Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3a7f8202 by Salvatore Bonaccorso at 2019-05-30T20:19:57Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,15 +27,15 @@ CVE-2019-12463
CVE-2019-12462
RESERVED
CVE-2019-12461 (Web Port 1.19.1 allows XSS via the /log type parameter. ...)
- TODO: check
+ NOT-FOR-US: Web Port
CVE-2019-12460 (Web Port 1.19.1 allows XSS via the /access/setup type
parameter. ...)
- TODO: check
+ NOT-FOR-US: Web Port
CVE-2019-12459 (FileRun 2019.05.21 allows customizables/plugins/audio_player
Directory ...)
- TODO: check
+ NOT-FOR-US: FileRun
CVE-2019-12458 (FileRun 2019.05.21 allows css/ext-ux Directory Listing. ...)
- TODO: check
+ NOT-FOR-US: FileRun
CVE-2019-12457 (FileRun 2019.05.21 allows images/extjs Directory Listing. ...)
- TODO: check
+ NOT-FOR-US: FileRun
CVE-2018-20840 (An unhandled exception vulnerability exists during Google
Sign-In with ...)
TODO: check
CVE-2019-XXXX [binary can be truncated by root under certain conditions]
@@ -1292,17 +1292,17 @@ CVE-2019-11898
CVE-2019-11897
RESERVED
CVE-2019-11896 (A potential incorrect privilege assignment vulnerability
exists in the ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-11895 (A potential improper access control vulnerability exists in
the JSON-R ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-11894 (A potential improper access control vulnerability exists in
the backup ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-11893 (A potential incorrect privilege assignment vulnerability
exists in the ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-11892 (A potential improper access control vulnerability exists in
the JSON-R ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-11891 (A potential incorrect privilege assignment vulnerability
exists in the ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-12046 (LemonLDAP::NG -2.0.3 has Incorrect Access Control. ...)
{DSA-4446-1 DLA-1790-1}
- lemonldap-ng 2.0.2+ds-7+deb10u1 (bug #928944)
@@ -6981,7 +6981,7 @@ CVE-2019-9866 (An issue was discovered in GitLab
Community and Enterprise Editio
- gitlab 11.8.3-1 (bug #925196)
NOTE:
https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/
CVE-2019-9865 (When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a
specia ...)
- TODO: check
+ NOT-FOR-US: Wind River VxWorks
CVE-2019-9864 (PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter
Tamperi ...)
NOT-FOR-US: PHP Scripts Mall Amazon Affiliate Store
CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in
the ABUS ...)
@@ -14056,7 +14056,7 @@ CVE-2019-7131
CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow
vulnerability. Suc ...)
NOT-FOR-US: Adobe
CVE-2019-7129 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a
stored ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-7128 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
NOT-FOR-US: Adobe
CVE-2019-7127 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier,
2019.010 ...)
@@ -14378,9 +14378,9 @@ CVE-2019-6983 (An issue was discovered in Foxit 3D
Plugin Beta before 9.4.0.1680
CVE-2019-6982 (An issue was discovered in Foxit 3D Plugin Beta before
9.4.0.16807 for ...)
NOT-FOR-US: Foxit Reader
CVE-2019-6981 (Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind
SSRF in t ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2019-6980 (Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows
insecur ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2019-6979 (An issue was discovered in the User IP History Logs (aka
IP_History_Lo ...)
NOT-FOR-US: IP History Logs plugin for MyBB
CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS
policy into ...)
@@ -14458,9 +14458,9 @@ CVE-2019-6960
CVE-2019-6959
RESERVED
CVE-2019-6958 (A recently discovered security vulnerability affects all Bosch
Video M ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-6957 (A recently discovered security vulnerability affects all Bosch
Video M ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2
(FAAD2) 2 ...)
- faad2 <unfixed> (bug #914641)
[buster] - faad2 <no-dsa> (Minor issue)
@@ -20640,7 +20640,7 @@ CVE-2019-4266
CVE-2019-4265
RESERVED
CVE-2019-4264 (IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to
obtain sen ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4263
RESERVED
CVE-2019-4262
@@ -20656,7 +20656,7 @@ CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and
6.0.0.1 Standard Edition
CVE-2019-4257
RESERVED
CVE-2019-4256 (IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than
expected cryp ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4255
RESERVED
CVE-2019-4254
@@ -20800,7 +20800,7 @@ CVE-2019-4186
CVE-2019-4185
RESERVED
CVE-2019-4184 (IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to
cross- ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4183
RESERVED
CVE-2019-4182
@@ -20890,11 +20890,11 @@ CVE-2019-4141
CVE-2019-4140
RESERVED
CVE-2019-4139 (IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to
cross-s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4138 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1
could al ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4137 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1
is vulne ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4136
RESERVED
CVE-2019-4135
@@ -48941,7 +48941,7 @@ CVE-2018-13385 (There was an argument injection
vulnerability in Sourcetree for
CVE-2018-13384
RESERVED
CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS all versions below
6.0.5 in ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2018-13382
RESERVED
CVE-2018-13381
@@ -48971,13 +48971,13 @@ CVE-2018-13370
CVE-2018-13369
RESERVED
CVE-2018-13368 (A local privilege escalation in Fortinet FortiClient for
Windows 6.0.4 ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiClient
CVE-2018-13367
RESERVED
CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS
6.0.1, 5.6 ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13365 (An Information Exposure vulnerability in Fortinet FortiOS
6.0.1, 5.6.5 ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2018-13364
RESERVED
CVE-2018-13363
@@ -55672,7 +55672,7 @@ CVE-2018-10950 (mailboxd in Zimbra Collaboration Suite
8.8 before 8.8.8; 8.7 bef
CVE-2018-10949 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7
before 8. ...)
NOT-FOR-US: Zimbra
CVE-2018-10948 (Synacor Zimbra Admin UI in Zimbra Collaboration Suite before
8.8.0 bet ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2018-10947
RESERVED
CVE-2018-10946
@@ -60382,11 +60382,11 @@ CVE-2018-9195
CVE-2018-9194 (A plaintext recovery of encrypted messages or a
Man-in-the-middle (MiT ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-9193 (A local privilege escalation in Fortinet FortiClient for
Windows 6.0.4 ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiClient
CVE-2018-9192 (A plaintext recovery of encrypted messages or a
Man-in-the-middle (MiT ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-9191 (A local privilege escalation in Fortinet FortiClient for
Windows 6.0.4 ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiClient
CVE-2018-9190 (A null pointer dereference vulnerability in Fortinet
FortiClientWindow ...)
NOT-FOR-US: Fortinet
CVE-2018-9189
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a7f82028deddb141cf80505d29ba3309915d63e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/3a7f82028deddb141cf80505d29ba3309915d63e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
