Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8ab47b17 by Salvatore Bonaccorso at 2019-07-10T20:30:58Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -7,7 +7,7 @@ CVE-2019-13480 CVE-2019-13479 RESERVED CVE-2018-20851 (Helpy before 2.2.0 allows agents to edit admins. ...) - TODO: check + NOT-FOR-US: Helpy CVE-2019-13478 (The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly r ...) NOT-FOR-US: Wordpress plugin CVE-2019-13477 @@ -469,13 +469,13 @@ CVE-2019-13281 (In Xpdf 4.01.01, a heap-based buffer overflow could be triggered CVE-2019-13280 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...) NOT-FOR-US: TRENDnet CVE-2019-13279 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2019-13278 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2019-13277 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows a ...) NOT-FOR-US: TRENDnet TEW-827DRU CVE-2019-13276 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2019-13275 (An issue was discovered in the VeronaLabs wp-statistics plugin before ...) NOT-FOR-US: VeronaLabs wp-statistics plugin for WordPress CVE-2019-13274 @@ -994,7 +994,7 @@ CVE-2019-13072 (Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 - zoneminder <unfixed> NOTE: https://github.com/ZoneMinder/zoneminder/issues/2642 CVE-2019-13071 (CSRF in the Agent/Center component of CyberPower PowerPanel Business E ...) - TODO: check + NOT-FOR-US: CyberPower PowerPanel Business Edition CVE-2019-13070 (A stored XSS vulnerability in the Agent/Center component of CyberPower ...) NOT-FOR-US: CyberPower PowerPanel Business Edition CVE-2019-13069 @@ -4634,7 +4634,7 @@ CVE-2019-11652 CVE-2019-11651 RESERVED CVE-2019-11650 (A potential Man in the Middle attack (MITM) was found in NetIQ Advance ...) - TODO: check + NOT-FOR-US: NetIQ Advanced Authentication Framework CVE-2019-11649 (Cross-Site Scripting vulnerability in Micro Focus Fortify Software Sec ...) NOT-FOR-US: Micro Focus Fortify software security center server CVE-2019-11648 (An information leakage exists in Micro Focus NetIQ Self Service Passwo ...) @@ -7309,7 +7309,7 @@ CVE-2019-10654 (The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as us NOTE: https://github.com/ckolivas/lrzip/issues/108 NOTE: Crash in CLI tool, no security impact CVE-2019-10653 (An issue was discovered in Hsycms V1.1. There is a SQL injection vulne ...) - TODO: check + NOT-FOR-US: Hsycms CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote a ...) NOT-FOR-US: flatCore CVE-2019-10651 @@ -8591,13 +8591,13 @@ CVE-2019-10124 CVE-2019-10123 (SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which ...) NOT-FOR-US: Advanced InfoData Systems (AIS) CVE-2019-10122 (eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43 ...) - TODO: check + NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices CVE-2019-10121 (eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43 ...) - TODO: check + NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices CVE-2019-10120 (On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3 ...) - TODO: check + NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices CVE-2019-10119 (eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43 ...) - TODO: check + NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices CVE-2019-10118 (Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and ...) NOT-FOR-US: Snipe-IT CVE-2019-10117 (An Open Redirect issue was discovered in GitLab Community and Enterpri ...) @@ -21676,7 +21676,7 @@ CVE-2019-5223 CVE-2019-5222 RESERVED CVE-2019-5221 (There is a path traversal vulnerability on Huawei Share. The software ...) - TODO: check + NOT-FOR-US: Huawei CVE-2019-5220 (There is a Factory Reset Protection (FRP) bypass vulnerability on seve ...) TODO: check CVE-2019-5219 (There is a double free vulnerability on certain drivers of Huawei Mate ...) @@ -31169,7 +31169,7 @@ CVE-2019-1875 (A vulnerability in the web-based management interface of Cisco Pr CVE-2019-1874 (A vulnerability in the web-based management interface of Cisco Prime S ...) NOT-FOR-US: Cisco CVE-2019-1873 (A vulnerability in the cryptographic driver for Cisco Adaptive Securit ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-1872 (A vulnerability in Cisco TelePresence Video Communication Server (VCS) ...) NOT-FOR-US: Cisco CVE-2019-1871 @@ -35348,23 +35348,23 @@ CVE-2019-0328 CVE-2019-0327 RESERVED CVE-2019-0326 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Ent ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0325 (SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary author ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0324 RESERVED CVE-2019-0323 RESERVED CVE-2019-0322 (SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0321 (ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, d ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0320 RESERVED CVE-2019-0319 (The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0318 (Under certain conditions SAP NetWeaver Application Server for Java (St ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0317 RESERVED CVE-2019-0316 (SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITO ...) @@ -35438,7 +35438,7 @@ CVE-2019-0283 (SAP NetWeaver Process Integration (Adapter Engine), fixed in vers CVE-2019-0282 (Several web pages in SAP NetWeaver Process Integration (Runtime Workbe ...) NOT-FOR-US: SAP CVE-2019-0281 (SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0280 (SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6. ...) NOT-FOR-US: SAP CVE-2019-0279 (ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP ...) @@ -48151,7 +48151,7 @@ CVE-2018-14833 (Intuit Lacerte 2017 has Incorrect Access Control. ...) CVE-2018-14832 RESERVED CVE-2018-14831 (An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote a ...) - TODO: check + NOT-FOR-US: DamiCMS CVE-2018-14830 RESERVED CVE-2018-14829 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vu ...) @@ -49286,11 +49286,11 @@ CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJ CVE-2018-14497 (Tenda D152 ADSL routers allow XSS via a crafted SSID. ...) NOT-FOR-US: Tenda D152 ADSL routers CVE-2018-14496 (Vivotek FD8136 devices allow remote memory corruption and remote code ...) - TODO: check + NOT-FOR-US: Vivotek FD8136 devices CVE-2018-14495 (Vivotek FD8136 devices allow Remote Command Injection, aka "another co ...) - TODO: check + NOT-FOR-US: Vivotek FD8136 devices CVE-2018-14494 (Vivotek FD8136 devices allow Remote Command Injection, related to Busy ...) - TODO: check + NOT-FOR-US: Vivotek FD8136 devices CVE-2018-14493 (Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Au ...) NOT-FOR-US: Open-Audit Community CVE-2018-14492 (Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, ...) @@ -53907,19 +53907,19 @@ CVE-2018-12630 (NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the se CVE-2018-12629 RESERVED CVE-2018-12628 (An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users. ...) - TODO: check + NOT-FOR-US: Eventum CVE-2018-12627 (An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via ...) - TODO: check + NOT-FOR-US: Eventum CVE-2018-12626 (An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS vi ...) - TODO: check + NOT-FOR-US: Eventum CVE-2018-12625 (An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS ...) - TODO: check + NOT-FOR-US: Eventum CVE-2018-12624 (An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XS ...) NOT-FOR-US: Eventum CVE-2018-12623 (An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS vi ...) - TODO: check + NOT-FOR-US: Eventum CVE-2018-12622 (An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has X ...) - TODO: check + NOT-FOR-US: Eventum CVE-2018-12621 (An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Op ...) NOT-FOR-US: Eventum CVE-2018-12620 @@ -56544,7 +56544,7 @@ CVE-2018-11736 (An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/im CVE-2018-11735 (index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or ...) NOT-FOR-US: Ximdex CVE-2018-11734 (In e107 v2.1.7, output without filtering results in XSS. ...) - TODO: check + NOT-FOR-US: e107 CVE-2018-11733 RESERVED CVE-2018-11732 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ab47b177455ac10aa55c1c1f1ab5e1040c90626 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ab47b177455ac10aa55c1c1f1ab5e1040c90626 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits