[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Sep 5 11:05:38 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
78854cfa by Moritz Muehlenhoff at 2019-09-05T10:05:20Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -100,7 +100,7 @@ CVE-2019-15900
CVE-2019-15899
RESERVED
CVE-2019-15898 (Nagios Log Server before 2.0.8 allows Reflected XSS via the username o ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2019-15897
RESERVED
CVE-2019-15896
@@ -306,9 +306,9 @@ CVE-2019-15816 (The wp-private-content-plus plugin before 2.0 for WordPress has
CVE-2019-15815
RESERVED
CVE-2019-15814 (Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow auth ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2019-15813 (Multiple file upload restriction bypass vulnerabilities in Sentrifugo ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2015-9380 (The photo-gallery plugin before 1.2.42 for WordPress has CSRF. ...)
NOT-FOR-US: photo-gallery plugin for WordPress
CVE-2019-15812
@@ -631,7 +631,7 @@ CVE-2019-15703
CVE-2019-15702 (In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the pars ...)
NOT-FOR-US: RIOT RIOT-OS
CVE-2019-15701 (components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote atta ...)
- TODO: check
+ NOT-FOR-US: BloodHound
CVE-2019-15700 (public/js/frappe/form/footer/timeline.js in Frappe Framework 12 throug ...)
NOT-FOR-US: Frappe Framework
CVE-2019-15699
@@ -719,9 +719,9 @@ CVE-2019-15660 (The wp-members plugin before 3.2.8 for WordPress has CSRF. ...)
CVE-2019-15659 (The pie-register plugin before 3.1.2 for WordPress has SQL injection, ...)
NOT-FOR-US: pie-register plugin for WordPress
CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName or sc ...)
- TODO: check
+ NOT-FOR-US: connect-pg-simple
CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute ...)
- TODO: check
+ NOT-FOR-US: eslint-utils
CVE-2019-15656
RESERVED
CVE-2019-15655
@@ -1106,17 +1106,17 @@ CVE-2019-15523
CVE-2019-15522
RESERVED
CVE-2019-15521 (Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and ...)
- TODO: check
+ NOT-FOR-US: Spoon Library
CVE-2019-15520 (comelz Quark before 2019-03-26 allows directory traversal to locations ...)
- TODO: check
+ NOT-FOR-US: comelz Quark
CVE-2019-15519 (Power-Response before 2019-02-02 allows directory traversal (up to the ...)
- TODO: check
+ NOT-FOR-US: Power-Response
CVE-2019-15518 (Swoole before 4.2.13 allows directory traversal in swPort_http_static_ ...)
- TODO: check
+ NOT-FOR-US: Swoole
CVE-2019-15517 (jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory trav ...)
- TODO: check
+ NOT-FOR-US: jc21 Nginx Proxy Manager
CVE-2019-15516 (Cuberite before 2019-06-11 allows webadmin directory traversal via ... ...)
- TODO: check
+ NOT-FOR-US: Cuberite
CVE-2019-15515 (Discourse 2.3.2 sends the CSRF token in the query string. ...)
NOT-FOR-US: Discourse
CVE-2019-15514 (The Privacy > Phone Number feature in the Telegram app 5.10 for And ...)
@@ -1132,7 +1132,7 @@ CVE-2019-15510
CVE-2019-15509
RESERVED
CVE-2019-15508 (In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy ...)
- TODO: check
+ NOT-FOR-US: Octopus Tentacle
CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request pr ...)
NOT-FOR-US: Octopus Deploy
CVE-2019-15506 (An issue was discovered in Kaseya Virtual System Administrator (VSA) t ...)
@@ -19629,7 +19629,7 @@ CVE-2019-9571
CVE-2019-9570 (An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom tex ...)
NOT-FOR-US: YzmCMS
CVE-2019-9569 (Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_ ...)
- TODO: check
+ NOT-FOR-US: Delta Controls enteliBUS Manager
CVE-2019-9568 (The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1 ...)
NOT-FOR-US: WordPress plugin forminator
CVE-2019-9567 (The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1 ...)
@@ -22535,9 +22535,9 @@ CVE-2019-8463
CVE-2019-8462
RESERVED
CVE-2019-8461 (Check Point Endpoint Security Initial Client for Windows before versio ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2019-8460 (Reuven Plevinsky and Tal Vainshtein of Check Point Software Technologi ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2019-8459 (Check Point Endpoint Security Client for Windows, with the VPN blade, ...)
NOT-FOR-US: Check Point Endpoint Security Client for Windows
CVE-2019-8458 (Check Point Endpoint Security Client for Windows, with Anti-Malware bl ...)
@@ -24488,7 +24488,7 @@ CVE-2019-7619
CVE-2019-7618
RESERVED
CVE-2019-7617 (When the Elastic APM agent for Python versions before 5.1.0 is run as ...)
- TODO: check
+ NOT-FOR-US: Elastic APM agent for Python
CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side request f ...)
- kibana <itp> (bug #700337)
CVE-2019-7615 (A TLS certificate validation flaw was found in Elastic APM agent for R ...)
@@ -25167,11 +25167,11 @@ CVE-2019-7366
CVE-2019-7365
RESERVED
CVE-2019-7364 (DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2019-7363 (Use-after-free vulnerability in Autodesk Design Review versions 2011, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2019-7362 (DLL preloading vulnerability in Autodesk Design Review versions 2011, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2019-7361 (An attacker may convince a victim to open a malicious action micro (.a ...)
NOT-FOR-US: Autodesk
CVE-2019-7360 (An exploitable use-after-free vulnerability in the DXF-parsing functio ...)
@@ -26877,13 +26877,13 @@ CVE-2019-6700
CVE-2019-6699
RESERVED
CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder all versi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-6697
RESERVED
CVE-2019-6696
RESERVED
CVE-2019-6695 (Lack of root file system integrity checking in Fortinet FortiManager V ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-6694
RESERVED
CVE-2019-6693
@@ -26984,17 +26984,17 @@ CVE-2019-6650
CVE-2019-6649
RESERVED
CVE-2019-6648 (On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Ser ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6647 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6646 (On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6645 (On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6644 (Similar to the issue identified in CVE-2018-12120, on versions 14.1.0- ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6643 (On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6642 (In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, a ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6641 (On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl RES ...)
@@ -28235,13 +28235,13 @@ CVE-2019-6184
CVE-2019-6183
RESERVED
CVE-2019-6182 (A stored CSV Injection vulnerability was reported in Lenovo XClarity A ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6181 (A reflected cross-site scripting (XSS) vulnerability was reported in L ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6180 (A stored cross-site scripting (XSS) vulnerability was reported in Leno ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6179 (An XML External Entity (XXE) processing vulnerability was reported in ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6178 (An information leakage vulnerability in Iomega and LenovoEMC NAS produ ...)
NOT-FOR-US: Iomega and LenovoEMC NAS products
CVE-2019-6177 (A vulnerability reported in Lenovo Solution Center version 03.12.003, ...)
@@ -28406,7 +28406,7 @@ CVE-2019-6115
CVE-2019-6114 (An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An int ...)
NOT-FOR-US: Corel PaintShop Pro
CVE-2019-6113 (Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-001 ...)
- TODO: check
+ NOT-FOR-US: ONKYO
CVE-2019-6112
RESERVED
CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp implementation ...)
@@ -29732,13 +29732,13 @@ CVE-2019-5637
CVE-2019-5636
RESERVED
CVE-2019-5635 (A cleartext transmission of sensitive information vulnerability is pre ...)
- TODO: check
+ NOT-FOR-US: Hickory
CVE-2019-5634 (An inclusion of sensitive information in log files vulnerability is pr ...)
- TODO: check
+ NOT-FOR-US: Hickory
CVE-2019-5633 (An insecure storage of sensitive information vulnerability is present ...)
- TODO: check
+ NOT-FOR-US: Hickory
CVE-2019-5632 (An insecure storage of sensitive information vulnerability is present ...)
- TODO: check
+ NOT-FOR-US: Hickory
CVE-2019-5631 (The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerabi ...)
NOT-FOR-US: Rapid7 InsightAppSec broker
CVE-2019-5630 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 ...)
@@ -30654,7 +30654,7 @@ CVE-2019-5225
CVE-2019-5224
RESERVED
CVE-2019-5223 (PCManager 9.1.3.1 has an improper authentication vulnerability. The ce ...)
- TODO: check
+ NOT-FOR-US: PCManager
CVE-2019-5222 (There is an information disclosure vulnerability on Secure Input of ce ...)
NOT-FOR-US: Huawei
CVE-2019-5221 (There is a path traversal vulnerability on Huawei Share. The software ...)
@@ -34207,7 +34207,7 @@ CVE-2019-3636
CVE-2019-3635 (Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8. ...)
NOT-FOR-US: McAfee
CVE-2019-3634 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3633 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x ...)
NOT-FOR-US: McAfee
CVE-2019-3632 (Directory Traversal vulnerability in McAfee Enterprise Security Manage ...)
@@ -36012,7 +36012,7 @@ CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server before
CVE-2019-3395 (The WebDAV endpoint in Atlassian Confluence Server and Data Center bef ...)
NOT-FOR-US: Atlassian Confluence Server
CVE-2019-3394 (There was a local file disclosure vulnerability in Confluence Server a ...)
- TODO: check
+ NOT-FOR-US: Confluence
CVE-2018-20298 (S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerab ...)
NOT-FOR-US: S3 Browser
CVE-2018-20297
@@ -38940,7 +38940,7 @@ CVE-2019-2392
CVE-2019-2391
RESERVED
CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can create ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...)
TODO: check
CVE-2019-2388
@@ -40047,7 +40047,7 @@ CVE-2018-19934 (SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site
CVE-2018-19933 (Bolt CMS <3.6.2 allows XSS via text input click preview button as d ...)
NOT-FOR-US: Bolt CMS
CVE-2019-1984 (A vulnerability in Cisco Enterprise Network Functions Virtualization I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1983
RESERVED
CVE-2019-1982
@@ -40061,13 +40061,13 @@ CVE-2019-1979
CVE-2019-1978
RESERVED
CVE-2019-1977 (A vulnerability within the Endpoint Learning feature of Cisco Nexus 90 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1976 (A vulnerability in the “plug-and-play” services co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1975
RESERVED
CVE-2019-1974 (A vulnerability in the web-based management interface of Cisco Integra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1973 (A vulnerability in the web portal framework of Cisco Enterprise NFV In ...)
NOT-FOR-US: Cisco
CVE-2019-1972 (A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVI ...)
@@ -40077,21 +40077,21 @@ CVE-2019-1971 (A vulnerability in the web portal of Cisco Enterprise NFV Infrast
CVE-2019-1970 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
NOT-FOR-US: Cisco
CVE-2019-1969 (A vulnerability in the implementation of the Simple Network Management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1968 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1967 (A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1966 (A vulnerability in a specific CLI command within the local management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1965 (A vulnerability in the Virtual Shell (VSH) session management for Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1964 (A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1963 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1962 (A vulnerability in the Cisco Fabric Services component of Cisco NX-OS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1961 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
NOT-FOR-US: Cisco
CVE-2019-1960 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...)
@@ -40137,7 +40137,7 @@ CVE-2019-1941 (A vulnerability in the web-based management interface of Cisco Id
CVE-2019-1940 (A vulnerability in the Web Services Management Agent (WSMA) feature of ...)
NOT-FOR-US: Cisco
CVE-2019-1939 (A vulnerability in the Cisco Webex Teams client for Windows could allo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1938 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
NOT-FOR-US: Cisco
CVE-2019-1937 (A vulnerability in the web-based management interface of Cisco Integra ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78854cfa938859234e0ca4f0cc12b047fbcbf61e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78854cfa938859234e0ca4f0cc12b047fbcbf61e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190905/6f6094fd/attachment.html>
More information about the debian-security-tracker-commits
mailing list