Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
24f14056 by Salvatore Bonaccorso at 2019-05-23T08:20:35Z
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14286,25 +14286,25 @@ CVE-2019-6823
CVE-2019-6822
RESERVED
CVE-2019-6821 (CWE-330: Use of Insufficiently Random Values vulnerability,
which coul ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2019-6820 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2019-6819 (A CWE-754: Improper Check for Unusual or Exceptional Conditions
vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2019-6818
RESERVED
CVE-2019-6817
RESERVED
CVE-2019-6816 (In Modicon Quantum all firmware versions, a CWE-94: Code
Injection vul ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2019-6815 (In Modicon Quantum all firmware versions, CWE-264: Permissions,
Privil ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2019-6814 (An Improper Access Control: CWE-284 vulnerability exists in the
NET55X ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2019-6813
RESERVED
CVE-2019-6812 (A CWE-798 use of hardcoded credentials vulnerability exists in
BMX-NOR ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2019-6811
RESERVED
CVE-2019-6810
@@ -14312,11 +14312,11 @@ CVE-2019-6810
CVE-2019-6809
RESERVED
CVE-2019-6808 (A CWE-284: Improper Access Control vulnerability exists in all
version ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2019-6807 (A CWE-248: Uncaught Exception vulnerability exists in all
versions of ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2019-6806 (A CWE-200: Information Exposure vulnerability exists in all
versions o ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2019-6805 (SQL Injection was found in S-CMS version V3.0 via the
alipay/alipayapi ...)
NOT-FOR-US: S-CMS
CVE-2019-6804 (An XSS issue was discovered on the Job Edit page in Rundeck
Community ...)
@@ -44967,7 +44967,7 @@ CVE-2018-14731 (An issue was discovered in HMRServer.js
in Parcel parcel-bundler
CVE-2018-14730 (An issue was discovered in Browserify-HMR. Attackers are able
to steal ...)
NOT-FOR-US: Browserify-HMR
CVE-2018-14729 (The database backup feature in
upload/source/admincp/admincp_db.php in ...)
- TODO: check
+ NOT-FOR-US: Discuz!
CVE-2018-14728 (upload.php in Responsive FileManager 9.13.1 allows SSRF via
the url pa ...)
NOT-FOR-US: Responsive FileManager
CVE-2018-14727
@@ -63372,41 +63372,41 @@ CVE-2018-7858 (Quick Emulator (aka QEMU), when built
with the Cirrus CLGD 54xx V
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html
CVE-2018-7857 (A CWE-248: Uncaught Exception vulnerability exists in all
versions of ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7856 (A CWE-248: Uncaught Exception vulnerability exists in all
versions of ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7855 (A CWE-248 Uncaught Exception vulnerability exists in all
versions of t ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7854 (A CWE-248 Uncaught Exception vulnerability exists in all
versions of t ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7853 (A CWE-248: Uncaught Exception vulnerability exists in all
versions of ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7852 (A CWE-248: Uncaught Exception vulnerability exists in all
versions of ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7851 (CWE-119: Buffer errors vulnerability exists in Modicon M580
with firmw ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7850 (A CWE-807: Reliance on Untrusted Inputs in a Security Decision
vulnera ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7849 (A CWE-248: Uncaught Exception vulnerability exists in all
versions of ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7848 (A CWE-200: Information Exposure vulnerability exists in all
versions o ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7847 (A CWE-284: Improper Access Control vulnerability exists in all
version ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7846 (A CWE-501: Trust Boundary Violation vulnerability on connection
to the ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7845 (A CWE-125: Out-of-bounds Read vulnerability exists in all
versions of ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7844 (A CWE-200: Information Exposure vulnerability exists in all
versions o ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7843 (A CWE-248: Uncaught Exception vulnerability exists in all
versions of ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7842 (A CWE-290: Authentication Bypass by Spoofing vulnerability
exists in a ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7841 (A SQL Injection (CWE-89) vulnerability exists in U.motion
Builder soft ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7840 (A Uncontrolled Search Path Element (CWE-427) vulnerability
exists in V ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7839 (A Cryptographic Issue (CWE-310) vulnerability exists in IIoT
Monitor 3 ...)
NOT-FOR-US: Schneider
CVE-2018-7838
@@ -63418,7 +63418,7 @@ CVE-2018-7836 (An unrestricted Upload of File with
Dangerous Type vulnerability
CVE-2018-7835 (An Improper Limitation of a Pathname to a Restricted Directory
('Path ...)
NOT-FOR-US: IIoT Monitor (Schneider Electric)
CVE-2018-7834 (A CWE-79 Cross-Site Scripting vulnerability exists in all
versions of ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7833 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7832 (An Improper Input Validation vulnerability exists in Pro-Face
GP-Pro E ...)
@@ -63428,23 +63428,23 @@ CVE-2018-7831 (An Improper Neutralization of
Script-Related HTML Tags in a Web P
CVE-2018-7830 (Improper Neutralization of CRLF Sequences in HTTP Headers
('HTTP Respo ...)
NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7829 (An Improper Neutralization of Special Elements in Query
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7828 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
1st Ge ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7827 (A Cross-Site Scripting (XSS) vulnerability exists in the 1st
Gen. Pelc ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7826 (A Command Injection vulnerability exists in the web-based GUI
of the 1 ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7825 (A Command Injection vulnerability exists in the web-based GUI
of the 1 ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7824 (An Externally Controlled Reference to a Resource (CWE-610)
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7823 (A Environment (CWE-2) vulnerability exists in SoMachine Basic,
all ver ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7822 (An Incorrect Default Permissions (CWE-276) vulnerability exists
in SoM ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7821 (An Environment (CWE-2) vulnerability exists in SoMachine Basic,
all ve ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7820
RESERVED
CVE-2018-7819
@@ -63454,7 +63454,7 @@ CVE-2018-7818
CVE-2018-7817 (A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2
v5.1 a ...)
NOT-FOR-US: Zolio
CVE-2018-7816 (A Permissions, Privileges, and Access Control vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7815 (A Type Confusion (CWE-843) vulnerability exists in Eurotherm by
Schnei ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7814 (A Stack-based Buffer Overflow (CWE-121) vulnerability exists in
Euroth ...)
@@ -63480,7 +63480,7 @@ CVE-2018-7805
CVE-2018-7804 (A URL Redirection to Untrusted Site vulnerability exists in the
embedd ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7803 (A CWE-754 Improper Check for Unusual or Exceptional Conditions
vulnera ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7802 (A SQL Injection vulnerability exists in EVLink Parking,
v3.2.0-12_v1 a ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7801 (A Code Injection vulnerability exists in EVLink Parking,
v3.2.0-12_v1 ...)
@@ -63510,7 +63510,7 @@ CVE-2018-7790 (An Information Management Error
vulnerability exists in Schneider
CVE-2018-7789 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
NOT-FOR-US: Schneider
CVE-2018-7788 (A CWE-255 Credentials Management vulnerability exists in
Modicon Quant ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2018-7787 (In Schneider Electric U.motion Builder software versions prior
to v1.3 ...)
NOT-FOR-US: Schneider
CVE-2018-7786 (In Schneider Electric U.motion Builder software versions prior
to v1.3 ...)
@@ -107314,9 +107314,9 @@ CVE-2017-9811 (The kluser is able to interact with
the kav4fs-control binary in
CVE-2017-9810 (There are no Anti-CSRF tokens in any forms on the web interface
in Kas ...)
NOT-FOR-US: Kaspersky Anti-Virus
CVE-2017-9809 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by:
Inform ...)
- TODO: check
+ NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-9808 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by:
Cross ...)
- TODO: check
+ NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2015-9098 (In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote
attack ...)
NOT-FOR-US: Redgate SQL Monitor
CVE-2017-9807 (An issue was discovered in the OpenWebif plugin through 1.2.4
for E2 o ...)
@@ -112483,7 +112483,7 @@ CVE-2017-8778 (GitLab before 8.14.9, 8.15.x before
8.15.6, and 8.16.x before 8.1
- gitlab <not-affected> (SVG rendering feature introduced later, cf.
bug #861870)
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/27471
CVE-2017-8777 (Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is
affected by: M ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX Cloud Plugins
CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc
through 1.0 ...)
{DSA-3845-1 DLA-937-1 DLA-936-1}
- rpcbind 0.2.3-0.6 (bug #861835)
@@ -113563,9 +113563,9 @@ CVE-2017-8343 (In ImageMagick 7.0.5-5, the
ReadAAIImage function in aai.c allows
- imagemagick 8:6.9.7.4+dfsg-7 (bug #862572)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/444
CVE-2017-8341 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected
by: Conte ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-8340 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected
by: Incor ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-8339 (PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to
cause a ...)
NOT-FOR-US: Panda Free Antivirus
CVE-2017-8338 (A vulnerability in MikroTik Version 6.38.5 could allow an
unauthentica ...)
@@ -118512,7 +118512,7 @@ CVE-2017-6914 (CSRF exists in BigTree CMS 4.1.18 and
4.2.16 with the id paramete
CVE-2017-6913 (Cross-site scripting (XSS) vulnerability in the Open-Xchange
webmail b ...)
NOT-FOR-US: Open-Xchange
CVE-2017-6912 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected
by: Incor ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-6911 (USB Pratirodh is prone to sensitive information disclosure. It
stores ...)
NOT-FOR-US: USB Pratirodh
CVE-2017-6910 (The HTTP and WebSocket engine components in the server in
Kaazing Gate ...)
@@ -121712,9 +121712,9 @@ CVE-2017-5866 (The autocomplete feature in the E-Mail
share dialog in ownCloud S
CVE-2017-5865 (The password reset functionality in ownCloud Server before
8.1.11, 8.2 ...)
- owncloud <removed>
CVE-2017-5864 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected
by: Cross ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5863 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected
by: Incor ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5862
RESERVED
CVE-2017-5861
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/24f14056d00a826c72ec7d383d42a0a0e9d944f4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/24f14056d00a826c72ec7d383d42a0a0e9d944f4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
