Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fe9faa6d by Salvatore Bonaccorso at 2019-06-07T08:46:05Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger
touchscreen anoma ...)
- TODO: check
+ NOT-FOR-US: Xiaomi Mi 5s Plus devices
CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via
crafted ...)
- pyxdg <unfixed> (bug #930099)
[stretch] - pyxdg <no-dsa> (Minor issue)
@@ -563,7 +563,7 @@ CVE-2019-12494 (In Gardener before 0.20.0, incorrect access
control in seed clus
CVE-2019-12493 (A stack-based buffer over-read exists in
PostScriptFunction::transform ...)
TODO: check
CVE-2019-12492 (Gallagher Command Centre before 7.80.939, 7.90.x before
7.90.961, and ...)
- TODO: check
+ NOT-FOR-US: Gallagher Command Centre
CVE-2019-12491
RESERVED
CVE-2019-12490
@@ -2945,7 +2945,7 @@ CVE-2019-11525
CVE-2019-11524
RESERVED
CVE-2019-11523 (Anviz Global M3 Outdoor RFID Access Control executes any
command recei ...)
- TODO: check
+ NOT-FOR-US: Anviz Global M3 Outdoor RFID Access Control
CVE-2019-11522
RESERVED
CVE-2019-11521
@@ -4358,7 +4358,7 @@ CVE-2019-10983
CVE-2019-10982
RESERVED
CVE-2019-10981 (In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40,
a vulner ...)
- TODO: check
+ NOT-FOR-US: AVEVA
CVE-2019-10980
RESERVED
CVE-2019-10979
@@ -7054,7 +7054,7 @@ CVE-2019-9892 (An issue was discovered in Open Ticket
Request System (OTRS) 5.x
NOTE: OTRS 5:
https://github.com/OTRS/otrs/commit/c3b9342a85c6f2c9382e074ad9cc440ce80a6f34
NOTE:
https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/
CVE-2019-9891 (The function getopt_simple as described in Advanced Bash
Scripting Gui ...)
- TODO: check
+ NOT-FOR-US: Advanced Bash Scripting Guide
CVE-2019-9890 (An issue was discovered in GitLab Community and Enterprise
Edition 10. ...)
[experimental] - gitlab 11.8.2-1
- gitlab 11.8.2-2 (bug #924447)
@@ -7832,9 +7832,9 @@ CVE-2018-20806 (Phamm (aka PHP LDAP Virtual Hosting
Manager) 0.6.8 allows XSS vi
[jessie] - phamm <no-dsa> (Minor issue)
NOTE: https://github.com/lota/phamm/issues/24
CVE-2019-9839 (VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php
descri ...)
- TODO: check
+ NOT-FOR-US: VFront
CVE-2019-9838 (VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php
azzera par ...)
- TODO: check
+ NOT-FOR-US: VFront
CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the OpenID Connect extension for
Doorke ...)
- ruby-doorkeeper-openid-connect 1.5.5-1 (bug #924747)
NOTE:
https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/61
@@ -13278,7 +13278,7 @@ CVE-2019-7674 (An issue was discovered on MOBOTIX S14
MX-V4.2.1.61 devices. /adm
CVE-2019-7673 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices.
Administr ...)
NOT-FOR-US: MOBOTIX
CVE-2019-7672 (Prima Systems FlexAir devices have Hard-coded Credentials. ...)
- TODO: check
+ NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7671 (Prima Systems FlexAir devices allow Authenticated Stored XSS.
...)
NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7670
@@ -15726,19 +15726,19 @@ CVE-2019-6744
CVE-2019-6743 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
TODO: check
CVE-2019-6742 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
- TODO: check
+ NOT-FOR-US: GameServiceReceiver update mechanism as used in Samsung
Galaxy S9
CVE-2019-6741 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
TODO: check
CVE-2019-6740 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
TODO: check
CVE-2019-6739 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes Antimalware
CVE-2019-6738 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
- TODO: check
+ NOT-FOR-US: Bitdefender SafePay
CVE-2019-6737 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
- TODO: check
+ NOT-FOR-US: Bitdefender SafePay
CVE-2019-6736 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
- TODO: check
+ NOT-FOR-US: Bitdefender SafePay
CVE-2019-6735 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
NOT-FOR-US: Foxit Reader
CVE-2019-6734 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
@@ -15760,7 +15760,7 @@ CVE-2019-6727 (This vulnerability allows remote
attackers to execute arbitrary c
CVE-2019-6726
RESERVED
CVE-2019-6725 (The rpWLANRedirect.asp ASP page is accessible without
authentication o ...)
- TODO: check
+ NOT-FOR-US: ZyXEL
CVE-2019-6724 (The barracudavpn component of the Barracuda VPN Client prior to
versio ...)
NOT-FOR-US: Barracuda VPN Client
CVE-2019-6723
@@ -16051,7 +16051,7 @@ CVE-2019-6590 (On BIG-IP LTM 13.0.0 to 13.0.1 and
12.1.0 to 12.1.3.6, under cert
CVE-2019-6589 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7,
and 11.6. ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6588 (In Liferay Portal before 7.1 CE GA4, an XSS vulnerability
exists in th ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal CE
CVE-2019-6587
RESERVED
CVE-2019-6586
@@ -16442,9 +16442,9 @@ CVE-2019-6454 (An issue was discovered in sd-bus in
systemd 239. bus_process_obj
CVE-2019-6453 (mIRC before 7.55 allows remote command execution by using
argument inj ...)
NOT-FOR-US: mIRC
CVE-2019-6452 (Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci
allows remo ...)
- TODO: check
+ NOT-FOR-US: Kyocera Command Center
CVE-2019-6451 (On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow
unauthe ...)
- TODO: check
+ NOT-FOR-US: SOYAL AR-727H and AR-829Ev5 devices
CVE-2019-6450
RESERVED
CVE-2019-6449
@@ -16753,9 +16753,9 @@ CVE-2019-6324
CVE-2019-6323
RESERVED
CVE-2019-6322 (HP has identified a security vulnerability with some versions
of Works ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2019-6321 (HP has identified a security vulnerability with some versions
of Works ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2019-6320
RESERVED
CVE-2019-6319
@@ -18707,11 +18707,11 @@ CVE-2019-5590
CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online
Installer (W ...)
NOT-FOR-US: FortiGuard
CVE-2019-5588 (A reflected Cross-Site-Scripting (XSS) vulnerability in
Fortinet Forti ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2019-5587 (Lack of root file system integrity checking in Fortinet FortiOS
VM app ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2019-5586 (A reflected Cross-Site-Scripting (XSS) vulnerability in
Fortinet Forti ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2019-5585 (An improper access control vulnerability in FortiClientMac
before 6.0. ...)
NOT-FOR-US: Fortiguard FortiClientMac
CVE-2019-5584
@@ -18833,13 +18833,13 @@ CVE-2019-5527
CVE-2019-5526 (VMware Workstation (15.x before 15.1.0) contains a DLL
hijacking issue ...)
NOT-FOR-US: VMware
CVE-2019-5525 (VMware Workstation (15.x before 15.1.0) contains a
use-after-free vuln ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5524 (VMware Workstation (14.x before 14.1.6) and Fusion (10.x before
10.1.6 ...)
NOT-FOR-US: VMware
CVE-2019-5523 (VMware vCloud Director for Service Providers 9.5.x prior to
9.5.0.3 up ...)
NOT-FOR-US: VMware vCloud Director for Service Providers
CVE-2019-5522 (VMware Tools for Windows (10.x before 10.3.10) update addresses
an out ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5521
RESERVED
CVE-2019-5520 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before
ESXi650-20 ...)
