Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0481c13a by Salvatore Bonaccorso at 2025-05-15T21:12:28+02:00
Convert the old ipt'ed entries for centreon-web to NFUs
As explained in 6bf73fa02a8d ("auto-nfu: Add rule for Centreon") we
added a rule based on the CNA for Centreon, as we can do that given
there won't be a packaging of centreon-web.
In the event that it will be resurected at a later point we can revisit
adding the rule based on CNA and restore the itp'ed based tracking.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6759,7 +6759,7 @@ CVE-2025-43858 (YoutubeDLSharp is a wrapper for the
command-line video downloade
CVE-2025-43855 (tRPC allows users to build & consume fully typesafe APIs
without schem ...)
NOT-FOR-US: tRPC
CVE-2025-3872 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2025-3832 (The FuseDesk plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
NOT-FOR-US: WordPress plugin
CVE-2025-3793 (The Buddypress Force Password Change plugin for WordPress is
vulnerabl ...)
@@ -36942,7 +36942,7 @@ CVE-2024-57328 (A SQL Injection vulnerability exists in
the login form of Online
CVE-2024-57326 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
the sea ...)
NOT-FOR-US: Online Pizza Delivery System
CVE-2024-55573 (An issue was discovered in Centreon centreon-web 24.10.x
before 24.10. ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-55195 (An allocation-size-too-big bug in the component /imagebuf.cpp
of OpenI ...)
- openimageio 2.5.18.0+dfsg-1 (bug #1094408)
[bookworm] - openimageio <no-dsa> (Minor issue)
@@ -36969,7 +36969,7 @@ CVE-2024-55192 (OpenImageIO v3.1.0.0dev was discovered
to contain a heap overflo
NOTE:
https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4550
NOTE:
https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/57de4554d119a9adab8ef5c51ff7841fb6f97041
CVE-2024-53923 (An issue was discovered in Centreon Web 24.10.x before
24.10.3, 24.04. ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-53588 (A DLL hijacking vulnerability in iTop VPN v16.0 allows
attackers to ex ...)
NOT-FOR-US: iTop VPN
CVE-2024-53379 (Heap buffer overflow in the server site handshake
implementation in Re ...)
@@ -55082,7 +55082,7 @@ CVE-2024-48861 (An OS command injection vulnerability
has been reported to affec
CVE-2024-48860 (An OS command injection vulnerability has been reported to
affect seve ...)
NOT-FOR-US: QNAP
CVE-2024-47863 (An issue was discovered in Centreon Web 24.10.x before
24.10.0, 24.04. ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-45719 (Inadequate Encryption Strength vulnerability in Apache Answer.
This i ...)
NOT-FOR-US: Apache Answer
CVE-2024-44786 (Incorrect access control in Meabilis CMS 1.0 allows attackers
to acces ...)
@@ -72878,9 +72878,9 @@ CVE-2024-40442 (An issue in Doccano Open source
annotation tools for machine lea
CVE-2024-40441 (An issue in Doccano Open source annotation tools for machine
learning ...)
NOT-FOR-US: Doccano
CVE-2024-39843 (A SQL injection vulnerability in Centreon 24.04.2 allows a
remote high ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-39842 (A SQL injection vulnerability in Centreon 24.04.2 allows a
remote high ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-39342 (Entrust Instant Financial Issuance (formerly known as
Cardwizard) 6.10 ...)
NOT-FOR-US: Entrust Instant Financial Issuance
CVE-2024-39341 (Entrust Instant Financial Issuance (On Premise) Software
(formerly kno ...)
@@ -79127,7 +79127,7 @@ CVE-2024-41841 (Adobe Experience Manager versions
6.5.20 and earlier are affecte
CVE-2024-41150 (An Stored Cross-site Scripting vulnerability in request module
affects ...)
NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-39841 (A SQL Injection vulnerability exists in the service
configuration func ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-38869 (Zohocorp ManageEngine Endpoint Central affected byIncorrect
authorizat ...)
NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-38807 (Applications that use spring-boot-loaderor
spring-boot-loader-classica ...)
@@ -79145,13 +79145,13 @@ CVE-2024-36515 (ZohocorpManageEngineADAudit Plus
versions below8000 are vulnerab
CVE-2024-36514 (ZohocorpManageEngineADAudit Plus versions below8000 are
vulnerable to ...)
NOT-FOR-US: Zohocorp ManageEngine
CVE-2024-33854 (A SQL Injection vulnerability exists in the Graph Template
component i ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-33853 (A SQL Injection vulnerability exists in the Timeperiod
component in Ce ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-33852 (A SQL Injection vulnerability exists in the Downtime component
in Cent ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-32501 (A SQL Injection vulnerability exists in the updateServiceHost
function ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-43883 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
{DLA-4008-1 DLA-3912-1}
- linux 6.10.6-1
@@ -79687,9 +79687,9 @@ CVE-2024-5928 (VIPRE Advanced Security PMAgent Link
Following Local Privilege Es
CVE-2024-5762 (Zen Cart findPluginAdminPage Local File Inclusion Remote Code
Executio ...)
NOT-FOR-US: Zen Cart
CVE-2024-5725 (Centreon initCurveList SQL Injection Remote Code Execution
Vulnerabili ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-5723 (Centreon updateServiceHost SQL Injection Remote Code Execution
Vulnera ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-5335 (The Ultimate Store Kit Elementor Addons, Woocommerce Builder,
EDD Buil ...)
NOT-FOR-US: WordPress plugin
CVE-2024-43411 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
@@ -112318,7 +112318,7 @@ CVE-2023-6363 (Use After Free vulnerability in Arm
Ltd Valhall GPU Kernel Driver
CVE-2023-6214 (The HT Mega \u2013 Absolute Addons For Elementor plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2023-51633 (Centreon sysName Cross-Site Scripting Remote Code Execution
Vulnerabil ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2023-51629 (D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass
Vulnerab ...)
NOT-FOR-US: D-Link
CVE-2023-51628 (D-Link DCS-8300LHV2 ONVIF SetHostName Stack-Based Buffer
Overflow Remo ...)
@@ -124170,15 +124170,15 @@ CVE-2024-25187 (Server Side Request Forgery (SSRF)
vulnerability in 71cms v1.0.0
CVE-2024-24581 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker arbitr ...)
NOT-FOR-US: OpenHarmony
CVE-2024-23119 (Centreon insertGraphTemplate SQL Injection Remote Code
Execution Vulne ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-23118 (Centreon updateContactHostCommands SQL Injection Remote Code
Execution ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-23117 (Centreon updateContactServiceCommands SQL Injection Remote
Code Execut ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-23116 (Centreon updateLCARelation SQL Injection Remote Code Execution
Vulnera ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-23115 (Centreon updateGroups SQL Injection Remote Code Execution
Vulnerabilit ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2024-22180 (in OpenHarmony v4.0.0 and prior versions allow a local
attacker cause ...)
NOT-FOR-US: OpenHarmony
CVE-2024-22177 (in OpenHarmony v3.2.4 and prior versions allow a local
attacker cause ...)
@@ -124226,7 +124226,7 @@ CVE-2024-1274 (The My Calendar WordPress plugin
before 3.4.24 does not sanitise
CVE-2024-1179 (TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer
Overflow ...)
NOT-FOR-US: TP-Link
CVE-2024-0637 (Centreon updateDirectory SQL Injection Remote Code Execution
Vulnerabi ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2023-52636 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
- linux 6.7.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -223009,7 +223009,7 @@ CVE-2022-3829 (The Font Awesome 4 Menus WordPress
plugin through 4.7.0 does not
CVE-2022-3828 (The Video Thumbnails WordPress plugin through 2.12.3 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3827 (A vulnerability was found in centreon. It has been declared as
critica ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-3826 (A vulnerability was found in Huaxia ERP. It has been classified
as pro ...)
NOT-FOR-US: Huaxia ERP
CVE-2022-3825 (A vulnerability was found in Huaxia ERP 2.3 and classified as
critical ...)
@@ -230952,17 +230952,17 @@ CVE-2022-42431 (This vulnerability allows local
attackers to escalate privileges
CVE-2022-42430 (This vulnerability allows local attackers to escalate
privileges on af ...)
NOT-FOR-US: Tesla vehicles
CVE-2022-42429 (This vulnerability allows remote attackers to escalate
privileges on a ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-42428 (This vulnerability allows remote attackers to escalate
privileges on a ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-42427 (This vulnerability allows remote attackers to escalate
privileges on a ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-42426 (This vulnerability allows remote attackers to escalate
privileges on a ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-42425 (This vulnerability allows remote attackers to escalate
privileges on a ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-42424 (This vulnerability allows remote attackers to escalate
privileges on a ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-42423 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: PDF-XChange Editor
CVE-2022-42422
@@ -234550,7 +234550,7 @@ CVE-2022-41144 (This vulnerability allows remote
attackers to execute arbitrary
CVE-2022-41143 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: PDF-XChange
CVE-2022-41142 (This vulnerability allows remote attackers to escalate
privileges on a ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-41141 (This vulnerability allows local attackers to escalate
privileges on af ...)
NOT-FOR-US: Windscribe
CVE-2022-41140 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
@@ -237300,9 +237300,9 @@ CVE-2022-40046
CVE-2022-40045
RESERVED
CVE-2022-40044 (Centreon v20.10.18 was discovered to contain a cross-site
scripting (X ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-40043 (Centreon v20.10.18 was discovered to contain a SQL injection
vulnerabi ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-40042
RESERVED
CVE-2022-40041
@@ -237418,7 +237418,7 @@ CVE-2022-39990
CVE-2022-39989 (An issue was discovered in Fighting Cock Information System
1.0, which ...)
NOT-FOR-US: Fighting Cock Information System
CVE-2022-39988 (A cross-site scripting (XSS) vulnerability in Centreon 22.04.0
allows ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-39987 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2
allows an ...)
NOT-FOR-US: RaspAP
CVE-2022-39986 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7
allows un ...)
@@ -247936,7 +247936,7 @@ CVE-2022-36196
CVE-2022-36195
RESERVED
CVE-2022-36194 (Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS)
from the ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-36193 (SQL injection in School Management System 1.0 allows remote
attackers ...)
NOT-FOR-US: School Management System
CVE-2022-36192
@@ -251608,9 +251608,9 @@ CVE-2022-34874 (This vulnerability allows remote
attackers to disclose sensitive
CVE-2022-34873 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
NOT-FOR-US: Foxit
CVE-2022-34872 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-34871 (This vulnerability allows remote attackers to escalate
privileges on a ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2022-34870 (Apache Geode versions up to 1.15.0 are vulnerable to a
Cross-Site Scri ...)
NOT-FOR-US: Apache Geode
CVE-2022-34858 (Authentication Bypass vulnerability in miniOrange OAuth 2.0
client for ...)
@@ -318290,11 +318290,11 @@ CVE-2021-37560 (MediaTek microchips, as used in
NETGEAR devices through 2021-11-
CVE-2021-37559
RESERVED
CVE-2021-37558 (A SQL injection vulnerability in a MediaWiki script in
Centreon before ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2021-37557 (A SQL injection vulnerability in image generation in Centreon
before 2 ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2021-37556 (A SQL injection vulnerability in reporting export in Centreon
before 2 ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a
shell a ...)
NOT-FOR-US: TX9 Automatic Food Dispenser
CVE-2021-37554 (In JetBrains YouTrack before 2021.3.21051, a user could see
boards wit ...)
@@ -342810,11 +342810,11 @@ CVE-2021-28057
CVE-2021-28056
RESERVED
CVE-2021-28055 (An issue was discovered in Centreon-Web in Centreon Platform
20.10.0. ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2021-28054 (An issue was discovered in Centreon-Web in Centreon Platform
20.10.0. ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2021-28053 (An issue was discovered in Centreon-Web in Centreon Platform
20.10.0. ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2021-28052 (A tenant administrator Hitachi Content Platform (HCP) may
modify the c ...)
NOT-FOR-US: Hitachi
CVE-2021-28051
@@ -343721,7 +343721,7 @@ CVE-2021-27678 (Cross-site scripting (XSS)
vulnerability in Snippets in Batflat
CVE-2021-27677 (Cross-site scripting (XSS) vulnerability in Galleries in
Batflat CMS 1 ...)
NOT-FOR-US: Batflat CMS
CVE-2021-27676 (Centreon version 20.10.2 is affected by a cross-site scripting
(XSS) v ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2021-27675
RESERVED
CVE-2021-27674
@@ -345799,7 +345799,7 @@ CVE-2021-26806
CVE-2021-26805 (Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a
Denial o ...)
- tsmuxer <itp> (bug #761820)
CVE-2021-26804 (Insecure Permissions in Centreon Web versions 19.10.18,
20.04.8, and 2 ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2021-26803
RESERVED
CVE-2021-26802
@@ -387963,7 +387963,7 @@ CVE-2020-22427 (NagiosXI 5.6.11 is affected by a
remote code execution (RCE) vul
CVE-2020-22426
RESERVED
CVE-2020-22425 (Centreon 19.10-3.el7 is affected by a SQL injection
vulnerability, whe ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2020-22424
RESERVED
CVE-2020-22423
@@ -388131,7 +388131,7 @@ CVE-2020-22347
CVE-2020-22346
RESERVED
CVE-2020-22345 (/graphStatus/displayServiceStatus.php in Centreon 19.10.8
allows remot ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2020-22344
RESERVED
CVE-2020-22343
@@ -408753,9 +408753,9 @@ CVE-2020-13630 (ext/fts3/fts3.c in SQLite before
3.32.0 has a use-after-free in
CVE-2020-13629
RESERVED
CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote
attackers to in ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote
attackers to in ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2020-13626 (OnePlus App Locker through 2020-10-06 allows physically
proximate atta ...)
NOT-FOR-US: OnePlus App Locker
CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when
the name o ...)
@@ -409703,7 +409703,7 @@ CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU
4.2.0 uses an unvalidated addre
NOTE: https://bugs.launchpad.net/qemu/+bug/1880822 (reproducer)
NOTE:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=790762e5487114341cccc5bffcec4cb3c022c3cd
(5.1)
CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute
arbitrary ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2020-13251
RESERVED
CVE-2020-13250 (HashiCorp Consul and Consul Enterprise include an HTTP API
(introduced ...)
@@ -416997,9 +416997,9 @@ CVE-2020-10948 (Jon Hedley AlienForm2 (typically
installed as af.cgi or alienfor
CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint
for Soph ...)
NOT-FOR-US: Sophos
CVE-2020-10946 (Cross-site scripting (XSS) vulnerability allows remote
attackers to in ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2020-10945 (Centreon before 19.10.7 exposes Session IDs in server
responses.)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a
cross-si ...)
- nomad 0.10.5+dfsg1-1
NOTE: https://github.com/hashicorp/nomad/issues/7468
@@ -420987,7 +420987,7 @@ CVE-2020-9465 (An issue was discovered in
EyesOfNetwork eonweb 5.1 through 5.3 b
CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet
TCP/IP B ...)
NOT-FOR-US: BECKHOFF Ethernet TCP/IP Bus Coupler BK9000
CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute
arbitrary ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2020-9462 (An issue was discovered in all Athom Homey and Homey Pro
devices up to ...)
NOT-FOR-US: Athom
CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an
authenticated us ...)
@@ -439489,7 +439489,7 @@ CVE-2019-19701
CVE-2019-19700
RESERVED
CVE-2019-19699 (There is Authenticated remote code execution in Centreon
Infrastructur ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-19698 (marc-q libwav through 2017-04-20 has a NULL pointer
dereference in wav ...)
NOT-FOR-US: libwav
CVE-2019-19697 (An arbitrary code execution vulnerability exists in the Trend
Micro Se ...)
@@ -441414,13 +441414,13 @@ CVE-2019-19489 (SMPlayer 19.5.0 has a buffer
overflow via a long .m3u file.)
CVE-2019-19488
RESERVED
CVE-2019-19487 (Command Injection in minPlayCommand.php in Centreon (19.04.4
and below ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-19486 (Local File Inclusion in minPlayCommand.php in Centreon
(19.04.4 and be ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-19485
RESERVED
CVE-2019-19484 (Open redirect via parameter \u2018p\u2019 in login.php in
Centreon (19 ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-19483
RESERVED
CVE-2019-19482
@@ -450077,17 +450077,17 @@ CVE-2019-17649
CVE-2019-17648
RESERVED
CVE-2019-17647 (An issue was discovered in Centreon before 2.8.30, 18.10.8,
19.04.5, a ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-17646 (An issue was discovered in Centreon before 18.10.8, 19.04.5,
and 19.10 ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-17645 (An issue was discovered in Centreon before 2.8.31, 18.10.9,
19.04.6, a ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-17644 (An issue was discovered in Centreon before 2.8-30, 18.10-8,
19.04-5, a ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-17643 (An issue was discovered in Centreon before 2.8-30,18.10-8,
19.04-5, an ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-17642 (An issue was discovered in Centreon before 18.10.8, 19.10.1,
and 19.04 ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-17641
RESERVED
CVE-2019-17640 (In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1,
4.0.0.milestone ...)
@@ -450685,7 +450685,7 @@ CVE-2019-17503 (An issue was discovered in Kirona
Dynamic Resource Scheduling (D
CVE-2019-17502 (Hydra through 0.1.8 has a NULL pointer dereference and daemon
crash wh ...)
NOT-FOR-US: Hydra (different from src:hydra)
CVE-2019-17501 (Centreon 19.04 allows attackers to execute arbitrary OS
commands via t ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-17500
RESERVED
CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on
Compal CH7 ...)
@@ -451667,27 +451667,27 @@ CVE-2019-17109 (Koji through 1.18.0 allows remote
Directory Traversal, with resu
NOTE: https://docs.pagure.org/koji/CVE-2019-17109/
NOTE: https://pagure.io/koji/issue/1634
CVE-2019-17108 (Local file inclusion in brokerPerformance.php in Centreon Web
before 2 ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-17107 (minPlayCommand.php in Centreon Web before 2.8.27 allows
authenticated ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-17106 (In Centreon Web through 2.8.29, disclosure of external
components' pas ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-17105 (The token generator in index.php in Centreon Web before 2.8.27
is pred ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-17104 (In Centreon VM through 19.04.3, the cookie configuration
within the Ap ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-21025 (In Centreon VM through 19.04.3, centreon-backup.pl allows
attackers to ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-21024 (licenseUpload.php in Centreon Web before 2.8.27 allows
attackers to up ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-21023 (getStats.php in Centreon Web before 2.8.28 allows
authenticated attack ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-21022 (makeXML_ListServices.php in Centreon Web before 2.8.28 allows
attacker ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-21021 (img_gantt.php in Centreon Web before 2.8.27 allows attackers
to perfor ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-21020 (In very rare cases, a PHP type juggling vulnerability in
centreonAuth. ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-17103 (An Incorrect Default Permissions vulnerability in the
BDLDaemon compon ...)
NOT-FOR-US: Bitdefender AV for Mac
CVE-2019-17102 (An exploitable command execution vulnerability exists in the
recovery ...)
@@ -453638,9 +453638,9 @@ CVE-2019-16408
CVE-2019-16407 (JetBrains ReSharper installers for versions before 2019.2 had
a DLL Hi ...)
NOT-FOR-US: JetBrains ReSharper installer
CVE-2019-16406 (Centreon Web 19.04.4 has weak permissions within the OVA (aka
VMware v ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-16405 (Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x
before 19. ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-16404 (Authenticated SQL Injection in
interface/forms/eye_mag/js/eye_base.php ...)
NOT-FOR-US: OpenEMR
CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for
customers to c ...)
@@ -454402,9 +454402,9 @@ CVE-2019-16197 (In htdocs/societe/card.php in
Dolibarr 10.0.1, the value of the
CVE-2019-16196
RESERVED
CVE-2019-16195 (Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before
19.04.5 a ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-16194 (SQL injection vulnerabilities in Centreon through 19.04 allow
attacks ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be
used to t ...)
NOT-FOR-US: ArcGIS Enterprise
CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php
in DocCms ...)
@@ -457021,11 +457021,11 @@ CVE-2019-15302 (The pad management logic in XWiki
labs CryptPad before 3.0.0 all
CVE-2019-15301 (A SQL injection vulnerability in the method
Terrasoft.Core.DB.Column.C ...)
NOT-FOR-US: Terrasoft Bpm'online CRM-System SDK
CVE-2019-15300 (A problem was found in Centreon Web through 19.04.3. An
authenticated ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-15299 (An issue was discovered in Centreon Web through 19.04.3. When
a user c ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-15298 (A problem was found in Centreon Web through 19.04.3. An
authenticated ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2021-46837 (res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x
before 17. ...)
{DSA-5285-1 DLA-3194-1}
- asterisk 1:18.9.0~dfsg+~cs6.10.40431411-1 (bug #1018073)
@@ -465546,7 +465546,7 @@ CVE-2019-13026 (OXID eShop 6.0.x before 6.0.5 and
6.1.x before 6.1.4 allows SQL
CVE-2019-13025 (Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have
Incorre ...)
NOT-FOR-US: Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices
CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and
Centreon web be ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2019-13023 (An issue was discovered in all versions of Bond JetSelect.
Within the ...)
NOT-FOR-US: Bond JetSelect
CVE-2019-13022 (Bond JetSelect (all versions) has an issue in the Java class
(ENCtool. ...)
@@ -502870,9 +502870,9 @@ CVE-2018-19314
CVE-2018-19313
RESERVED
CVE-2018-19312 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web
2.8.24) all ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-19311 (Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the
Service ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-19310
RESERVED
CVE-2018-19309
@@ -502936,9 +502936,9 @@ CVE-2018-19283
CVE-2018-19282 (Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier
allow re ...)
NOT-FOR-US: Rockwell Automation
CVE-2018-19281 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web
2.8.27) all ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-19280 (Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the
resource na ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-19279 (PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks
the plain ...)
NOT-FOR-US: PRIMX ZoneCentral
CVE-2018-19278 (Buffer overflow in DNS SRV and NAPTR lookups in Digium
Asterisk 15.x b ...)
@@ -503171,7 +503171,7 @@ CVE-2018-19273
CVE-2018-19272
RESERVED
CVE-2018-19271 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web
2.8.28) all ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-19270
REJECTED
CVE-2019-0185 (Insufficient access control in protected memory subsystem for
SMM for ...)
@@ -523893,11 +523893,11 @@ CVE-2018-11591 (Espruino before 1.98 allows
attackers to cause a denial of servi
CVE-2018-11590 (Espruino before 1.99 allows attackers to cause a denial of
service (ap ...)
NOT-FOR-US: Espruino
CVE-2018-11589 (Multiple SQL injection vulnerabilities in Centreon 3.4.6
including Cen ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-11588 (Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to
an authe ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-11587 (There is Remote Code Execution in Centreon 3.4.6 including
Centreon We ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2018-11586 (XML external entity (XXE) vulnerability in api/rest/status in
SearchBl ...)
NOT-FOR-US: SearchBlox
CVE-2018-11585
@@ -641936,7 +641936,7 @@ CVE-2015-7676 (Ipswitch MOVEit File Transfer
(formerly DMZ) 8.1 and earlier, whe
CVE-2015-7675 (The "Send as attachment" feature in Ipswitch MOVEit DMZ before
8.2 and ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7672 (Cross-site scripting (XSS) vulnerability in Centreon 2.6.1
(fixed in C ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2014-9751 (The read_network_packet function in ntp_io.c in ntpd in NTP 4.x
before ...)
{DSA-3154-1 DLA-149-1}
- ntp 1:4.2.6.p5+dfsg-4
@@ -659447,9 +659447,9 @@ CVE-2015-1564 (Cross-site scripting (XSS)
vulnerability in style-underground/sea
CVE-2015-1562 (Multiple cross-site scripting (XSS) vulnerabilities in Saurus
CMS 4.7. ...)
NOT-FOR-US: Saurus CMS
CVE-2015-1561 (The escape_command function in
include/Administration/corePerformance/ ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2015-1560 (SQL injection vulnerability in the isUserAdmin function in
include/com ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2015-1559 (Multiple cross-site request forgery (CSRF) vulnerabilities in
administ ...)
