Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3b64713d by Moritz Muehlenhoff at 2019-03-21T11:11:44Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2019-9891
CVE-2019-9890
RESERVED
CVE-2019-9889 (In Vanilla before 2.6.4, a flaw exists within the
getSingleIndex funct ...)
- TODO: check
+ NOT-FOR-US: Vanilla Forums
CVE-2019-9888
RESERVED
CVE-2019-1010319
@@ -1073,7 +1073,6 @@ CVE-2018-20800 (An issue was discovered in Open Ticket
Request System (OTRS) 5.0
NOTE: OTRS 6:
https://github.com/OTRS/otrs/commit/8d17d58029efbb0bba25c4208e09e2d320eeb0c3
NOTE: OTRS 5:
https://github.com/OTRS/otrs/commit/7d3c56d5b9bb38207695dae174dbba89a132e7b9
NOTE: For upstream versions only did affect OTRS 6.0.13 and OTRS 5.0.31.
- TODO: check, if for the older series broken patches were backported and
thus as well affected
CVE-2019-9750 (In IoTivity through 1.3.1, the CoAP server interface can be
used for D ...)
- iotivity <itp> (bug #824155)
CVE-2019-9749 (An issue was discovered in the MQTT input plugin in Fluent Bit
through ...)
@@ -6539,31 +6538,31 @@ CVE-2019-7443 [Insecure handling of arguments in
helpers]
CVE-2019-7442
RESERVED
CVE-2019-7441 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout
Payment Ga ...)
- TODO: check
+ NOT-FOR-US: WooCommerce
CVE-2019-7440 (JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and
Security Ke ...)
- TODO: check
+ NOT-FOR-US: JioFi
CVE-2019-7439 (cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a
DoS (Hang ...)
- TODO: check
+ NOT-FOR-US: JioFi
CVE-2019-7438 (cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and
HTML i ...)
- TODO: check
+ NOT-FOR-US: JioFi
CVE-2019-7437 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has
reflected ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7436 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has
directory ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7435 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has
reflected ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7434 (PHP Scripts Mall Rental Bike Script 2.0.3 has directory
traversal via ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7433 (PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site
Request Forge ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7432 (PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection
via the S ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7431 (PHP Scripts Mall Image Sharing Script 1.3.4 has directory
traversal vi ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7430 (PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection
via the ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7429 (PHP Scripts Mall Property Rental Software 2.1.4 has directory
traversa ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2019-7428
RESERVED
CVE-2019-7427
@@ -6589,7 +6588,7 @@ CVE-2019-7418 (XSS exists in SAMSUNG X7400GX SyncThru Web
Service V6.A6.25 V11.0
CVE-2019-7417 (XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in
multiple ...)
NOT-FOR-US: Ericsson Active Library Explorer (ALEX)
CVE-2019-7416 (XSS and/or a Client Side URL Redirect exists in OpenText
Documentum We ...)
- TODO: check
+ NOT-FOR-US: OpenText Documentum Webtop
CVE-2019-7415
RESERVED
CVE-2019-7414
@@ -8337,7 +8336,7 @@ CVE-2019-6716 (An unauthenticated Insecure Direct Object
Reference (IDOR) in Wic
CVE-2019-6715
RESERVED
CVE-2019-6714 (An issue was discovered in BlogEngine.NET through 3.3.6.0. A
path trav ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2019-6713 (app\admin\controller\RouteController.php in ThinkCMF 5.0.190111
allows ...)
NOT-FOR-US: ThinkCMF
CVE-2019-6712
@@ -10857,7 +10856,7 @@ CVE-2019-5731
CVE-2019-5730
RESERVED
CVE-2019-5729 (Splunk-SDK-Python before 1.6.6 does not properly verify
untrusted TLS ...)
- TODO: check
+ NOT-FOR-US: Splunk
CVE-2019-5728
RESERVED
CVE-2019-5727 (Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x
before 6.4.9 ...)
@@ -10869,9 +10868,9 @@ CVE-2019-5725 (qibosoft through V7 allows remote
attackers to read arbitrary fil
CVE-2019-5724
RESERVED
CVE-2019-5723 (An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6.
Passwor ...)
- TODO: check
+ NOT-FOR-US: portier vision
CVE-2019-5722 (An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6.
Due to ...)
- TODO: check
+ NOT-FOR-US: portier vision
CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash.
This was ...)
- wireshark 2.6.1-1
[stretch] - wireshark 2.6.3-1~deb9u1
@@ -15649,15 +15648,15 @@ CVE-2018-20650 (A reachable Object::dictLookup
assertion in Poppler 0.72.0 allow
CVE-2018-20649
RESERVED
CVE-2018-20648 (PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site
Request Forger ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2018-20647 (PHP Scripts Mall Car Rental Script 2.0.8 has directory
traversal via a ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2018-20646 (PHP Scripts Mall Basic B2B Script 2.0.9 has has directory
traversal vi ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2018-20645 (PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via
the Fir ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2018-20644 (PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request
Forgery ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Mall
CVE-2018-20643 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has
directory tr ...)
NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-20642 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows
remote at ...)
@@ -16207,9 +16206,9 @@ CVE-2018-20528 (JEECMS 9 has SSRF via the
ueditor/getRemoteImage.jspx upfile par
CVE-2018-20527
RESERVED
CVE-2018-20526 (Roxy Fileman 1.4.5 allows unrestricted file upload in
upload.php. ...)
- TODO: check
+ NOT-FOR-US: Roxy Fileman
CVE-2018-20525 (Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php,
copyfile ...)
- TODO: check
+ NOT-FOR-US: Roxy Fileman
CVE-2018-20524 (The Chat Anywhere extension 2.4.0 for Chrome allows XSS via
crafted us ...)
NOT-FOR-US: Chat Anywhere Chrome extension
CVE-2018-20523
@@ -16794,7 +16793,7 @@ CVE-2018-20325 (There is a vulnerability in load()
method in definitions/parser.
CVE-2018-20324
RESERVED
CVE-2018-20323 (www/soap/application/MCSoap/Logs.php in MailCleaner Community
Edition ...)
- TODO: check
+ NOT-FOR-US: MailCleaner
CVE-2018-20322 (LimeSurvey version 3.15.5 contains a Cross-site scripting
(XSS) vulner ...)
- limesurvey <itp> (bug #472802)
CVE-2018-20321
@@ -17233,7 +17232,7 @@ CVE-2018-20223
CVE-2018-20222
RESERVED
CVE-2018-20221 (Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and
prior are ...)
- TODO: check
+ NOT-FOR-US: Deltek
CVE-2018-20220 (An issue was discovered on Teracue ENC-400 devices with
firmware 2.56 ...)
NOT-FOR-US: Teracue ENC-400 devices
CVE-2018-20219 (An issue was discovered on Teracue ENC-400 devices with
firmware 2.56 ...)
@@ -17443,7 +17442,7 @@ CVE-2018-20164 (An issue was discovered in regex.yaml
(aka regexes.yaml) in UA-P
CVE-2018-20163
RESERVED
CVE-2018-20162 (Digi TransPort LR54 4.4.0.26 and possible earlier devices have
Imprope ...)
- TODO: check
+ NOT-FOR-US: Digi TransPort
CVE-2018-20161 (A design flaw in the BlinkForHome (aka Blink For Home) Sync
Module 2.1 ...)
NOT-FOR-US: BlinkForHome (aka Blink For Home) Sync Module
CVE-2018-20160
@@ -19549,9 +19548,9 @@ CVE-2018-20143
CVE-2018-20142
RESERVED
CVE-2018-20141 (AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via
the sor ...)
- TODO: check
+ NOT-FOR-US: AbanteCart
CVE-2018-20140 (Zenphoto 1.4.14 has multiple cross-site scripting (XSS)
vulnerabilitie ...)
- TODO: check
+ NOT-FOR-US: Zenphoto
CVE-2018-20139
RESERVED
CVE-2018-20138 (PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored
XSS via A ...)
@@ -19620,7 +19619,7 @@ CVE-2018-20145 (Eclipse Mosquitto 1.5.x before 1.5.5
allows ACL bypass: if the o
CVE-2018-20122 (The web interface on FASTGate Fastweb devices with firmware
through 0. ...)
NOT-FOR-US: FASTGate Fastweb
CVE-2018-20121 (Podcast Generator 2.7 has stored cross-site scripting (XSS)
via the UR ...)
- TODO: check
+ NOT-FOR-US: Podcast Generator
CVE-2018-20120
RESERVED
CVE-2018-20119
@@ -20976,7 +20975,7 @@ CVE-2018-19937 (A local, authenticated attacker can
bypass the passcode in the V
CVE-2018-19936 (PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. ...)
NOT-FOR-US: PrinterOn Enterprise
CVE-2018-19934 (SolarWinds Serv-U FTP Server 15.1.6.25 has reflected
cross-site script ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2018-19933 (Bolt CMS <3.6.2 allows XSS via text input click preview
button as d ...)
NOT-FOR-US: Bolt CMS
CVE-2019-1984
@@ -21874,7 +21873,7 @@ CVE-2019-1566 (The PAN-OS management web interface in
PAN-OS 7.1.21 and earlier,
CVE-2019-1565 (The PAN-OS external dynamics lists in PAN-OS 7.1.21 and
earlier, PAN-O ...)
NOT-FOR-US: PAN-OS
CVE-2018-19917 (Microweber 1.0.8 has reflected cross-site scripting (XSS)
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2018-19916
RESERVED
CVE-2018-19915 (DomainMOD through 4.11.01 has XSS via the assets/edit/host.php
Web Hos ...)
@@ -22276,7 +22275,7 @@ CVE-2018-19785 (PHP-Proxy through 5.1.0 has Cross-Site
Scripting (XSS) via the U
CVE-2018-19784 (The str_rot_pass function in
vendor/atholn1600/php-proxy/src/helpers.p ...)
NOT-FOR-US: PHP-Proxy
CVE-2018-19783 (Kentix MultiSensor-LAN 5.63.00 devices and previous allow
Authenticati ...)
- TODO: check
+ NOT-FOR-US: Kentix MultiSensor-LAN
CVE-2018-19782 (Multiple cross-site scripting (XSS) vulnerabilities in GET
requests in ...)
NOT-FOR-US: FreshRSS
CVE-2018-19781
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b64713dfee588337cf58f263ffd17650da1095f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b64713dfee588337cf58f263ffd17650da1095f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
