[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 5044562a by Moritz Muehlenhoff at 2023-08-09T20:07:53+02:00 NFUs - - - - - 1b4d0128 by Moritz Muehlenhoff at 2023-08-09T20:07:54+02:00 bullseye/bookworm triage - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -100,7 +100,7 @@ CVE-2023-39532 (SES is a JavaScript environment that allows safe execution of ar CVE-2023-39518 (social-media-skeleton is an uncompleted social media project implement ...) TODO: check CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39342 (Dangerzone is software for converting potentially dangerous PDFs, offi ...) TODO: check CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) @@ -112,21 +112,21 @@ CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10 may CVE-2023-39216 (Improper input validation in Zoom Desktop Client for Windows before 5. ...) NOT-FOR-US: Zoom CVE-2023-39188 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39187 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39186 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39185 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39184 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39183 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39182 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39181 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-39086 (ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitiv ...) NOT-FOR-US: ASUS CVE-2023-38815 @@ -164,37 +164,37 @@ CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger Project CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger Workout Manage ...) TODO: check CVE-2023-38683 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38682 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38681 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38680 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38679 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38641 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38532 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38531 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38530 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38529 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38528 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38527 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38526 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38525 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38524 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntacti ...) - TODO: check + NOT-FOR-US: Siemens CVE-2023-38254 (Microsoft Message
[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1dc92906 by Moritz Muehlenhoff at 2021-03-16T14:22:40+01:00 NFUs - - - - - 2326b6c9 by Moritz Muehlenhoff at 2021-03-16T14:23:39+01:00 NFU - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1577,7 +1577,7 @@ CVE-2021-27819 CVE-2021-27818 RESERVED CVE-2021-27817 (A remote command execution vulnerability in shopxo 1.9.3 allows an att ...) - TODO: check + NOT-FOR-US: shopxo CVE-2021-27816 RESERVED CVE-2021-27815 @@ -2520,9 +2520,9 @@ CVE-2021-27383 CVE-2021-27382 RESERVED CVE-2021-27381 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) - TODO: check + NOT-FOR-US: Solid Edge SE2020 CVE-2021-27380 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) - TODO: check + NOT-FOR-US: Solid Edge SE2020 CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM ...) - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (Incomplete fix for CVE-2020-15565 not applied) @@ -2840,7 +2840,7 @@ CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Serv CVE-2021-27231 (Hestia Control Panel through 1.3.3, in a shared-hosting environment, s ...) NOT-FOR-US: Hestia Control Panel CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Inj ...) - TODO: check + NOT-FOR-US: ExpressionEngine CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim navigates ...) {DLA-2562-1} - mumble 1.3.4-1 (bug #982904) @@ -3380,7 +3380,7 @@ CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9 CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...) NOT-FOR-US: Clustered Data ONTAP CVE-2021-26987 (Element Plug-in for vCenter Server incorporates SpringBoot Framework. ...) - TODO: check + NOT-FOR-US: Element Plug-in for vCenter Server CVE-2021-26986 RESERVED CVE-2021-26985 @@ -3560,9 +3560,9 @@ CVE-2021-26925 (Roundcube before 1.4.11 allows XSS via crafted Cascading Style S NOTE: https://roundcube.net/news/2021/02/08/security-update-1.4.11 NOTE: https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596 CVE-2021-26924 (An issue was discovered in Argo CD before 1.8.4. Browser XSS protectio ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2021-26923 (An issue was discovered in Argo CD before 1.8.4. Accessing the endpoin ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2021-26922 RESERVED CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens cont ...) @@ -6767,13 +6767,13 @@ CVE-2021-25678 CVE-2021-25677 RESERVED CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALAN ...) - TODO: check + NOT-FOR-US: Siemens CVE-2021-25675 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...) - TODO: check + NOT-FOR-US: Siemens CVE-2021-25674 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...) - TODO: check + NOT-FOR-US: Siemens CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...) - TODO: check + NOT-FOR-US: Siemens CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password Appstore ...) NOT-FOR-US: Mendix Forgot Password Appstore module CVE-2021-25671 @@ -6785,7 +6785,7 @@ CVE-2021-25669 CVE-2021-25668 RESERVED CVE-2021-25667 (A vulnerability has been identified in RUGGEDCOM RM1224 (All versions ...) - TODO: check + NOT-FOR-US: Siemens CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 80 ...) NOT-FOR-US: Siemens CVE-2021-25665 @@ -7915,7 +7915,7 @@ CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a pro CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) ...) NOT-FOR-US: i-doit CVE-2021-3150 (A cross-site scripting (XSS) vulnerability on the Delete Personal Data ...) - TODO: check + NOT-FOR-US: Cryptshare Server CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ ...) NOT-FOR-US: Netshield NANO devices CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5. Sending craft ...) @@ -10299,7 +10299,7 @@ CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessF CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook Gameroom d ...) NOT-FOR-US: Facebook Gameroom CVE-2021-24029 (A packet of death scenario is possible in mvfst via
[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1babc0a8 by Moritz Muehlenhoff at 2020-11-25T09:34:09+01:00 NFUs - - - - - b2204944 by Moritz Muehlenhoff at 2020-11-25T09:34:45+01:00 Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2020-29073 RESERVED CVE-2020-29072 (A Cross-Site Script Inclusion vulnerability was found on LiquidFiles b ...) - TODO: check + NOT-FOR-US: LiquidFiles CVE-2020-29071 (An XSS issue was found in the Shares feature of LiquidFiles before 3.3 ...) - TODO: check + NOT-FOR-US: LiquidFiles CVE-2020-29070 RESERVED CVE-2020-29069 (_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network ...) - TODO: check + NOT-FOR-US: Modern Honey Network CVE-2020-29068 RESERVED CVE-2020-29067 @@ -19,27 +19,27 @@ CVE-2020-29065 CVE-2020-29064 RESERVED CVE-2020-29063 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) - TODO: check + NOT-FOR-US: CDATA CVE-2020-29062 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) - TODO: check + NOT-FOR-US: CDATA CVE-2020-29061 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) - TODO: check + NOT-FOR-US: CDATA CVE-2020-29060 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) - TODO: check + NOT-FOR-US: CDATA CVE-2020-29059 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) - TODO: check + NOT-FOR-US: CDATA CVE-2020-29058 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) - TODO: check + NOT-FOR-US: CDATA CVE-2020-29057 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) - TODO: check + NOT-FOR-US: CDATA CVE-2020-29056 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) - TODO: check + NOT-FOR-US: CDATA CVE-2020-29055 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) - TODO: check + NOT-FOR-US: CDATA CVE-2020-29054 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) - TODO: check + NOT-FOR-US: CDATA CVE-2020-29053 (HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_da ...) - TODO: check + NOT-FOR-US: HRSALE CVE-2020-29052 RESERVED CVE-2020-29051 @@ -47,9 +47,9 @@ CVE-2020-29051 CVE-2020-29050 RESERVED CVE-2015-9551 (An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2015-9550 (An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2020-29049 RESERVED CVE-2020-29048 @@ -147,9 +147,9 @@ CVE-2020-29005 CVE-2020-29004 RESERVED CVE-2020-29003 (The PollNY extension for MediaWiki through 1.35 allows XSS via an answ ...) - TODO: check + NOT-FOR-US: PollNY MediaWiki extension CVE-2020-29002 (includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki ...) - TODO: check + NOT-FOR-US: CologneBlue MediaWiki skin CVE-2020-29001 RESERVED CVE-2020-29000 @@ -4241,7 +4241,7 @@ CVE-2020-28331 (Barco wePresent WiPG-1600W devices have Improper Access Control. CVE-2020-28330 (Barco wePresent WiPG-1600W devices have Unprotected Transport of Crede ...) NOT-FOR-US: Barco wePresent WiPG-1600W devices CVE-2020-28329 (Barco wePresent WiPG-1600W firmware includes a hardcoded API account a ...) - TODO: check + NOT-FOR-US: Barco wePresent WiPG-1600W devices CVE-2020-28328 (SuiteCRM before 7.11.17 is vulnerable to remote code execution via the ...) NOT-FOR-US: SuiteCRM CVE-2020-28327 (A res_pjsip_session crash was discovered in Asterisk Open Source 13.x ...) @@ -9443,11 +9443,11 @@ CVE-2020-26231 (October is a free, open-source, self-hosted CMS platform based o CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app for Spa ...) NOT-FOR-US: Radar COVID CVE-2020-26229 (TYPO3 is an open source PHP based web content management system. In TY ...) - TODO: check + NOT-FOR-US: TYPO3 CVE-2020-26228 (TYPO3 is an open source PHP based web content management system. In TY ...) - TODO: check + NOT-FOR-US: TYPO3 CVE-2020-26227 (TYPO3 is an open source PHP based web content management system. In TY ...) - TODO: check + NOT-FOR-US: TYPO3 CVE-2020-26226 (In the npm package semantic-release before version 17.2.3, secrets tha ...) NOT-FOR-US: semantic-release nodejs module CVE-2020-26225 (In
[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b110200c by Moritz Muehlenhoff at 2018-10-11T08:26:14Z NFUs - - - - - a5e68bbf by Moritz Muehlenhoff at 2018-10-11T08:30:26Z Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2018-18241 RESERVED CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a command to ...) - TODO: check + NOT-FOR-US: Pippo CVE-2018-18239 RESERVED CVE-2018-18238 @@ -107,7 +107,7 @@ CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: FineCms CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a ...) - TODO: check + NOT-FOR-US: GoPro gpmf-parser CVE-2018-18189 RESERVED CVE-2018-18188 @@ -384,9 +384,9 @@ CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write du CVE-2018-18063 RESERVED CVE-2018-18062 (An issue was discovered in dialog.php in tecrail Responsive ...) - TODO: check + NOT-FOR-US: tecrail Responsive FileManager CVE-2018-18061 (An issue was discovered in dialog.php in tecrail Responsive ...) - TODO: check + NOT-FOR-US: tecrail Responsive FileManager CVE-2018-18060 RESERVED CVE-2018-18059 @@ -737,7 +737,7 @@ CVE-2018-17927 CVE-2018-17926 RESERVED CVE-2018-17925 (Multiple instances of this vulnerability (Unsafe ActiveX Control ...) - TODO: check + NOT-FOR-US: Gigasoft CVE-2018-17924 RESERVED CVE-2018-17923 @@ -1056,7 +1056,7 @@ CVE-2018-17786 (On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.c CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal exists via ...) NOT-FOR-US: blynk-server in Blynk CVE-2018-17784 (Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM ...) - TODO: check + NOT-FOR-US: SugarCRM CVE-2018-17783 RESERVED CVE-2018-17782 @@ -2012,7 +2012,7 @@ CVE-2018-17339 CVE-2018-17338 (An issue has been found in pdfalto through 0.2. It is a heap-based ...) NOT-FOR-US: pdfalto CVE-2018-17337 (Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is ...) - TODO: check + NOT-FOR-US: Intelbras NPLUG CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log in ...) - udisks2 2.8.1-1 (bug #909607) [stretch] - udisks2 (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ec6e57e298da8b7e59421759a9fc678588671cd9...a5e68bbfc951e9c22e1f3fa1a1fd81fd3a585be7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ec6e57e298da8b7e59421759a9fc678588671cd9...a5e68bbfc951e9c22e1f3fa1a1fd81fd3a585be7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 9fde4232 by Moritz Muehlenhoff at 2018-09-06T13:19:06Z NFUs - - - - - 0a8fdcdd by Moritz Muehlenhoff at 2018-09-06T13:55:35Z Merge branch master of https://salsa.debian.org/security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,7 @@ CVE-2018-16554 CVE-2018-16553 RESERVED CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, ...) - TODO: check + NOT-FOR-US: MicroPyramid Django-CRM CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by ...) NOT-FOR-US: LavaLite CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass the ...) @@ -16,9 +16,9 @@ CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a m CVE-2018-16547 RESERVED CVE-2018-16546 (Amcrest networked devices use the same hardcoded SSL private key across ...) - TODO: check + NOT-FOR-US: Amcrest CVE-2018-16545 (Kaizen Asset Manager (Enterprise Edition) and Training Manager ...) - TODO: check + NOT-FOR-US: Kaizen Asset Manager CVE-2018-16544 RESERVED CVE-2018-16538 @@ -56,17 +56,17 @@ CVE-2018-16523 CVE-2018-16522 RESERVED CVE-2018-16521 (An XML External Entity (XXE) vulnerability exists in HTML Form Entry ...) - TODO: check + NOT-FOR-US: OpenMRS CVE-2018-16520 RESERVED CVE-2018-16519 RESERVED CVE-2018-16518 (A directory traversal vulnerability with remote code execution in ...) - TODO: check + NOT-FOR-US: Prim'X Zed! FREE CVE-2018-16517 RESERVED CVE-2018-16516 (helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. ...) - TODO: check + - python-flask-admin (bug #765509) CVE-2018-16514 RESERVED CVE-2018- [Interger overflow while running jhead] @@ -183,7 +183,7 @@ CVE-2018-1000672 CVE-2018-1000662 REJECTED CVE-2015-9266 (The web management interface of Ubiquiti airMAX, airFiber, airGateway ...) - TODO: check + NOT-FOR-US: Ubiquiti CVE-2018-16458 (An issue was discovered in baigo CMS v2.1.1. There is an ...) NOT-FOR-US: baigo CMS CVE-2018-16457 @@ -457,7 +457,7 @@ CVE-2018-16363 CVE-2018-16362 (An issue was discovered in the Source Integration plugin before 1.5.9 ...) NOT-FOR-US: Mantis plugin CVE-2018-16361 (An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS ...) - TODO: check + NOT-FOR-US: BTITeam XBTIT CVE-2018-16360 RESERVED CVE-2018-16359 (Google gVisor before 2018-08-23, within the seccomp sandbox, permits ...) @@ -586,7 +586,7 @@ CVE-2018-16309 CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2018-16307 (An Out-of-band resource load issue was discovered on Xiaomi MIWiFi ...) - TODO: check + NOT-FOR-US: Xiaomi CVE-2018-16306 RESERVED CVE-2018-16305 @@ -697,7 +697,7 @@ CVE-2018-16254 CVE-2018-16253 RESERVED CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has .elx FileType XML ...) - TODO: check + NOT-FOR-US: FsPro Labs Event Log Explorer CVE-2018-16251 RESERVED CVE-2018-16250 @@ -925,15 +925,15 @@ CVE-2018-16150 CVE-2018-16149 RESERVED CVE-2018-16148 (The diagnosticsb2ksy parameter of the /rest endpoint in Opsview ...) - TODO: check + NOT-FOR-US: Opsview Monitor CVE-2018-16147 (The data parameter of the /settings/api/router endpoint in Opsview ...) - TODO: check + NOT-FOR-US: Opsview Monitor CVE-2018-16146 (The web management console of Opsview Monitor 5.4.x before 5.4.2 ...) - TODO: check + NOT-FOR-US: Opsview Monitor CVE-2018-16145 (The /etc/init.d/opsview-reporting-module script that runs at boot time ...) - TODO: check + NOT-FOR-US: Opsview Monitor CVE-2018-16144 (The test connection functionality in the NetAudit section of Opsview ...) - TODO: check + NOT-FOR-US: Opsview Monitor CVE-2018-16143 RESERVED CVE-2018-16142 (PHPOK 4.8.278 has a Reflected XSS vulnerability in ...) @@ -1449,9 +1449,9 @@ CVE-2018-15921 CVE-2018-15920 RESERVED CVE-2018-15918 (An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) ...) - TODO: check + NOT-FOR-US: Jorani CVE-2018-15917 (Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow ...) - TODO: check + NOT-FOR-US: Jorani CVE-2018-15916 RESERVED CVE-2018-15915 @@ -2057,23 +2057,23 @@ CVE-2018-15686 CVE-2018-15685 (GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain ...) - electron (bug #842420) CVE-2018-15684 (An issue was discovered in BTITeam XBTIT. PHP error logs are stored in
[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: fbcc1760 by Moritz Muehlenhoff at 2018-07-14T20:41:35+02:00 NFUs - - - - - c4a9edfd by Moritz Muehlenhoff at 2018-07-14T20:44:48+02:00 imagemagick DSA - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -60,15 +60,15 @@ CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891 NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1119 CVE-2018-1000210 (YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object ...) - TODO: check + NOT-FOR-US: YamlDotNet CVE-2018-1000209 (Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a ...) - TODO: check + NOT-FOR-US: Sensu CVE-2018-1000208 (MODX Revolution version =2.6.4 contains a Directory Traversal ...) NOT-FOR-US: MODX Revolution CVE-2018-1000207 (MODX Revolution version =2.6.4 contains a Incorrect Access Control ...) NOT-FOR-US: MODX Revolution CVE-2018-1000206 (JFrog Artifactory version since 5.11 contains a Cross ite Request ...) - TODO: check + NOT-FOR-US: JFrog Artifactory CVE-2018-14054 (A double free exists in the MP4StringProperty class in mp4property.cpp ...) - mp4v2 NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/1 @@ -8611,7 +8611,7 @@ CVE-2018-10633 (Universal Robots Robot Controllers Version CB 3.1, SW Version .. CVE-2018-10632 RESERVED CVE-2018-10631 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician ...) - TODO: check + NOT-FOR-US: Medtronic CVE-2018-10630 RESERVED CVE-2018-10629 @@ -9976,7 +9976,7 @@ CVE-2018-10103 CVE-2018-10099 RESERVED CVE-2018-10098 (In MicroWorld eScan Internet Security Suite (ISS) for Business ...) - TODO: check + NOT-FOR-US: MicroWorld eScan CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php ...) NOT-FOR-US: Domain Trader CVE-2018-1000171 @@ -10212,7 +10212,7 @@ CVE-2018-9991 (Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username CVE-2018-9990 (In Zulip Server versions before 1.7.2, there was an XSS issue with ...) - zulip-server (bug #800052) CVE-2018-10018 (The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA ...) - TODO: check + NOT-FOR-US: GDASPAMLib.AntiSpam ActiveX control CVE-2018-10017 (soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before ...) - libopenmpt 0.3.8-1 (bug #895406) [stretch] - libopenmpt (Minor issue) @@ -12471,13 +12471,13 @@ CVE-2018-9072 CVE-2018-9071 RESERVED CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier than ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2018-9069 RESERVED CVE-2018-9068 RESERVED CVE-2018-9067 (The Lenovo Help Android app versions earlier than 6.1.2.0327 had ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2018-9066 RESERVED CVE-2018-9065 @@ -13076,7 +13076,7 @@ CVE-2018-8849 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician . CVE-2018-8848 RESERVED CVE-2018-8847 (Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer ...) - TODO: check + NOT-FOR-US: Eaton CVE-2018-8846 RESERVED CVE-2018-8845 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...) @@ -16551,7 +16551,7 @@ CVE-2018-7536 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before . NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/ NOTE: Patch https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16 CVE-2018-7535 (An issue was discovered in TotalAV v4.1.7. An unprivileged user could ...) - TODO: check + NOT-FOR-US: TotalAV CVE-2018-7534 (In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth ...) NOT-FOR-US: Stealth Authorization Server CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in OSIsoft PI ...) @@ -18332,7 +18332,7 @@ CVE-2018-6971 CVE-2018-6970 RESERVED CVE-2018-6969 (VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds ...) - TODO: check + NOT-FOR-US: VMware CVE-2018-6968 (The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent ...) NOT-FOR-US: VMware AirWatch Agent CVE-2018-6967 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x ...) @@ -34685,7 +34685,7 @@ CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x p CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...) NOT-FOR-US: Spring
[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 6f89170a by Moritz Muehlenhoff at 2018-06-30T13:16:02+02:00 NFUs - - - - - 7e316eeb by Moritz Muehlenhoff at 2018-06-30T13:16:29+02:00 gosa fixed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -967,7 +967,7 @@ CVE-2018-1000530 CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site Scripting ...) NOT-FOR-US: Grails Fields plugin CVE-2018-1000528 (GONICUS GOsa version before commit ...) - - gosa (low; bug #902723) + - gosa 2.7.4+reloaded3-5 (low; bug #902723) NOTE: https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001 NOTE: https://github.com/gosa-project/gosa-core/issues/14 CVE-2018-1000527 (Froxlor version = 0.9.39.5 contains a PHP Object Injection ...) @@ -38566,49 +38566,49 @@ CVE-2017-16212 (ltt is a static file server. ltt is vulnerable to a directory .. CVE-2017-16211 (lessindex is a static file server. lessindex is vulnerable to a ...) NOT-FOR-US: lessindex CVE-2017-16210 (jn_jj_server is a static file server. jn_jj_server is vulnerable to a ...) - TODO: check + NOT-FOR-US: jn_jj_server CVE-2017-16209 (enserver is a simple web server. enserver is vulnerable to a directory ...) - TODO: check + NOT-FOR-US: enserver CVE-2017-16208 (dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a ...) - TODO: check + NOT-FOR-US: dmmcquay.lab6 CVE-2017-16207 (discordi.js is a malicious module based on the discord.js library that ...) - TODO: check + NOT-FOR-US: discordi.js CVE-2017-16206 (The cofee-script module exfiltrates sensitive data such as a user's ...) - TODO: check + NOT-FOR-US: cofee-script CVE-2017-16205 (The coffescript module exfiltrates sensitive data such as a user's ...) - TODO: check + NOT-FOR-US: coffescript CVE-2017-16204 (The jquey module exfiltrates sensitive data such as a user's private ...) - TODO: check + NOT-FOR-US: jquey CVE-2017-16203 (The coffe-script module exfiltrates sensitive data such as a user's ...) - TODO: check + NOT-FOR-US: coffe-script CVE-2017-16202 (The cofeescript module exfiltrates sensitive data such as a user's ...) - TODO: check + NOT-FOR-US: cofeescript CVE-2017-16201 (zjjserver is a static file server. zjjserver is vulnerable to a ...) - TODO: check + NOT-FOR-US: zjjserver CVE-2017-16200 (uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a ...) - TODO: check + NOT-FOR-US: uv-tj-demo CVE-2017-16199 (susu-sum is a static file server. susu-sum is vulnerable to a ...) - TODO: check + NOT-FOR-US: sus-sum CVE-2017-16198 (ritp is a static web server. ritp is vulnerable to a directory ...) - TODO: check + NOT-FOR-US: ritp CVE-2017-16197 (qinserve is a static file server. qinserve is vulnerable to a ...) - TODO: check + NOT-FOR-US: sinserve CVE-2017-16196 (quickserver is a simple static file server. quickserver is vulnerable ...) - TODO: check + NOT-FOR-US: quickserver CVE-2017-16195 (pytservce is a static file server. pytservce is vulnerable to a ...) - TODO: check + NOT-FOR-US: pytservce CVE-2017-16194 (picard is a micro framework. picard is vulnerable to a directory ...) - TODO: check + NOT-FOR-US: picard CVE-2017-16193 (mfrs is a static file server. mfrs is vulnerable to a directory ...) - TODO: check + NOT-FOR-US: mfrs CVE-2017-16192 (getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is ...) - TODO: check + NOT-FOR-US: getcityapi.yoehoehne CVE-2017-16191 (cypserver is a static file server. cypserver is vulnerable to a ...) - TODO: check + NOT-FOR-US: cypserver CVE-2017-16190 (dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a ...) - TODO: check + NOT-FOR-US: dcdcdcdcdc CVE-2017-16189 (sly07 is an API for censoring text. sly07 is vulnerable to a directory ...) - TODO: check + NOT-FOR-US: sly07 CVE-2017-16188 (reecerver is a web server. reecerver is vulnerable to a directory ...) TODO: check CVE-2017-16187 (open-device creates a web interface for any device. open-device is ...) @@ -76115,11 +76115,11 @@ CVE-2017-3964 (Reflective Cross-Site Scripting (XSS) vulnerability in the web .. CVE-2017-3963 REJECTED CVE-2017-3962 (Password recovery exploitation vulnerability in the ...) - TODO: check + NOT-FOR-US: McAfee CVE-2017-3961 (Cross-Site Scripting (XSS) vulnerability in the web interface in ...) NOT-FOR-US: McAfee CVE-2017-3960 (Exploitation of Authorization vulnerability in the web interface in ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: ae4bfd3e by Moritz Muehlenhoff at 2018-06-27T21:52:52+02:00 NFUs - - - - - d471b849 by Moritz Muehlenhoff at 2018-06-27T21:53:23+02:00 Merge branch master of salsa.debian.org:security-tracker-team/security-tracker - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -3,9 +3,9 @@ CVE-2018-12904 [KVM L1 guest escape] NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1589 NOTE: https://github.com/torvalds/linux/commit/727ba748e110b4de50d142edca9d6a9b7e6111d8 CVE-2018-12903 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity) ...) - TODO: check + NOT-FOR-US: CyberArk Endpoint Privilege Manager CVE-2018-12902 (In Easy Magazine through 2012-10-26, there is XSS in the search bar of ...) - TODO: check + NOT-FOR-US: Easy Magazine CVE-2018-12901 RESERVED CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf function in ...) @@ -31,7 +31,7 @@ CVE-2018-12891 CVE-2018-12890 RESERVED CVE-2018-12889 (An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer ...) - TODO: check + NOT-FOR-US: CCN-lite CVE-2018-12888 RESERVED CVE-2018-12887 @@ -41,7 +41,7 @@ CVE-2018-12886 CVE-2018-12885 RESERVED CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user ...) - TODO: check + NOT-FOR-US: Octopus Deploy CVE-2018-1000205 (U-Boot contains a CWE-20: Improper Input Validation vulnerability in ...) TODO: check CVE-2018- [grep-excuses: uses YAML::Syck in a unsafe way] @@ -423,9 +423,9 @@ CVE-2018-12713 (GIMP through 2.10.2 makes g_get_tmp_dir calls to establish tempo NOTE: https://gitlab.gnome.org/GNOME/gimp/issues/1689 NOTE: No security impact CVE-2018-12712 (An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2018-12711 (An XSS issue was discovered in the language switcher module in Joomla! ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2018-12710 RESERVED CVE-2016-10724 @@ -610,21 +610,21 @@ CVE-2018-1000556 (WordPress version 4.8 + contains a Cross Site Scripting (XSS) CVE-2018-1000555 REJECTED CVE-2018-1000554 (Trovebox version = 4.0.0-rc6 contains a Unsafe password reset token ...) - TODO: check + NOT-FOR-US: Trovebox CVE-2018-1000553 (Trovebox version = 4.0.0-rc6 contains a Server-Side request forgery ...) - TODO: check + NOT-FOR-US: Trovebox CVE-2018-1000552 (Trovebox version = 4.0.0-rc6 contains a SQL Injection vulnerability ...) - TODO: check + NOT-FOR-US: Trovebox CVE-2018-1000551 (Trovebox version = 4.0.0-rc6 contains a PHP Type juggling ...) - TODO: check + NOT-FOR-US: Trovebox CVE-2018-1000550 (The Sympa Community Sympa version prior to version 6.2.32 contains a ...) TODO: check CVE-2018-1000549 (Wekan version 1.04.0 contains a Email / Username Enumeration ...) - TODO: check + NOT-FOR-US: Wekan CVE-2018-1000548 (Umlet version 14.3 contains a XML External Entity (XXE) ...) - TODO: check + NOT-FOR-US: Umlet CVE-2018-1000547 (coreBOS version 7.0 and earlier contains a Incorrect Access Control ...) - TODO: check + NOT-FOR-US: CoreBOS CVE-2018-1000546 (Triplea version = 1.9.0.0.10291 contains a XML External Entity (XXE) ...) TODO: check CVE-2018-1000545 @@ -632,31 +632,31 @@ CVE-2018-1000545 CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory ...) TODO: check CVE-2018-1000543 (Akiee version 0.0.3 contains a XSS leading to code execution due to ...) - TODO: check + NOT-FOR-US: Akiee CVE-2018-1000542 (netbeans-mmd-plugin version = 1.4.3 contains a XML External Entity ...) - TODO: check + NOT-FOR-US: netbeans-mmd-plugin CVE-2018-1000541 REJECTED CVE-2018-1000540 (LoboEvolution version 9b75694cedfa4825d4a2330abf2719d470c654cd ...) - TODO: check + NOT-FOR-US: LoboEvolution CVE-2018-1000539 (Nov json-jwt version = 0.5.0 1.9.4 contains a CWE-347: Improper ...) TODO: check CVE-2018-1000538 (Minio Inc. Minio S3 server version prior to ...) - TODO: check + NOT-FOR-US: Minion CVE-2018-1000537 (Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer ...) - TODO: check + NOT-FOR-US: Marlin CVE-2018-1000536 (Medis version 0.6.1 and earlier contains a XSS vulnerability evolving ...) - TODO: check + NOT-FOR-US: Media CVE-2018-1000535 (lms version = LMS_011123 contains a Local File Disclosure ...) - TODO: check + NOT-FOR-US: lms CVE-2018-1000534 (Joplin version prior to 1.0.90
[Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 48b4aae9 by Moritz Muehlenhoff at 2018-06-22T22:54:43+02:00 NFUs - - - - - 34cee06d by Moritz Muehlenhoff at 2018-06-22T22:59:42+02:00 add slurm-llnl to dsa-needed - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: = data/CVE/list = --- a/data/CVE/list +++ b/data/CVE/list @@ -1,13 +1,13 @@ CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. ...) - TODO: check + NOT-FOR-US: tinyexr CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h. ...) - TODO: check + NOT-FOR-US: tinyexr CVE-2018-12686 RESERVED CVE-2018-12685 RESERVED CVE-2018-12684 (Out-of-bounds Read in the send_ssi_file function in civetweb.c in ...) - TODO: check + NOT-FOR-US: CivetWeb CVE-2018-12683 RESERVED CVE-2018-12682 @@ -19,7 +19,7 @@ CVE-2018-12680 CVE-2018-12679 RESERVED CVE-2018-12678 (Portainer before 1.18.0 supports unauthenticated requests to the ...) - TODO: check + NOT-FOR-US: Portainer CVE-2018-12677 RESERVED CVE-2018-12676 @@ -57,17 +57,17 @@ CVE-2018-12661 CVE-2018-12660 RESERVED CVE-2018-12659 (SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF ...) - TODO: check + NOT-FOR-US: SLiMS 8 Akasia CVE-2018-12658 (Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in ...) - TODO: check + NOT-FOR-US: SLiMS 8 Akasia CVE-2018-12657 (Reflected Cross-Site Scripting (XSS) exists in the Master File module ...) - TODO: check + NOT-FOR-US: SLiMS 8 Akasia CVE-2018-12656 (Reflected Cross-Site Scripting (XSS) exists in the Membership module in ...) - TODO: check + NOT-FOR-US: SLiMS 8 Akasia CVE-2018-12655 (Reflected Cross-Site Scripting (XSS) exists in the Circulation module ...) - TODO: check + NOT-FOR-US: SLiMS 8 Akasia CVE-2018-12654 (Reflected Cross-Site Scripting (XSS) exists in the Bibliography module ...) - TODO: check + NOT-FOR-US: SLiMS 8 Akasia CVE-2018-12653 RESERVED CVE-2018-12652 @@ -77,7 +77,7 @@ CVE-2018-12651 CVE-2018-12650 RESERVED CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php in MISP ...) - TODO: check + NOT-FOR-US: MISP CVE-2018-12648 (The WEBP::GetLE32 function in ...) TODO: check CVE-2018-12647 @@ -91,7 +91,7 @@ CVE-2018-12644 CVE-2018-12643 RESERVED CVE-2018-12642 (Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not ...) - TODO: check + NOT-FOR-US: Floxlor CVE-2018-12641 (An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as ...) TODO: check CVE-2018-12640 @@ -225,7 +225,7 @@ CVE-2018-1000404 CVE-2018-12637 RESERVED CVE-2018-12636 (The iThemes Security (better-wp-security) plugin before 7.0.3 for ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2018-12635 (CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to ...) NOT-FOR-US: CirCarLife Scada CVE-2018-12634 (CirCarLife Scada v4.2.4 allows remote attackers to obtain sensitive ...) = data/dsa-needed.txt = --- a/data/dsa-needed.txt +++ b/data/dsa-needed.txt @@ -70,6 +70,8 @@ ruby-rack-protection (jmm) - ruby-sprockets -- +slurm-llnl +-- sssd Maintainer prepared an update and proposed debdiff, acked for upload, but update needs further testing before release. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7005065cf71562ebe0f54190bc6f6d96ed1e6e58...34cee06de1a87bc64daac4118e389c4262549d1d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/7005065cf71562ebe0f54190bc6f6d96ed1e6e58...34cee06de1a87bc64daac4118e389c4262549d1d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits