Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
78854cfa by Moritz Muehlenhoff at 2019-09-05T10:05:20Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -100,7 +100,7 @@ CVE-2019-15900
CVE-2019-15899
RESERVED
CVE-2019-15898 (Nagios Log Server before 2.0.8 allows Reflected XSS via the
username o ...)
- TODO: check
+ NOT-FOR-US: Nagios Log Server
CVE-2019-15897
RESERVED
CVE-2019-15896
@@ -306,9 +306,9 @@ CVE-2019-15816 (The wp-private-content-plus plugin before
2.0 for WordPress has
CVE-2019-15815
RESERVED
CVE-2019-15814 (Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could
allow auth ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2019-15813 (Multiple file upload restriction bypass vulnerabilities in
Sentrifugo ...)
- TODO: check
+ NOT-FOR-US: Sentrifugo
CVE-2015-9380 (The photo-gallery plugin before 1.2.42 for WordPress has CSRF.
...)
NOT-FOR-US: photo-gallery plugin for WordPress
CVE-2019-15812
@@ -631,7 +631,7 @@ CVE-2019-15703
CVE-2019-15702 (In the TCP implementation (gnrc_tcp) in RIOT through 2019.07,
the pars ...)
NOT-FOR-US: RIOT RIOT-OS
CVE-2019-15701 (components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows
remote atta ...)
- TODO: check
+ NOT-FOR-US: BloodHound
CVE-2019-15700 (public/js/frappe/form/footer/timeline.js in Frappe Framework
12 throug ...)
NOT-FOR-US: Frappe Framework
CVE-2019-15699
@@ -719,9 +719,9 @@ CVE-2019-15660 (The wp-members plugin before 3.2.8 for
WordPress has CSRF. ...)
CVE-2019-15659 (The pie-register plugin before 3.1.2 for WordPress has SQL
injection, ...)
NOT-FOR-US: pie-register plugin for WordPress
CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if
tableName or sc ...)
- TODO: check
+ NOT-FOR-US: connect-pg-simple
CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can
execute ...)
- TODO: check
+ NOT-FOR-US: eslint-utils
CVE-2019-15656
RESERVED
CVE-2019-15655
@@ -1106,17 +1106,17 @@ CVE-2019-15523
CVE-2019-15522
RESERVED
CVE-2019-15521 (Spoon Library through 2014-02-06, as used in Fork CMS before
1.4.1 and ...)
- TODO: check
+ NOT-FOR-US: Spoon Library
CVE-2019-15520 (comelz Quark before 2019-03-26 allows directory traversal to
locations ...)
- TODO: check
+ NOT-FOR-US: comelz Quark
CVE-2019-15519 (Power-Response before 2019-02-02 allows directory traversal
(up to the ...)
- TODO: check
+ NOT-FOR-US: Power-Response
CVE-2019-15518 (Swoole before 4.2.13 allows directory traversal in
swPort_http_static_ ...)
- TODO: check
+ NOT-FOR-US: Swoole
CVE-2019-15517 (jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f
directory trav ...)
- TODO: check
+ NOT-FOR-US: jc21 Nginx Proxy Manager
CVE-2019-15516 (Cuberite before 2019-06-11 allows webadmin directory traversal
via ... ...)
- TODO: check
+ NOT-FOR-US: Cuberite
CVE-2019-15515 (Discourse 2.3.2 sends the CSRF token in the query string. ...)
NOT-FOR-US: Discourse
CVE-2019-15514 (The Privacy > Phone Number feature in the Telegram app 5.10
for And ...)
@@ -1132,7 +1132,7 @@ CVE-2019-15510
CVE-2019-15509
RESERVED
CVE-2019-15508 (In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web
request proxy ...)
- TODO: check
+ NOT-FOR-US: Octopus Tentacle
CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web
request pr ...)
NOT-FOR-US: Octopus Deploy
CVE-2019-15506 (An issue was discovered in Kaseya Virtual System Administrator
(VSA) t ...)
@@ -19629,7 +19629,7 @@ CVE-2019-9571
CVE-2019-9570 (An issue was discovered in YzmCMS 5.2.0. It has XSS via the
bottom tex ...)
NOT-FOR-US: YzmCMS
CVE-2019-9569 (Buffer Overflow in dactetra in Delta Controls enteliBUS Manager
V3.40_ ...)
- TODO: check
+ NOT-FOR-US: Delta Controls enteliBUS Manager
CVE-2019-9568 (The "Forminator Contact Form, Poll & Quiz Builder" plugin
before 1 ...)
NOT-FOR-US: WordPress plugin forminator
CVE-2019-9567 (The "Forminator Contact Form, Poll & Quiz Builder" plugin
before 1 ...)
