[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri May 24 08:06:19 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cae35133 by Salvatore Bonaccorso at 2019-05-24T07:05:54Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2019-12299
CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds writ ...)
TODO: check
CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1 ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2019-12296
RESERVED
CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the ...)
@@ -42,9 +42,9 @@ CVE-2019-12291
CVE-2019-12290
RESERVED
CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C782 ...)
- TODO: check
+ NOT-FOR-US: VStarcam
CVE-2019-12288 (An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WI ...)
- TODO: check
+ NOT-FOR-US: VStarcam
CVE-2019-12287
RESERVED
CVE-2019-12286
@@ -78,7 +78,7 @@ CVE-2019-12274
CVE-2019-12273
RESERVED
CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...)
- TODO: check
+ NOT-FOR-US: OpenWrt LuCI
CVE-2019-12271
RESERVED
CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...)
@@ -3219,7 +3219,7 @@ CVE-2019-10979
CVE-2019-10978
RESERVED
CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 ser ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2019-10976
RESERVED
CVE-2019-10975
@@ -3541,7 +3541,7 @@ CVE-2019-10869 (Path Traversal and Unrestricted File Upload exists in the Ninja
CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker with clas ...)
NOT-FOR-US: Pimcore
CVE-2019-10866 (In the Form Maker plugin before 1.13.3 for WordPress, it's possible to ...)
- TODO: check
+ NOT-FOR-US: Form Maker plugin for WordPress
CVE-2019-10865
RESERVED
CVE-2019-10864 (The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowin ...)
@@ -3565,19 +3565,19 @@ CVE-2019-10856 (In Jupyter Notebook before 5.7.8, an open redirect can occur via
NOTE: https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
NOTE: https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99
CVE-2019-10855 (Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10854 (Computrols CBAS 18.0.0 allows Authenticated Command Injection. ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10853 (Computrols CBAS 18.0.0 allows Authentication Bypass. ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10852 (Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via th ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10851 (Computrols CBAS 18.0.0 has hard-coded encryption keys. ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10850 (Computrols CBAS 18.0.0 has Default Credentials. ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10849 (Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10848
RESERVED
CVE-2019-10847
@@ -5684,7 +5684,7 @@ CVE-2019-9951 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultr
CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My ...)
NOT-FOR-US: Western Digital
CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100 ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...)
- python2.7 2.7.16-2
NOTE: https://bugs.python.org/issue35907
@@ -65633,9 +65633,9 @@ CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 fo
CVE-2018-7203 (Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 throu ...)
NOT-FOR-US: Twonky Server
CVE-2018-7202 (An issue was discovered in ProjectSend before r1053. XSS exists in the ...)
- TODO: check
+ NOT-FOR-US: ProjectSend
CVE-2018-7201 (CSV Injection was discovered in ProjectSend before r1053, affecting vi ...)
- TODO: check
+ NOT-FOR-US: ProjectSend
CVE-2018-7200
RESERVED
CVE-2018-7199
@@ -85471,9 +85471,9 @@ CVE-2017-17063
CVE-2017-17062 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, ...)
NOT-FOR-US: Open-Xchange
CVE-2017-17061 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...)
- TODO: check
+ NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-17060 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecu ...)
- TODO: check
+ NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb post ...)
NOT-FOR-US: WordPress plugin wp-thumb-post
CVE-2017-1000385 (The Erlang otp TLS server answers with different TLS alerts to differe ...)
@@ -93409,9 +93409,9 @@ CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRI
CVE-2017-15031 (In all versions of ARM Trusted Firmware up to and including v1.4, not ...)
NOT-FOR-US: ARM Trusted Firmware
CVE-2017-15030 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-15029 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-15028
RESERVED
CVE-2017-15027
@@ -97624,9 +97624,9 @@ CVE-2017-13670 (In BlackCat CMS 1.2, remote authenticated users can upload any f
CVE-2017-13669 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswere ...)
NOT-FOR-US: NexusPHP
CVE-2017-13668 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...)
- TODO: check
+ NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-13667 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. ...)
- TODO: check
+ NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-13666 (An integer underflow vulnerability exists in pixel-a.asm, the x86 asse ...)
- x265 <not-affected> (Affected code is not enabled)
CVE-2017-13665
@@ -103233,11 +103233,11 @@ CVE-2017-11742 (The writeRandomBytes_RtlGenRandom function in xmlparse.c in libe
CVE-2017-11741 (HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) bef ...)
NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-11740 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the adminis ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2017-11739 (In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenti ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2017-11738 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid' ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2017-11737 (interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS ...)
- rspamd 1.7.6-1
[jessie] - rspamd <not-affected> (Vulnerable code not present)
@@ -103917,15 +103917,15 @@ CVE-2017-11563 (D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code ex
CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegur ...)
NOT-FOR-US: MT4 SenhaSegura
CVE-2017-11561 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authen ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2017-11560 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2017-11559 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiK ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2017-11558
RESERVED
CVE-2017-11557 (An issue was discovered in ZOHO ManageEngine Applications Manager 12.3 ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine Applications Manager
CVE-2017-11556 (There is a stack consumption vulnerability in the Parser::advanceToNex ...)
- libsass <unfixed> (bug #870182)
[stretch] - libsass <no-dsa> (Minor issue)
@@ -124158,13 +124158,13 @@ CVE-2017-5215 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1
CVE-2017-5214 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 f ...)
NOT-FOR-US: Joomla extension
CVE-2017-5213 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5212 (Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5211 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Conte ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5210 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Infor ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice libplist thr ...)
{DLA-811-1}
- libplist 1.12+git+1+e37ca00-0.1 (low; bug #851196)
@@ -139678,11 +139678,11 @@ CVE-2016-8901 (b2evolution 6.7.6 suffer from an Object Injection vulnerability i
CVE-2016-8900
RESERVED
CVE-2016-8899 (Exponent CMS version 2.3.9 suffers from a Object Injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2016-8898
RESERVED
CVE-2016-8897 (Exponent CMS version 2.3.9 suffers from a sql injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2016-8896
RESERVED
CVE-2016-8895
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cae35133050ae96e63ea5e96267ede619c107e7b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/cae35133050ae96e63ea5e96267ede619c107e7b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190524/c8078931/attachment.html>
More information about the debian-security-tracker-commits
mailing list