NOT-FOR-US: Epignosis eFront
CVE-2015-1557
@@ -679081,9 +679081,9 @@ CVE-2014-3831
CVE-2014-3830 (Cross-site scripting (XSS) vulnerability in info.php in
TomatoCart 1.1 ...)
NOT-FOR-US: TomatoCart
CVE-2014-3829 (displayServiceStatus.php in Centreon 2.5.1 and Centreon
Enterprise Ser ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and
Centreon ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2014-3827 (Multiple cross-site scripting (XSS) vulnerabilities in the MyBB
(aka M ...)
NOT-FOR-US: MyBB
CVE-2014-3826 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13
allows ...)
@@ -710558,7 +710558,7 @@ CVE-2012-5969 (Multiple directory traversal
vulnerabilities on the Huawei E585 d
CVE-2012-5968 (The Huawei E585 device does not validate the status of admin
sessions, ...)
NOT-FOR-US: Huawei device
CVE-2012-5967 (SQL injection vulnerability in menuXML.php in Centreon 2.3.3
through 2 ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2012-5966 (The restricted telnet shell on the D-Link DSL2730U router
allows remot ...)
NOT-FOR-US: D-Link DSL2730U router
CVE-2012-5965 (Stack-based buffer overflow in the unique_service_name function
in ssd ...)
@@ -750228,7 +750228,7 @@ CVE-2010-1303 (Multiple cross-site scripting (XSS)
vulnerabilities in the Taxono
CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the
DecryptWeb DW ...)
NOT-FOR-US: Joomla!
CVE-2010-1301 (SQL injection vulnerability in main.php in Centreon 2.1.5
allows remot ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2010-1300 (SQL injection vulnerability in index.php in Yamamah (aka Dove
Photo Al ...)
NOT-FOR-US: Yamamah
CVE-2010-1299 (Multiple PHP remote file inclusion vulnerabilities in DynPG CMS
4.1.0, ...)
@@ -754508,7 +754508,7 @@ CVE-2009-4369 (Cross-site scripting (XSS)
vulnerability in the Contact module (m
- drupal5 5.21-1 (low)
[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4
have unk ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2009-4367 (The Staging Webservice ("sitecore
modules/staging/service/api.asmx") i ...)
NOT-FOR-US: Sitecore Staging Module
CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in
ScriptsEz Ez ...)
@@ -781017,9 +781017,9 @@ CVE-2008-1181 (Juniper Networks Secure Access 2000
5.5 R1 (build 11711) allows r
CVE-2008-1180 (Cross-site scripting (XSS) vulnerability in
dana-na/auth/rdremediate.c ...)
NOT-FOR-US: Juniper
CVE-2008-1179 (Multiple cross-site scripting (XSS) vulnerabilities in
include/common/ ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2008-1178 (Directory traversal vulnerability in include/doc/index.php in
Centreon ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2008-1177 (SQL injection vulnerability in shop/detail.php in Affiliate
Market (af ...)
NOT-FOR-US: Affiliate Market
CVE-2008-1176 (Cross-site scripting (XSS) vulnerability in
function/sideblock.php in ...)
@@ -781194,7 +781194,7 @@ CVE-2008-1121 (SQL injection vulnerability in
index.php in eazyPortal 1.0 and ea
CVE-2008-1120 (Format string vulnerability in the embedded Internet Explorer
componen ...)
NOT-FOR-US: ICQ
CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php
in Cent ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X,
does no ...)
NOT-FOR-US: Timbuktu Pro
CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes
or ins ...)
@@ -784238,7 +784238,7 @@ CVE-2007-6487 (Unspecified vulnerability in Plain
Black WebGUI 7.4.0 through 7.4
CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in
shout.php (aka ...)
NOT-FOR-US: LineShout
CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon
1.4.1 ( ...)
- - centreon-web <itp> (bug #913903)
+ NOT-FOR-US: Centreon
CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows
remote a ...)
NOT-FOR-US: phpRPG
CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel
Protection Serve ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0481c13a8907331e98375fcfd4a6acfb0075a948
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0481c13a8907331e98375fcfd4a6acfb0075a948
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
