Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1dec6ed0 by Salvatore Bonaccorso at 2019-06-08T08:45:51Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -564,11 +564,11 @@ CVE-2019-12508
CVE-2019-12507 (An XSS vulnerability exists in PHPRelativePath (aka Relative
Path) thr ...)
NOT-FOR-US: Relative Path PHP library
CVE-2019-12506 (Due to unencrypted and unauthenticated data communication, the
wireles ...)
- TODO: check
+ NOT-FOR-US: Logitech
CVE-2019-12505 (Due to unencrypted and unauthenticated data communication, the
wireles ...)
- TODO: check
+ NOT-FOR-US: Inateck
CVE-2019-12504 (Due to unencrypted and unauthenticated data communication, the
wireles ...)
- TODO: check
+ NOT-FOR-US: Inateck
CVE-2019-12503
RESERVED
CVE-2019-12502 (There is a lack of CSRF countermeasures on MOBOTIX S14
MX-V4.2.1.61 ca ...)
@@ -4674,7 +4674,7 @@ CVE-2019-10885 (An issue was discovered in Ivanti
Workspace Control before 10.3.
CVE-2019-10884 (Uniqkey Password Manager 1.14 contains a vulnerability because
it fail ...)
NOT-FOR-US: Uniqkey Password Manager
CVE-2019-10883 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN
Center ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2019-10882
RESERVED
CVE-2019-10881
@@ -8452,13 +8452,13 @@ CVE-2019-9675 (** DISPUTED ** An issue was discovered
in PHP 7.x before 7.1.27 a
CVE-2019-9674
RESERVED
CVE-2019-9673 (Freenet 1483 has a MIME type bypass that allows arbitrary
JavaScript e ...)
- TODO: check
+ NOT-FOR-US: Freenet
CVE-2019-9672
RESERVED
CVE-2019-9671
RESERVED
CVE-2019-9670 (mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x
before ...)
- TODO: check
+ NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a
unique attac ...)
NOT-FOR-US: Wordfence plugin for WordPress
CVE-2019-9668
@@ -8835,7 +8835,7 @@ CVE-2019-1002100 (In all Kubernetes versions prior to
v1.11.8, v1.12.6, and v1.1
NOTE: https://github.com/kubernetes/kubernetes/issues/74534
NOTE: https://github.com/kubernetes/kubernetes/pull/74000
CVE-2019-9548 (Citrix Application Delivery Management (ADM) 12.1.x before
12.1.50.33 ...)
- TODO: check
+ NOT-FOR-US: Citrix Application Delivery Management
CVE-2019-9547 (In Storage Performance Development Kit (SPDK) before 19.01, a
maliciou ...)
NOT-FOR-US: Storage Performance Development Kit (SPDK)
CVE-2019-9546 (SolarWinds Orion Platform before 2018.4 Hotfix 2 allows
privilege esca ...)
@@ -15777,9 +15777,9 @@ CVE-2019-6743 (This vulnerability allows remote
attackers to execute arbitrary c
CVE-2019-6742 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
NOT-FOR-US: GameServiceReceiver update mechanism as used in Samsung
Galaxy S9
CVE-2019-6741 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2019-6740 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2019-6739 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
NOT-FOR-US: Malwarebytes Antimalware
CVE-2019-6738 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
@@ -16212,11 +16212,11 @@ CVE-2019-6534 (The uncontrolled search path element
vulnerability in Gemalto Sen
CVE-2019-6533 (Registers used to store Modbus values can be read and written
from the ...)
NOT-FOR-US: PR100088 Modbus
CVE-2019-6532 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows
attacker-created ...)
- TODO: check
+ NOT-FOR-US: Panasonic
CVE-2019-6531 (An attacker could retrieve passwords from a HTTP GET request
from the ...)
NOT-FOR-US: Kunbus
CVE-2019-6530 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows
attacker-created ...)
- TODO: check
+ NOT-FOR-US: Panasonic
CVE-2019-6529
RESERVED
CVE-2019-6528 (PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol
Unit fa ...)
@@ -22098,11 +22098,11 @@ CVE-2019-3959
CVE-2019-3958
RESERVED
CVE-2019-3957 (Dameware Remote Mini Control version 12.1.0.34 and prior
contains an u ...)
- TODO: check
+ NOT-FOR-US: Dameware Remote Mini Control
CVE-2019-3956 (Dameware Remote Mini Control version 12.1.0.34 and prior
contains an u ...)
- TODO: check
+ NOT-FOR-US: Dameware Remote Mini Control
CVE-2019-3955 (Dameware Remote Mini Control version 12.1.0.34 and prior
contains a un ...)
