Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c216b74a by Moritz Muehlenhoff at 2019-02-17T20:55:33Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2019-8413 (On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer
...)
- TODO: check
+ NOT-FOR-US: Xiaomi
CVE-2019-8412 (FeiFeiCms 4.0.181010 on Windows allows remote attackers to read
or ...)
- TODO: check
+ NOT-FOR-US: FeiFeiCms
CVE-2019-8411 (admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: zzcms
CVE-2019-8410
RESERVED
CVE-2019-8409
RESERVED
CVE-2019-8408 (OneFileCMS 3.6.13 allows remote attackers to modify
onefilecms.php by ...)
- TODO: check
+ NOT-FOR-US: OneFileCMS
CVE-2019-8407 (HongCMS 3.0.0 allows arbitrary file read and write operations
via a ../ ...)
- TODO: check
+ NOT-FOR-US: HongCMS
CVE-2019-8406
RESERVED
CVE-2019-8405
@@ -23,13 +23,13 @@ CVE-2019-8403
CVE-2019-8402
RESERVED
CVE-2018-20782 (The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN
messages. ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x
before ...)
TODO: check
CVE-2019-8401
RESERVED
CVE-2019-8400 (ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the
...)
- TODO: check
+ NOT-FOR-US: ORY Hydra
CVE-2019-8399
RESERVED
CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There
is an out ...)
@@ -49,7 +49,7 @@ CVE-2019-8395 (An Insecure Direct Object Reference (IDOR)
vulnerability exists i
CVE-2019-8394 (Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build
10012 allows ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2019-8393 (Hotels_Server through 2018-11-05 has SQL Injection via the API
because ...)
- TODO: check
+ NOT-FOR-US: Hotels_Server
CVE-2019-8392 (An issue was discovered on D-Link DIR-823G devices with
firmware ...)
NOT-FOR-US: D-Link
CVE-2019-8391
@@ -57,7 +57,7 @@ CVE-2019-8391
CVE-2019-8390
RESERVED
CVE-2019-8389 (A file-read vulnerability was identified in the Wi-Fi transfer
feature ...)
- TODO: check
+ NOT-FOR-US: Musicloud
CVE-2019-8388
RESERVED
CVE-2019-8387
@@ -69,7 +69,7 @@ CVE-2019-8385
CVE-2019-8384
RESERVED
CVE-2019-8383 (An issue was discovered in AdvanceCOMP before 2.1. An invalid
memory ...)
- TODO: check
+ NOT-FOR-US: AdvanceCOMP
CVE-2019-8382 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer
dereference ...)
NOT-FOR-US: Bento4
CVE-2019-8381 (An issue was discovered in Tcpreplay 4.3.1. An invalid memory
access ...)
@@ -77,7 +77,7 @@ CVE-2019-8381 (An issue was discovered in Tcpreplay 4.3.1. An
invalid memory acc
CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer
dereference ...)
NOT-FOR-US: Bento4
CVE-2019-8379 (An issue was discovered in AdvanceCOMP before 2.1. A NULL
pointer ...)
- TODO: check
+ NOT-FOR-US: AdvanceCOMP
CVE-2019-8378 (An issue was discovered in Bento4 1.5.1-628. A heap-based
buffer ...)
NOT-FOR-US: Bento4
CVE-2019-8377 (An issue was discovered in Tcpreplay 4.3.1. A NULL pointer
dereference ...)
@@ -109,17 +109,17 @@ CVE-2019-8365
CVE-2019-8364
RESERVED
CVE-2019-8363 (Verydows 2.0 has XSS via the index.php?c=main a parameter, as
...)
- TODO: check
+ NOT-FOR-US: Verydows
CVE-2019-8362 (DedeCMS through V5.7SP2 allows arbitrary file upload in ...)
NOT-FOR-US: DedeCMS
CVE-2019-8361 (PHP Scripts Mall Responsive Video News Script has XSS via the
Search ...)
NOT-FOR-US: PHP Scripts Mall Responsive Video News Script
CVE-2019-8360 (Themerig Find a Place CMS Directory 1.5 has SQL Injection via
the ...)
- TODO: check
+ NOT-FOR-US: Themerig Find a Place CMS Directory
CVE-2019-8359
RESERVED
CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do
directory ...)
- TODO: check
+ NOT-FOR-US: Hiawatha
CVE-2019-8357 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in
effect_i_dsp.c ...)
- sox <unfixed>
NOTE: https://sourceforge.net/p/sox/bugs/318
@@ -149,7 +149,7 @@ CVE-2019-8347 (BEESCMS 4.0 has a CSRF vulnerability to add
arbitrary VIP account
CVE-2019-8346
RESERVED
CVE-2019-8345 (The Help feature in the ES File Explorer File Manager
application ...)
- TODO: check
+ NOT-FOR-US: ES File Explorer File Manager
CVE-2019-8344
RESERVED
CVE-2019-8343 (In Netwide Assembler (NASM) 2.14.02, there is a use-after-free
in ...)
@@ -20880,7 +20880,7 @@ CVE-2019-0267 (SAP Manufacturing Integration and
Intelligence, versions 15.0, 15
CVE-2019-0266 (Under certain conditions SAP HANA Extended Application
Services, ...)
NOT-FOR-US: SAP
CVE-2019-0265 (SLD Registration of ABAP Platform allows an attacker to prevent
...)
- TODO: check
+ NOT-FOR-US: ABAP Platform
CVE-2019-0264
RESERVED
CVE-2019-0263
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c216b74a73e9298cca3363e59b3bbfe6c09018dc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/c216b74a73e9298cca3363e59b3bbfe6c09018dc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
