Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a0ccc13 by Salvatore Bonaccorso at 2019-06-17T20:38:49Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -197,7 +197,7 @@ CVE-2019-12790 (In radare2 through 3.5.1, there is a
heap-based buffer over-read
[jessie] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radare/radare2/issues/14211
CVE-2019-12789 (An issue was discovered on Actiontec T2200H T2200H-31.128L.08
devices, ...)
- TODO: check
+ NOT-FOR-US: Actiontec devices
CVE-2019-12788 (An issue was discovered in Photodex ProShow Producer v9.0.3797
(an app ...)
NOT-FOR-US: Photodex ProShow Producer
CVE-2019-12787 (An issue was discovered on D-Link DIR-818LW devices from
2.05.B03 to 2 ...)
@@ -709,9 +709,9 @@ CVE-2019-12552
CVE-2019-12551
RESERVED
CVE-2019-12550 (WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505
before FW ...)
- TODO: check
+ NOT-FOR-US: WAGO devices
CVE-2019-12549 (WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505
before FW ...)
- TODO: check
+ NOT-FOR-US: WAGO devices
CVE-2019-12548 (Bludit before 3.9.0 allows remote code execution for an
authenticated ...)
NOT-FOR-US: bludit
CVE-2019-12547
@@ -871,7 +871,7 @@ CVE-2019-12478
CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the
openLiveURL f ...)
NOT-FOR-US: Supra Smart Cloud TV
CVE-2019-12476 (An authentication bypass vulnerability in the password reset
functiona ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2019-12475
RESERVED
CVE-2019-12474
@@ -1699,7 +1699,7 @@ CVE-2019-12183
CVE-2019-12182
RESERVED
CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds
Serv-U befor ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2019-12180
RESERVED
CVE-2019-12179
@@ -3616,13 +3616,13 @@ CVE-2019-11411 (An issue was discovered in Artifex MuJS
1.0.5. The Number#toFixe
CVE-2018-20818 (A buffer overflow vulnerability was discovered in the OpenPLC
controll ...)
NOT-FOR-US: OpenPLC
CVE-2019-11410 (app/backup/index.php in the Backup Module in FreePBX 4.4.3
suffers fro ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in
FreePBX 4. ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2019-11408 (XSS in app/operator_panel/index_inc.php in the Operator Panel
module i ...)
- TODO: check
+ NOT-FOR-US: FusionPBX
CVE-2019-11407 (app/operator_panel/index_inc.php in the Operator Panel module
in FreeP ...)
- TODO: check
+ NOT-FOR-US: FusionPBX
CVE-2019-11406 (Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name,
email, o ...)
NOT-FOR-US: Subrion CMS
CVE-2019-11405 (OpenAPI Tools OpenAPI Generator before
4.0.0-20190419.052012-560 uses ...)
@@ -13927,7 +13927,7 @@ CVE-2019-7581 (The parseSWF_ACTIONRECORD function in
util/parser.c in libming th
CVE-2019-7580 (ThinkCMF 5.0.190111 allows remote attackers to execute
arbitrary PHP c ...)
NOT-FOR-US: ThinkCMF
CVE-2019-7579 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766
devices. An ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 ha ...)
{DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed> (bug #924609)
@@ -14756,7 +14756,7 @@ CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36
has a use-after-free bec
CVE-2019-7316 (An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05.
The us ...)
NOT-FOR-US: CSS-TRICKS Chat2
CVE-2019-7315 (Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera
devices ...)
- TODO: check
+ NOT-FOR-US: Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet
Camera devices
CVE-2019-7314 (liblivemedia in Live555 before 2019.02.03 mishandles the
termination o ...)
{DSA-4408-1 DLA-1690-1}
[experimental] - liblivemedia 2019.02.03-1
@@ -15145,7 +15145,7 @@ CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows
admincp.php?app=files ../ Directory
CVE-2019-7159
RESERVED
CVE-2019-7158 (OX App Suite 7.10.0 and earlier has Incorrect Access Control.
...)
- TODO: check
+ NOT-FOR-US: Open-Xchange App Suite
CVE-2019-7157
RESERVED
CVE-2019-7156 (In libdoc through 2019-01-28, calcFileBlockOffset in ole.c
allows divi ...)
@@ -17150,15 +17150,15 @@ CVE-2019-6329
CVE-2019-6328
RESERVED
CVE-2019-6327 (HP Color LaserJet Pro M280-M281 Multifunction Printer series
(before v ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2019-6326 (HP Color LaserJet Pro M280-M281 Multifunction Printer series
(before v ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2019-6325 (HP Color LaserJet Pro M280-M281 Multifunction Printer series
(before v ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2019-6324 (HP Color LaserJet Pro M280-M281 Multifunction Printer series
(before v ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2019-6323 (HP Color LaserJet Pro M280-M281 Multifunction Printer series
(before v ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2019-6322 (HP has identified a security vulnerability with some versions
of Works ...)
NOT-FOR-US: HP
CVE-2019-6321 (HP has identified a security vulnerability with some versions
of Works ...)
@@ -24474,15 +24474,15 @@ CVE-2018-20474
CVE-2018-20473
RESERVED
CVE-2018-20472 (An issue was discovered in Tyto Sahi Pro through 7.x.x and
8.0.0. The ...)
- TODO: check
+ NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20471
RESERVED
CVE-2018-20470 (An issue was discovered in Tyto Sahi Pro through 7.x.x and
8.0.0. A di ...)
- TODO: check
+ NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20469 (An issue was discovered in Tyto Sahi Pro through 7.x.x and
8.0.0. A pa ...)
- TODO: check
+ NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20468 (An issue was discovered in Tyto Sahi Pro through 7.x.x and
8.0.0. A we ...)
- TODO: check
+ NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20467 (In coders/bmp.c in ImageMagick before 7.0.8-16, an input file
can resu ...)
- imagemagick 8:6.9.10.23+dfsg-1 (low; bug #917326)
[stretch] - imagemagick <ignored> (Minor issue)
@@ -58976,7 +58976,7 @@ CVE-2018-10241 (A denial of service vulnerability in
SolarWinds Serv-U before 15
CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated
users a ...)
NOT-FOR-US: SolarWinds Serv-U
CVE-2018-10239 (A privilege escalation vulnerability in the "support access"
feature o ...)
- TODO: check
+ NOT-FOR-US: Infoblox NIOS
CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack 0.8.5 has a buffer
overflow in B ...)
NOT-FOR-US: skarg BACnet Protocol Stack
CVE-2018-10237 (Unbounded memory allocation in Google Guava 11.0 through 24.x
before 2 ...)
@@ -111960,11 +111960,11 @@ CVE-2017-9392
CVE-2017-9391
RESERVED
CVE-2017-9390 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite
1.7.481 d ...)
- TODO: check
+ NOT-FOR-US: Vera devices
CVE-2017-9389
RESERVED
CVE-2017-9388 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite
1.7.481 d ...)
- TODO: check
+ NOT-FOR-US: Vera devices
CVE-2017-9387
RESERVED
CVE-2017-9386
@@ -111972,13 +111972,13 @@ CVE-2017-9386
CVE-2017-9385
RESERVED
CVE-2017-9384 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite
1.7.481 d ...)
- TODO: check
+ NOT-FOR-US: Vera devices
CVE-2017-9383
RESERVED
CVE-2017-9382
RESERVED
CVE-2017-9381 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite
1.7.481 d ...)
- TODO: check
+ NOT-FOR-US: Vera devices
CVE-2017-9380 (OpenEMR 5.0.0 and prior allows low-privilege users to upload
files of ...)
NOT-FOR-US: OpenEMR
CVE-2017-9379 (Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the
clear p ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a0ccc13dd63a66e4c1fd555087cb5d084099626
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6a0ccc13dd63a66e4c1fd555087cb5d084099626
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
