Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5f85b871 by Salvatore Bonaccorso at 2019-05-15T20:38:11Z
Process some NFUs
- - - - -
1488902d by Salvatore Bonaccorso at 2019-05-15T20:39:20Z
Merge remote-tracking branch 'origin/master'
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2030,7 +2030,7 @@ CVE-2019-11226
CVE-2019-11225
RESERVED
CVE-2019-11224 (HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command
Injection. ...)
- TODO: check
+ NOT-FOR-US: HARMAN AMX MVP5150 devices
CVE-2019-11223 (An Unrestricted File Upload Vulnerability in the SupportCandy
plugin t ...)
NOT-FOR-US: SupportCandy plugin for WordPress
CVE-2017-18366 (Subrion CMS 4.1.5 has CSRF in blog/delete/. ...)
@@ -8608,7 +8608,7 @@ CVE-2019-8925
CVE-2019-8924
RESERVED
CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the
cds-fpdf ...)
- TODO: check
+ NOT-FOR-US: XAMPP
CVE-2019-8922
RESERVED
CVE-2019-8921
@@ -16910,7 +16910,7 @@ CVE-2019-5528
CVE-2019-5527
RESERVED
CVE-2019-5526 (VMware Workstation (15.x before 15.1.0) contains a DLL
hijacking issue ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5525
RESERVED
CVE-2019-5524 (VMware Workstation (14.x before 14.1.6) and Fusion (10.x before
10.1.6 ...)
@@ -20822,13 +20822,13 @@ CVE-2019-3729
CVE-2019-3728
RESERVED
CVE-2019-3727 (Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint
for VMs ...)
- TODO: check
+ NOT-FOR-US: Dell EMC RecoverPoint
CVE-2019-3726
RESERVED
CVE-2019-3725 (RSA Netwitness Platform versions prior to 11.2.1.1 and RSA
Security An ...)
- TODO: check
+ NOT-FOR-US: RSA Netwitness Platform
CVE-2019-3724 (RSA Netwitness Platform versions prior to 11.2.1.1 and RSA
Security An ...)
- TODO: check
+ NOT-FOR-US: RSA Netwitness Platform
CVE-2019-3723
RESERVED
CVE-2019-3722
@@ -21076,7 +21076,7 @@ CVE-2019-3604 (Cross-Site Request Forgery (CSRF)
vulnerability in McAfee ePO (le
CVE-2019-3603
RESERVED
CVE-2019-3602 (Cross Site Scripting (XSS) vulnerability in McAfee Network
Security Ma ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3601
RESERVED
CVE-2019-3600
@@ -21108,7 +21108,7 @@ CVE-2019-3588
CVE-2019-3587 (DLL Search Order Hijacking vulnerability in Microsoft Windows
client i ...)
NOT-FOR-US: McAfee
CVE-2019-3586 (Protection Mechanism Failure in the Firewall in McAfee Endpoint
Securi ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3585
RESERVED
CVE-2019-3584 (Exploitation of Authentication vulnerability in MVision
Endpoint in Mc ...)
@@ -27229,7 +27229,7 @@ CVE-2019-1769
CVE-2019-1768
RESERVED
CVE-2019-1767 (Multiple vulnerabilities in the implementation of a specific
CLI comma ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1766 (A vulnerability in the web-based management interface of
Session Initi ...)
NOT-FOR-US: Cisco
CVE-2019-1765 (A vulnerability in the web-based management interface of
Session Initi ...)
@@ -27293,25 +27293,25 @@ CVE-2019-1737 (A vulnerability in the processing of
IP Service Level Agreement (
CVE-2019-1736
RESERVED
CVE-2019-1735 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1734
RESERVED
CVE-2019-1733 (A vulnerability in the NX API (NX-API) Sandbox interface for
Cisco NX- ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1732 (A vulnerability in the Remote Package Manager (RPM) subsystem
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1731 (A vulnerability in the SSH CLI key management functionality of
Cisco N ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1730 (A vulnerability in the Bash shell implementation for Cisco
NX-OS Softw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1729 (A vulnerability in the CLI implementation of a specific command
used f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1728 (A vulnerability in the Secure Configuration Validation
functionality o ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1727 (A vulnerability in the Python scripting subsystem of Cisco
NX-OS Softw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1726 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1725 (A vulnerability in the local management CLI implementation for
specifi ...)
NOT-FOR-US: Cisco
CVE-2019-1724 (A vulnerability in the session management functionality of the
web-bas ...)
@@ -27329,7 +27329,7 @@ CVE-2019-1719 (A vulnerability in the web-based guest
portal of Cisco Identity S
CVE-2019-1718 (A vulnerability in the web interface of Cisco Identity Services
Engine ...)
NOT-FOR-US: Cisco
CVE-2019-1717 (A vulnerability in the web-based management interface of Cisco
Video S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1716 (A vulnerability in the web-based management interface of
Session Initi ...)
NOT-FOR-US: Cisco
CVE-2019-1715 (A vulnerability in the Deterministic Random Bit Generator
(DRBG), also ...)
@@ -58740,7 +58740,7 @@ CVE-2018-9331 (An issue was discovered in zzcms 8.2.
user/adv.php allows remote
CVE-2016-10720
RESERVED
CVE-2016-10719 (TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability
that can ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as
demonstrated by t ...)
NOT-FOR-US: Coremail XT3.0
CVE-2018-9329
@@ -59880,7 +59880,7 @@ CVE-2017-18242 (The apply_dependent_coupling function
in libavcodec/aacdec.c in
CVE-2018-8941 (Diagnostics functionality on D-Link DSL-3782 devices with
firmware EU ...)
NOT-FOR-US: D-Link
CVE-2018-8940 (ClientServiceConfigController.cs in Enghouse Cloud Contact
Center Plat ...)
- TODO: check
+ NOT-FOR-US: Enghouse Cloud Contact Center Platform
CVE-2018-8939 (An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp
Gold bef ...)
NOT-FOR-US: Ipswitch
CVE-2018-8938 (A Code Injection issue was discovered in DlgSelectMibFile.asp
in Ipswi ...)
@@ -74030,19 +74030,19 @@ CVE-2018-4031
CVE-2018-4030 (An exploitable vulnerability exists the safe browsing function
of the ...)
NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4029 (An exploitable code execution vulnerability exists in the HTTP
request ...)
- TODO: check
+ NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker
Roav A1 Dashcam
CVE-2018-4028 (An exploitable firmware update vulnerability exists in the
NT9665X Chi ...)
- TODO: check
+ NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker
Roav A1 Dashcam
CVE-2018-4027 (An exploitable denial-of-service vulnerability exists in the
XML_Uploa ...)
- TODO: check
+ NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker
Roav A1 Dashcam
CVE-2018-4026 (An exploitable denial-of-service vulnerability exists in the
XML_GetSc ...)
- TODO: check
+ NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker
Roav A1 Dashcam
CVE-2018-4025 (An exploitable denial-of-service vulnerability exists in the
XML_GetRa ...)
- TODO: check
+ NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker
Roav A1 Dashcam
CVE-2018-4024 (An exploitable denial-of-service vulnerability exists in the
thumbnail ...)
- TODO: check
+ NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker
Roav A1 Dashcam
CVE-2018-4023 (An exploitable code execution vulnerability exists in the
XML_UploadFi ...)
- TODO: check
+ NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker
Roav A1 Dashcam
CVE-2018-4022 (A use-after-free vulnerability exists in the way MKVToolNix
MKVINFO v2 ...)
- mkvtoolnix 28.2.0-1
[stretch] - mkvtoolnix <not-affected> (Vulnerable code introduced later)
@@ -74056,15 +74056,15 @@ CVE-2018-4020 (An exploitable command injection
vulnerability exists in the way
CVE-2018-4019 (An exploitable command injection vulnerability exists in the
way Netga ...)
NOT-FOR-US: pfSense
CVE-2018-4018 (An exploitable firmware update vulnerability exists in the
NT9665X Chi ...)
- TODO: check
+ NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker
Roav A1 Dashcam
CVE-2018-4017 (An exploitable vulnerability exists in the Wi-Fi Access Point
feature ...)
- TODO: check
+ NOT-FOR-US: Roav A1 Dashcam
CVE-2018-4016 (An exploitable code execution vulnerability exists in the
URL-parsing ...)
- TODO: check
+ NOT-FOR-US: Roav A1 Dashcam
CVE-2018-4015 (An exploitable vulnerability exists in the HTTP client
functionality o ...)
NOT-FOR-US: Webroot BrightCloud SDK
CVE-2018-4014 (An exploitable code execution vulnerability exists in Wi-Fi
Command 99 ...)
- TODO: check
+ NOT-FOR-US: Roav A1 Dashcam
CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP
packet- ...)
{DSA-4343-1 DLA-1582-1}
- liblivemedia 2018.10.17-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/10ee5f5ab11e7fcf9e863f32896f8b7543397ec9...1488902d8c4cd0b3eadb27ca06ffc725264fcde6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/10ee5f5ab11e7fcf9e863f32896f8b7543397ec9...1488902d8c4cd0b3eadb27ca06ffc725264fcde6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
