Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4ffe8a8d by Moritz Muehlenhoff at 2019-02-05T09:03:02Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26,13 +26,13 @@ CVE-2019-7392
CVE-2019-7391
RESERVED
CVE-2019-7390 (An issue was discovered in /bin/goahead on D-Link DIR-823G
devices with ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-7389 (An issue was discovered in /bin/goahead on D-Link DIR-823G
devices with ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-7388 (An issue was discovered in /bin/goahead on D-Link DIR-823G
devices with ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-7387 (A local file inclusion vulnerability exists in the web
interface of ...)
- TODO: check
+ NOT-FOR-US: Systrome
CVE-2019-7386
RESERVED
CVE-2019-7385
@@ -96,11 +96,11 @@ CVE-2019-7357
CVE-2019-7356
RESERVED
CVE-2019-1000024 (OPT/NET BV NG-NetMS version v3.6-2 and earlier versions
contains a ...)
- TODO: check
+ NOT-FOR-US: OPT/NET BV
CVE-2019-1000023 (OPT/NET BV OPTOSS Next Gen Network Management System
(NG-NetMS) ...)
- TODO: check
+ NOT-FOR-US: OPT/NET BV
CVE-2019-1000022 (Taoensso Sente version Prior to version 1.14.0 contains a
Cross Site ...)
- TODO: check
+ NOT-FOR-US: Taoensso Sente
CVE-2019-1000021 (slixmpp version before commit
7cd73b594e8122dddf847953fcfc85ab4d316416 ...)
TODO: check
CVE-2019-1000020 (libarchive version commit
5a98dcf8a86364b3c2c469c85b93647dfb139961 ...)
@@ -122,7 +122,7 @@ CVE-2019-1000012 (Hex package manager version 0.14.0
through 0.18.2 contains a S
CVE-2019-1000011 (API Platform version from 2.2.0 to 2.3.5 contains an
Incorrect Access ...)
TODO: check
CVE-2019-1000010 (phpIPAM version 1.3.2 and earlier contains a Cross Site
Scripting ...)
- TODO: check
+ NOT-FOR-US: phpIPAM
CVE-2019-1000009 (Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains
a CWE-22: ...)
TODO: check
CVE-2019-1000008 (All versions of Helm between Helm >=2.0.0 and < 2.12.2
contains a ...)
@@ -130,33 +130,33 @@ CVE-2019-1000008 (All versions of Helm between Helm
>=2.0.0 and < 2.12.2 c
CVE-2019-1000007 (aioxmpp version 0.10.2 and earlier contains a Improper
Handling of ...)
TODO: check
CVE-2019-1000006 (RIOT RIOT-OS version after commit ...)
- TODO: check
+ NOT-FOR-US: RIOT RIOT-OS
CVE-2019-1000005 (mPDF version 7.1.7 and earlier contains a CWE-502:
Deserialization of ...)
TODO: check
CVE-2019-1000004 (yugandhargangu JspMyAdmin2 version 1.0.6 and earlier
contains a Cross ...)
- TODO: check
+ NOT-FOR-US: yugandhargangu JspMyAdmin2
CVE-2019-1000003 (MapSVG MapSVG Lite version 3.2.3 contains a Cross Site
Request Forgery ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-1000002 (Gitea version 1.6.2 and earlier contains a Incorrect Access
Control ...)
TODO: check
CVE-2019-1000001 (TeamPass version 2.1.27 and earlier contains a Storing
Passwords in a ...)
- TODO: check
+ NOT-FOR-US: TeamPass
CVE-2018-20753 (Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and
R9.5 ...)
- TODO: check
+ NOT-FOR-US: Kaseya VSA RMM
CVE-2018-20752 (An issue was discovered in Recon-ng before 4.9.5. Lack of
validation in ...)
TODO: check
CVE-2018-1000999 (Fastnet SA MailCleaner version 2018092601 contains a Command
Injection ...)
- TODO: check
+ NOT-FOR-US: Fastnet SA MailCleaner
CVE-2018-1000998 (FreeBSD CVSweb version 2.x contains a Cross Site Scripting
(XSS) ...)
TODO: check
CVE-2017-18362 (ConnectWise ManagedITSync integration through 2017 for Kaseya
VSA is ...)
- TODO: check
+ NOT-FOR-US: ConnectWise ManagedITSync
CVE-2016-1000282
RESERVED
CVE-2016-1000276 (Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries
to load ...)
TODO: check
CVE-2016-1000271 (Joomla extension DT Register version before 3.1.12 (Joomla
3.x) / ...)
- TODO: check
+ NOT-FOR-US: Joomla extension
CVE-2019-7355
RESERVED
CVE-2019-7354
@@ -250,7 +250,7 @@ CVE-2019-7325 (Reflected Cross Site Scripting (XSS) exists
in ZoneMinder through
CVE-2019-7324 (app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in
pagination ...)
- kanboard <itp> (bug #790814)
CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0
does not ...)
- TODO: check
+ NOT-FOR-US: LightySoft LogMX
CVE-2019-7322
RESERVED
CVE-2019-7321
@@ -270,7 +270,7 @@ CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has
a use-after-free bec
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
NOTE: https://github.com/glennrp/libpng/issues/275
CVE-2019-7316 (An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05.
The ...)
- TODO: check
+ NOT-FOR-US: CSS-TRICKS Chat2
CVE-2019-7315
RESERVED
CVE-2019-7314 (liblivemedia in Live555 before 2019.02.03 mishandles the
termination of ...)
@@ -284,7 +284,7 @@ CVE-2019-7313 (www/resource.py in Buildbot before 1.8.1
allows CRLF injection in
NOTE:
https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code
NOTE:
https://github.com/buildbot/buildbot/pull/4584/files#diff-a2e7e3ee5f6a1d3cd9c6abf0328c21e0
CVE-2019-7312 (Limited plaintext disclosure exists in PRIMX Zed Entreprise for
Windows ...)
- TODO: check
+ NOT-FOR-US: PRIMX Zed Enterprise
CVE-2019-7311
RESERVED
CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an
integer ...)
@@ -422,7 +422,7 @@ CVE-2019-7251
CVE-2019-7250 (An issue was discovered in the Cross Reference Add-on 36 for
Google ...)
NOT-FOR-US: Cross Reference Add-on for Google Docs
CVE-2019-7249 (In Keybase before 2.12.6 on macOS, the move RPC to the Helper
was ...)
- TODO: check
+ NOT-FOR-US: Keybase on MacOS
CVE-2019-7283 (An issue was discovered in rcp in NetKit through 0.17. For an
rcp ...)
- netkit-rsh 0.17-20 (bug #920486)
[stretch] - netkit-rsh <no-dsa> (Minor issue)
@@ -496,7 +496,7 @@ CVE-2019-7218
CVE-2019-7217
RESERVED
CVE-2019-7216 (An issue was discovered in FileChucker 4.99e-free-e02.
filechucker.cgi ...)
- TODO: check
+ NOT-FOR-US: FileChucker
CVE-2019-7215
RESERVED
CVE-2019-7214
@@ -7542,7 +7542,7 @@ CVE-2019-4040 (IBM I 7.2 and 7.3 is vulnerable to
cross-site scripting. This ...
CVE-2019-4039
RESERVED
CVE-2019-4038 (IBM Security Identity Manager 6.0 and 7.0 could allow an
attacker to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4037
RESERVED
CVE-2019-4036
@@ -7792,11 +7792,11 @@ CVE-2019-3915
CVE-2019-3914
RESERVED
CVE-2019-3913 (Command manipulation in LabKey Server Community Edition before
...)
- TODO: check
+ NOT-FOR-US: LabKey Server
CVE-2019-3912 (An open redirect vulnerability in LabKey Server Community
Edition ...)
- TODO: check
+ NOT-FOR-US: LabKey Server
CVE-2019-3911 (Reflected cross-site scripting (XSS) vulnerability in LabKey
Server ...)
- TODO: check
+ NOT-FOR-US: LabKey Server
CVE-2019-3910 (Crestron AM-100 before firmware version 1.6.0.2 contains an ...)
NOT-FOR-US: Creston
CVE-2019-3909 (Premisys Identicard version 3.1.190 database uses default
credentials. ...)
@@ -8458,7 +8458,7 @@ CVE-2019-3606
CVE-2019-3605
RESERVED
CVE-2019-3604 (Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO
(legacy) ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3603
RESERVED
CVE-2019-3602
@@ -15085,7 +15085,7 @@ CVE-2018-19860
CVE-2018-19859 (OpenRefine before 3.5 allows directory traversal via a
relative ...)
NOT-FOR-US: OpenRefine
CVE-2018-19858 (PrinceXML, versions 10 and below, is vulnerable to XXE due to
the lack ...)
- TODO: check
+ NOT-FOR-US: PrinceXML
CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media
player ...)
{DSA-4366-1}
- vlc 3.0.4-4 (bug #915760)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ffe8a8deaeb00f5038898c4177a723384c86b48
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ffe8a8deaeb00f5038898c4177a723384c86b48
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
