Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 962dac95 by Salvatore Bonaccorso at 2019-08-07T21:08:20Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5,21 +5,21 @@ CVE-2019-14752 CVE-2019-14751 RESERVED CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) - TODO: check + NOT-FOR-US: osTicket CVE-2019-14749 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) - TODO: check + NOT-FOR-US: osTicket CVE-2019-14748 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) - TODO: check + NOT-FOR-US: osTicket CVE-2019-14747 (DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-de ...) TODO: check CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by ...) - TODO: check + NOT-FOR-US: KuaiFanCMS CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exists in b ...) TODO: check CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...) TODO: check CVE-2019-14743 (** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, H ...) - TODO: check + NOT-FOR-US: Valve Steam Client for Windows CVE-2019-14742 RESERVED CVE-2019-14741 @@ -208,9 +208,9 @@ CVE-2018-20961 (In the Linux kernel before 4.16.4, a double free vulnerability i CVE-2018-20960 RESERVED CVE-2018-20959 (Jura E8 devices lack Bluetooth connection security. ...) - TODO: check + NOT-FOR-US: Jura E8 devices CVE-2018-20958 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...) - TODO: check + NOT-FOR-US: Tapplock devices CVE-2018-20957 RESERVED CVE-2018-20956 @@ -490,11 +490,11 @@ CVE-2019-14537 (YOURLS through 1.7.3 is affected by a type juggling vulnerabilit CVE-2019-14536 RESERVED CVE-2017-18483 (ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a ...) - TODO: check + NOT-FOR-US: ANNKE SP1 HD wireless camera devices CVE-2016-10862 RESERVED CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settin ...) - TODO: check + NOT-FOR-US: Neet AirStream NAS1.1 devices CVE-2019-14535 RESERVED CVE-2019-14534 @@ -647,7 +647,7 @@ CVE-2019-14476 CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use s ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in ...) - TODO: check + NOT-FOR-US: eQ-3 Homematic CCU3 CVE-2019-14473 (eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but la ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. ...) @@ -1177,35 +1177,35 @@ CVE-2016-10814 (cPanel before 57.9999.54 allows demo-mode escape via show_templa CVE-2016-10813 (cPanel before 57.9999.54 allows self XSS during ftp account creation u ...) NOT-FOR-US: cPanel CVE-2016-10812 (In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs ( ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10811 (In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC- ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10810 (In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10809 (In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10808 (In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop expos ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10807 (cPanel before 57.9999.54 allows certain denial-of-service outcomes via ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10806 (cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10805 (cPanel before 57.9999.54 allows demo accounts to execute arbitrary cod ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10804 (The SQLite journal feature in cPanel before 57.9999.54 allows arbitrar ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10803 (cPanel before 57.9999.105 allows newline injection via LOC records (CP ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10802 (cPanel before 58.0.4 allows code execution in the context of other use ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10801 (cPanel before 58.0.4 has improper session handling for shared users (S ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10800 (cPanel before 58.0.4 allows demo-mode escape via Site Templates and Bo ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10799 (cPanel before 58.0.4 does not set the Pear tmp directory during a PHP ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10798 (cPanel before 58.0.4 allows a file-ownership change (to nobody) via re ...) - TODO: check + NOT-FOR-US: cPanel CVE-2016-10797 (cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certifica ...) NOT-FOR-US: cPanel CVE-2016-10796 (cPanel before 58.0.4 initially uses weak permissions for Apache HTTP S ...) @@ -1333,7 +1333,7 @@ CVE-2019-14433 [Nova Server Resource Faults Leak External Exception Details] NOTE: https://security.openstack.org/ossa/OSSA-2019-003.html NOTE: https://launchpad.net/bugs/1837877 CVE-2019-14432 (Incorrect authentication of application WebSocket connections in Loom ...) - TODO: check + NOT-FOR-US: Loom Desktop for Mac CVE-2019-14431 (In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles ...) - matrixssl <removed> CVE-2019-14430 @@ -9348,7 +9348,7 @@ CVE-2019-11655 CVE-2019-11654 RESERVED CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions ...) - TODO: check + NOT-FOR-US: Micro Focus CVE-2019-11652 RESERVED CVE-2019-11651 @@ -13425,7 +13425,7 @@ CVE-2016-10749 (parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer CVE-2016-10744 (In Select2 through 4.0.5, as used in Snipe-IT and other products, rich ...) NOT-FOR-US: Snipe-IT CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write user dat ...) - TODO: check + NOT-FOR-US: Apache Spark CVE-2019-10098 RESERVED CVE-2019-10097 @@ -36123,11 +36123,11 @@ CVE-2019-1916 CVE-2019-1915 RESERVED CVE-2019-1914 (A vulnerability in the web management interface of Cisco Small Busines ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-1913 (Multiple vulnerabilities in the web management interface of Cisco Smal ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-1912 (A vulnerability in the web management interface of Cisco Small Busines ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-1911 (A vulnerability in the CLI of Cisco Unified Communications Domain Mana ...) NOT-FOR-US: Cisco CVE-2019-1910 @@ -54641,7 +54641,7 @@ CVE-2018-14385 CVE-2018-14384 RESERVED CVE-2018-14383 (The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows ...) - TODO: check + NOT-FOR-US: Transition Technologies "The Scheduler" app for Jira CVE-2018-14382 (InstantCMS 2.10.1 has /redirect?url= XSS. ...) NOT-FOR-US: InstantCMS CVE-2018-14381 (Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulner ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/962dac955ed729d63dc6f1eb58e87f0317da9207 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/962dac955ed729d63dc6f1eb58e87f0317da9207 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits