Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e533b55b by Moritz Muehlenhoff at 2019-02-05T09:53:23Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2019-7400 (Rukovoditel before 2.4.1 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: Rukovoditel
CVE-2019-7399
RESERVED
CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in
WriteDIBImage ...)
@@ -133,7 +133,7 @@ CVE-2019-1000010 (phpIPAM version 1.3.2 and earlier
contains a Cross Site Script
CVE-2019-1000009 (Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains
a CWE-22: ...)
NOT-FOR-US: Helm ChartMuseum
CVE-2019-1000008 (All versions of Helm between Helm >=2.0.0 and < 2.12.2
contains a ...)
- TODO: check
+ NOT-FOR-US: Helm Kubernetes package manager, different from src:helm
CVE-2019-1000007 (aioxmpp version 0.10.2 and earlier contains a Improper
Handling of ...)
TODO: check
CVE-2019-1000006 (RIOT RIOT-OS version after commit ...)
@@ -15296,7 +15296,7 @@ CVE-2018-19784 (The str_rot_pass function in ...)
CVE-2018-19783
RESERVED
CVE-2018-19782 (Multiple cross-site scripting (XSS) vulnerabilities in GET
requests in ...)
- TODO: check
+ NOT-FOR-US: FreshRSS
CVE-2018-19781
RESERVED
CVE-2018-19780
@@ -18856,7 +18856,7 @@ CVE-2018-19442
CVE-2018-19441
RESERVED
CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...)
- TODO: check
+ NOT-FOR-US: ARM Trusted Firmware-A
CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure
Global ...)
NOT-FOR-US: Oracle
CVE-2018-19438
@@ -20187,13 +20187,13 @@ CVE-2018-19044 (keepalived 2.0.8 didn't check for
pathnames with symlinks when w
NOTE:
https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
NOTE: https://github.com/acassen/keepalived/issues/1048
CVE-2018-19043 (The Media File Manager plugin 1.4.2 for WordPress allows
arbitrary ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-19042 (The Media File Manager plugin 1.4.2 for WordPress allows
arbitrary ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-19041 (The Media File Manager plugin 1.4.2 for WordPress allows XSS
via the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-19040 (The Media File Manager plugin 1.4.2 for WordPress allows
directory ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-19039 (Grafana before 4.6.5 and 5.x before 5.3.3 allows remote
authenticated ...)
- grafana <removed>
NOTE:
https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961
@@ -20220,7 +20220,7 @@ CVE-2018-19029
CVE-2018-19028
RESERVED
CVE-2018-19027 (Three type confusion vulnerabilities exist in CX-One Versions
4.50 and ...)
- TODO: check
+ NOT-FOR-US: CX-One
CVE-2018-19026
RESERVED
CVE-2018-19025
@@ -20244,7 +20244,7 @@ CVE-2018-19017 (Several use after free vulnerabilities
have been identified in .
CVE-2018-19016
RESERVED
CVE-2018-19015 (An attacker could inject commands to launch programs and
create, ...)
- TODO: check
+ NOT-FOR-US: CX-Supervisor
CVE-2018-19014 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL,
all ...)
NOT-FOR-US: Drager patient monitoring medical devices
CVE-2018-19013 (An attacker could inject commands to delete files and/or
delete the ...)
@@ -20266,7 +20266,7 @@ CVE-2018-19006
CVE-2018-19005 (Cscape, Version 9.80.75.3 SP3 and prior. An improper input
validation ...)
NOT-FOR-US: Cscape
CVE-2018-19004 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of
bounds ...)
- TODO: check
+ NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-19003 (GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions
03.03.28C to ...)
NOT-FOR-US: GE Mark
CVE-2018-19002
@@ -20298,7 +20298,7 @@ CVE-2018-18990
CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66
and ...)
NOT-FOR-US: CX-One
CVE-2018-18988 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution
of ...)
- TODO: check
+ NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program
populating ...)
NOT-FOR-US: VT-Designer
CVE-2018-18986
@@ -20411,9 +20411,9 @@ CVE-2018-18943 (An issue was discovered in baserCMS
before 4.1.4. In the Registe
CVE-2018-18942 (In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php
allows remote ...)
NOT-FOR-US: baserCMS
CVE-2018-18941 (In Vignette Content Management version 6, it is possible to
gain ...)
- TODO: check
+ NOT-FOR-US: Vignette Content Management
CVE-2018-18940 (servlet/SnoopServlet (a servlet installed by default) in
Netscape ...)
- TODO: check
+ NOT-FOR-US: Netscape Enterprise
CVE-2018-18939 (An issue was discovered in WUZHI CMS 4.1.0. There is stored
XSS in ...)
NOT-FOR-US: WUZHI CMS
CVE-2018-18938 (An issue was discovered in WUZHI CMS 4.1.0. There is stored
XSS in ...)
@@ -20514,7 +20514,7 @@ CVE-2018-18897 (An issue was discovered in Poppler
0.71.0. There is a memory lea
CVE-2018-18896
RESERVED
CVE-2018-18895 (A version of Castor XML, as used in Cisco WebEx Meetings
Server before ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-18894
RESERVED
CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method,
related to ...)
@@ -24335,7 +24335,7 @@ CVE-2018-17432 (A NULL pointer dereference in
H5O_sdspace_encode() in H5Osdspace
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
CVE-2018-17431 (Web Console in Comodo UTM Firewall before 2.7.0 allows remote
...)
- TODO: check
+ NOT-FOR-US: Comodo UTM
CVE-2018-17430
RESERVED
CVE-2018-17429
@@ -28632,7 +28632,7 @@ CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1
contain an improper access
CVE-2018-15779
REJECTED
CVE-2018-15778 (Dell OS10 versions prior to 10.4.2.1 contain a vulnerability
caused by ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2018-15777
RESERVED
CVE-2018-15776 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an
...)
@@ -28921,15 +28921,15 @@ CVE-2018-15661 (** DISPUTED ** An issue was
discovered in the Ola Money (aka ...
CVE-2018-15660 (** DISPUTED ** An issue was discovered in the Ola Money (aka
...)
NOT-FOR-US: Ola Money application for Android
CVE-2018-15659 (An issue was discovered in 42Gears SureMDM before 2018-11-27,
related ...)
- TODO: check
+ NOT-FOR-US: 42Gears
CVE-2018-15658 (An issue was discovered in 42Gears SureMDM before 2018-11-27.
By ...)
- TODO: check
+ NOT-FOR-US: 42Gears
CVE-2018-15657 (An SSRF issue was discovered in 42Gears SureMDM before
2018-11-27 via ...)
- TODO: check
+ NOT-FOR-US: 42Gears
CVE-2018-15656 (An issue was discovered in the registration API endpoint in
42Gears ...)
- TODO: check
+ NOT-FOR-US: 42Gears
CVE-2018-15655 (An issue was discovered in 42Gears SureMDM before 2018-11-27,
related ...)
- TODO: check
+ NOT-FOR-US: 42Gears
CVE-2018-15654
RESERVED
CVE-2018-15653
@@ -29341,11 +29341,11 @@ CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3
has a double-free or corrupti
NOTE:
https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/236691/
CVE-2018-15517 (The MailConnect feature on D-Link Central WiFiManager CWM-100
1.03 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-15516 (The FTP service on D-Link Central WiFiManager CWM-100 1.03
r0098 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-15515 (The CaptivelPortal service on D-Link Central WiFiManager
CWM-100 1.03 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2018-15514 (HandleRequestAsync in Docker for Windows before
18.06.0-ce-rc3-win68 ...)
NOT-FOR-US: Docker for Windows
CVE-2018-15513
@@ -30150,7 +30150,7 @@ CVE-2018-15138 (Ericsson-LG iPECS NMS 30M allows
directory traversal via ...)
CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload
any file ...)
NOT-FOR-US: CeLa Link CLR-M20 devices
CVE-2018-15136 (TitanHQ SpamTitan before 7.01 has Improper input validation.
This ...)
- TODO: check
+ NOT-FOR-US: TitanHQ
CVE-2018-15135
RESERVED
CVE-2018-15134
@@ -36600,11 +36600,11 @@ CVE-2018-12613 (An issue was discovered in phpMyAdmin
4.8.x before 4.8.2, in whi
CVE-2018-12612
RESERVED
CVE-2018-12611 (OX App Suite 7.8.4 and earlier allows Directory Traversal. ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2018-12610 (OX App Suite 7.8.4 and earlier allows Information Exposure.
...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2018-12609 (OX App Suite 7.8.4 and earlier allows Server-Side Request
Forgery. ...)
- TODO: check
+ NOT-FOR-US: OX App Suite
CVE-2018-12608 (An issue was discovered in Docker Moby before 17.06.0. The
Docker ...)
- docker.io 18.03.1+dfsg1-2
NOTE: https://github.com/moby/moby/pull/33182
@@ -54551,7 +54551,7 @@ CVE-2018-6243
CVE-2018-6242 (Some NVIDIA Tegra mobile processors released prior to 2016
contain a ...)
NOT-FOR-US: NVIDIA
CVE-2018-6241 (NVIDIA Tegra Gralloc module contains a vulnerability in driver
in ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2018-6240
RESERVED
CVE-2018-6239
@@ -56976,7 +56976,7 @@ CVE-2018-5500 (On F5 BIG-IP systems running 13.0.0,
12.1.0 - 12.1.3.1, or 11.6.1
CVE-2018-5499
RESERVED
CVE-2018-5498 (Clustered Data ONTAP versions 9.0 through 9.4 are susceptible
to a ...)
- TODO: check
+ NOT-FOR-US: Clustered Data ONTAP
CVE-2018-5497 (Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5
are ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e533b55bade942938b02fe0776f81b994f4aa17f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/e533b55bade942938b02fe0776f81b994f4aa17f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
