Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dfe1f23d by Salvatore Bonaccorso at 2019-06-20T20:32:29Z
Process NFUs
- - - - -
bcacaae1 by Salvatore Bonaccorso at 2019-06-20T20:32:29Z
Add CVE-2018-1883{6,7,8,9}/netdata
- - - - -
acb7d59b by Salvatore Bonaccorso at 2019-06-20T20:32:30Z
Add CVE-2018-16514/mantis
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2019-12921
RESERVED
CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4
devices ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Cameraa DOG-2W and
DOG-2W-V4 devices
CVE-2019-12919 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4
devices ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4
devices
CVE-2019-12918
RESERVED
CVE-2019-12917
@@ -49,19 +49,19 @@ CVE-2019-12900 (BZ2_decompress in decompress.c in bzip2
through 1.0.6 has an out
NOTE:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
TODO: check details
CVE-2019-12899 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write
AV star ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DeviceNet Builder
CVE-2019-12898 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write
AV star ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics DeviceNet Builder
CVE-2019-12897 (Edraw Max 7.9.3 has a Read Access Violation at the Instruction
Pointer ...)
TODO: check
CVE-2019-12896 (Edraw Max 7.9.3 has Heap Corruption starting at
ntdll!RtlpNtMakeTempor ...)
TODO: check
CVE-2019-12895 (In Alternate Pic View 2.600, the Exception Handler Chain is
Corrupted ...)
- TODO: check
+ NOT-FOR-US: Alternate Pic View
CVE-2019-12894 (Alternate Pic View 2.600 has a Read Access Violation at the
Instructio ...)
- TODO: check
+ NOT-FOR-US: Alternate Pic View
CVE-2019-12893 (Alternate Pic View 2.600 has a User Mode Write AV starting at
PicViewe ...)
- TODO: check
+ NOT-FOR-US: Alternate Pic View
CVE-2019-12892
RESERVED
CVE-2019-12891
@@ -444,9 +444,9 @@ CVE-2019-12747
CVE-2019-12746
RESERVED
CVE-2019-12745 (out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: SeedDMS
CVE-2019-12744 (SeedDMS before 5.1.11 allows Remote Command Execution (RCE)
because of ...)
- TODO: check
+ NOT-FOR-US: SeedDMS
CVE-2019-12743
RESERVED
CVE-2019-12742 (Bludit prior to 3.9.1 allows a non-privileged user to change
the passw ...)
@@ -8690,7 +8690,7 @@ CVE-2019-9765 (In Blog_mini 1.0, XSS exists via the
author name of a comment rep
CVE-2019-9764 (HashiCorp Consul 1.4.3 lacks server hostname verification for
agent-to ...)
NOT-FOR-US: HashiCorp Consul
CVE-2019-9763 (An issue was discovered in Openfind Mail2000 v6 Webmail. XSS
can occur ...)
- TODO: check
+ NOT-FOR-US: Openfind Mail2000 Webmail
CVE-2019-9762 (A SQL Injection was discovered in PHPSHE 1.7 in
include/plugin/payment ...)
NOT-FOR-US: PHPSHE
CVE-2019-9761 (An XXE issue was discovered in PHPSHE 1.7, which can be used to
read a ...)
@@ -12075,9 +12075,9 @@ CVE-2019-8461
CVE-2019-8460
RESERVED
CVE-2019-8459 (Check Point Endpoint Security Client for Windows, with the VPN
blade, ...)
- TODO: check
+ NOT-FOR-US: Check Point Endpoint Security Client for Windows
CVE-2019-8458 (Check Point Endpoint Security Client for Windows, with
Anti-Malware bl ...)
- TODO: check
+ NOT-FOR-US: Check Point Endpoint Security Client for Windows
CVE-2019-8457 (SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to
heap out-o ...)
- sqlite3 3.27.2-3 (bug #929775)
NOTE: https://www.sqlite.org/src/info/90acdbfce9c08858
@@ -23343,7 +23343,7 @@ CVE-2019-3739
CVE-2019-3738
RESERVED
CVE-2019-3737 (Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Dell EMC Avamar ADMe Web Interface
CVE-2019-3736
RESERVED
CVE-2019-3735
@@ -27077,7 +27077,7 @@ CVE-2019-2731
CVE-2019-2730
RESERVED
CVE-2019-2729 (Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2728
RESERVED
CVE-2019-2727
@@ -29457,13 +29457,13 @@ CVE-2019-1908
CVE-2019-1907
RESERVED
CVE-2019-1906 (A vulnerability in the Virtual Domain system of Cisco Prime
Infrastruc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1905 (A vulnerability in the GZIP decompression engine of Cisco
AsyncOS Soft ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1904
RESERVED
CVE-2019-1903 (A vulnerability in Cisco Security Manager could allow an
unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1902
RESERVED
CVE-2019-1901
@@ -29471,11 +29471,11 @@ CVE-2019-1901
CVE-2019-1900
RESERVED
CVE-2019-1899 (A vulnerability in the web interface of Cisco RV110W, RV130W,
and RV21 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1898 (A vulnerability in the web-based management interface of Cisco
RV110W, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1897 (A vulnerability in the web-based management interface of Cisco
RV110W, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1896
RESERVED
CVE-2019-1895
@@ -29511,17 +29511,17 @@ CVE-2019-1881 (A vulnerability in the web-based
management interface of Cisco In
CVE-2019-1880 (A vulnerability in the BIOS upgrade utility of Cisco Unified
Computing ...)
NOT-FOR-US: Cisco
CVE-2019-1879 (A vulnerability in the CLI of Cisco Integrated Management
Controller ( ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1878 (A vulnerability in the Cisco Discovery Protocol (CDP)
implementation f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1877
RESERVED
CVE-2019-1876 (A vulnerability in the HTTPS proxy feature of Cisco Wide Area
Applicat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1875 (A vulnerability in the web-based management interface of Cisco
Prime S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1874 (A vulnerability in the web-based management interface of Cisco
Prime S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1873
RESERVED
CVE-2019-1872 (A vulnerability in Cisco TelePresence Video Communication
Server (VCS) ...)
@@ -29531,7 +29531,7 @@ CVE-2019-1871
CVE-2019-1870 (A vulnerability in the web-based management interface of Cisco
Enterpr ...)
NOT-FOR-US: Cisco
CVE-2019-1869 (A vulnerability in the internal packet-processing functionality
of the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1868 (A vulnerability in the web-based management interface of Cisco
Webex M ...)
NOT-FOR-US: Cisco
CVE-2019-1867 (A vulnerability in the REST API of Cisco Elastic Services
Controller ( ...)
@@ -29573,7 +29573,7 @@ CVE-2019-1850
CVE-2019-1849 (A vulnerability in the Border Gateway Patrol (BGP)
Multiprotocol Label ...)
NOT-FOR-US: Cisco
CVE-2019-1848 (A vulnerability in Cisco Digital Network Architecture (DNA)
Center cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1847
RESERVED
CVE-2019-1846 (A vulnerability in the Multiprotocol Label Switching (MPLS)
Operations ...)
@@ -29583,7 +29583,7 @@ CVE-2019-1845 (A vulnerability in the authentication
service of the Cisco Unifie
CVE-2019-1844 (A vulnerability in certain attachment detection mechanisms of
the Cisc ...)
NOT-FOR-US: Cisco
CVE-2019-1843 (A vulnerability in the web-based management interface of the
Cisco RV1 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1842 (A vulnerability in the Secure Shell (SSH) authentication
function of C ...)
NOT-FOR-US: Cisco
CVE-2019-1841 (A vulnerability in the Software Image Management feature of
Cisco DNA ...)
@@ -30030,25 +30030,25 @@ CVE-2019-1634
CVE-2019-1633
RESERVED
CVE-2019-1632 (A vulnerability in the web-based management interface of Cisco
Integra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1631 (A vulnerability in the web-based management interface of Cisco
Integra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1630 (A vulnerability in the firmware signature checking program of
Cisco In ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1629 (A vulnerability in the configuration import utility of Cisco
Integrate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1628 (A vulnerability in the web server of Cisco Integrated
Management Contr ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1627 (A vulnerability in the Server Utilities of Cisco Integrated
Management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1626 (A vulnerability in the vManage web-based UI (Web UI) of the
Cisco SD-W ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1625 (A vulnerability in the CLI of Cisco SD-WAN Solution could allow
an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1624 (A vulnerability in the vManage web-based UI (Web UI) in the
Cisco SD-W ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1623 (A vulnerability in the CLI configuration shell of Cisco Meeting
Server ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1622
RESERVED
CVE-2019-1621
@@ -36077,7 +36077,7 @@ CVE-2018-18865 (The Royal browser extensions TS before
4.3.60728 (Release Date 2
CVE-2018-18864 (Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS
because Apache ...)
NOT-FOR-US: Loadbalancer.org Enterprise VA MAX
CVE-2018-18863 (NGA ResourceLink 20.0.2.1 allows local file inclusion. ...)
- TODO: check
+ NOT-FOR-US: NGA ResourceLink
CVE-2018-18862 (BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR
System has ...)
NOT-FOR-US: BMC
CVE-2018-18861 (Buffer overflow in PCMan FTP Server 2.0.7 allows for remote
code execu ...)
@@ -36099,7 +36099,7 @@ CVE-2018-18854 (Lightbend Spray spray-json through
1.3.4 allows remote attackers
CVE-2018-18853 (Lightbend Spray spray-json through 1.3.4 allows remote
attackers to ca ...)
NOT-FOR-US: Lightbend Spray spray-json
CVE-2018-18852 (Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command
injection ...)
- TODO: check
+ NOT-FOR-US: Cerio devices
CVE-2018-18851
RESERVED
CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1,
an authen ...)
@@ -36130,13 +36130,21 @@ CVE-2018-18841 (XSS was discovered in SEMCMS PHP V3.4
via the SEMCMS_SeoAndTag.p
CVE-2018-18840 (XSS was discovered in SEMCMS PHP V3.4 via the
SEMCMS_SeoAndTag.php?Cla ...)
NOT-FOR-US: SEMCMS PHP
CVE-2018-18839 (** DISPUTED ** An issue was discovered in Netdata 1.10.0. Full
Path Di ...)
- TODO: check
+ - netdata 1.11.1+dfsg-1
+ NOTE:
https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
+ NOTE: https://github.com/netdata/netdata/pull/4521
CVE-2018-18838 (An issue was discovered in Netdata 1.10.0. Log Injection (or
Log Forge ...)
- TODO: check
+ - netdata 1.11.1+dfsg-1
+ NOTE: https://github.com/netdata/netdata/pull/4521
+ NOTE:
https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
CVE-2018-18837 (An issue was discovered in Netdata 1.10.0. HTTP Header
Injection exist ...)
- TODO: check
+ - netdata 1.11.1+dfsg-1
+ NOTE: https://github.com/netdata/netdata/pull/4521
+ NOTE:
https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
CVE-2018-18836 (An issue was discovered in Netdata 1.10.0. JSON injection
exists via t ...)
- TODO: check
+ - netdata 1.11.1+dfsg-1
+ NOTE: https://github.com/netdata/netdata/pull/4521
+ NOTE:
https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
CVE-2018-18835 (upload_template() in system/changeskin.php in DocCms 2016.5.12
allows ...)
NOT-FOR-US: DocCms
CVE-2018-18834 (An issue has been found in libIEC61850 v1.3. It is a
heap-based buffer ...)
@@ -36232,7 +36240,7 @@ CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL
injection via the login sc
CVE-2018-18803 (Curriculum Evaluation System 1.0 allows SQL Injection via the
login sc ...)
NOT-FOR-US: Curriculum Evaluation System
CVE-2018-18802 (The Tubigan "Welcome to our Resort" 1.0 software allows CSRF
via admin ...)
- TODO: check
+ NOT-FOR-US: Tubigan "Welcome to our Resort" software
CVE-2018-18801 (The BSEN Ordering software 1.0 has SQL Injection via
student/index.php ...)
NOT-FOR-US: BSEN Ordering software
CVE-2018-18800 (The Tubigan "Welcome to our Resort" 1.0 software allows SQL
Injection ...)
@@ -37119,7 +37127,7 @@ CVE-2018-18473 (A hidden backdoor on PATLITE NBM-D88N,
NHL-3FB1, and NHL-3FV1N d
CVE-2018-18472 (Western Digital WD My Book Live (all versions) has a root
Remote Comma ...)
NOT-FOR-US: Western Digital WD My Book Live
CVE-2018-18471 (/api/2.0/rest/aggregator/xml in Axentra firmware, used by
NETGEAR Stor ...)
- TODO: check
+ NOT-FOR-US: Axentra firmware
CVE-2018-18470
RESERVED
CVE-2018-18469
@@ -42293,7 +42301,7 @@ CVE-2017-1000600 (WordPress version <4.9 contains a
CWE-20 Input Validation v
NOTE: vulnerable module installed on the site as well. Due to an
incomplete fix
NOTE: in 4.9 there exists CVE-2018-1000773.
CVE-2018-16553 (In Jspxcms 9.0.0, a vulnerable URL routing implementation
allows remot ...)
- TODO: check
+ NOT-FOR-US: Jspxcms
CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/,
/users/##/ ...)
NOT-FOR-US: MicroPyramid Django-CRM
CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by
client/job/jo ...)
@@ -42369,7 +42377,8 @@ CVE-2018-16517 (asm/labels.c in Netwide Assembler
(NASM) is prone to NULL Pointe
CVE-2018-16516 (helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a
crafted URL. ...)
- python-flask-admin <itp> (bug #765509)
CVE-2018-16514 (A cross-site scripting (XSS) vulnerability in the View Filters
page (v ...)
- TODO: check
+ - mantis <removed>
+ NOTE: https://mantisbt.org/bugs/view.php?id=24731
CVE-2018-17088 (The ProcessGpsInfo function of the gpsinfo.c file of jhead
3.00 may al ...)
- jhead 1:3.00-8 (bug #907925)
[stretch] - jhead 1:3.00-4+deb9u1
@@ -43071,15 +43080,15 @@ CVE-2018-16253 (In sig_verify() in x509.c in axTLS
version 2.1.3 and before, the
CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType
XML Exter ...)
NOT-FOR-US: FsPro Labs Event Log Explorer
CVE-2018-16251 (A "search for user discovery" injection issue exists in
Creatiwity wit ...)
- TODO: check
+ NOT-FOR-US: Creatiwity wityCMS
CVE-2018-16250 (The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies
the presen ...)
- TODO: check
+ NOT-FOR-US: Creatiwity wityCMS
CVE-2018-16249 (In Symphony before 3.3.0, there is XSS in the Title under
Post. The ID ...)
TODO: check
CVE-2018-16248 (b3log Solo 2.9.3 has XSS in the Input page under the "Publish
Articles ...)
TODO: check
CVE-2018-16247 (YzmCMS 5.1 has XSS via the
admin/system_manage/user_config_add.html ti ...)
- TODO: check
+ NOT-FOR-US: YzmCMS
CVE-2018-16246
RESERVED
CVE-2018-16245
@@ -43370,13 +43379,13 @@ CVE-2018-16121
CVE-2018-16120
RESERVED
CVE-2018-16119 (Stack-based buffer overflow in the httpd server of TP-Link
WR1043nd (F ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2018-16118 (A shell escape vulnerability in /webconsole/APIController in
the API C ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2018-16117 (A shell escape vulnerability in /webconsole/Controller in
Admin Portal ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2018-16116 (SQL injection vulnerability in AccountStatus.jsp in Admin
Portal of So ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2018-16115 (Lightbend Akka 2.5.x before 2.5.16 allows message disclosure
and modif ...)
NOT-FOR-US: Lightbend Akka
CVE-2018-16114
@@ -43907,9 +43916,9 @@ CVE-2018-15894 (A SQL injection was discovered in
/coreframe/app/admin/pay/admin
CVE-2018-15893 (A SQL injection was discovered in
/coreframe/app/admin/copyfrom.php in ...)
NOT-FOR-US: WUZHI CMS
CVE-2018-15892 (FreePBX 13 and 14 has SQL Injection in the DISA module via the
hangup ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2018-15891 (An issue was discovered in FreePBX core before 3.0.122.43,
14.0.18.34, ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2018-15890 (An issue was discovered in EthereumJ 1.8.2. There is Unsafe
Deserializ ...)
TODO: check
CVE-2018-15889 (In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects()
in base ...)
@@ -77978,7 +77987,7 @@ CVE-2017-17946 (A buffer overflow in Handy Password
4.9.3 allows remote attacker
CVE-2017-17945
RESERVED
CVE-2017-17944 (The ASUS Vivobaby application before 1.1.09 for Android has
Missing SS ...)
- TODO: check
+ NOT-FOR-US: ASUS Vivobaby application
CVE-2017-17943
RESERVED
CVE-2017-17942 (In LibTIFF 4.0.9, there is a heap-based buffer over-read in
the functi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d2b7cee5129f41e9eef13dfebdd5e6d1fcb42ad3...acb7d59bc6553b4fa21841c4b49ee491adac7bce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/d2b7cee5129f41e9eef13dfebdd5e6d1fcb42ad3...acb7d59bc6553b4fa21841c4b49ee491adac7bce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
