
- TODO: check
+ NOT-FOR-US: Seagate NAS OS
CVE-2018-12300 (Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.1 ...)
- TODO: check
+ NOT-FOR-US: Seagate NAS OS
CVE-2018-12299 (Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 ...)
- TODO: check
+ NOT-FOR-US: Seagate NAS OS
CVE-2018-12298 (Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows a ...)
- TODO: check
+ NOT-FOR-US: Seagate NAS OS
CVE-2018-12297 (Cross-site scripting in API error pages in Seagate NAS OS version 4.3. ...)
- TODO: check
+ NOT-FOR-US: Seagate NAS OS
CVE-2018-12296 (Insufficient access control in /api/external/7.0/system.System.get_inf ...)
- TODO: check
+ NOT-FOR-US: Seagate NAS OS
CVE-2018-12295 (SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3. ...)
- TODO: check
+ NOT-FOR-US: Seagate NAS OS
CVE-2018-12294 (WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as ...)
- webkit2gtk 2.20.2-1 (unimportant)
NOTE: Not covered by security support
@@ -99622,7 +99622,7 @@ CVE-2017-12759 (Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA Scho
CVE-2017-12758 (https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 ...)
NOT-FOR-US: Joomla! Component Appointment
CVE-2017-12757 (Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Inje ...)
- TODO: check
+ NOT-FOR-US: Ambit
CVE-2017-12756 (Command inject in transfer from another server in extplorer 2.1.9 and ...)
{DLA-1063-1}
- extplorer <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9cc08faeb7320e8460d361480d442b6e78a25ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e9cc08faeb7320e8460d361480d442b6e78a25ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190513/52369cb3/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list