[Git][security-tracker-team/security-tracker][master] new django-js-reverse issue
Moritz Muehlenhoff
jmm at debian.org
Thu Sep 5 14:24:39 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
506f3a5f by Moritz Muehlenhoff at 2019-09-05T13:24:19Z
new django-js-reverse issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1059,7 +1059,7 @@ CVE-2016-10931 (An issue was discovered in the openssl crate before 0.9.0 for Ru
- rust-openssl <not-affected> (Fixed before initial upload to archive)
NOTE: https://rustsec.org/advisories/RUSTSEC-2016-0001.html
CVE-2019-15541 (rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for ...)
- TODO: check
+ NOT-FOR-US: Rust crate rustls
CVE-2019-15540 (filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2. ...)
NOT-FOR-US: libMirage
CVE-2019-15539
@@ -1069,7 +1069,7 @@ CVE-2019-15538 (An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iop
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/1fb254aa983bf190cfd685d40c64a480a9bafaee
CVE-2019-15537 (The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL I ...)
- TODO: check
+ NOT-FOR-US: SimpleSAMLphp module proxystatistics
CVE-2019-15536 (The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injec ...)
NOT-FOR-US: Acclaim block plugin for Moodle
CVE-2019-15535 (Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. ...)
@@ -1098,7 +1098,7 @@ CVE-2019-15527 (An issue was discovered on D-Link DIR-823G devices with firmware
CVE-2019-15526 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
NOT-FOR-US: D-Link
CVE-2019-15525 (There is Missing SSL Certificate Validation in the pw3270 terminal emu ...)
- TODO: check
+ NOT-FOR-US: pw3270 terminal emulator
CVE-2019-15524 (CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php ...)
NOT-FOR-US: CSZ CMS
CVE-2019-15523
@@ -1150,13 +1150,13 @@ CVE-2019-15501 (Reflected cross site scripting (XSS) in L-Soft LISTSERV before 1
CVE-2019-15500
RESERVED
CVE-2019-15499 (CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element wi ...)
- TODO: check
+ NOT-FOR-US: CodiMD
CVE-2019-15498 (cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows rem ...)
NOT-FOR-US: Vera Edge Home Controller
CVE-2019-15497 (Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box ...)
- TODO: check
+ NOT-FOR-US: Black Box iCOMPEL
CVE-2019-15496 (MyT Project Management 1.5.1 lacks CSRF protection and, for example, a ...)
- TODO: check
+ NOT-FOR-US: MyT Project Management
CVE-2019-15495
RESERVED
CVE-2019-15494 (openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. ...)
@@ -1172,11 +1172,11 @@ CVE-2019-15490 (openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445
CVE-2019-15489 (laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XS ...)
NOT-FOR-US: laracom (aka Laravel FREE E-Commerce Software)
CVE-2019-15488 (Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP se ...)
- TODO: check
+ NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-15487 (DfE School Experience before v16333-GA has XSS via a teacher training ...)
NOT-FOR-US: DfE School Experience
CVE-2019-15486 (django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_ ...)
- TODO: check
+ - django-js-reverse <unfixed>
CVE-2019-15485 (Bolt before 3.6.10 has XSS via createFolder or createFile in Controlle ...)
NOT-FOR-US: Bolt CMS
CVE-2019-15484 (Bolt before 3.6.10 has XSS via an image's alt or title field. ...)
@@ -1184,19 +1184,19 @@ CVE-2019-15484 (Bolt before 3.6.10 has XSS via an image's alt or title field. ..
CVE-2019-15483 (Bolt before 3.6.10 has XSS via a title that is mishandled in the syste ...)
NOT-FOR-US: Bolt CMS
CVE-2019-15482 (selectize-plugin-a11y before 1.1.0 has XSS via the msg field. ...)
- TODO: check
+ NOT-FOR-US: selectize-plugin-a11y
CVE-2019-15481 (Kimai v2 before 1.1 has XSS via a timesheet description. ...)
- TODO: check
+ NOT-FOR-US: Kimai
CVE-2019-15480 (Domoticz 4.10717 has XSS via item.Name. ...)
- domoticz <itp> (bug #899058)
CVE-2019-15479 (Status Board 1.1.81 has reflected XSS via dashboard.ts. ...)
- TODO: check
+ NOT-FOR-US: Status Board
CVE-2019-15478 (Status Board 1.1.81 has reflected XSS via logic.ts. ...)
- TODO: check
+ NOT-FOR-US: Status Board
CVE-2019-15477 (Jooby before 1.6.4 has XSS via the default error handler. ...)
- TODO: check
+ NOT-FOR-US: Jooby
CVE-2019-15476 (Former before 4.2.1 has XSS via a checkbox value. ...)
- TODO: check
+ NOT-FOR-US: Former
CVE-2019-15475
RESERVED
CVE-2019-15474
@@ -1688,7 +1688,7 @@ CVE-2019-15306
CVE-2019-15305
RESERVED
CVE-2019-15304 (Lierda Grill Temperature Monitor V1.00_50006 has a default password of ...)
- TODO: check
+ NOT-FOR-US: Lierda Grill Temperature Monitor
CVE-2019-15303
RESERVED
CVE-2019-15302
@@ -1710,7 +1710,7 @@ CVE-2019-15296 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FA
CVE-2019-15295 (An Untrusted Search Path vulnerability in the ServiceInstance.dll libr ...)
NOT-FOR-US: Bitdefender Antivirus Free
CVE-2019-15294 (An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1 ...)
- TODO: check
+ NOT-FOR-US: Gallagher Command Centre
CVE-2019-15293 (An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 115 ...)
NOT-FOR-US: ACDSee
CVE-2019-15289
@@ -1849,7 +1849,7 @@ CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMe
CVE-2019-15231
REJECTED
CVE-2019-15230 (LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Noti ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2019-15229 (FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of ...)
NOT-FOR-US: FUEL CMS
CVE-2019-15228 (FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin conso ...)
@@ -2295,7 +2295,7 @@ CVE-2019-15086
CVE-2019-15085
RESERVED
CVE-2019-15084 (Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, insta ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2019-15083
RESERVED
CVE-2018-20974 (The js-jobs plugin before 1.0.7 for WordPress has CSRF. ...)
@@ -2559,7 +2559,7 @@ CVE-2019-15029
CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...)
NOT-FOR-US: Joomla!
CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2019-15026 (memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer ...)
- memcached <unfixed> (bug #939337)
[buster] - memcached <no-dsa> (Minor issue)
@@ -4102,7 +4102,7 @@ CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_I
CVE-2019-14471 (TestLink 1.9.19 has XSS via the error.php message parameter. ...)
NOT-FOR-US: TestLink
CVE-2019-14470 (cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the ...)
- TODO: check
+ NOT-FOR-US: cosenary Instagram-PHP-API
CVE-2019-14469 (In Nexus Repository Manager before 3.18.0, users with elevated privile ...)
NOT-FOR-US: Nexus Repository Manager
CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via c ...)
@@ -4807,7 +4807,7 @@ CVE-2019-14432 (Incorrect authentication of application WebSocket connections in
CVE-2019-14431 (In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles ...)
- matrixssl <removed>
CVE-2019-14430 (plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows S ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube
CVE-2019-14429
RESERVED
CVE-2019-14428
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/506f3a5f666a683fcdc37314bb8a402faab96d5a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/506f3a5f666a683fcdc37314bb8a402faab96d5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190905/b000a8b9/attachment.html>
More information about the debian-security-tracker-commits
mailing list