Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8ab47b17 by Salvatore Bonaccorso at 2019-07-10T20:30:58Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2019-13480
CVE-2019-13479
RESERVED
CVE-2018-20851 (Helpy before 2.2.0 allows agents to edit admins. ...)
- TODO: check
+ NOT-FOR-US: Helpy
CVE-2019-13478 (The Yoast SEO plugin before 11.6-RC5 for WordPress does not
properly r ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-13477
@@ -469,13 +469,13 @@ CVE-2019-13281 (In Xpdf 4.01.01, a heap-based buffer
overflow could be triggered
CVE-2019-13280 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03
contains ...)
NOT-FOR-US: TRENDnet
CVE-2019-13279 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03
contains ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2019-13278 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03
contains ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2019-13277 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03
allows a ...)
NOT-FOR-US: TRENDnet TEW-827DRU
CVE-2019-13276 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03
contains ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2019-13275 (An issue was discovered in the VeronaLabs wp-statistics plugin
before ...)
NOT-FOR-US: VeronaLabs wp-statistics plugin for WordPress
CVE-2019-13274
@@ -994,7 +994,7 @@ CVE-2019-13072 (Stored XSS in the Filters page (Name field)
in ZoneMinder 1.32.3
- zoneminder <unfixed>
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2642
CVE-2019-13071 (CSRF in the Agent/Center component of CyberPower PowerPanel
Business E ...)
- TODO: check
+ NOT-FOR-US: CyberPower PowerPanel Business Edition
CVE-2019-13070 (A stored XSS vulnerability in the Agent/Center component of
CyberPower ...)
NOT-FOR-US: CyberPower PowerPanel Business Edition
CVE-2019-13069
@@ -4634,7 +4634,7 @@ CVE-2019-11652
CVE-2019-11651
RESERVED
CVE-2019-11650 (A potential Man in the Middle attack (MITM) was found in NetIQ
Advance ...)
- TODO: check
+ NOT-FOR-US: NetIQ Advanced Authentication Framework
CVE-2019-11649 (Cross-Site Scripting vulnerability in Micro Focus Fortify
Software Sec ...)
NOT-FOR-US: Micro Focus Fortify software security center server
CVE-2019-11648 (An information leakage exists in Micro Focus NetIQ Self
Service Passwo ...)
@@ -7309,7 +7309,7 @@ CVE-2019-10654 (The lzo1x_decompress function in
liblzo2.so.2 in LZO 2.10, as us
NOTE: https://github.com/ckolivas/lrzip/issues/108
NOTE: Crash in CLI tool, no security impact
CVE-2019-10653 (An issue was discovered in Hsycms V1.1. There is a SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: Hsycms
CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows
remote a ...)
NOT-FOR-US: flatCore
CVE-2019-10651
@@ -8591,13 +8591,13 @@ CVE-2019-10124
CVE-2019-10123 (SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server
67 (which ...)
NOT-FOR-US: Advanced InfoData Systems (AIS)
CVE-2019-10122 (eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices
before 3.43 ...)
- TODO: check
+ NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices
CVE-2019-10121 (eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices
before 3.43 ...)
- TODO: check
+ NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices
CVE-2019-10120 (On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices
before 3 ...)
- TODO: check
+ NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices
CVE-2019-10119 (eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices
before 3.43 ...)
- TODO: check
+ NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices
CVE-2019-10118 (Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta
values and ...)
NOT-FOR-US: Snipe-IT
CVE-2019-10117 (An Open Redirect issue was discovered in GitLab Community and
Enterpri ...)
@@ -21676,7 +21676,7 @@ CVE-2019-5223
CVE-2019-5222
RESERVED
CVE-2019-5221 (There is a path traversal vulnerability on Huawei Share. The
software ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5220 (There is a Factory Reset Protection (FRP) bypass vulnerability
on seve ...)
TODO: check
CVE-2019-5219 (There is a double free vulnerability on certain drivers of
Huawei Mate ...)
@@ -31169,7 +31169,7 @@ CVE-2019-1875 (A vulnerability in the web-based
management interface of Cisco Pr
CVE-2019-1874 (A vulnerability in the web-based management interface of Cisco
Prime S ...)
NOT-FOR-US: Cisco
CVE-2019-1873 (A vulnerability in the cryptographic driver for Cisco Adaptive
Securit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1872 (A vulnerability in Cisco TelePresence Video Communication
Server (VCS) ...)
NOT-FOR-US: Cisco
CVE-2019-1871
@@ -35348,23 +35348,23 @@ CVE-2019-0328
CVE-2019-0327
RESERVED
CVE-2019-0326 (SAP BusinessObjects Business Intelligence Platform (BI
Workspace) (Ent ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0325 (SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary
author ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0324
RESERVED
CVE-2019-0323
RESERVED
CVE-2019-0322 (SAP Commerce Cloud (previously known as SAP Hybris Commerce),
(HY_COM, ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0321 (ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4,
7.5, d ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0320
RESERVED
CVE-2019-0319 (The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an
attacker ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0318 (Under certain conditions SAP NetWeaver Application Server for
Java (St ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0317
RESERVED
CVE-2019-0316 (SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20,
SAP_XITO ...)
@@ -35438,7 +35438,7 @@ CVE-2019-0283 (SAP NetWeaver Process Integration
(Adapter Engine), fixed in vers
CVE-2019-0282 (Several web pages in SAP NetWeaver Process Integration (Runtime
Workbe ...)
NOT-FOR-US: SAP
CVE-2019-0281 (SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25,
1.60.6 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0280 (SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04,
6.05, 6. ...)
NOT-FOR-US: SAP
CVE-2019-0279 (ABAP BASIS function modules INST_CREATE_R3_RFC_DEST,
INST_CREATE_TCPIP ...)
@@ -48151,7 +48151,7 @@ CVE-2018-14833 (Intuit Lacerte 2017 has Incorrect
Access Control. ...)
CVE-2018-14832
RESERVED
CVE-2018-14831 (An arbitrary file read vulnerability in DamiCMS v6.0.0 allows
remote a ...)
- TODO: check
+ NOT-FOR-US: DamiCMS
CVE-2018-14830
RESERVED
CVE-2018-14829 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior.
This vu ...)
@@ -49286,11 +49286,11 @@ CVE-2018-14498 (get_8bit_row in rdbmp.c in
libjpeg-turbo through 1.5.90 and MozJ
CVE-2018-14497 (Tenda D152 ADSL routers allow XSS via a crafted SSID. ...)
NOT-FOR-US: Tenda D152 ADSL routers
CVE-2018-14496 (Vivotek FD8136 devices allow remote memory corruption and
remote code ...)
- TODO: check
+ NOT-FOR-US: Vivotek FD8136 devices
CVE-2018-14495 (Vivotek FD8136 devices allow Remote Command Injection, aka
"another co ...)
- TODO: check
+ NOT-FOR-US: Vivotek FD8136 devices
CVE-2018-14494 (Vivotek FD8136 devices allow Remote Command Injection, related
to Busy ...)
- TODO: check
+ NOT-FOR-US: Vivotek FD8136 devices
CVE-2018-14493 (Cross-site scripting (XSS) vulnerability in the Groups Page in
Open-Au ...)
NOT-FOR-US: Open-Audit Community
CVE-2018-14492 (Tenda AC7 through V15.03.06.44_CN, AC9 through
V15.03.05.19(6318)_CN, ...)
@@ -53907,19 +53907,19 @@ CVE-2018-12630 (NEWMARK (aka New Mark) NMCMS 2.1
allows SQL Injection via the se
CVE-2018-12629
RESERVED
CVE-2018-12628 (An issue was discovered in Eventum 3.5.0. CSRF in
htdocs/manage/users. ...)
- TODO: check
+ NOT-FOR-US: Eventum
CVE-2018-12627 (An issue was discovered in Eventum 3.5.0. /htdocs/list.php has
XSS via ...)
- TODO: check
+ NOT-FOR-US: Eventum
CVE-2018-12626 (An issue was discovered in Eventum 3.5.0. /htdocs/popup.php
has XSS vi ...)
- TODO: check
+ NOT-FOR-US: Eventum
CVE-2018-12625 (An issue was discovered in Eventum 3.5.0. /htdocs/validate.php
has XSS ...)
- TODO: check
+ NOT-FOR-US: Eventum
CVE-2018-12624 (An issue was discovered in Eventum 3.5.0.
/htdocs/post_note.php has XS ...)
NOT-FOR-US: Eventum
CVE-2018-12623 (An issue was discovered in Eventum 3.5.0. htdocs/switch.php
has XSS vi ...)
- TODO: check
+ NOT-FOR-US: Eventum
CVE-2018-12622 (An issue was discovered in Eventum 3.5.0.
htdocs/ajax/update.php has X ...)
- TODO: check
+ NOT-FOR-US: Eventum
CVE-2018-12621 (An issue was discovered in Eventum 3.5.0. /htdocs/switch.php
has an Op ...)
NOT-FOR-US: Eventum
CVE-2018-12620
@@ -56544,7 +56544,7 @@ CVE-2018-11736 (An issue was discovered in Pluck before
4.7.7-dev2. /data/inc/im
CVE-2018-11735 (index.php?action=createaccount in Ximdex 4.0 has XSS via the
sname or ...)
NOT-FOR-US: Ximdex
CVE-2018-11734 (In e107 v2.1.7, output without filtering results in XSS. ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2018-11733
RESERVED
CVE-2018-11732
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ab47b177455ac10aa55c1c1f1ab5e1040c90626
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8ab47b177455ac10aa55c1c1f1ab5e1040c90626
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
