[Git][security-tracker-team/security-tracker][master] clarify Centreon NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Sep 11 13:51:39 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ef8964e1 by Moritz Muehlenhoff at 2019-09-11T12:51:18Z
clarify Centreon NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10116,7 +10116,7 @@ CVE-2019-13026 (OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL
CVE-2019-13025
RESERVED
CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web be ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2019-13023
RESERVED
CVE-2019-13022
@@ -46292,9 +46292,9 @@ CVE-2018-19314
CVE-2018-19313
RESERVED
CVE-2018-19312 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) all ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2018-19311 (Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2018-19310
RESERVED
CVE-2018-19309
@@ -46358,9 +46358,9 @@ CVE-2018-19283
CVE-2018-19282 (Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow re ...)
NOT-FOR-US: Rockwell Automation
CVE-2018-19281 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) all ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2018-19280 (Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource na ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2018-19279 (PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plain ...)
NOT-FOR-US: PRIMX ZoneCentral
CVE-2018-19278 (Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x b ...)
@@ -46568,7 +46568,7 @@ CVE-2018-19273
CVE-2018-19272
RESERVED
CVE-2018-19271 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) all ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2018-19270
REJECTED
CVE-2019-0185
@@ -67040,11 +67040,11 @@ CVE-2018-11591 (Espruino before 1.98 allows attackers to cause a denial of servi
CVE-2018-11590 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
NOT-FOR-US: Espruino
CVE-2018-11589 (Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Cen ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2018-11588 (Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authe ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2018-11587 (There is Remote Code Execution in Centreon 3.4.6 including Centreon We ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2018-11586 (XML external entity (XXE) vulnerability in api/rest/status in SearchBl ...)
NOT-FOR-US: SearchBlox
CVE-2018-11585
@@ -185137,7 +185137,7 @@ CVE-2015-7676 (Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, whe
CVE-2015-7675 (The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7672 (Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in C ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2014-9751 (The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ...)
{DSA-3154-1 DLA-149-1}
- ntp 1:4.2.6.p5+dfsg-4
@@ -202717,9 +202717,9 @@ CVE-2015-1564 (Cross-site scripting (XSS) vulnerability in style-underground/sea
CVE-2015-1562 (Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7. ...)
NOT-FOR-US: Saurus CMS
CVE-2015-1561 (The escape_command function in include/Administration/corePerformance/ ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2015-1560 (SQL injection vulnerability in the isUserAdmin function in include/com ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2015-1559 (Multiple cross-site request forgery (CSRF) vulnerabilities in administ ...)
NOT-FOR-US: Epignosis eFront
CVE-2015-1557
@@ -222391,9 +222391,9 @@ CVE-2014-3831
CVE-2014-3830 (Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1 ...)
NOT-FOR-US: TomatoCart
CVE-2014-3829 (displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Ser ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2014-3827
RESERVED
CVE-2014-3826
@@ -254130,7 +254130,7 @@ CVE-2012-5969 (Multiple directory traversal vulnerabilities on the Huawei E585 d
CVE-2012-5968 (The Huawei E585 device does not validate the status of admin sessions, ...)
NOT-FOR-US: Huawei device
CVE-2012-5967 (SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2 ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2012-5966 (The restricted telnet shell on the D-Link DSL2730U router allows remot ...)
NOT-FOR-US: D-Link DSL2730U router
CVE-2012-5965 (Stack-based buffer overflow in the unique_service_name function in ssd ...)
@@ -294321,7 +294321,7 @@ CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxono
CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW ...)
NOT-FOR-US: Joomla!
CVE-2010-1301 (SQL injection vulnerability in main.php in Centreon 2.1.5 allows remot ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2010-1300 (SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Al ...)
NOT-FOR-US: Yamamah
CVE-2010-1299 (Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, ...)
@@ -298612,7 +298612,7 @@ CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module (m
- drupal5 5.21-1 (low)
[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unk ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2009-4367 (The Staging Webservice ("sitecore modules/staging/service/api.asmx") i ...)
NOT-FOR-US: Sitecore Staging Module
CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
@@ -325122,9 +325122,9 @@ CVE-2008-1181 (Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows r
CVE-2008-1180 (Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.c ...)
NOT-FOR-US: Juniper
CVE-2008-1179 (Multiple cross-site scripting (XSS) vulnerabilities in include/common/ ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2008-1178 (Directory traversal vulnerability in include/doc/index.php in Centreon ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2008-1177 (SQL injection vulnerability in shop/detail.php in Affiliate Market (af ...)
NOT-FOR-US: Affiliate Market
CVE-2008-1176 (Cross-site scripting (XSS) vulnerability in function/sideblock.php in ...)
@@ -325297,7 +325297,7 @@ CVE-2008-1121 (SQL injection vulnerability in index.php in eazyPortal 1.0 and ea
CVE-2008-1120 (Format string vulnerability in the embedded Internet Explorer componen ...)
NOT-FOR-US: ICQ
CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php in Cent ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does no ...)
NOT-FOR-US: Timbuktu Pro
CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes or ins ...)
@@ -328340,7 +328340,7 @@ CVE-2007-6487 (Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4
CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka ...)
NOT-FOR-US: LineShout
CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 ( ...)
- NOT-FOR-US: Centreon
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows remote a ...)
NOT-FOR-US: phpRPG
CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel Protection Serve ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef8964e1fd078acdb3ffba4a86589e1cda4bfbf5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ef8964e1fd078acdb3ffba4a86589e1cda4bfbf5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190911/ac44d55d/attachment.html>
More information about the debian-security-tracker-commits
mailing list