Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cae35133 by Salvatore Bonaccorso at 2019-05-24T07:05:54Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2019-12299
CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an
out-of-bounds writ ...)
TODO: check
CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01
and M2 1 ...)
- TODO: check
+ NOT-FOR-US: Motorola
CVE-2019-12296
RESERVED
CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to
2.4.14, the ...)
@@ -42,9 +42,9 @@ CVE-2019-12291
CVE-2019-12290
RESERVED
CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam
100T (C782 ...)
- TODO: check
+ NOT-FOR-US: VStarcam
CVE-2019-12288 (An issue was discovered in upgrade_htmls.cgi on VStarcam 100T
(C7824WI ...)
- TODO: check
+ NOT-FOR-US: VStarcam
CVE-2019-12287
RESERVED
CVE-2019-12286
@@ -78,7 +78,7 @@ CVE-2019-12274
CVE-2019-12273
RESERVED
CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints
admin/status/realtime/band ...)
- TODO: check
+ NOT-FOR-US: OpenWrt LuCI
CVE-2019-12271
RESERVED
CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4
configur ...)
@@ -3219,7 +3219,7 @@ CVE-2019-10979
CVE-2019-10978
RESERVED
CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module
QJ71E71-100 ser ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2019-10976
RESERVED
CVE-2019-10975
@@ -3541,7 +3541,7 @@ CVE-2019-10869 (Path Traversal and Unrestricted File
Upload exists in the Ninja
CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker
with clas ...)
NOT-FOR-US: Pimcore
CVE-2019-10866 (In the Form Maker plugin before 1.13.3 for WordPress, it's
possible to ...)
- TODO: check
+ NOT-FOR-US: Form Maker plugin for WordPress
CVE-2019-10865
RESERVED
CVE-2019-10864 (The WP Statistics plugin through 12.6.2 for WordPress has XSS,
allowin ...)
@@ -3565,19 +3565,19 @@ CVE-2019-10856 (In Jupyter Notebook before 5.7.8, an
open redirect can occur via
NOTE:
https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4
NOTE:
https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99
CVE-2019-10855 (Computrols CBAS 18.0.0 mishandles password hashes. The
approach is MD5 ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10854 (Computrols CBAS 18.0.0 allows Authenticated Command Injection.
...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10853 (Computrols CBAS 18.0.0 allows Authentication Bypass. ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10852 (Computrols CBAS 18.0.0 allows Authenticated Blind SQL
Injection via th ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10851 (Computrols CBAS 18.0.0 has hard-coded encryption keys. ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10850 (Computrols CBAS 18.0.0 has Default Credentials. ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10849 (Computrols CBAS 18.0.0 allows unprotected Subversion (SVN)
directory / ...)
- TODO: check
+ NOT-FOR-US: Computrols CBAS
CVE-2019-10848
RESERVED
CVE-2019-10847
@@ -5684,7 +5684,7 @@ CVE-2019-9951 (Western Digital My Cloud, My Cloud Mirror
Gen2, My Cloud EX2 Ultr
CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2
Ultra, My ...)
NOT-FOR-US: Western Digital
CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100,
EX4100 ...)
- TODO: check
+ NOT-FOR-US: Western Digital
CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file:
scheme, w ...)
- python2.7 2.7.16-2
NOTE: https://bugs.python.org/issue35907
@@ -65633,9 +65633,9 @@ CVE-2018-7204 (inc/logger.php in the Giribaz File
Manager plugin before 5.0.2 fo
CVE-2018-7203 (Cross-site scripting (XSS) vulnerability in Twonky Server
7.0.11 throu ...)
NOT-FOR-US: Twonky Server
CVE-2018-7202 (An issue was discovered in ProjectSend before r1053. XSS exists
in the ...)
- TODO: check
+ NOT-FOR-US: ProjectSend
CVE-2018-7201 (CSV Injection was discovered in ProjectSend before r1053,
affecting vi ...)
- TODO: check
+ NOT-FOR-US: ProjectSend
CVE-2018-7200
RESERVED
CVE-2018-7199
@@ -85471,9 +85471,9 @@ CVE-2017-17063
CVE-2017-17062 (The backend component in Open-Xchange OX App Suite before
7.6.3-rev35, ...)
NOT-FOR-US: Open-Xchange
CVE-2017-17061 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected
by: Cross ...)
- TODO: check
+ NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-17060 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected
by: Insecu ...)
- TODO: check
+ NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka
amtyThumb post ...)
NOT-FOR-US: WordPress plugin wp-thumb-post
CVE-2017-1000385 (The Erlang otp TLS server answers with different TLS alerts
to differe ...)
@@ -93409,9 +93409,9 @@ CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a
memory leak in ReadYCBCRI
CVE-2017-15031 (In all versions of ARM Trusted Firmware up to and including
v1.4, not ...)
NOT-FOR-US: ARM Trusted Firmware
CVE-2017-15030 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected
by: Cross ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-15029 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected
by: SSRF. ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-15028
RESERVED
CVE-2017-15027
@@ -97624,9 +97624,9 @@ CVE-2017-13670 (In BlackCat CMS 1.2, remote
authenticated users can upload any f
CVE-2017-13669 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the
setanswere ...)
NOT-FOR-US: NexusPHP
CVE-2017-13668 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected
by: Cross ...)
- TODO: check
+ NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-13667 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected
by: SSRF. ...)
- TODO: check
+ NOT-FOR-US: OX Software GmbH OX App Suite
CVE-2017-13666 (An integer underflow vulnerability exists in pixel-a.asm, the
x86 asse ...)
- x265 <not-affected> (Affected code is not enabled)
CVE-2017-13665
@@ -103233,11 +103233,11 @@ CVE-2017-11742 (The writeRandomBytes_RtlGenRandom
function in xmlparse.c in libe
CVE-2017-11741 (HashiCorp Vagrant VMware Fusion plugin (aka
vagrant-vmware-fusion) bef ...)
NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-11740 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the
adminis ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2017-11739 (In Zoho ManageEngine Application Manager 13.1 Build 13100, an
authenti ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2017-11738 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the
'haid' ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2017-11737 (interface/js/app/history.js in WebUI in Rspamd before 1.6.3
allows XSS ...)
- rspamd 1.7.6-1
[jessie] - rspamd <not-affected> (Vulnerable code not present)
@@ -103917,15 +103917,15 @@ CVE-2017-11563 (D-Link EyeOn Baby Monitor
(DCS-825L) 1.08.1 has a remote code ex
CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks
SenhaSegur ...)
NOT-FOR-US: MT4 SenhaSegura
CVE-2017-11561 (An issue was discovered in ZOHO ManageEngine OpManager 12.2.
An authen ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2017-11560 (An issue was discovered in ZOHO ManageEngine OpManager 12.2.
By adding ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2017-11559 (An issue was discovered in ZOHO ManageEngine OpManager 12.2.
The 'apiK ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2017-11558
RESERVED
CVE-2017-11557 (An issue was discovered in ZOHO ManageEngine Applications
Manager 12.3 ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine Applications Manager
CVE-2017-11556 (There is a stack consumption vulnerability in the
Parser::advanceToNex ...)
- libsass <unfixed> (bug #870182)
[stretch] - libsass <no-dsa> (Minor issue)
@@ -124158,13 +124158,13 @@ CVE-2017-5215 (The Codextrous B2J Contact (aka
b2j_contact) extension before 2.1
CVE-2017-5214 (The Codextrous B2J Contact (aka b2j_contact) extension before
2.1.13 f ...)
NOT-FOR-US: Joomla extension
CVE-2017-5213 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected
by: Cross ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5212 (Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect
Access ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5211 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected
by: Conte ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5210 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected
by: Infor ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange GmbH OX App Suite
CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice
libplist thr ...)
{DLA-811-1}
- libplist 1.12+git+1+e37ca00-0.1 (low; bug #851196)
@@ -139678,11 +139678,11 @@ CVE-2016-8901 (b2evolution 6.7.6 suffer from an
Object Injection vulnerability i
CVE-2016-8900
RESERVED
CVE-2016-8899 (Exponent CMS version 2.3.9 suffers from a Object Injection
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2016-8898
RESERVED
CVE-2016-8897 (Exponent CMS version 2.3.9 suffers from a sql injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Exponent CMS
CVE-2016-8896
RESERVED
CVE-2016-8895
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cae35133050ae96e63ea5e96267ede619c107e7b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/cae35133050ae96e63ea5e96267ede619c107e7b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
