Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27588989 by Salvatore Bonaccorso at 2019-06-03T20:55:51Z
Process some NFUs
- - - - -
90b3011f by Salvatore Bonaccorso at 2019-06-03T20:55:51Z
Track new pydio/extplorer issues (itp'ed)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -67,11 +67,11 @@ CVE-2019-12568
CVE-2019-12567
RESERVED
CVE-2019-12566 (The WP Statistics plugin through 12.6.5 for Wordpress has
stored XSS i ...)
- TODO: check
+ NOT-FOR-US: WP Statistics plugin for WordPress
CVE-2019-12565
RESERVED
CVE-2019-12564 (In DouCo DouPHP v1.5 Release 20190516, remote attackers can
view the d ...)
- TODO: check
+ NOT-FOR-US: DouCo DouPHP
CVE-2019-12563
RESERVED
CVE-2019-12562
@@ -2197,7 +2197,7 @@ CVE-2019-11648
CVE-2019-11647
RESERVED
CVE-2019-11646 (Remote unauthorized command execution and unauthorized
disclosure of i ...)
- TODO: check
+ NOT-FOR-US: Micro Focus Service Manager
CVE-2019-11645
RESERVED
CVE-2019-11675 (The groonga-httpd package 6.1.5-1 for Debian sets the
/var/log/groonga ...)
@@ -6149,7 +6149,7 @@ CVE-2019-10071
CVE-2019-10070
RESERVED
CVE-2019-10069 (In Godot through 3.1, remote code execution is possible due to
the des ...)
- TODO: check
+ NOT-FOR-US: Godot
CVE-2019-10068 (An issue was discovered in Kentico before 12.0.15. Due to a
failure to ...)
NOT-FOR-US: Kentico
CVE-2019-10067 (An issue was discovered in Open Ticket Request System (OTRS)
7.x throu ...)
@@ -6215,15 +6215,15 @@ CVE-2019-10050 (A buffer over-read issue was discovered
in Suricata 4.1.x before
NOTE: https://redmine.openinfosecfoundation.org/issues/2884
NOTE:
https://github.com/OISF/suricata/commit/4609d5c80acda9adf02f8fb9a6aa8238495bfa13
CVE-2019-10049 (It is possible for an attacker with regular user access to the
web app ...)
- TODO: check
+ - ajaxplorer <itp> (bug #668381)
CVE-2019-10048 (The ImageMagick plugin that is installed by default in Pydio
through 8 ...)
- TODO: check
+ - ajaxplorer <itp> (bug #668381)
CVE-2019-10047 (A stored XSS vulnerability exists in the web application of
Pydio thro ...)
- TODO: check
+ - ajaxplorer <itp> (bug #668381)
CVE-2019-10046 (An unauthenticated attacker can obtain information about the
Pydio 8.2 ...)
- TODO: check
+ - ajaxplorer <itp> (bug #668381)
CVE-2019-10045 (The "action" get_sess_id in the web application of Pydio
through 8.2.2 ...)
- TODO: check
+ - ajaxplorer <itp> (bug #668381)
CVE-2019-10044 (Telegram Desktop before 1.5.12 on Windows, and the Telegram
applicatio ...)
- telegram-desktop <unfixed> (bug #927711)
NOTE:
https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt
@@ -6238,7 +6238,7 @@ CVE-2019-10040 (The D-Link DIR-816 A2 1.11 router only
checks the random token w
CVE-2019-10039 (The D-Link DIR-816 A2 1.11 router only checks the random token
when au ...)
NOT-FOR-US: D-Link
CVE-2019-10038 (Evernote 7.9 on macOS allows attackers to execute arbitrary
programs b ...)
- TODO: check
+ NOT-FOR-US: Evernote
CVE-2019-10037
RESERVED
CVE-2019-10036
@@ -7293,13 +7293,13 @@ CVE-2019-9876
CVE-2019-9875 (Deserialization of Untrusted Data in the anti CSRF module in
Sitecore ...)
TODO: check
CVE-2019-9874 (Deserialization of Untrusted Data in the
Sitecore.Security.AntiCSRF (a ...)
- TODO: check
+ NOT-FOR-US: Sitecore CMS
CVE-2019-9873
RESERVED
CVE-2019-9872
RESERVED
CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution
because the ...)
- TODO: check
+ NOT-FOR-US: Jector Smart TV FM-K75 devices
CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for
CKEditor m ...)
NOT-FOR-US: w8tcha oEmbed plugin for CKEditor
CVE-2019-9869
@@ -8009,7 +8009,7 @@ CVE-2019-9655
CVE-2019-9654
RESERVED
CVE-2019-9653 (NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows
unauth ...)
- TODO: check
+ NOT-FOR-US: NUUO Network Video Recorder Firmware
CVE-2019-9652 (There is a CSRF in SDCMS V1.7 via an
m=admin&c=theme&a=edit re ...)
NOT-FOR-US: SDCMS
CVE-2019-9651 (An issue was discovered in SDCMS V1.7. In the
\app\admin\controller\th ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8cbad464685416eea837955b2bbd62dbc2a72018...90b3011fd9d61ce1f4d76ee0895cd1331cb6a0cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8cbad464685416eea837955b2bbd62dbc2a72018...90b3011fd9d61ce1f4d76ee0895cd1331cb6a0cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