@@ -19126,119 +19126,119 @@ CVE-2019-5396
CVE-2019-5395
RESERVED
CVE-2019-5394 (The HPE Nonstop Maintenance Entity family of products are
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5393 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5392 (A disclosure of information vulnerability was identified in HPE
Intell ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5391 (A stack buffer overflow vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5390 (A remote command injection vulnerability was identified in HPE
Intelli ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5389 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5388 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5387 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5386 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5385 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5384 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5383 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5382 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5381 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5380 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5379 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5378 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5377 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5376 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5375 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5374 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5373 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5372 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5371 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5370 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5369 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5368 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5367 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5366 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5365 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5364 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5363 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5362 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5361 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5360 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5359 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5358 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5357 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5356 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5355 (A remote denial of service vulnerability was identified in HPE
Intelli ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5354 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5353 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5352 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5351 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5350 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5349 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5348 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5347 (A remote authentication bypass vulnerability was identified in
HPE Int ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5346 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5345 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5344 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5343 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5342 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5341 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5340 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5339 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5338 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-5337
RESERVED
CVE-2019-5336
@@ -19300,11 +19300,11 @@ CVE-2019-5309
CVE-2019-5308
RESERVED
CVE-2019-5307 (Some Huawei 4G LTE devices, P30 versions before ELE-AL00
9.1.0.162(C01 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5306 (There is a Factory Reset Protection (FRP) bypass security
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5305 (The image processing module of some Huawei Mate 10 smartphones
version ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5304
RESERVED
CVE-2019-5303
@@ -19314,17 +19314,17 @@ CVE-2019-5302
CVE-2019-5301
RESERVED
CVE-2019-5300 (There is a digital signature verification bypass vulnerability
in AR12 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5299
RESERVED
CVE-2019-5298 (There is an improper authentication vulnerability in some
Huawei AP pr ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5297 (Emily-L29C Huawei phones versions earlier than 9.0.0.159
(C185E2R1P12T ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5296 (Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175
have a ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5295 (Huawei Honor V10 smartphones versions earlier than
Berkeley-AL20 9.0.0 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5294
RESERVED
CVE-2019-5293
@@ -19344,15 +19344,15 @@ CVE-2019-5287
CVE-2019-5286
RESERVED
CVE-2019-5285 (Some Huawei S series switches have a DoS vulnerability. An
unauthentic ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5284 (There is a DoS vulnerability in RTSP module of Leland-AL00A
Huawei sma ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5283 (There is Factory Reset Protection (FRP) bypass security
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5282
RESERVED
CVE-2019-5281 (There is an information leak vulnerability in some Huawei
phones, vers ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5280
RESERVED
CVE-2019-5279
@@ -19426,13 +19426,13 @@ CVE-2019-5246
CVE-2019-5245
RESERVED
CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C
8.0.0.361(C636) ve ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5243
RESERVED
CVE-2019-5242 (There is a code execution vulnerability in Huawei PCManager
versions e ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5241 (There is a privilege escalation vulnerability in Huawei
PCManager vers ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5240
RESERVED
CVE-2019-5239
@@ -19476,17 +19476,17 @@ CVE-2019-5221
CVE-2019-5220
RESERVED
CVE-2019-5219 (There is a double free vulnerability on certain drivers of
Huawei Mate ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5218
RESERVED
CVE-2019-5217 (There is an information disclosure vulnerability on Mate 9 Pro
Huawei ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5216 (There is a race condition vulnerability on Huawei Honor V10
smartphone ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5215 (There is a man-in-the-middle (MITM) vulnerability on Huawei P30
smartp ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5214 (There is a use after free vulnerability on certain driver
component in ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5213
RESERVED
CVE-2019-5212
@@ -21435,7 +21435,7 @@ CVE-2019-4259 (A security vulnerability has been
identified in IBM Spectrum Scal
CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard
Edition is vu ...)
NOT-FOR-US: IBM
CVE-2019-4257 (IBM InfoSphere Information Server 11.5 and 11.7 is affected by
an info ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4256 (IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than
expected cryp ...)
NOT-FOR-US: IBM
CVE-2019-4255
@@ -21511,11 +21511,11 @@ CVE-2019-4221
CVE-2019-4220 (IBM InfoSphere Information Server 11.7.1.0 stores a common hard
coded ...)
NOT-FOR-US: IBM
CVE-2019-4219 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2
generate ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4218 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2
allows w ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4217 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2
could al ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4216
RESERVED
CVE-2019-4215
@@ -21579,7 +21579,7 @@ CVE-2019-4187
CVE-2019-4186
RESERVED
CVE-2019-4185 (IBM InfoSphere Information Server 11.7.1 containers are
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4184 (IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to
cross- ...)
NOT-FOR-US: IBM
CVE-2019-4183
@@ -21625,9 +21625,9 @@ CVE-2019-4164
CVE-2019-4163
RESERVED
CVE-2019-4162 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2
is missi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4161 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2
disclose ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4160
RESERVED
CVE-2019-4159
@@ -22769,9 +22769,9 @@ CVE-2019-3725 (RSA Netwitness Platform versions prior
to 11.2.1.1 and RSA Securi
CVE-2019-3724 (RSA Netwitness Platform versions prior to 11.2.1.1 is
vulnerable to an ...)
NOT-FOR-US: RSA Netwitness Platform
CVE-2019-3723 (Dell EMC OpenManage Server Administrator (OMSA) versions prior
to 9.1. ...)
- TODO: check
+ NOT-FOR-US: Dell EMC OpenManage Server Administrator
CVE-2019-3722 (Dell EMC OpenManage Server Administrator (OMSA) versions prior
to 9.1. ...)
- TODO: check
+ NOT-FOR-US: Dell EMC OpenManage Server Administrator
CVE-2019-3721 (Dell EMC Open Manage System Administrator (OMSA) versions prior
to 9.3 ...)
NOT-FOR-US: Dell
CVE-2019-3720 (Dell EMC Open Manage System Administrator (OMSA) versions prior
to 9.3 ...)
@@ -23071,9 +23071,9 @@ CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in
PDFDoc.cc allows attackers t
CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because
Directory T ...)
NOT-FOR-US: OpenRefine
CVE-2019-3579 (MyBB 1.8.19 allows remote attackers to obtain sensitive
information be ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2019-3578 (MyBB 1.8.19 has XSS in the resetpassword function. ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2019-3577 (An issue was discovered in Waimai Super Cms 20150505.
web/Lib/Action/P ...)
NOT-FOR-US: Waimai Super Cms
CVE-2019-3576 (inxedu through 2018-12-24 has a SQL Injection vulnerability
that can l ...)
@@ -24735,7 +24735,7 @@ CVE-2019-3399 (The BrowseProjects.jspa resource in Jira
before version 7.13.2, a
CVE-2019-3398 (Confluence Server and Data Center had a path traversal
vulnerability i ...)
NOT-FOR-US: Confluence Server and Data Center
CVE-2019-3397 (Atlassian Bitbucket Data Center licensed instances starting
with versi ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server
before versi ...)
NOT-FOR-US: Atlassian Confluence Server
CVE-2019-3395 (The WebDAV endpoint in Atlassian Confluence Server and Data
Center bef ...)
@@ -28620,7 +28620,7 @@ CVE-2018-19979
CVE-2018-19978 (A buffer overflow vulnerability in the DHCP and PPPOE
configuration in ...)
TODO: check
CVE-2018-19977 (A command injection (missing input validation, escaping) in
the ftp up ...)
- TODO: check
+ NOT-FOR-US: Auerswald COMfort
CVE-2018-19976 (In YARA 3.8.1, bytecode in a specially crafted compiled rule
is expose ...)
- yara 3.8.1-2 (bug #916932)
[stretch] - yara <no-dsa> (Minor issue)
@@ -28927,11 +28927,11 @@ CVE-2019-1884
CVE-2019-1883
RESERVED
CVE-2019-1882 (A vulnerability in Cisco Industrial Network Director could
allow an au ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1881 (A vulnerability in the web-based management interface of Cisco
Industr ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1880 (A vulnerability in the BIOS upgrade utility of Cisco Unified
Computing ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1879
RESERVED
CVE-2019-1878
@@ -28947,15 +28947,15 @@ CVE-2019-1874
CVE-2019-1873
RESERVED
CVE-2019-1872 (A vulnerability in Cisco TelePresence Video Communication
Server (VCS) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1871
RESERVED
CVE-2019-1870 (A vulnerability in the web-based management interface of Cisco
Enterpr ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1869
RESERVED
CVE-2019-1868 (A vulnerability in the web-based management interface of Cisco
Webex M ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1867 (A vulnerability in the REST API of Cisco Elastic Services
Controller ( ...)
NOT-FOR-US: Cisco
CVE-2019-1866
@@ -28969,7 +28969,7 @@ CVE-2019-1863
CVE-2019-1862 (A vulnerability in the web-based user interface (Web UI) of
Cisco IOS ...)
NOT-FOR-US: Cisco
CVE-2019-1861 (A vulnerability in the software update feature of Cisco
Industrial Net ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1860 (A vulnerability in the dashboard gadget rendering of Cisco
Unified Int ...)
NOT-FOR-US: Cisco
CVE-2019-1859 (A vulnerability in the Secure Shell (SSH) authentication
process of Ci ...)
@@ -29001,13 +29001,13 @@ CVE-2019-1847
CVE-2019-1846 (A vulnerability in the Multiprotocol Label Switching (MPLS)
Operations ...)
NOT-FOR-US: Cisco
CVE-2019-1845 (A vulnerability in the authentication service of the Cisco
Unified Com ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1844 (A vulnerability in certain attachment detection mechanisms of
the Cisc ...)
NOT-FOR-US: Cisco
CVE-2019-1843
RESERVED
CVE-2019-1842 (A vulnerability in the Secure Shell (SSH) authentication
function of C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1841 (A vulnerability in the Software Image Management feature of
Cisco DNA ...)
NOT-FOR-US: Cisco
CVE-2019-1840 (A vulnerability in the DHCPv6 input packet processor of Cisco
Prime Ne ...)
@@ -36213,7 +36213,7 @@ CVE-2018-18573
CVE-2018-18572
RESERVED
CVE-2018-18571 (An Incorrect Access Control vulnerability has been identified
in Citri ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2018-18570
RESERVED
CVE-2018-18569 (The Dundas BI server before 5.0.1.1010 is vulnerable to a
Server-Side ...)
@@ -42532,15 +42532,15 @@ CVE-2018-16223 (Insecure Cryptographic Storage of
credentials in com.vestiacom.q
CVE-2018-16222 (Cleartext Storage of credentials in the iSmartAlarmData.xml
configurat ...)
NOT-FOR-US: iSmartAlarm application for Android
CVE-2018-16221 (The diagnostics web interface in the Yeahlink Ultra-elegant IP
Phone S ...)
- TODO: check
+ NOT-FOR-US: Yeahlink
CVE-2018-16220 (Cross Site Scripting in different input fields (domain field
and perso ...)
NOT-FOR-US: AudioCodes 405HD VoIP phone
CVE-2018-16219 (A missing password verification in the web interface in
AudioCodes 405 ...)
NOT-FOR-US: AudioCodes 405HD VoIP phone
CVE-2018-16218 (A CSRF (Cross Site Request Forgery) in the web interface of
the Yeahli ...)
- TODO: check
+ NOT-FOR-US: Yeahlink
CVE-2018-16217 (The network diagnostic function (ping) in the Yeahlink
Ultra-elegant I ...)
- TODO: check
+ NOT-FOR-US: Yeahlink
CVE-2018-16216 (A command injection (missing input validation, escaping) in
the monito ...)
NOT-FOR-US: AudioCodes 405HD VoIP phone
CVE-2018-16215
@@ -45225,7 +45225,7 @@ CVE-2018-15132 (An issue was discovered in
ext/standard/link_win32.c in PHP befo
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76459
NOTE:
https://github.com/php/php-src/commit/f151e048ed27f6f4eef729f3310d053ab5da71d4
CVE-2018-15131 (An issue was discovered in Synacor Zimbra Collaboration Suite
8.6.x be ...)
- TODO: check
+ NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2018-15130 (ThinkSAAS through 2018-07-25 has XSS via the
index.php?app=group&a ...)
NOT-FOR-US: ThinkSAAS
CVE-2013-7464 (In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is
not confi ...)
@@ -47224,7 +47224,7 @@ CVE-2018-14427
CVE-2018-14426
RESERVED
CVE-2018-14425 (There is a Persistent XSS vulnerability in the briefcase
component of ...)
- TODO: check
+ NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2017-18343 (** DISPUTED ** The debug handler in Symfony before v2.7.33,
2.8.x befo ...)
- symfony 3.4.0+dfsg-1 (unimportant)
NOTE:
https://github.com/symfony/debug/pull/7/commits/e48bda29143bd1a83001780b4a78e483822d985c
@@ -49738,17 +49738,17 @@ CVE-2018-13386 (There was an argument injection
vulnerability in Sourcetree for
CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree
for macOS ...)
NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13384 (A Host Header Redirection vulnerability in Fortinet FortiOS
all versio ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS all versions below
6.0.5 in ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13382 (An Improper Authorization vulnerability in Fortinet FortiOS
6.0.0 to 6 ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2018-13381 (A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 to
6.0.4, 5. ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2018-13380 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS
6.0.0 t ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2018-13379 (An Improper Limitation of a Pathname to a Restricted Directory
("Path ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS
CVE-2018-13378 (An information disclosure vulnerability in Fortinet FortiSIEM
5.2.0 an ...)
NOT-FOR-US: Fortinet FortiSIEM
CVE-2018-13377
@@ -58759,7 +58759,7 @@ CVE-2018-10173 (Digital Guardian Management Console
7.1.2.0015 allows authentica
CVE-2018-10172 (7-Zip through 18.01 on Windows implements the "Large memory
pages" opt ...)
NOT-FOR-US: 7-Zip
CVE-2018-10171 (Kromtech MacKeeper 3.20.4 suffers from a root privilege
escalation vul ...)
- TODO: check
+ NOT-FOR-US: Kromtech MacKeeper
CVE-2018-10170 (NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege
escalatio ...)
NOT-FOR-US: NordVPN for Windows
CVE-2018-10169 (ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege
escalation ...)
@@ -64045,7 +64045,7 @@ CVE-2018-8048 (In the Loofah gem through 2.2.0 for
Ruby, non-whitelisted HTML at
NOTE:
https://github.com/flavorjones/loofah/commit/4a08c25a603654f2fc505a7d2bf0c35a39870ad7
NOTE:
https://github.com/flavorjones/loofah/commit/56e95a6696b1e17a242eb8ebbbab64d613c4f1fe
CVE-2018-8047 (vtiger CRM 7.0.1 is affected by one reflected Cross-Site
Scripting (XS ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2018-8046 (The getTip() method of Action Columns of Sencha Ext JS 4 to 6
before 6 ...)
NOT-FOR-US: Sencha
CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a
variable ...)
@@ -67088,15 +67088,15 @@ CVE-2018-7127
CVE-2018-7126
RESERVED
CVE-2018-7125 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2018-7124 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2018-7123 (A remote denial of service vulnerability was identified in HPE
Intelli ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2018-7122 (A remote disclosure of information vulnerability was identified
in HPE ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2018-7121 (A remote code execution vulnerability was identified in HPE
Intelligen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2018-7120 (A security vulnerability in the HPE Virtual Connect SE 16Gb
Fibre Chan ...)
NOT-FOR-US: HPE
CVE-2018-7119 (A Local Disclosure of Sensitive Information vulnerability was
identifi ...)
@@ -72452,11 +72452,11 @@ CVE-2018-5407 (Simultaneous Multi-threading (SMT) in
processors can enable local
NOTE: This is not an issue in software but in a hardware issue. Issue
can be
NOTE: mitigated e.g. for OpenSSL.
CVE-2018-5406 (The Quest Kace K1000 Appliance, versions prior to 9.0.270,
allows a re ...)
- TODO: check
+ NOT-FOR-US: Quest Kace K1000 Appliance
CVE-2018-5405 (The Quest Kace K1000 Appliance, versions prior to 9.0.270,
allows an a ...)
- TODO: check
+ NOT-FOR-US: Quest Kace K1000 Appliance
CVE-2018-5404 (The Quest Kace K1000 Appliance, versions prior to 9.0.270,
allows an a ...)
- TODO: check
+ NOT-FOR-US: Quest Kace K1000 Appliance
CVE-2018-5403 (Imperva SecureSphere gateway (GW) running v13, for both
pre-First Time ...)
NOT-FOR-US: Imperva SecureSphere
CVE-2018-5402 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer
Android App ...)
@@ -75984,7 +75984,7 @@ CVE-2018-4050 (An exploitable local privilege
escalation vulnerability exists in
CVE-2018-4049 (An exploitable local privilege elevation vulnerability exists
in the f ...)
NOT-FOR-US: GOG Galaxy's Games for Windows
CVE-2018-4048 (An exploitable local privilege elevation vulnerability exists
in the f ...)
- TODO: check
+ NOT-FOR-US: GOG Galaxy
CVE-2018-4047 (An exploitable privilege escalation vulnerability exists in the
helper ...)
NOT-FOR-US: Clean My Mac X
CVE-2018-4046 (An exploitable denial-of-service vulnerability exists in the
helper se ...)
@@ -95287,15 +95287,15 @@ CVE-2017-14856
CVE-2017-14855 (Red Lion HMI panels allow remote attackers to cause a denial
of servic ...)
NOT-FOR-US: Red Lion HMI
CVE-2017-14854 (A stack buffer overflow exists in one of the Orpak SiteOmat
CGI compon ...)
- TODO: check
+ NOT-FOR-US: Orpak SiteOmat
CVE-2017-14853 (The Orpak SiteOmat OrCU component is vulnerable to code
injection, for ...)
- TODO: check
+ NOT-FOR-US: Orpak SiteOmat
CVE-2017-14852 (An insecure communication was found between a user and the
Orpak SiteO ...)
- TODO: check
+ NOT-FOR-US: Orpak SiteOmat
CVE-2017-14851 (A SQL injection vulnerability exists in all Orpak SiteOmat
versions pr ...)
- TODO: check
+ NOT-FOR-US: Orpak SiteOmat
CVE-2017-14850 (All known versions of the Orpak SiteOmat web management
console is vul ...)
- TODO: check
+ NOT-FOR-US: Orpak SiteOmat
CVE-2017-14849 (Node.js 8.5.0 before 8.6.0 allows remote attackers to access
unintende ...)
- nodejs <not-affected> (Vulnerable code introduced in 8.5.0)
NOTE:
https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
@@ -95599,7 +95599,7 @@ CVE-2017-14729 (The *_get_synthetic_symtab functions in
the Binary File Descript
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
CVE-2017-14728 (An authentication bypass was found in an unknown area of the
SiteOmat ...)
- TODO: check
+ NOT-FOR-US: Orpak SiteOmat
CVE-2017-14726 (Before version 4.8.2, WordPress was vulnerable to a cross-site
scripti ...)
{DSA-3997-1}
- wordpress 4.8.2+dfsg-1 (bug #876274)
@@ -173023,7 +173023,7 @@ CVE-2015-7613 (Race condition in the IPC object
implementation in the Linux kern
CVE-2015-7610 (Cross-site request forgery (CSRF) vulnerability in the login
form in Z ...)
NOT-FOR-US: Zimbra
CVE-2015-7609 (Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via
the er ...)
- TODO: check
+ NOT-FOR-US: Synacor Zimbra Mail Client
CVE-2015-7608
RESERVED
CVE-2015-7607
@@ -188522,7 +188522,7 @@ CVE-2015-2232
CVE-2015-2231
RESERVED
CVE-2015-2230 (Synacor Zimbra Collaboration Server 8.x before 8.7.0 has
Reflected XSS ...)
- TODO: check
+ NOT-FOR-US: Synacor Zimbra Collaboration Server
CVE-2015-2229
RESERVED
CVE-2015-2228
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fe9faa6d101487f101a1420267cdf4bc6f59af75
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fe9faa6d101487f101a1420267cdf4bc6f59af75
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
