Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4ffa6c38 by Moritz Muehlenhoff at 2019-07-08T08:24:44Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2019-13404 (** DISPUTED ** The MSI installer for Python through 2.7.16 on
Windows ...)
- TODO: check
+ NOT-FOR-US: Disputed issue for Windows installer for Python
CVE-2019-13403
RESERVED
CVE-2019-13402 (/usr/sbin/default.sh and
/usr/apache/htdocs/cgi-bin/admin/hardfactoryd ...)
- TODO: check
+ NOT-FOR-US: Dynacolor
CVE-2019-13401 (Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts
under cgi ...)
- TODO: check
+ NOT-FOR-US: Dynacolor
CVE-2019-13400 (Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to
store admin ...)
- TODO: check
+ NOT-FOR-US: Dynacolor
CVE-2019-13399 (Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS
key that ...)
- TODO: check
+ NOT-FOR-US: Dynacolor
CVE-2019-13398 (Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Dynacolor
CVE-2019-13397
RESERVED
CVE-2019-13396
@@ -49,7 +49,7 @@ CVE-2019-13381
CVE-2019-13380
RESERVED
CVE-2019-13379 (On AVTECH Room Alert 3E devices before 2.2.5, an attacker with
access ...)
- TODO: check
+ NOT-FOR-US: AVTECH Room Alert
CVE-2019-13378
RESERVED
CVE-2019-13377
@@ -83,7 +83,7 @@ CVE-2019-13364
CVE-2019-13363
RESERVED
CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer overflow in add_variable
in code ...)
- TODO: check
+ NOT-FOR-US: Codedoc
CVE-2019-13361
RESERVED
CVE-2019-13360
@@ -91,7 +91,7 @@ CVE-2019-13360
CVE-2019-13359
RESERVED
CVE-2019-13358 (lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that
allows ...)
- TODO: check
+ NOT-FOR-US: OpenCats
CVE-2019-13357
RESERVED
CVE-2019-13356
@@ -103,7 +103,7 @@ CVE-2019-13354
CVE-2019-13353
RESERVED
CVE-2019-13352 (WolfVision Cynap before 1.30j uses a static, hard-coded
cryptographic ...)
- TODO: check
+ NOT-FOR-US: WolfVision Cynap
CVE-2019-13351 (posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12
(as dist ...)
- jackd2 <unfixed> (bug #931488)
[jessie] - jackd2 <postponed> (Minor issue, hard to reproduce crash
with theoretically possible file corruption, no sensitive data to leak)
@@ -513,7 +513,7 @@ CVE-2019-13185
CVE-2019-13184
RESERVED
CVE-2019-13183 (Flarum before 0.1.0-beta.9 allows CSRF against all POST
endpoints, as ...)
- TODO: check
+ NOT-FOR-US: Flarum
CVE-2019-13182
RESERVED
CVE-2019-13181
@@ -19585,7 +19585,7 @@ CVE-2019-5985
CVE-2019-5984 (Cross-site request forgery (CSRF) vulnerability in Custom CSS
Pro 1.0. ...)
NOT-FOR-US: Custom CSS Pro
CVE-2019-5983 (Cross-site request forgery (CSRF) vulnerability in HTML5 Maps
1.6.5.6 ...)
- TODO: check
+ NOT-FOR-US: HTML5 Maps
CVE-2019-5982 (Improper download file verification vulnerability in VAIO
Update 7.3.0 ...)
NOT-FOR-US: VAIO Update
CVE-2019-5981 (Improper authorization vulnerability in VAIO Update 7.3.0.03150
and ea ...)
@@ -19613,9 +19613,9 @@ CVE-2019-5971 (Cross-site request forgery (CSRF)
vulnerability in Attendance Man
CVE-2019-5970 (Cross-site scripting vulnerability in Attendance Manager 0.5.6
and ear ...)
NOT-FOR-US: Attendance Manager
CVE-2019-5969 (Open redirect vulnerability in GROWI v3.4.6 and earlier allows
remote ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2019-5968 (Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6
and ea ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2019-5967 (Cross-site scripting vulnerability in Joruri CMS 2017 Release2
and ear ...)
NOT-FOR-US: Joruri CMS
CVE-2019-5966 (Joruri Mail 2.1.4 and earlier does not properly manage
sessions, which ...)
@@ -19623,7 +19623,7 @@ CVE-2019-5966 (Joruri Mail 2.1.4 and earlier does not
properly manage sessions,
CVE-2019-5965 (Open redirect vulnerability in Joruri Mail 2.1.4 and earlier
allows re ...)
NOT-FOR-US: Joruri Mail
CVE-2019-5964 (iDoors Reader 2.10.17 and earlier allows an attacker on the
same netwo ...)
- TODO: check
+ NOT-FOR-US: iDoors Reader
CVE-2019-5963 (Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ
1.0.8 ...)
NOT-FOR-US: Zoho SalesIQ
CVE-2019-5962 (Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and
earlier a ...)
@@ -19631,7 +19631,7 @@ CVE-2019-5962 (Cross-site scripting vulnerability in
Zoho SalesIQ 1.0.8 and earl
CVE-2019-5961 (The Android App 'Tootdon for Mastodon' version 3.4.1 and
earlier does ...)
NOT-FOR-US: Android App 'Tootdon for Mastodon'
CVE-2019-5960 (Cross-site request forgery (CSRF) vulnerability in WP Open
Graph 1.6.1 ...)
- TODO: check
+ NOT-FOR-US: WP Open Graph
CVE-2019-5959
RESERVED
CVE-2019-5958 (Untrusted search path vulnerability in Electronic reception and
examin ...)
@@ -44160,7 +44160,7 @@ CVE-2018-16388 (e107_web/js/plupload/upload.php in e107
2.1.8 allows remote atta
CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is
a CSRF v ...)
NOT-FOR-US: Elefant CMS
CVE-2018-16386 (An issue was discovered in SWIFT Alliance Web Platform 7.1.23.
A log i ...)
- TODO: check
+ NOT-FOR-US: SWIFT Alliance Web Platform
CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL Injection via the
public/index/index ...)
NOT-FOR-US: ThinkPHP
CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP
ModSecurity Co ...)
@@ -53671,7 +53671,7 @@ CVE-2018-12623
CVE-2018-12622
RESERVED
CVE-2018-12621 (An issue was discovered in Eventum 3.5.0. /htdocs/switch.php
has an Op ...)
- TODO: check
+ NOT-FOR-US: Eventum
CVE-2018-12620
RESERVED
CVE-2018-12619
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ffa6c38e64959d0a611e8ec4e7b8bd0941d967d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ffa6c38e64959d0a611e8ec4e7b8bd0941d967d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
