[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu May 30 21:20:19 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3a7f8202 by Salvatore Bonaccorso at 2019-05-30T20:19:57Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,15 +27,15 @@ CVE-2019-12463
CVE-2019-12462
RESERVED
CVE-2019-12461 (Web Port 1.19.1 allows XSS via the /log type parameter. ...)
- TODO: check
+ NOT-FOR-US: Web Port
CVE-2019-12460 (Web Port 1.19.1 allows XSS via the /access/setup type parameter. ...)
- TODO: check
+ NOT-FOR-US: Web Port
CVE-2019-12459 (FileRun 2019.05.21 allows customizables/plugins/audio_player Directory ...)
- TODO: check
+ NOT-FOR-US: FileRun
CVE-2019-12458 (FileRun 2019.05.21 allows css/ext-ux Directory Listing. ...)
- TODO: check
+ NOT-FOR-US: FileRun
CVE-2019-12457 (FileRun 2019.05.21 allows images/extjs Directory Listing. ...)
- TODO: check
+ NOT-FOR-US: FileRun
CVE-2018-20840 (An unhandled exception vulnerability exists during Google Sign-In with ...)
TODO: check
CVE-2019-XXXX [binary can be truncated by root under certain conditions]
@@ -1292,17 +1292,17 @@ CVE-2019-11898
CVE-2019-11897
RESERVED
CVE-2019-11896 (A potential incorrect privilege assignment vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-11895 (A potential improper access control vulnerability exists in the JSON-R ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-11894 (A potential improper access control vulnerability exists in the backup ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-11893 (A potential incorrect privilege assignment vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-11892 (A potential improper access control vulnerability exists in the JSON-R ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-11891 (A potential incorrect privilege assignment vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-12046 (LemonLDAP::NG -2.0.3 has Incorrect Access Control. ...)
{DSA-4446-1 DLA-1790-1}
- lemonldap-ng 2.0.2+ds-7+deb10u1 (bug #928944)
@@ -6981,7 +6981,7 @@ CVE-2019-9866 (An issue was discovered in GitLab Community and Enterprise Editio
- gitlab 11.8.3-1 (bug #925196)
NOTE: https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/
CVE-2019-9865 (When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specia ...)
- TODO: check
+ NOT-FOR-US: Wind River VxWorks
CVE-2019-9864 (PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tamperi ...)
NOT-FOR-US: PHP Scripts Mall Amazon Affiliate Store
CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in the ABUS ...)
@@ -14056,7 +14056,7 @@ CVE-2019-7131
CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Suc ...)
NOT-FOR-US: Adobe
CVE-2019-7129 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-7128 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
CVE-2019-7127 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...)
@@ -14378,9 +14378,9 @@ CVE-2019-6983 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.1680
CVE-2019-6982 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...)
NOT-FOR-US: Foxit Reader
CVE-2019-6981 (Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in t ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2019-6980 (Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecur ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2019-6979 (An issue was discovered in the User IP History Logs (aka IP_History_Lo ...)
NOT-FOR-US: IP History Logs plugin for MyBB
CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into ...)
@@ -14458,9 +14458,9 @@ CVE-2019-6960
CVE-2019-6959
RESERVED
CVE-2019-6958 (A recently discovered security vulnerability affects all Bosch Video M ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-6957 (A recently discovered security vulnerability affects all Bosch Video M ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
- faad2 <unfixed> (bug #914641)
[buster] - faad2 <no-dsa> (Minor issue)
@@ -20640,7 +20640,7 @@ CVE-2019-4266
CVE-2019-4265
RESERVED
CVE-2019-4264 (IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sen ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4263
RESERVED
CVE-2019-4262
@@ -20656,7 +20656,7 @@ CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition
CVE-2019-4257
RESERVED
CVE-2019-4256 (IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryp ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4255
RESERVED
CVE-2019-4254
@@ -20800,7 +20800,7 @@ CVE-2019-4186
CVE-2019-4185
RESERVED
CVE-2019-4184 (IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross- ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4183
RESERVED
CVE-2019-4182
@@ -20890,11 +20890,11 @@ CVE-2019-4141
CVE-2019-4140
RESERVED
CVE-2019-4139 (IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4138 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could al ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4137 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulne ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4136
RESERVED
CVE-2019-4135
@@ -48941,7 +48941,7 @@ CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree for
CVE-2018-13384
RESERVED
CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS all versions below 6.0.5 in ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2018-13382
RESERVED
CVE-2018-13381
@@ -48971,13 +48971,13 @@ CVE-2018-13370
CVE-2018-13369
RESERVED
CVE-2018-13368 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiClient
CVE-2018-13367
RESERVED
CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6 ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13365 (An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2018-13364
RESERVED
CVE-2018-13363
@@ -55672,7 +55672,7 @@ CVE-2018-10950 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 bef
CVE-2018-10949 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8. ...)
NOT-FOR-US: Zimbra
CVE-2018-10948 (Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 bet ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2018-10947
RESERVED
CVE-2018-10946
@@ -60382,11 +60382,11 @@ CVE-2018-9195
CVE-2018-9194 (A plaintext recovery of encrypted messages or a Man-in-the-middle (MiT ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-9193 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiClient
CVE-2018-9192 (A plaintext recovery of encrypted messages or a Man-in-the-middle (MiT ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-9191 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiClient
CVE-2018-9190 (A null pointer dereference vulnerability in Fortinet FortiClientWindow ...)
NOT-FOR-US: Fortinet
CVE-2018-9189
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a7f82028deddb141cf80505d29ba3309915d63e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a7f82028deddb141cf80505d29ba3309915d63e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190530/868f1dea/attachment.html>
More information about the debian-security-tracker-commits
mailing list