Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 4ffe8a8d by Moritz Muehlenhoff at 2019-02-05T09:03:02Z NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -26,13 +26,13 @@ CVE-2019-7392 CVE-2019-7391 RESERVED CVE-2019-7390 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices with ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-7389 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices with ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-7388 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices with ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-7387 (A local file inclusion vulnerability exists in the web interface of ...) - TODO: check + NOT-FOR-US: Systrome CVE-2019-7386 RESERVED CVE-2019-7385 @@ -96,11 +96,11 @@ CVE-2019-7357 CVE-2019-7356 RESERVED CVE-2019-1000024 (OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a ...) - TODO: check + NOT-FOR-US: OPT/NET BV CVE-2019-1000023 (OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) ...) - TODO: check + NOT-FOR-US: OPT/NET BV CVE-2019-1000022 (Taoensso Sente version Prior to version 1.14.0 contains a Cross Site ...) - TODO: check + NOT-FOR-US: Taoensso Sente CVE-2019-1000021 (slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 ...) TODO: check CVE-2019-1000020 (libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 ...) @@ -122,7 +122,7 @@ CVE-2019-1000012 (Hex package manager version 0.14.0 through 0.18.2 contains a S CVE-2019-1000011 (API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access ...) TODO: check CVE-2019-1000010 (phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting ...) - TODO: check + NOT-FOR-US: phpIPAM CVE-2019-1000009 (Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: ...) TODO: check CVE-2019-1000008 (All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains a ...) @@ -130,33 +130,33 @@ CVE-2019-1000008 (All versions of Helm between Helm >=2.0.0 and < 2.12.2 c CVE-2019-1000007 (aioxmpp version 0.10.2 and earlier contains a Improper Handling of ...) TODO: check CVE-2019-1000006 (RIOT RIOT-OS version after commit ...) - TODO: check + NOT-FOR-US: RIOT RIOT-OS CVE-2019-1000005 (mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of ...) TODO: check CVE-2019-1000004 (yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross ...) - TODO: check + NOT-FOR-US: yugandhargangu JspMyAdmin2 CVE-2019-1000003 (MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery ...) - TODO: check + NOT-FOR-US: Wordpress plugin CVE-2019-1000002 (Gitea version 1.6.2 and earlier contains a Incorrect Access Control ...) TODO: check CVE-2019-1000001 (TeamPass version 2.1.27 and earlier contains a Storing Passwords in a ...) - TODO: check + NOT-FOR-US: TeamPass CVE-2018-20753 (Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 ...) - TODO: check + NOT-FOR-US: Kaseya VSA RMM CVE-2018-20752 (An issue was discovered in Recon-ng before 4.9.5. Lack of validation in ...) TODO: check CVE-2018-1000999 (Fastnet SA MailCleaner version 2018092601 contains a Command Injection ...) - TODO: check + NOT-FOR-US: Fastnet SA MailCleaner CVE-2018-1000998 (FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) ...) TODO: check CVE-2017-18362 (ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is ...) - TODO: check + NOT-FOR-US: ConnectWise ManagedITSync CVE-2016-1000282 RESERVED CVE-2016-1000276 (Audacity version 2.1.2 is vulnerable to DLL Hijack, it tries to load ...) TODO: check CVE-2016-1000271 (Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / ...) - TODO: check + NOT-FOR-US: Joomla extension CVE-2019-7355 RESERVED CVE-2019-7354 @@ -250,7 +250,7 @@ CVE-2019-7325 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through CVE-2019-7324 (app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination ...) - kanboard <itp> (bug #790814) CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0 does not ...) - TODO: check + NOT-FOR-US: LightySoft LogMX CVE-2019-7322 RESERVED CVE-2019-7321 @@ -270,7 +270,7 @@ CVE-2019-7317 (png_image_free in png.c in libpng 1.6.36 has a use-after-free bec NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803 NOTE: https://github.com/glennrp/libpng/issues/275 CVE-2019-7316 (An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The ...) - TODO: check + NOT-FOR-US: CSS-TRICKS Chat2 CVE-2019-7315 RESERVED CVE-2019-7314 (liblivemedia in Live555 before 2019.02.03 mishandles the termination of ...) @@ -284,7 +284,7 @@ CVE-2019-7313 (www/resource.py in Buildbot before 1.8.1 allows CRLF injection in NOTE: https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code NOTE: https://github.com/buildbot/buildbot/pull/4584/files#diff-a2e7e3ee5f6a1d3cd9c6abf0328c21e0 CVE-2019-7312 (Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows ...) - TODO: check + NOT-FOR-US: PRIMX Zed Enterprise CVE-2019-7311 RESERVED CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer ...) @@ -422,7 +422,7 @@ CVE-2019-7251 CVE-2019-7250 (An issue was discovered in the Cross Reference Add-on 36 for Google ...) NOT-FOR-US: Cross Reference Add-on for Google Docs CVE-2019-7249 (In Keybase before 2.12.6 on macOS, the move RPC to the Helper was ...) - TODO: check + NOT-FOR-US: Keybase on MacOS CVE-2019-7283 (An issue was discovered in rcp in NetKit through 0.17. For an rcp ...) - netkit-rsh 0.17-20 (bug #920486) [stretch] - netkit-rsh <no-dsa> (Minor issue) @@ -496,7 +496,7 @@ CVE-2019-7218 CVE-2019-7217 RESERVED CVE-2019-7216 (An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi ...) - TODO: check + NOT-FOR-US: FileChucker CVE-2019-7215 RESERVED CVE-2019-7214 @@ -7542,7 +7542,7 @@ CVE-2019-4040 (IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This ... CVE-2019-4039 RESERVED CVE-2019-4038 (IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to ...) - TODO: check + NOT-FOR-US: IBM CVE-2019-4037 RESERVED CVE-2019-4036 @@ -7792,11 +7792,11 @@ CVE-2019-3915 CVE-2019-3914 RESERVED CVE-2019-3913 (Command manipulation in LabKey Server Community Edition before ...) - TODO: check + NOT-FOR-US: LabKey Server CVE-2019-3912 (An open redirect vulnerability in LabKey Server Community Edition ...) - TODO: check + NOT-FOR-US: LabKey Server CVE-2019-3911 (Reflected cross-site scripting (XSS) vulnerability in LabKey Server ...) - TODO: check + NOT-FOR-US: LabKey Server CVE-2019-3910 (Crestron AM-100 before firmware version 1.6.0.2 contains an ...) NOT-FOR-US: Creston CVE-2019-3909 (Premisys Identicard version 3.1.190 database uses default credentials. ...) @@ -8458,7 +8458,7 @@ CVE-2019-3606 CVE-2019-3605 RESERVED CVE-2019-3604 (Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) ...) - TODO: check + NOT-FOR-US: McAfee CVE-2019-3603 RESERVED CVE-2019-3602 @@ -15085,7 +15085,7 @@ CVE-2018-19860 CVE-2018-19859 (OpenRefine before 3.5 allows directory traversal via a relative ...) NOT-FOR-US: OpenRefine CVE-2018-19858 (PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack ...) - TODO: check + NOT-FOR-US: PrinceXML CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player ...) {DSA-4366-1} - vlc 3.0.4-4 (bug #915760) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ffe8a8deaeb00f5038898c4177a723384c86b48 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4ffe8a8deaeb00f5038898c4177a723384c86b48 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits