[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 10 21:44:04 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8754f96b by Salvatore Bonaccorso at 2019-09-10T20:43:23Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2019-16204
CVE-2019-16203
RESERVED
CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2019-16201
RESERVED
CVE-2019-16200
@@ -67,7 +67,7 @@ CVE-2017-18605 (The gravitate-qa-tracker plugin through 1.2.1 for WordPress has
CVE-2017-18604 (The sitebuilder-dynamic-components plugin through 1.0 for WordPress ha ...)
NOT-FOR-US: sitebuilder-dynamic-components plugin for WordPress
CVE-2017-18603 (The postman-smtp plugin through 2017-10-04 for WordPress has XSS via t ...)
- TODO: check
+ NOT-FOR-US: postman-smtp plugin for WordPress
CVE-2017-18602 (The examapp plugin 1.0 for WordPress has SQL injection via the wp-admi ...)
NOT-FOR-US: examapp plugin for WordPress
CVE-2017-18601 (The examapp plugin 1.0 for WordPress has XSS via exam input text field ...)
@@ -77,7 +77,7 @@ CVE-2017-18600 (The formcraft3 plugin before 3.4 for WordPress has stored XSS vi
CVE-2017-18599 (The Pinfinity theme before 2.0 for WordPress has XSS via the s paramet ...)
NOT-FOR-US: Pinfinity theme for WordPress
CVE-2017-18598 (The Qards plugin through 2017-10-11 for WordPress has XSS via a remote ...)
- TODO: check
+ NOT-FOR-US: Qards plugin for WordPress
CVE-2017-18597 (The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL I ...)
NOT-FOR-US: jtrt-responsive-tables plugin for WordPress
CVE-2017-18596 (The elementor plugin before 1.8.0 for WordPress has incorrect access c ...)
@@ -276,7 +276,7 @@ CVE-2018-21012 (The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress ha
CVE-2018-21011 (The charitable plugin before 1.5.14 for WordPress has unauthorized acc ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-16106 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 ...)
- TODO: check
+ NOT-FOR-US: Recruitment module in Humanica Humatrix
CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory t ...)
NOT-FOR-US: Silver Peak EdgeConnect SD-WAN
CVE-2019-16104 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via th ...)
@@ -294,7 +294,7 @@ CVE-2019-16099 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JS
CVE-2019-16098
RESERVED
CVE-2019-16097 (core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users ...)
- TODO: check
+ NOT-FOR-US: Harbor
CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an SSL cer ...)
- imapfilter <unfixed> (bug #939702)
[buster] - imapfilter <no-dsa> (Minor issue)
@@ -4210,25 +4210,25 @@ CVE-2019-14732 (AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoa
CVE-2019-14731 (An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vul ...)
NOT-FOR-US: ZenTao CMS
CVE-2019-14730 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14729 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14728 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14727 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14726 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14725
RESERVED
CVE-2019-14724
RESERVED
CVE-2019-14723 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14722 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14721 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14720
RESERVED
CVE-2019-14719
@@ -4916,7 +4916,7 @@ CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in
CVE-2019-14458
RESERVED
CVE-2019-14457 (VIVOTEK IP Camera devices with firmware before 0x20x have a stack-base ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK IP Camera devices
CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have a stored ...)
NOT-FOR-US: Opengear console server firmware
CVE-2019-14455
@@ -6072,7 +6072,7 @@ CVE-2019-14263
CVE-2019-14262 (MetadataExtractor 2.1.0 allows stack consumption. ...)
NOT-FOR-US: MetadataExtractor
CVE-2019-14261 (An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due ...)
- TODO: check
+ NOT-FOR-US: ABUS Secvest FUAA50000 3.01.01 devices
CVE-2019-14260 (On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone Vo ...)
NOT-FOR-US: Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone
CVE-2019-14259 (On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a comma ...)
@@ -6783,7 +6783,7 @@ CVE-2019-13955 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vuln
CVE-2019-13954 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable ...)
NOT-FOR-US: Mikrotik RouterOS
CVE-2019-13953 (An exploitable authentication bypass vulnerability exists in the Bluet ...)
- TODO: check
+ NOT-FOR-US: YI M1 Mirrorless Camera
CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and ...)
- gdnsd <unfixed> (unimportant; bug #932407)
NOTE: https://github.com/gdnsd/gdnsd/issues/185
@@ -7569,7 +7569,7 @@ CVE-2019-13610
CVE-2019-13609
RESERVED
CVE-2019-13608 (Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000) ...)
- TODO: check
+ NOT-FOR-US: Citrix StoreFront Server
CVE-2014-1200
RESERVED
CVE-2014-1199
@@ -8748,7 +8748,7 @@ CVE-2019-13528
CVE-2019-13527
RESERVED
CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 ...)
- TODO: check
+ NOT-FOR-US: Datalogic AV7000 Linear barcode scanner
CVE-2019-13525
RESERVED
CVE-2019-13524
@@ -9045,13 +9045,13 @@ CVE-2019-13410
CVE-2019-13409
RESERVED
CVE-2019-13408 (A relative path traversal vulnerability found in Advan VD-1 firmware v ...)
- TODO: check
+ NOT-FOR-US: Advan VD-1 firmware
CVE-2019-13407 (A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses ...)
- TODO: check
+ NOT-FOR-US: Advan VD-1 firmware
CVE-2019-13406 (A broken access control vulnerability found in Advan VD-1 firmware ver ...)
- TODO: check
+ NOT-FOR-US: Advan VD-1 firmware
CVE-2019-13405 (A broken access control vulnerability found in Advan VD-1 firmware ver ...)
- TODO: check
+ NOT-FOR-US: Advan VD-1 firmware
CVE-2019-13404 (** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows ...)
NOT-FOR-US: Disputed issue for Windows installer for Python
CVE-2019-13403 (Temenos CWX version 8.9 has an Broken Access Control vulnerability in ...)
@@ -9417,23 +9417,23 @@ CVE-2019-13272 (In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
NOTE: https://git.kernel.org/linus/6994eefb0053799d2e07cd140df6c2ea106c41ee
CVE-2019-13271 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...)
- TODO: check
+ NOT-FOR-US: Edimax BR-6208AC V1 devices
CVE-2019-13270 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...)
- TODO: check
+ NOT-FOR-US: Edimax BR-6208AC V1 devices
CVE-2019-13269 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...)
- TODO: check
+ NOT-FOR-US: Edimax BR-6208AC V1 devices
CVE-2019-13268 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2019-13267 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2019-13266 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2019-13265 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...)
- TODO: check
+ NOT-FOR-US: D-link
CVE-2019-13264 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...)
- TODO: check
+ NOT-FOR-US: D-link
CVE-2019-13263 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...)
- TODO: check
+ NOT-FOR-US: D-link
CVE-2019-13262 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
NOT-FOR-US: XnView
CVE-2019-13261 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...)
@@ -9491,13 +9491,13 @@ CVE-2019-13239 (inc/user.class.php in GLPI before 9.4.3 allows XSS via a user pi
CVE-2019-13238 (An issue was discovered in Bento4 1.5.1.0. A memory allocation failure ...)
NOT-FOR-US: Bento4
CVE-2019-13237 (In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vul ...)
- TODO: check
+ NOT-FOR-US: Alkacon OpenCms
CVE-2019-13236 (In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are m ...)
- TODO: check
+ NOT-FOR-US: Alkacon OpenCms
CVE-2019-13235 (In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS ...)
- TODO: check
+ NOT-FOR-US: Alkacon OpenCms
CVE-2019-13234 (In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS ...)
- TODO: check
+ NOT-FOR-US: Alkacon OpenCms
CVE-2019-13232 (Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP co ...)
{DLA-1846-1}
- unzip 6.0-24 (unimportant; bug #931433)
@@ -9586,7 +9586,7 @@ CVE-2019-13211
CVE-2019-13210
RESERVED
CVE-2019-13209 (Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijack ...)
- TODO: check
+ NOT-FOR-US: Rancher
CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation because th ...)
NOT-FOR-US: Waves MAXX Audio
CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflo ...)
@@ -10886,9 +10886,9 @@ CVE-2019-12756
CVE-2019-12755
RESERVED
CVE-2019-12754 (Symantec My VIP portal, previous version which has already been auto u ...)
- TODO: check
+ NOT-FOR-US: Symantec My VIP portal
CVE-2019-12753 (An information disclosure vulnerability in Symantec Reporter web UI 10 ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2019-12752
RESERVED
CVE-2019-12751 (Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a p ...)
@@ -11126,7 +11126,7 @@ CVE-2019-12645 (A vulnerability in Cisco Jabber Client Framework (JCF) for Mac S
CVE-2019-12644 (A vulnerability in the web-based management interface of Cisco Identit ...)
TODO: check
CVE-2019-12643 (A vulnerability in the Cisco REST API virtual service container for Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12642
RESERVED
CVE-2019-12641
@@ -11142,13 +11142,13 @@ CVE-2019-12637
CVE-2019-12636
RESERVED
CVE-2019-12635 (A vulnerability in the authorization module of Cisco Content Security ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12634 (A vulnerability in the web-based management interface of Cisco Integra ...)
NOT-FOR-US: Cisco
CVE-2019-12633 (A vulnerability in Cisco Unified Contact Center Express (Unified CCX) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12632 (A vulnerability in Cisco Finesse could allow an unauthenticated, remot ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12631
RESERVED
CVE-2019-12630
@@ -11567,11 +11567,11 @@ CVE-2019-12466 (Wikimedia MediaWiki through 1.32.1 allows CSRF. ...)
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
NOTE: https://phabricator.wikimedia.org/T25227
CVE-2019-12465 (An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was i ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2019-12464 (An issue was discovered in LibreNMS 1.50.1. An authenticated user can ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2019-12463 (An issue was discovered in LibreNMS 1.50.1. The scripts that handle gr ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2019-12462
RESERVED
CVE-2019-12461 (Web Port 1.19.1 allows XSS via the /log type parameter. ...)
@@ -12216,7 +12216,7 @@ CVE-2019-12225
CVE-2019-12224
RESERVED
CVE-2019-12223 (An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1. ...)
- TODO: check
+ NOT-FOR-US: Hanwah Techwin SRN-472s devices
CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...)
{DLA-1865-1 DLA-1861-1}
- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8754f96b8b2111d91c14fef7af8999b0790212b9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8754f96b8b2111d91c14fef7af8999b0790212b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190910/fed763e4/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list