- TODO: check
+ NOT-FOR-US: Dameware Remote Mini Control
CVE-2019-3954
RESERVED
CVE-2019-3953
@@ -27491,7 +27491,7 @@ CVE-2018-20093
CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is vulnerable to a
directory trav ...)
NOT-FOR-US: PTC ThingWorx Platform
CVE-2018-20091 (An SQL injection vulnerability was found in Cloudera Data
Science Work ...)
- TODO: check
+ NOT-FOR-US: Cloudera Data Science Workbench
CVE-2018-20090
RESERVED
CVE-2018-20089
@@ -28631,7 +28631,7 @@ CVE-2018-20001 (In Libav 12.3, there is a floating
point exception in the range_
CVE-2018-20000 (Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as
demonstr ...)
NOT-FOR-US: Apereo Bedework bw-webdav
CVE-2018-19999 (The local management interface in SolarWinds Serv-U FTP Server
15.1.6. ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2018-19998 (SQL injection vulnerability in user/card.php in Dolibarr
version 8.0.2 ...)
- dolibarr <removed>
NOTE:
https://github.com/Dolibarr/dolibarr/commit/2b088a73c121a52e006c0d76ea4da7ffeb7b4f4a
@@ -33692,7 +33692,7 @@ CVE-2018-19454
CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a
file with a ...)
NOT-FOR-US: Kentico CMS
CVE-2018-19452 (A use after free in the TextBox field Mouse Enter action in
IReader_Co ...)
- TODO: check
+ NOT-FOR-US: Foxit Reader
CVE-2018-19451 (A command injection can occur for specially crafted PDF files
in Foxit ...)
NOT-FOR-US: Foxit Reader
CVE-2018-19450
@@ -36130,7 +36130,7 @@ CVE-2018-18883 (An issue was discovered in Xen 4.9.x
through 4.11.x, on Intel x8
[jessie] - xen <not-affected> (Only affects 4.9 and later)
NOTE: https://xenbits.xen.org/xsa/advisory-278.txt
CVE-2018-18631 (mailboxd component in Synacor Zimbra Collaboration Suite 8.6,
8.7 befo ...)
- TODO: check
+ NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2018-18630
RESERVED
CVE-2018-18629 (An issue was discovered in the Keybase command-line client
before 2.8. ...)
@@ -57445,33 +57445,33 @@ CVE-2018-10705 (The Owned smart contract
implementation for Aurora DAO (AURA), a
CVE-2018-10704
RESERVED
CVE-2018-10703 (An issue was discovered on Moxa AWK-3121 1.14 devices. It
provides fun ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10702 (An issue was discovered on Moxa AWK-3121 1.14 devices. It
provides fun ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10701 (An issue was discovered on Moxa AWK-3121 1.14 devices. It
provides fun ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10700 (An issue was discovered on Moxa AWK-3121 1.19 devices. It
provides fun ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10699 (An issue was discovered on Moxa AWK-3121 1.14 devices. The
Moxa AWK 31 ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10698 (An issue was discovered on Moxa AWK-3121 1.14 devices. The
device enab ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10697 (An issue was discovered on Moxa AWK-3121 1.14 devices. The
Moxa AWK 31 ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10696 (An issue was discovered on Moxa AWK-3121 1.14 devices. The
device prov ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10695 (An issue was discovered on Moxa AWK-3121 1.14 devices. It
provides ale ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10694 (An issue was discovered on Moxa AWK-3121 1.14 devices. The
device prov ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10693 (An issue was discovered on Moxa AWK-3121 1.14 devices. It
provides pin ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10692 (An issue was discovered on Moxa AWK-3121 1.14 devices. The
session coo ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10691 (An issue was discovered on Moxa AWK-3121 1.14 devices. It is
intended ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10690 (An issue was discovered on Moxa AWK-3121 1.14 devices. The
device by d ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-10689 (blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux
kernel a ...)
- blktrace 1.2.0-1 (low; bug #897695)
[stretch] - blktrace 1.1.0-2+deb9u1
@@ -70017,7 +70017,7 @@ CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a
heap-based buffer overflow vu
CVE-2018-6186 (Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF
attack via ...)
NOT-FOR-US: Citrix NetScaler VPX
CVE-2018-6185 (In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect
default ...)
- TODO: check
+ NOT-FOR-US: Cloudera Navigator Key Trustee KMS
CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the
/_next r ...)
NOT-FOR-US: ZEIT Next.js
CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain
privileges ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dec6ed0ff9c70c43dfc8ad4eae826db90c112f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1dec6ed0ff9c70c43dfc8ad4eae826db90c112f2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