@@ -22535,9 +22535,9 @@ CVE-2019-8463
CVE-2019-8462
RESERVED
CVE-2019-8461 (Check Point Endpoint Security Initial Client for Windows before
versio ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2019-8460 (Reuven Plevinsky and Tal Vainshtein of Check Point Software
Technologi ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2019-8459 (Check Point Endpoint Security Client for Windows, with the VPN
blade, ...)
NOT-FOR-US: Check Point Endpoint Security Client for Windows
CVE-2019-8458 (Check Point Endpoint Security Client for Windows, with
Anti-Malware bl ...)
@@ -24488,7 +24488,7 @@ CVE-2019-7619
CVE-2019-7618
RESERVED
CVE-2019-7617 (When the Elastic APM agent for Python versions before 5.1.0 is
run as ...)
- TODO: check
+ NOT-FOR-US: Elastic APM agent for Python
CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side
request f ...)
- kibana <itp> (bug #700337)
CVE-2019-7615 (A TLS certificate validation flaw was found in Elastic APM
agent for R ...)
@@ -25167,11 +25167,11 @@ CVE-2019-7366
CVE-2019-7365
RESERVED
CVE-2019-7364 (DLL preloading vulnerability in versions 2017, 2018, 2019, and
2020 of ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2019-7363 (Use-after-free vulnerability in Autodesk Design Review versions
2011, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2019-7362 (DLL preloading vulnerability in Autodesk Design Review versions
2011, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2019-7361 (An attacker may convince a victim to open a malicious action
micro (.a ...)
NOT-FOR-US: Autodesk
CVE-2019-7360 (An exploitable use-after-free vulnerability in the DXF-parsing
functio ...)
@@ -26877,13 +26877,13 @@ CVE-2019-6700
CVE-2019-6699
RESERVED
CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder
all versi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-6697
RESERVED
CVE-2019-6696
RESERVED
CVE-2019-6695 (Lack of root file system integrity checking in Fortinet
FortiManager V ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-6694
RESERVED
CVE-2019-6693
@@ -26984,17 +26984,17 @@ CVE-2019-6650
CVE-2019-6649
RESERVED
CVE-2019-6648 (On version 1.9.0, If DEBUG logging is enable, F5 Container
Ingress Ser ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6647 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2,
12.1.0-12.1 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6646 (On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST
users with ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6645 (On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1,
11.5.2-11.6 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6644 (Similar to the issue identified in CVE-2018-12120, on versions
14.1.0- ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6643 (On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2,
12.1.0-12 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6642 (In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5,
12.1.0-12.1.4.2, a ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6641 (On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause
iControl RES ...)
@@ -28235,13 +28235,13 @@ CVE-2019-6184
CVE-2019-6183
RESERVED
CVE-2019-6182 (A stored CSV Injection vulnerability was reported in Lenovo
XClarity A ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6181 (A reflected cross-site scripting (XSS) vulnerability was
reported in L ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6180 (A stored cross-site scripting (XSS) vulnerability was reported
in Leno ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6179 (An XML External Entity (XXE) processing vulnerability was
reported in ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6178 (An information leakage vulnerability in Iomega and LenovoEMC
NAS produ ...)
NOT-FOR-US: Iomega and LenovoEMC NAS products
CVE-2019-6177 (A vulnerability reported in Lenovo Solution Center version
03.12.003, ...)
@@ -28406,7 +28406,7 @@ CVE-2019-6115
CVE-2019-6114 (An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119.
An int ...)
NOT-FOR-US: Corel PaintShop Pro
CVE-2019-6113 (Directory traversal vulnerability on ONKYO TX-NR686
1030-5000-1040-001 ...)
- TODO: check
+ NOT-FOR-US: ONKYO
CVE-2019-6112
RESERVED
CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp
implementation ...)
@@ -29732,13 +29732,13 @@ CVE-2019-5637
CVE-2019-5636
RESERVED
CVE-2019-5635 (A cleartext transmission of sensitive information vulnerability
is pre ...)
- TODO: check
+ NOT-FOR-US: Hickory
CVE-2019-5634 (An inclusion of sensitive information in log files
vulnerability is pr ...)
- TODO: check
+ NOT-FOR-US: Hickory
CVE-2019-5633 (An insecure storage of sensitive information vulnerability is
present ...)
- TODO: check
+ NOT-FOR-US: Hickory
CVE-2019-5632 (An insecure storage of sensitive information vulnerability is
present ...)
- TODO: check
+ NOT-FOR-US: Hickory
CVE-2019-5631 (The Rapid7 InsightAppSec broker suffers from a DLL injection
vulnerabi ...)
NOT-FOR-US: Rapid7 InsightAppSec broker
CVE-2019-5630 (A Cross-Site Request Forgery (CSRF) vulnerability was found in
Rapid7 ...)
@@ -30654,7 +30654,7 @@ CVE-2019-5225
CVE-2019-5224
RESERVED
CVE-2019-5223 (PCManager 9.1.3.1 has an improper authentication vulnerability.
The ce ...)
- TODO: check
+ NOT-FOR-US: PCManager
CVE-2019-5222 (There is an information disclosure vulnerability on Secure
Input of ce ...)
NOT-FOR-US: Huawei
CVE-2019-5221 (There is a path traversal vulnerability on Huawei Share. The
software ...)
@@ -34207,7 +34207,7 @@ CVE-2019-3636
CVE-2019-3635 (Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior
to 7.8. ...)
NOT-FOR-US: McAfee
CVE-2019-3634 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for
Windows 11.x ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3633 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for
Windows 11.x ...)
NOT-FOR-US: McAfee
CVE-2019-3632 (Directory Traversal vulnerability in McAfee Enterprise Security
Manage ...)
@@ -36012,7 +36012,7 @@ CVE-2019-3396 (The Widget Connector macro in Atlassian
Confluence Server before
CVE-2019-3395 (The WebDAV endpoint in Atlassian Confluence Server and Data
Center bef ...)
NOT-FOR-US: Atlassian Confluence Server
CVE-2019-3394 (There was a local file disclosure vulnerability in Confluence
Server a ...)
- TODO: check
+ NOT-FOR-US: Confluence
CVE-2018-20298 (S3 Browser before 8.1.5 contains an XML external entity (XXE)
vulnerab ...)
NOT-FOR-US: S3 Browser
CVE-2018-20297
@@ -38940,7 +38940,7 @@ CVE-2019-2392
CVE-2019-2391
RESERVED
CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can
create ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's
packaged SysV ...)
TODO: check
CVE-2019-2388
@@ -40047,7 +40047,7 @@ CVE-2018-19934 (SolarWinds Serv-U FTP Server 15.1.6.25
has reflected cross-site
CVE-2018-19933 (Bolt CMS <3.6.2 allows XSS via text input click preview
button as d ...)
NOT-FOR-US: Bolt CMS
CVE-2019-1984 (A vulnerability in Cisco Enterprise Network Functions
Virtualization I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1983
RESERVED
CVE-2019-1982
@@ -40061,13 +40061,13 @@ CVE-2019-1979
CVE-2019-1978
RESERVED
CVE-2019-1977 (A vulnerability within the Endpoint Learning feature of Cisco
Nexus 90 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1976 (A vulnerability in the &ldquo;plug-and-play&rdquo;
services co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1975
RESERVED
CVE-2019-1974 (A vulnerability in the web-based management interface of Cisco
Integra ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1973 (A vulnerability in the web portal framework of Cisco Enterprise
NFV In ...)
NOT-FOR-US: Cisco
CVE-2019-1972 (A vulnerability the Cisco Enterprise NFV Infrastructure
Software (NFVI ...)
@@ -40077,21 +40077,21 @@ CVE-2019-1971 (A vulnerability in the web portal of
Cisco Enterprise NFV Infrast
CVE-2019-1970 (A vulnerability in the Secure Sockets Layer (SSL)/Transport
Layer Secu ...)
NOT-FOR-US: Cisco
CVE-2019-1969 (A vulnerability in the implementation of the Simple Network
Management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1968 (A vulnerability in the NX-API feature of Cisco NX-OS Software
could al ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1967 (A vulnerability in the Network Time Protocol (NTP) feature of
Cisco NX ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1966 (A vulnerability in a specific CLI command within the local
management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1965 (A vulnerability in the Virtual Shell (VSH) session management
for Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1964 (A vulnerability in the IPv6 traffic processing of Cisco NX-OS
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1963 (A vulnerability in the Simple Network Management Protocol
(SNMP) input ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1962 (A vulnerability in the Cisco Fabric Services component of Cisco
NX-OS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1961 (A vulnerability in Cisco Enterprise NFV Infrastructure Software
(NFVIS ...)
NOT-FOR-US: Cisco
CVE-2019-1960 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure
Softwa ...)
@@ -40137,7 +40137,7 @@ CVE-2019-1941 (A vulnerability in the web-based
management interface of Cisco Id
CVE-2019-1940 (A vulnerability in the Web Services Management Agent (WSMA)
feature of ...)
NOT-FOR-US: Cisco
CVE-2019-1939 (A vulnerability in the Cisco Webex Teams client for Windows
could allo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1938 (A vulnerability in the web-based management interface of Cisco
UCS Dir ...)
NOT-FOR-US: Cisco
CVE-2019-1937 (A vulnerability in the web-based management interface of Cisco
Integra ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/78854cfa938859234e0ca4f0cc12b047fbcbf61e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/78854cfa938859234e0ca4f0cc12b047fbcbf61e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
