Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f40503be by Salvatore Bonaccorso at 2019-11-26T20:38:14Z
Replace occurences of NFU for Centreon web UI with the ITP entry
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7536,7 +7536,7 @@ CVE-2019-17503 (An issue was discovered in Kirona Dynamic
Resource Scheduling (D
CVE-2019-17502 (Hydra through 0.1.8 has a NULL pointer dereference and daemon
crash wh ...)
NOT-FOR-US: Hydra (different from src:hydra)
CVE-2019-17501 (Centreon 19.04 allows attackers to execute arbitrary OS
commands via t ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2019-17500
RESERVED
CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on
Compal CH7 ...)
@@ -8474,27 +8474,27 @@ CVE-2019-17109 (Koji through 1.18.0 allows remote
Directory Traversal, with resu
NOTE: https://docs.pagure.org/koji/CVE-2019-17109/
NOTE: https://pagure.io/koji/issue/1634
CVE-2019-17108 (Local file inclusion in brokerPerformance.php in Centreon Web
before 2 ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2019-17107 (minPlayCommand.php in Centreon Web before 2.8.27 allows
authenticated ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2019-17106 (In Centreon Web through 2.8.29, disclosure of external
components' pas ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2019-17105 (The token generator in index.php in Centreon Web before 2.8.27
is pred ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2019-17104 (In Centreon VM through 19.04.3, the cookie configuration
within the Ap ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-21025 (In Centreon VM through 19.04.3, centreon-backup.pl allows
attackers to ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-21024 (licenseUpload.php in Centreon Web before 2.8.27 allows
attackers to up ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-21023 (getStats.php in Centreon Web before 2.8.28 allows
authenticated attack ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-21022 (makeXML_ListServices.php in Centreon Web before 2.8.28 allows
attacker ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-21021 (img_gantt.php in Centreon Web before 2.8.27 allows attackers
to perfor ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-21020 (In very rare cases, a PHP type juggling vulnerability in
centreonAuth. ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2019-17103
RESERVED
CVE-2019-17102
@@ -10253,9 +10253,9 @@ CVE-2019-16408
CVE-2019-16407 (JetBrains ReSharper installers for versions before 2019.2 had
a DLL Hi ...)
NOT-FOR-US: JetBrains ReSharper installer
CVE-2019-16406 (Centreon Web 19.04.4 has weak permissions within the OVA (aka
VMware v ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2019-16405 (Centreon Web 19.04.4 allows Remote Code Execution by an
administrator ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2019-16404 (Authenticated SQL Injection in
interface/forms/eye_mag/js/eye_base.php ...)
NOT-FOR-US: OpenEMR
CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for
customers to c ...)
@@ -11003,7 +11003,7 @@ CVE-2019-16196
CVE-2019-16195 (Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before
19.04.5 a ...)
- centreon-web <itp> (bug #913903)
CVE-2019-16194 (SQL injection vulnerabilities in Centreon through 19.04 allow
attacks ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be
used to t ...)
NOT-FOR-US: ArcGIS Enterprise
CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php
in DocCms ...)
@@ -21583,7 +21583,7 @@ CVE-2019-13026 (OXID eShop 6.0.x before 6.0.5 and 6.1.x
before 6.1.4 allows SQL
CVE-2019-13025 (Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have
Incorre ...)
NOT-FOR-US: Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices
CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and
Centreon web be ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2019-13023
RESERVED
CVE-2019-13022
@@ -58417,9 +58417,9 @@ CVE-2018-19314
CVE-2018-19313
RESERVED
CVE-2018-19312 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web
2.8.24) all ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-19311 (Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the
Service ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-19310
RESERVED
CVE-2018-19309
@@ -58483,9 +58483,9 @@ CVE-2018-19283
CVE-2018-19282 (Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier
allow re ...)
NOT-FOR-US: Rockwell Automation
CVE-2018-19281 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web
2.8.27) all ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-19280 (Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the
resource na ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-19279 (PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks
the plain ...)
NOT-FOR-US: PRIMX ZoneCentral
CVE-2018-19278 (Buffer overflow in DNS SRV and NAPTR lookups in Digium
Asterisk 15.x b ...)
@@ -58696,7 +58696,7 @@ CVE-2018-19273
CVE-2018-19272
RESERVED
CVE-2018-19271 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web
2.8.28) all ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-19270
REJECTED
CVE-2019-0185 (Insufficient access control in protected memory subsystem for
SMM for ...)
@@ -79274,11 +79274,11 @@ CVE-2018-11591 (Espruino before 1.98 allows attackers
to cause a denial of servi
CVE-2018-11590 (Espruino before 1.99 allows attackers to cause a denial of
service (ap ...)
NOT-FOR-US: Espruino
CVE-2018-11589 (Multiple SQL injection vulnerabilities in Centreon 3.4.6
including Cen ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-11588 (Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to
an authe ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-11587 (There is Remote Code Execution in Centreon 3.4.6 including
Centreon We ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2018-11586 (XML external entity (XXE) vulnerability in api/rest/status in
SearchBl ...)
NOT-FOR-US: SearchBlox
CVE-2018-11585
@@ -197364,7 +197364,7 @@ CVE-2015-7676 (Ipswitch MOVEit File Transfer
(formerly DMZ) 8.1 and earlier, whe
CVE-2015-7675 (The "Send as attachment" feature in Ipswitch MOVEit DMZ before
8.2 and ...)
NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7672 (Cross-site scripting (XSS) vulnerability in Centreon 2.6.1
(fixed in C ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2014-9751 (The read_network_packet function in ntp_io.c in ntpd in NTP 4.x
before ...)
{DSA-3154-1 DLA-149-1}
- ntp 1:4.2.6.p5+dfsg-4
@@ -214937,9 +214937,9 @@ CVE-2015-1564 (Cross-site scripting (XSS)
vulnerability in style-underground/sea
CVE-2015-1562 (Multiple cross-site scripting (XSS) vulnerabilities in Saurus
CMS 4.7. ...)
NOT-FOR-US: Saurus CMS
CVE-2015-1561 (The escape_command function in
include/Administration/corePerformance/ ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2015-1560 (SQL injection vulnerability in the isUserAdmin function in
include/com ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2015-1559 (Multiple cross-site request forgery (CSRF) vulnerabilities in
administ ...)
NOT-FOR-US: Epignosis eFront
CVE-2015-1557
@@ -234605,9 +234605,9 @@ CVE-2014-3831
CVE-2014-3830 (Cross-site scripting (XSS) vulnerability in info.php in
TomatoCart 1.1 ...)
NOT-FOR-US: TomatoCart
CVE-2014-3829 (displayServiceStatus.php in Centreon 2.5.1 and Centreon
Enterprise Ser ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and
Centreon ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2014-3827
RESERVED
CVE-2014-3826
@@ -266232,7 +266232,7 @@ CVE-2012-5969 (Multiple directory traversal
vulnerabilities on the Huawei E585 d
CVE-2012-5968 (The Huawei E585 device does not validate the status of admin
sessions, ...)
NOT-FOR-US: Huawei device
CVE-2012-5967 (SQL injection vulnerability in menuXML.php in Centreon 2.3.3
through 2 ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2012-5966 (The restricted telnet shell on the D-Link DSL2730U router
allows remot ...)
NOT-FOR-US: D-Link DSL2730U router
CVE-2012-5965 (Stack-based buffer overflow in the unique_service_name function
in ssd ...)
@@ -306223,7 +306223,7 @@ CVE-2010-1303 (Multiple cross-site scripting (XSS)
vulnerabilities in the Taxono
CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the
DecryptWeb DW ...)
NOT-FOR-US: Joomla!
CVE-2010-1301 (SQL injection vulnerability in main.php in Centreon 2.1.5
allows remot ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2010-1300 (SQL injection vulnerability in index.php in Yamamah (aka Dove
Photo Al ...)
NOT-FOR-US: Yamamah
CVE-2010-1299 (Multiple PHP remote file inclusion vulnerabilities in DynPG CMS
4.1.0, ...)
@@ -310502,7 +310502,7 @@ CVE-2009-4369 (Cross-site scripting (XSS)
vulnerability in the Contact module (m
- drupal5 5.21-1 (low)
[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4
have unk ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2009-4367 (The Staging Webservice ("sitecore
modules/staging/service/api.asmx") i ...)
NOT-FOR-US: Sitecore Staging Module
CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in
ScriptsEz Ez ...)
@@ -336990,9 +336990,9 @@ CVE-2008-1181 (Juniper Networks Secure Access 2000
5.5 R1 (build 11711) allows r
CVE-2008-1180 (Cross-site scripting (XSS) vulnerability in
dana-na/auth/rdremediate.c ...)
NOT-FOR-US: Juniper
CVE-2008-1179 (Multiple cross-site scripting (XSS) vulnerabilities in
include/common/ ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2008-1178 (Directory traversal vulnerability in include/doc/index.php in
Centreon ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2008-1177 (SQL injection vulnerability in shop/detail.php in Affiliate
Market (af ...)
NOT-FOR-US: Affiliate Market
CVE-2008-1176 (Cross-site scripting (XSS) vulnerability in
function/sideblock.php in ...)
@@ -337165,7 +337165,7 @@ CVE-2008-1121 (SQL injection vulnerability in
index.php in eazyPortal 1.0 and ea
CVE-2008-1120 (Format string vulnerability in the embedded Internet Explorer
componen ...)
NOT-FOR-US: ICQ
CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php
in Cent ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X,
does no ...)
NOT-FOR-US: Timbuktu Pro
CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes
or ins ...)
@@ -340208,7 +340208,7 @@ CVE-2007-6487 (Unspecified vulnerability in Plain
Black WebGUI 7.4.0 through 7.4
CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in
shout.php (aka ...)
NOT-FOR-US: LineShout
CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon
1.4.1 ( ...)
- NOT-FOR-US: Centreon web UI (not packaged in Debian)
+ - centreon-web <itp> (bug #913903)
CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows
remote a ...)
NOT-FOR-US: phpRPG
CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel
Protection Serve ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f40503bee9346bb6ada8f1e4ca8e1beed8c5bed4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f40503bee9346bb6ada8f1e4ca8e1beed8c5bed4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
