Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
11e6f47a by Salvatore Bonaccorso at 2019-07-03T20:21:05Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2019-13188
CVE-2019-13187
RESERVED
CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in
mc-admin/post-edit.php. An a ...)
- TODO: check
+ NOT-FOR-US: MiniCMS
CVE-2019-13185
RESERVED
CVE-2019-13184
@@ -832,9 +832,9 @@ CVE-2019-12869 (An issue was discovered in PHOENIX CONTACT
PC Worx through 1.86,
CVE-2019-12868 (app/Model/Server.php in MISP 2.4.109 allows remote command
execution b ...)
NOT-FOR-US: MISP
CVE-2019-12867 (Certain actions could cause privilege escalation for issue
attachments ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2019-12866 (An Insecure Direct Object Reference, with Authorization Bypass
through ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2019-12865 (In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c
has a dou ...)
- radare2 <unfixed> (bug #930704)
[buster] - radare2 <no-dsa> (Minor issue)
@@ -878,15 +878,15 @@ CVE-2019-12853
CVE-2019-12852
RESERVED
CVE-2019-12851 (A CSRF vulnerability was detected in one of the admin
endpoints of Jet ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2019-12850 (A query injection was possible in JetBrains YouTrack. The
issue was fi ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2019-12849
RESERVED
CVE-2019-12848
RESERVED
CVE-2019-12847 (In JetBrains Hub versions earlier than 2018.4.11298, the audit
events ...)
- TODO: check
+ NOT-FOR-US: JetBrains Hub
CVE-2019-12846
RESERVED
CVE-2019-12845
@@ -1544,7 +1544,7 @@ CVE-2019-12572 (A vulnerability in the London Trust Media
Private Internet Acces
CVE-2019-12571
RESERVED
CVE-2019-12570 (A SQL injection vulnerability in the Xpert Solution "Server
Status by ...)
- TODO: check
+ NOT-FOR-US: Xpert Solution "Server Status by Hostname/IP" plugin for
WordPress
CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows)
could all ...)
NOT-FOR-US: Viber
CVE-2019-12568
@@ -6392,7 +6392,7 @@ CVE-2019-10868 (In trytond/model/modelstorage.py in
Tryton 4.2 before 4.2.21, 4.
CVE-2019-10722
RESERVED
CVE-2019-10721 (BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via
the Retur ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2019-10720 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal
and Remo ...)
NOT-FOR-US: BlogEngine.NET
CVE-2019-10719 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal
and Remo ...)
@@ -6400,7 +6400,7 @@ CVE-2019-10719 (BlogEngine.NET 3.3.7.0 and earlier allows
Directory Traversal an
CVE-2019-10718 (BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity
Blind In ...)
NOT-FOR-US: BlogEngine.NET
CVE-2019-10717 (BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory
Traversal via ...)
- TODO: check
+ NOT-FOR-US: BlogEngine.NET
CVE-2019-10716
RESERVED
CVE-2019-10715
@@ -7849,7 +7849,7 @@ CVE-2019-10106 (CMS Made Simple 2.2.10 has XSS via the
'moduleinterface.php' Nam
CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the
Layout Des ...)
NOT-FOR-US: CMS Made Simple
CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an
Application S ...)
- TODO: check
+ NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate
CVE-2019-10103
RESERVED
CVE-2019-10102
@@ -7857,7 +7857,7 @@ CVE-2019-10102
CVE-2019-10101
RESERVED
CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before
1.8.1.3, it wa ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack Confluence plugin
CVE-2019-1000031 (A disk space or quota exhaustion issue exists in
article2pdf_getfile.p ...)
NOT-FOR-US: article2pdf Wordpress plugin
CVE-2018-20815 (In QEMU 3.1.0, load_device_tree in device_tree.c calls the
deprecated ...)
@@ -9099,9 +9099,9 @@ CVE-2019-9875 (Deserialization of Untrusted Data in the
anti CSRF module in Site
CVE-2019-9874 (Deserialization of Untrusted Data in the
Sitecore.Security.AntiCSRF (a ...)
NOT-FOR-US: Sitecore CMS
CVE-2019-9873 (In several versions of JetBrains IntelliJ IDEA Ultimate,
creating Task ...)
- TODO: check
+ NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate
CVE-2019-9872 (In several versions of JetBrains IntelliJ IDEA Ultimate,
creating run ...)
- TODO: check
+ NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate
CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution
because the ...)
NOT-FOR-US: Jector Smart TV FM-K75 devices
CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for
CKEditor m ...)
@@ -9250,7 +9250,7 @@ CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka
slirp/src/tcp_subr.c) in QEMU 3.
NOTE: https://www.openwall.com/lists/oss-security/2019/03/18/1
NOTE:
https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113
CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote
run confi ...)
- TODO: check
+ NOT-FOR-US: JetBrains IntelliJ IDEA
CVE-2019-9822
RESERVED
CVE-2019-9821
@@ -10989,7 +10989,7 @@ CVE-2019-9187 (ikiwiki before 3.20170111.1 and 3.2018x
and 3.2019x before 3.2019
NOTE:
http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=d283e4c
NOTE:
http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9a275b2
CVE-2019-9186 (In several JetBrains IntelliJ IDEA versions, a Spring Boot run
configu ...)
- TODO: check
+ NOT-FOR-US: JetBrains IntelliJ IDEA
CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in
Bolt befo ...)
NOT-FOR-US: Bolt CMS
CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before
3.3.7 for ...)
@@ -17346,39 +17346,39 @@ CVE-2019-6643
CVE-2019-6642 (In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5,
12.1.0-12.1.4.2, a ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6641 (On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause
iControl RES ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6640 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4,
12.1.0-12 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6639 (On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4,
13.0.0-13.1.1.4 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6638 (On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http
requests ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6637 (On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4,
13.0.0-13.1.1.4, and ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6636 (On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4,
13.0.0-13.1.1.4 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6635 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4,
12.1.0-12 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6634 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4,
and 12.1. ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6633 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4,
12.1.0-12 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6632 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4,
and 12.1. ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6631 (On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header
manipulation ma ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6630 (On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4,
undisclose ...)
- TODO: check
+ NOT-FOR-US: F5 SSL Orchestrator
CVE-2019-6629 (On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual
server ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6628 (On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under
certain condi ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6627 (On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions,
specific to ...)
- TODO: check
+ NOT-FOR-US: F5 SSL Orchestrator
CVE-2019-6626 (On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5,
14.0.0-14.0.0.4, 13.0 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6625 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4,
12.1.0-12 ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6624 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4,
and 12.1. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6623 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4,
and 12.1. ...)
@@ -20003,7 +20003,7 @@ CVE-2019-5632
CVE-2019-5631
RESERVED
CVE-2019-5630 (A Cross-Site Request Forgery (CSRF) vulnerability was found in
Rapid7 ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Nexpose InsightVM Security Console
CVE-2019-5629
RESERVED
CVE-2019-5628
@@ -24376,7 +24376,7 @@ CVE-2019-3621
CVE-2019-3620
RESERVED
CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in
McAfee eP ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3618
RESERVED
CVE-2019-3617
@@ -38332,9 +38332,9 @@ CVE-2018-18328 (A KERedirect Untrusted Pointer
Dereference Privilege Escalation
CVE-2018-18327 (A KERedirect Untrusted Pointer Dereference Privilege
Escalation vulner ...)
NOT-FOR-US: Trend Micro
CVE-2018-18326 (DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts
encryption ...)
- TODO: check
+ NOT-FOR-US: DNN
CVE-2018-18325 (DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption
algorith ...)
- TODO: check
+ NOT-FOR-US: DNN
CVE-2018-18324 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has
XSS via t ...)
NOT-FOR-US: CentOS Web Panel
CVE-2018-18323 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has
Local Fil ...)
@@ -44731,7 +44731,7 @@ CVE-2018-15889 (In podofo 0.9.6, the function
PoDoFo::PdfParser::ReadObjects() i
CVE-2018-15888 (An issue was discovered in ASPCMS 2.5.6. When registering
ordinary use ...)
NOT-FOR-US: ASPCMS
CVE-2017-18346 (SQL injection vulnerability in
/wbg/core/_includes/authorization.inc.p ...)
- TODO: check
+ NOT-FOR-US: CMS Web-Gooroo
CVE-2015-9265
REJECTED
CVE-2015-9264 (Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to
execute ...)
@@ -45015,9 +45015,9 @@ CVE-2018-15814 (FastStone Image Viewer 6.5 has a User
Mode Write AV starting at
CVE-2018-15813 (FastStone Image Viewer 6.5 has a User Mode Write AV starting
at image0 ...)
NOT-FOR-US: FastStone Image Viewer
CVE-2018-15812 (DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts
encryption ...)
- TODO: check
+ NOT-FOR-US: DNN
CVE-2018-15811 (DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption
algorith ...)
- TODO: check
+ NOT-FOR-US: DNN
CVE-2018-15810 (Visiology Flipbox Software Suite before 2.7.0 allows directory
travers ...)
NOT-FOR-US: Visiology Flipbox Software Suite
CVE-2018-15809 (AccuPOS 2017.8 is installed with the insecure "Authenticated
Users: Mo ...)
@@ -47238,19 +47238,19 @@ CVE-2018-14867 (Incorrect access control in the
portal messaging system in Odoo
CVE-2018-14866 (Incorrect access control in the TransientModel framework in
Odoo Commu ...)
TODO: check
CVE-2018-14865 (Report engine in Odoo Community 9.0 through 11.0 and earlier
and Odoo ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14864 (Incorrect access control in asset bundles in Odoo Community
9.0 throug ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14863 (Incorrect access control in the RPC framework in Odoo
Community 8.0 th ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14862 (Incorrect access control in the mail templating system in Odoo
Communi ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14861 (Improper data access control in Odoo Community 10.0 and 11.0
and Odoo ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14860 (Improper sanitization of dynamic user expressions in Odoo
Community 11 ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14859 (Incorrect access control in the password reset component in
Odoo Commu ...)
- TODO: check
+ NOT-FOR-US: Odoo
CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before
V7.0.11 ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2018-14857 (Unrestricted file upload (with remote code execution) in
require/mail/ ...)
@@ -52696,7 +52696,7 @@ CVE-2018-12717
CVE-2018-12716 (The API service on Google Home and Chromecast devices before
mid-July ...)
NOT-FOR-US: Google services
CVE-2018-12715 (DIGISOL DG-HR3400 devices have XSS via a modified SSID when
the apssid ...)
- TODO: check
+ NOT-FOR-US: DIGISOL DG-HR3400 devices
CVE-2018-12714 (An issue was discovered in the Linux kernel through 4.17.2.
The filter ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/70303420b5721c38998cf987e6b7d30cc62d4ff1
@@ -54312,7 +54312,7 @@ CVE-2018-12252
CVE-2018-12251
RESERVED
CVE-2018-12250 (An issue was discovered in Elite CMS Pro 2.01. In
/admin/add_sidebar.p ...)
- TODO: check
+ NOT-FOR-US: Elite CMS
CVE-2018-12249 (An issue was discovered in mruby 1.4.1. There is a NULL
pointer derefe ...)
- mruby 1.4.1+20180622+git640fca32-1 (bug #901652)
[stretch] - mruby <no-dsa> (Minor issue)
@@ -56587,21 +56587,21 @@ CVE-2018-11429 (ATLANT (ATL) is a smart contract
running on Ethereum. The mint f
CVE-2018-11428
RESERVED
CVE-2018-11427 (CSRF tokens are not used in the web application of Moxa OnCell
G3100-H ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11426 (A weak Cookie parameter is used in the web application of Moxa
OnCell ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11425 (Memory corruption issue was discovered in Moxa OnCell
G3470A-LTE Serie ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11424 (There is Memory corruption in the web interface of Moxa OnCell
G3470A- ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11423 (There is Memory corruption in the web interface Moxa OnCell
G3100-HSPA ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11422 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and
prior use ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11421 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and
prior use ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11420 (There is Memory corruption in the web interface of Moxa OnCell
G3100-H ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a
heap-based buff ...)
NOT-FOR-US: JerryScript
CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a
heap-based buff ...)
@@ -56930,7 +56930,7 @@ CVE-2018-1000180 (Bouncy Castle BC 1.54 - 1.59, BC-FJA
1.0.0, BC-FJA 1.0.1 and e
CVE-2018-11318
RESERVED
CVE-2018-11317 (Subrion CMS before 4.1.4 has XSS. ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2018-11316 (The UPnP HTTP server on Sonos wireless speaker products allow
unauthor ...)
NOT-FOR-US: Sonos
CVE-2018-11315 (The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84
and below ...)
@@ -57202,7 +57202,7 @@ CVE-2018-11229 (Crestron TSW-1060, TSW-760, TSW-560,
TSW-1060-NC, TSW-760-NC, an
CVE-2018-11228 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC,
and TSW- ...)
NOT-FOR-US: Crestron devices
CVE-2018-11227 (Monstra CMS before 3.0.4 has XSS via index.php. ...)
- TODO: check
+ NOT-FOR-US: Monstra CMS
CVE-2018-11226 (The getString function in decompile.c in libming through 0.4.8
mishand ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/144
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/11e6f47a63013b95b807309d0b4b0ebe8ecc645e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/11e6f47a63013b95b807309d0b4b0ebe8ecc645e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
