Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f40503be by Salvatore Bonaccorso at 2019-11-26T20:38:14Z Replace occurences of NFU for Centreon web UI with the ITP entry - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -7536,7 +7536,7 @@ CVE-2019-17503 (An issue was discovered in Kirona Dynamic Resource Scheduling (D CVE-2019-17502 (Hydra through 0.1.8 has a NULL pointer dereference and daemon crash wh ...) NOT-FOR-US: Hydra (different from src:hydra) CVE-2019-17501 (Centreon 19.04 allows attackers to execute arbitrary OS commands via t ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2019-17500 RESERVED CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on Compal CH7 ...) @@ -8474,27 +8474,27 @@ CVE-2019-17109 (Koji through 1.18.0 allows remote Directory Traversal, with resu NOTE: https://docs.pagure.org/koji/CVE-2019-17109/ NOTE: https://pagure.io/koji/issue/1634 CVE-2019-17108 (Local file inclusion in brokerPerformance.php in Centreon Web before 2 ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2019-17107 (minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2019-17106 (In Centreon Web through 2.8.29, disclosure of external components' pas ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2019-17105 (The token generator in index.php in Centreon Web before 2.8.27 is pred ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2019-17104 (In Centreon VM through 19.04.3, the cookie configuration within the Ap ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-21025 (In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-21024 (licenseUpload.php in Centreon Web before 2.8.27 allows attackers to up ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-21023 (getStats.php in Centreon Web before 2.8.28 allows authenticated attack ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-21022 (makeXML_ListServices.php in Centreon Web before 2.8.28 allows attacker ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-21021 (img_gantt.php in Centreon Web before 2.8.27 allows attackers to perfor ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-21020 (In very rare cases, a PHP type juggling vulnerability in centreonAuth. ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2019-17103 RESERVED CVE-2019-17102 @@ -10253,9 +10253,9 @@ CVE-2019-16408 CVE-2019-16407 (JetBrains ReSharper installers for versions before 2019.2 had a DLL Hi ...) NOT-FOR-US: JetBrains ReSharper installer CVE-2019-16406 (Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware v ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2019-16405 (Centreon Web 19.04.4 allows Remote Code Execution by an administrator ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2019-16404 (Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php ...) NOT-FOR-US: OpenEMR CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for customers to c ...) @@ -11003,7 +11003,7 @@ CVE-2019-16196 CVE-2019-16195 (Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 a ...) - centreon-web <itp> (bug #913903) CVE-2019-16194 (SQL injection vulnerabilities in Centreon through 19.04 allow attacks ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to t ...) NOT-FOR-US: ArcGIS Enterprise CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php in DocCms ...) @@ -21583,7 +21583,7 @@ CVE-2019-13026 (OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL CVE-2019-13025 (Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorre ...) NOT-FOR-US: Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web be ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2019-13023 RESERVED CVE-2019-13022 @@ -58417,9 +58417,9 @@ CVE-2018-19314 CVE-2018-19313 RESERVED CVE-2018-19312 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) all ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-19311 (Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-19310 RESERVED CVE-2018-19309 @@ -58483,9 +58483,9 @@ CVE-2018-19283 CVE-2018-19282 (Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow re ...) NOT-FOR-US: Rockwell Automation CVE-2018-19281 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) all ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-19280 (Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource na ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-19279 (PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plain ...) NOT-FOR-US: PRIMX ZoneCentral CVE-2018-19278 (Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x b ...) @@ -58696,7 +58696,7 @@ CVE-2018-19273 CVE-2018-19272 RESERVED CVE-2018-19271 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) all ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-19270 REJECTED CVE-2019-0185 (Insufficient access control in protected memory subsystem for SMM for ...) @@ -79274,11 +79274,11 @@ CVE-2018-11591 (Espruino before 1.98 allows attackers to cause a denial of servi CVE-2018-11590 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...) NOT-FOR-US: Espruino CVE-2018-11589 (Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Cen ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-11588 (Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authe ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-11587 (There is Remote Code Execution in Centreon 3.4.6 including Centreon We ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2018-11586 (XML external entity (XXE) vulnerability in api/rest/status in SearchBl ...) NOT-FOR-US: SearchBlox CVE-2018-11585 @@ -197364,7 +197364,7 @@ CVE-2015-7676 (Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, whe CVE-2015-7675 (The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and ...) NOT-FOR-US: MOVEit File Transfer web- and mobile application CVE-2015-7672 (Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in C ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2014-9751 (The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ...) {DSA-3154-1 DLA-149-1} - ntp 1:4.2.6.p5+dfsg-4 @@ -214937,9 +214937,9 @@ CVE-2015-1564 (Cross-site scripting (XSS) vulnerability in style-underground/sea CVE-2015-1562 (Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7. ...) NOT-FOR-US: Saurus CMS CVE-2015-1561 (The escape_command function in include/Administration/corePerformance/ ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2015-1560 (SQL injection vulnerability in the isUserAdmin function in include/com ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2015-1559 (Multiple cross-site request forgery (CSRF) vulnerabilities in administ ...) NOT-FOR-US: Epignosis eFront CVE-2015-1557 @@ -234605,9 +234605,9 @@ CVE-2014-3831 CVE-2014-3830 (Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1 ...) NOT-FOR-US: TomatoCart CVE-2014-3829 (displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Ser ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2014-3827 RESERVED CVE-2014-3826 @@ -266232,7 +266232,7 @@ CVE-2012-5969 (Multiple directory traversal vulnerabilities on the Huawei E585 d CVE-2012-5968 (The Huawei E585 device does not validate the status of admin sessions, ...) NOT-FOR-US: Huawei device CVE-2012-5967 (SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2 ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2012-5966 (The restricted telnet shell on the D-Link DSL2730U router allows remot ...) NOT-FOR-US: D-Link DSL2730U router CVE-2012-5965 (Stack-based buffer overflow in the unique_service_name function in ssd ...) @@ -306223,7 +306223,7 @@ CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxono CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW ...) NOT-FOR-US: Joomla! CVE-2010-1301 (SQL injection vulnerability in main.php in Centreon 2.1.5 allows remot ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2010-1300 (SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Al ...) NOT-FOR-US: Yamamah CVE-2010-1299 (Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, ...) @@ -310502,7 +310502,7 @@ CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module (m - drupal5 5.21-1 (low) [lenny] - drupal5 <no-dsa> (Minor issue, requires auth) CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unk ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2009-4367 (The Staging Webservice ("sitecore modules/staging/service/api.asmx") i ...) NOT-FOR-US: Sitecore Staging Module CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...) @@ -336990,9 +336990,9 @@ CVE-2008-1181 (Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows r CVE-2008-1180 (Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.c ...) NOT-FOR-US: Juniper CVE-2008-1179 (Multiple cross-site scripting (XSS) vulnerabilities in include/common/ ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2008-1178 (Directory traversal vulnerability in include/doc/index.php in Centreon ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2008-1177 (SQL injection vulnerability in shop/detail.php in Affiliate Market (af ...) NOT-FOR-US: Affiliate Market CVE-2008-1176 (Cross-site scripting (XSS) vulnerability in function/sideblock.php in ...) @@ -337165,7 +337165,7 @@ CVE-2008-1121 (SQL injection vulnerability in index.php in eazyPortal 1.0 and ea CVE-2008-1120 (Format string vulnerability in the embedded Internet Explorer componen ...) NOT-FOR-US: ICQ CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php in Cent ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does no ...) NOT-FOR-US: Timbuktu Pro CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes or ins ...) @@ -340208,7 +340208,7 @@ CVE-2007-6487 (Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4 CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka ...) NOT-FOR-US: LineShout CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 ( ...) - NOT-FOR-US: Centreon web UI (not packaged in Debian) + - centreon-web <itp> (bug #913903) CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows remote a ...) NOT-FOR-US: phpRPG CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel Protection Serve ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f40503bee9346bb6ada8f1e4ca8e1beed8c5bed4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f40503bee9346bb6ada8f1e4ca8e1beed8c5bed4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits