Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 11e6f47a by Salvatore Bonaccorso at 2019-07-03T20:21:05Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -15,7 +15,7 @@ CVE-2019-13188 CVE-2019-13187 RESERVED CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php. An a ...) - TODO: check + NOT-FOR-US: MiniCMS CVE-2019-13185 RESERVED CVE-2019-13184 @@ -832,9 +832,9 @@ CVE-2019-12869 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, CVE-2019-12868 (app/Model/Server.php in MISP 2.4.109 allows remote command execution b ...) NOT-FOR-US: MISP CVE-2019-12867 (Certain actions could cause privilege escalation for issue attachments ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2019-12866 (An Insecure Direct Object Reference, with Authorization Bypass through ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2019-12865 (In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a dou ...) - radare2 <unfixed> (bug #930704) [buster] - radare2 <no-dsa> (Minor issue) @@ -878,15 +878,15 @@ CVE-2019-12853 CVE-2019-12852 RESERVED CVE-2019-12851 (A CSRF vulnerability was detected in one of the admin endpoints of Jet ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2019-12850 (A query injection was possible in JetBrains YouTrack. The issue was fi ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2019-12849 RESERVED CVE-2019-12848 RESERVED CVE-2019-12847 (In JetBrains Hub versions earlier than 2018.4.11298, the audit events ...) - TODO: check + NOT-FOR-US: JetBrains Hub CVE-2019-12846 RESERVED CVE-2019-12845 @@ -1544,7 +1544,7 @@ CVE-2019-12572 (A vulnerability in the London Trust Media Private Internet Acces CVE-2019-12571 RESERVED CVE-2019-12570 (A SQL injection vulnerability in the Xpert Solution "Server Status by ...) - TODO: check + NOT-FOR-US: Xpert Solution "Server Status by Hostname/IP" plugin for WordPress CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows) could all ...) NOT-FOR-US: Viber CVE-2019-12568 @@ -6392,7 +6392,7 @@ CVE-2019-10868 (In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4. CVE-2019-10722 RESERVED CVE-2019-10721 (BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the Retur ...) - TODO: check + NOT-FOR-US: BlogEngine.NET CVE-2019-10720 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remo ...) NOT-FOR-US: BlogEngine.NET CVE-2019-10719 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remo ...) @@ -6400,7 +6400,7 @@ CVE-2019-10719 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal an CVE-2019-10718 (BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind In ...) NOT-FOR-US: BlogEngine.NET CVE-2019-10717 (BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via ...) - TODO: check + NOT-FOR-US: BlogEngine.NET CVE-2019-10716 RESERVED CVE-2019-10715 @@ -7849,7 +7849,7 @@ CVE-2019-10106 (CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Nam CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Des ...) NOT-FOR-US: CMS Made Simple CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Application S ...) - TODO: check + NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate CVE-2019-10103 RESERVED CVE-2019-10102 @@ -7857,7 +7857,7 @@ CVE-2019-10102 CVE-2019-10101 RESERVED CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it wa ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack Confluence plugin CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...) NOT-FOR-US: article2pdf Wordpress plugin CVE-2018-20815 (In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated ...) @@ -9099,9 +9099,9 @@ CVE-2019-9875 (Deserialization of Untrusted Data in the anti CSRF module in Site CVE-2019-9874 (Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (a ...) NOT-FOR-US: Sitecore CMS CVE-2019-9873 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task ...) - TODO: check + NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate CVE-2019-9872 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating run ...) - TODO: check + NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution because the ...) NOT-FOR-US: Jector Smart TV FM-K75 devices CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor m ...) @@ -9250,7 +9250,7 @@ CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3. NOTE: https://www.openwall.com/lists/oss-security/2019/03/18/1 NOTE: https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113 CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote run confi ...) - TODO: check + NOT-FOR-US: JetBrains IntelliJ IDEA CVE-2019-9822 RESERVED CVE-2019-9821 @@ -10989,7 +10989,7 @@ CVE-2019-9187 (ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.2019 NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=d283e4c NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9a275b2 CVE-2019-9186 (In several JetBrains IntelliJ IDEA versions, a Spring Boot run configu ...) - TODO: check + NOT-FOR-US: JetBrains IntelliJ IDEA CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in Bolt befo ...) NOT-FOR-US: Bolt CMS CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for ...) @@ -17346,39 +17346,39 @@ CVE-2019-6643 CVE-2019-6642 (In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, a ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6641 (On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl RES ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6640 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6639 (On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6638 (On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6637 (On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6636 (On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6635 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6634 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6633 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6632 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6631 (On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation ma ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6630 (On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclose ...) - TODO: check + NOT-FOR-US: F5 SSL Orchestrator CVE-2019-6629 (On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6628 (On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain condi ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6627 (On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to ...) - TODO: check + NOT-FOR-US: F5 SSL Orchestrator CVE-2019-6626 (On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0 ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6625 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6624 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6623 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...) @@ -20003,7 +20003,7 @@ CVE-2019-5632 CVE-2019-5631 RESERVED CVE-2019-5630 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 ...) - TODO: check + NOT-FOR-US: Rapid7 Nexpose InsightVM Security Console CVE-2019-5629 RESERVED CVE-2019-5628 @@ -24376,7 +24376,7 @@ CVE-2019-3621 CVE-2019-3620 RESERVED CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in McAfee eP ...) - TODO: check + NOT-FOR-US: McAfee CVE-2019-3618 RESERVED CVE-2019-3617 @@ -38332,9 +38332,9 @@ CVE-2018-18328 (A KERedirect Untrusted Pointer Dereference Privilege Escalation CVE-2018-18327 (A KERedirect Untrusted Pointer Dereference Privilege Escalation vulner ...) NOT-FOR-US: Trend Micro CVE-2018-18326 (DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption ...) - TODO: check + NOT-FOR-US: DNN CVE-2018-18325 (DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorith ...) - TODO: check + NOT-FOR-US: DNN CVE-2018-18324 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via t ...) NOT-FOR-US: CentOS Web Panel CVE-2018-18323 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local Fil ...) @@ -44731,7 +44731,7 @@ CVE-2018-15889 (In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() i CVE-2018-15888 (An issue was discovered in ASPCMS 2.5.6. When registering ordinary use ...) NOT-FOR-US: ASPCMS CVE-2017-18346 (SQL injection vulnerability in /wbg/core/_includes/authorization.inc.p ...) - TODO: check + NOT-FOR-US: CMS Web-Gooroo CVE-2015-9265 REJECTED CVE-2015-9264 (Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute ...) @@ -45015,9 +45015,9 @@ CVE-2018-15814 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at CVE-2018-15813 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at image0 ...) NOT-FOR-US: FastStone Image Viewer CVE-2018-15812 (DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption ...) - TODO: check + NOT-FOR-US: DNN CVE-2018-15811 (DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorith ...) - TODO: check + NOT-FOR-US: DNN CVE-2018-15810 (Visiology Flipbox Software Suite before 2.7.0 allows directory travers ...) NOT-FOR-US: Visiology Flipbox Software Suite CVE-2018-15809 (AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Mo ...) @@ -47238,19 +47238,19 @@ CVE-2018-14867 (Incorrect access control in the portal messaging system in Odoo CVE-2018-14866 (Incorrect access control in the TransientModel framework in Odoo Commu ...) TODO: check CVE-2018-14865 (Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo ...) - TODO: check + NOT-FOR-US: Odoo CVE-2018-14864 (Incorrect access control in asset bundles in Odoo Community 9.0 throug ...) - TODO: check + NOT-FOR-US: Odoo CVE-2018-14863 (Incorrect access control in the RPC framework in Odoo Community 8.0 th ...) - TODO: check + NOT-FOR-US: Odoo CVE-2018-14862 (Incorrect access control in the mail templating system in Odoo Communi ...) - TODO: check + NOT-FOR-US: Odoo CVE-2018-14861 (Improper data access control in Odoo Community 10.0 and 11.0 and Odoo ...) - TODO: check + NOT-FOR-US: Odoo CVE-2018-14860 (Improper sanitization of dynamic user expressions in Odoo Community 11 ...) - TODO: check + NOT-FOR-US: Odoo CVE-2018-14859 (Incorrect access control in the password reset component in Odoo Commu ...) - TODO: check + NOT-FOR-US: Odoo CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...) NOT-FOR-US: idreamsoft iCMS CVE-2018-14857 (Unrestricted file upload (with remote code execution) in require/mail/ ...) @@ -52696,7 +52696,7 @@ CVE-2018-12717 CVE-2018-12716 (The API service on Google Home and Chromecast devices before mid-July ...) NOT-FOR-US: Google services CVE-2018-12715 (DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid ...) - TODO: check + NOT-FOR-US: DIGISOL DG-HR3400 devices CVE-2018-12714 (An issue was discovered in the Linux kernel through 4.17.2. The filter ...) - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/70303420b5721c38998cf987e6b7d30cc62d4ff1 @@ -54312,7 +54312,7 @@ CVE-2018-12252 CVE-2018-12251 RESERVED CVE-2018-12250 (An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.p ...) - TODO: check + NOT-FOR-US: Elite CMS CVE-2018-12249 (An issue was discovered in mruby 1.4.1. There is a NULL pointer derefe ...) - mruby 1.4.1+20180622+git640fca32-1 (bug #901652) [stretch] - mruby <no-dsa> (Minor issue) @@ -56587,21 +56587,21 @@ CVE-2018-11429 (ATLANT (ATL) is a smart contract running on Ethereum. The mint f CVE-2018-11428 RESERVED CVE-2018-11427 (CSRF tokens are not used in the web application of Moxa OnCell G3100-H ...) - TODO: check + NOT-FOR-US: Moxa CVE-2018-11426 (A weak Cookie parameter is used in the web application of Moxa OnCell ...) - TODO: check + NOT-FOR-US: Moxa CVE-2018-11425 (Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Serie ...) - TODO: check + NOT-FOR-US: Moxa CVE-2018-11424 (There is Memory corruption in the web interface of Moxa OnCell G3470A- ...) - TODO: check + NOT-FOR-US: Moxa CVE-2018-11423 (There is Memory corruption in the web interface Moxa OnCell G3100-HSPA ...) - TODO: check + NOT-FOR-US: Moxa CVE-2018-11422 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use ...) - TODO: check + NOT-FOR-US: Moxa CVE-2018-11421 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use ...) - TODO: check + NOT-FOR-US: Moxa CVE-2018-11420 (There is Memory corruption in the web interface of Moxa OnCell G3100-H ...) - TODO: check + NOT-FOR-US: Moxa CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...) NOT-FOR-US: JerryScript CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...) @@ -56930,7 +56930,7 @@ CVE-2018-1000180 (Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and e CVE-2018-11318 RESERVED CVE-2018-11317 (Subrion CMS before 4.1.4 has XSS. ...) - TODO: check + NOT-FOR-US: Subrion CMS CVE-2018-11316 (The UPnP HTTP server on Sonos wireless speaker products allow unauthor ...) NOT-FOR-US: Sonos CVE-2018-11315 (The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below ...) @@ -57202,7 +57202,7 @@ CVE-2018-11229 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, an CVE-2018-11228 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW- ...) NOT-FOR-US: Crestron devices CVE-2018-11227 (Monstra CMS before 3.0.4 has XSS via index.php. ...) - TODO: check + NOT-FOR-US: Monstra CMS CVE-2018-11226 (The getString function in decompile.c in libming through 0.4.8 mishand ...) - ming <removed> NOTE: https://github.com/libming/libming/issues/144 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/11e6f47a63013b95b807309d0b4b0ebe8ecc645e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/11e6f47a63013b95b807309d0b4b0ebe8ecc645e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits