Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f0ba97a6 by Moritz Muehlenhoff at 2019-05-15T16:50:46Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2019-12102
RESERVED
CVE-2019-12101 (coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles
certain ...)
- TODO: check
+ NOT-FOR-US: LibNyoci
CVE-2019-12100
RESERVED
CVE-2019-12099 (In PHP-Fusion 9.03.00, edit_profile.php allows remote
authenticated us ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2019-12098
RESERVED
CVE-2019-12097
@@ -1053,7 +1053,7 @@ CVE-2019-11602
CVE-2019-11601
RESERVED
CVE-2019-11600 (A SQL injection vulnerability in the activities API in
OpenProject bef ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An
Arbitrary File O ...)
- node-tar-fs <itp> (bug #897023)
CVE-2018-20834 (A vulnerability was found in node-tar before version 4.4.2. An
Arbitra ...)
@@ -1575,7 +1575,7 @@ CVE-2019-11421
CVE-2019-11420
RESERVED
CVE-2019-11419 (vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat
application th ...)
- TODO: check
+ NOT-FOR-US: WeChat
CVE-2019-11418 (apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a
buffer over ...)
NOT-FOR-US: TRENDnet router
CVE-2019-11417 (system.cgi on TRENDnet TV-IP110WN cameras has a buffer
overflow caused ...)
@@ -1621,7 +1621,7 @@ CVE-2019-11399
CVE-2019-11398 (Multiple cross-site scripting (XSS) vulnerabilities in UliCMS
2019.2 a ...)
NOT-FOR-US: UliCMS
CVE-2019-11397 (GetFile.aspx in Rapid4 RapidFlows Enterprise Application
Builder 4.5M. ...)
- TODO: check
+ NOT-FOR-US: Rapid4
CVE-2019-11396
RESERVED
CVE-2019-11395 (A buffer overflow in MailCarrier 2.51 allows remote attackers
to execu ...)
@@ -2073,11 +2073,11 @@ CVE-2019-11208
CVE-2019-11207
RESERVED
CVE-2019-11206 (The Spotfire library component of TIBCO Software Inc.'s TIBCO
Spotfire ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-11205 (The web server component of TIBCO Software Inc.'s TIBCO
Spotfire Analy ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-11204 (The web interface component of TIBCO Software Inc.'s TIBCO
Spotfire St ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-11203 (The workspace client, openspace client, app development
client, and RE ...)
NOT-FOR-US: TIBCO
CVE-2019-11202
@@ -2734,23 +2734,23 @@ CVE-2019-10926
CVE-2019-10925
RESERVED
CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All
version ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10923
RESERVED
CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10921 (A vulnerability has been identified in LOGO!8 BM (All
versions). Unenc ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10920 (A vulnerability has been identified in LOGO!8 BM (All
versions). Proje ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10919 (A vulnerability has been identified in LOGO!8 BM (All
versions). Attac ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10918 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10917 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10916 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10915
RESERVED
CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside
Secure T ...)
@@ -5991,7 +5991,7 @@ CVE-2019-9863 (Due to the use of an insecure algorithm
for rolling codes in the
CVE-2019-9862 (An issue was discovered on ABUS Secvest wireless alarm system
FUAA5000 ...)
NOT-FOR-US: ABUS
CVE-2019-9861 (Due to the use of an insecure RFID technology (MIFARE Classic),
ABUS p ...)
- TODO: check
+ NOT-FOR-US: ABUS
CVE-2019-9860 (Due to unencrypted signal communication and predictability of
rolling ...)
NOT-FOR-US: ABUS
CVE-2019-9859
@@ -8448,7 +8448,7 @@ CVE-2019-8979 (Kohana through 3.3.6 has SQL Injection
when the order_by() parame
NOTE: https://github.com/huzr2018/orderby_SQLi/tree/master/kohana
NOTE: https://github.com/koseven/koseven/issues/323
CVE-2019-8978 (An improper authentication vulnerability can be exploited
through a ra ...)
- TODO: check
+ NOT-FOR-US: Ellucian Banner Web Tailor
CVE-2019-8977
RESERVED
CVE-2019-8976
@@ -8517,9 +8517,9 @@ CVE-2019-8954 (In Indexhibit 2.1.5, remote attackers can
execute arbitrary code
CVE-2019-8953 (The HAProxy package before 0.59_16 for pfSense has XSS via the
desc (a ...)
NOT-FOR-US: HAProxy package for pfSense
CVE-2019-8952 (A Path Traversal vulnerability located in the webserver affects
severa ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-8951 (An Open Redirect vulnerability located in the webserver affects
severa ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-1003028 (A server-side request forgery vulnerability exists in
Jenkins JMS Mess ...)
NOT-FOR-US: Jenkins
CVE-2019-1003027 (A server-side request forgery vulnerability exists in
Jenkins OctopusD ...)
@@ -9721,7 +9721,7 @@ CVE-2019-8406
CVE-2019-8405
RESERVED
CVE-2019-8404 (An issue was discovered in Webiness Inventory 2.3. The
ProductModel co ...)
- TODO: check
+ NOT-FOR-US: Webiness Inventory
CVE-2019-8403
RESERVED
CVE-2019-8402
@@ -9761,9 +9761,9 @@ CVE-2019-8393 (Hotels_Server through 2018-11-05 has SQL
Injection via the API be
CVE-2019-8392 (An issue was discovered on D-Link DIR-823G devices with
firmware 1.02B ...)
NOT-FOR-US: D-Link
CVE-2019-8391 (qdPM 9.1 suffers from Cross-site Scripting (XSS) via
configuration?typ ...)
- TODO: check
+ NOT-FOR-US: qdPM
CVE-2019-8390 (qdPM 9.1 suffers from Cross-site Scripting (XSS) in the
search[keyword ...)
- TODO: check
+ NOT-FOR-US: qdPM
CVE-2019-8389 (A file-read vulnerability was identified in the Wi-Fi transfer
feature ...)
NOT-FOR-US: Musicloud
CVE-2019-8388
@@ -14146,19 +14146,19 @@ CVE-2019-6580
CVE-2019-6579 (A vulnerability has been identified in Spectrum Power 4 (with
Web Offi ...)
NOT-FOR-US: Spectrum Power
CVE-2019-6578 (A vulnerability has been identified in SINAMICS PERFECT HARMONY
GH180 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-6577 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels 4" - ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-6576 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels 4" - ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-6575 (A vulnerability has been identified in SIMATIC CP443-1 OPC UA
(All ver ...)
NOT-FOR-US: Siemens
CVE-2019-6574 (A vulnerability has been identified in SINAMICS PERFECT HARMONY
GH180 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-6573
RESERVED
CVE-2019-6572 (A vulnerability has been identified in SIMATIC HMI Comfort
Panels 4" - ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-6571
RESERVED
CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect
Server (A ...)
@@ -14270,15 +14270,15 @@ CVE-2019-6518 (Moxa IKS and EDS store plaintext
passwords, which may allow sensi
CVE-2019-6517 (BD FACSLyric Research Use Only, Windows 10 Professional
Operating Syst ...)
NOT-FOR-US: BD FACSLyric
CVE-2019-6516 (An issue was discovered in WSO2 Dashboard Server 2.0.0. It is
possible ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2019-6515 (An issue was discovered in WSO2 API Manager 2.6.0. Uploaded
documents ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2019-6514 (An issue was discovered in WSO2 Dashboard Server 2.0.0. It is
possible ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2019-6513
RESERVED
CVE-2019-6512 (An issue was discovered in WSO2 API Manager 2.6.0. It is
possible to f ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2019-6511
RESERVED
CVE-2019-6510 (An issue was discovered in creditease-sec insight through
2018-09-11. ...)
@@ -21162,7 +21162,7 @@ CVE-2019-3570
CVE-2019-3569
RESERVED
CVE-2019-3568 (A buffer overflow vulnerability in WhatsApp VOIP stack allowed
remote ...)
- TODO: check
+ NOT-FOR-US: Whatsapp
CVE-2019-3567
RESERVED
CVE-2019-3566 (A bug in WhatsApp for Android's messaging logic would
potentially allo ...)
@@ -31216,13 +31216,13 @@ CVE-2019-0303
CVE-2019-0302
RESERVED
CVE-2019-0301 (Under certain conditions, it is possible to request the
modification o ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0300
RESERVED
CVE-2019-0299
RESERVED
CVE-2019-0298 (SAP E-Commerce (Business-to-Consumer) application does not
sufficientl ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0297
RESERVED
CVE-2019-0296
@@ -31232,19 +31232,19 @@ CVE-2019-0295
CVE-2019-0294
RESERVED
CVE-2019-0293 (Read of RFC destination does not always perform necessary
authorizatio ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0292
RESERVED
CVE-2019-0291 (Under certain conditions Solution Manager, version 7.2, allows
an atta ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0290
RESERVED
CVE-2019-0289 (Under certain conditions SAP BusinessObjects Business
Intelligence pla ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0288
RESERVED
CVE-2019-0287 (Under certain conditions SAP BusinessObjects Business
Intelligence pla ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0286
RESERVED
CVE-2019-0285 (The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual
Studio ( ...)
@@ -31258,7 +31258,7 @@ CVE-2019-0282 (Several web pages in SAP NetWeaver
Process Integration (Runtime W
CVE-2019-0281
RESERVED
CVE-2019-0280 (SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04,
6.05, 6. ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0279 (ABAP BASIS function modules INST_CREATE_R3_RFC_DEST,
INST_CREATE_TCPIP ...)
NOT-FOR-US: SAP
CVE-2019-0278 (Under certain conditions the Monitoring Servlet of the SAP
NetWeaver P ...)
@@ -32366,7 +32366,7 @@ CVE-2019-0164
CVE-2019-0163 (Insufficient input validation in system firmware for Intel(R)
Broadwel ...)
NOT-FOR-US: Intel
CVE-2019-0162 (Memory access in virtual memory mapping for some
microprocessors may a ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-0161 (Stack overflow in XHCI for EDK II may allow an unauthenticated
user to ...)
- edk2 0~20180803.dd4cae4d-1 (low)
[stretch] - edk2 <no-dsa> (Minor issue)
@@ -33103,7 +33103,7 @@ CVE-2018-19052 (An issue was discovered in
mod_alias_physical_handler in mod_ali
[jessie] - lighttpd <no-dsa> (Minor issue)
NOTE:
https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1
CVE-2018-19048 (Simditor through 2.3.21 allows DOM XSS via an onload attribute
within ...)
- TODO: check
+ NOT-FOR-US: Simditor
CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web
application th ...)
NOT-FOR-US: mPDF
CVE-2018-19046 (keepalived 2.0.8 didn't check for existing plain files when
writing da ...)
@@ -33413,7 +33413,7 @@ CVE-2018-18914
CVE-2018-18913 (Opera before 57.0.3098.106 is vulnerable to a DLL Search Order
hijacki ...)
NOT-FOR-US: Opera
CVE-2018-18912 (An issue was discovered in Easy File Sharing (EFS) Web Server
7.2. A s ...)
- TODO: check
+ NOT-FOR-US: Easy File Sharing
CVE-2018-18911
RESERVED
CVE-2018-18910
@@ -33680,7 +33680,7 @@ CVE-2018-18802
CVE-2018-18801 (The BSEN Ordering software 1.0 has SQL Injection via
student/index.php ...)
NOT-FOR-US: BSEN Ordering software
CVE-2018-18800 (The Tubigan "Welcome to our Resort" 1.0 software allows SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: Tubigan "Welcome to our Resort" software
CVE-2018-18799 (School Attendance Monitoring System 1.0 has CSRF via
event/controller. ...)
NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18798 (Attendance Monitoring System 1.0 has SQL Injection via the
'id' parame ...)
@@ -34273,7 +34273,7 @@ CVE-2018-18559 (In the Linux kernel through 4.19, a
use-after-free can occur due
[jessie] - linux 3.16.56-1
NOTE: Fixed by:
https://git.kernel.org/linus/15fe076edea787807a7cdc168df832544b58eba6
CVE-2018-18558 (An issue was discovered in Espressif ESP-IDF 2.x and 3.x
before 3.0.6 ...)
- TODO: check
+ NOT-FOR-US: Espressif ESP-IDF
CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized
JBIG into ...)
{DSA-4349-1 DLA-1557-1}
- tiff 4.0.9+git181026-1 (bug #911635)
@@ -34360,7 +34360,7 @@ CVE-2018-18526
CVE-2018-18525
RESERVED
CVE-2018-18524 (Evernote 6.15 on Windows has an incorrectly repaired stored
XSS vulner ...)
- TODO: check
+ NOT-FOR-US: Evernote
CVE-2018-18523
RESERVED
CVE-2018-18522
@@ -39407,7 +39407,7 @@ CVE-2018-16658 (An issue was discovered in the Linux
kernel before 4.18.6. An in
- linux 4.18.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 (4.19-rc2)
CVE-2018-16656 (DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and
6002i devic ...)
- TODO: check
+ NOT-FOR-US: Kyocera
CVE-2018-16655 (Gxlcms 1.0 has XSS via the PATH_INFO to
gx/lib/ThinkPHP/Tpl/ThinkExcep ...)
NOT-FOR-US: Gxlcms
CVE-2018-16654 (Zurmo 3.2.4 Stable allows XSS via
app/index.php/accounts/default/detai ...)
@@ -43252,7 +43252,7 @@ CVE-2013-7464 (In csrf-magic before 1.0.4, if
$GLOBALS['csrf']['secret'] is not
CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the
index.php?app=article& ...)
NOT-FOR-US: ThinkSAAS
CVE-2018-15128 (An issue was discovered in Polycom Group Series 6.1.6.1 and
earlier, H ...)
- TODO: check
+ NOT-FOR-US: Polycom Group Series
CVE-2018-20750 (LibVNC through 0.9.12 contains a heap out-of-bounds write
vulnerabilit ...)
{DLA-1652-1}
- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
@@ -43908,7 +43908,7 @@ CVE-2018-14841
CVE-2018-14840 (uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it
does not ...)
NOT-FOR-US: Subrion CMS
CVE-2018-14839 (LG N1A1 NAS 3718.510 is affected by: Remote Command Execution.
The imp ...)
- TODO: check
+ NOT-FOR-US: LG N1A1 NAS
CVE-2018-14838 (rejucms 2.1 has stored XSS via the admin/book.php content
parameter. ...)
NOT-FOR-US: rejucms
CVE-2018-14837 (Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated
by a ?/a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f0ba97a684b32c746473799c9f59cf8db71ec906
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f0ba97a684b32c746473799c9f59cf8db71ec906
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
