Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d45575b2 by Salvatore Bonaccorso at 2020-02-21T11:33:17+01:00
Process some NFUs
- - - - -
0e4e851c by Salvatore Bonaccorso at 2020-02-21T11:33:18+01:00
Add CVE-2014-8739/libjs-jquery-file-upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30220,17 +30220,17 @@ CVE-2019-16304
CVE-2019-16303 (A class generated by the Generator in JHipster before 6.3.0
and JHipst ...)
NOT-FOR-US: JHipster
CVE-2019-16302 (An issue was discovered in Open Network Operating System
(ONOS) 1.14. ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-16301 (An issue was discovered in Open Network Operating System
(ONOS) 1.14. ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-16300 (An issue was discovered in Open Network Operating System
(ONOS) 1.14. ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-16299 (An issue was discovered in Open Network Operating System
(ONOS) 1.14. ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-16298 (An issue was discovered in Open Network Operating System
(ONOS) 1.14. ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-16297 (An issue was discovered in Open Network Operating System
(ONOS) 1.14. ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-16296
RESERVED
CVE-2019-16295 (Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka
CWP) CentOS ...)
@@ -46854,7 +46854,7 @@ CVE-2019-11193 (The FileManager in InfinitumIT
DirectAdmin through v1.561 has XS
CVE-2019-11192
RESERVED
CVE-2019-11189 (Authentication Bypass by Spoofing in org.onosproject.acl
(access contr ...)
- TODO: check
+ NOT-FOR-US: Open Network Operating System (ONOS)
CVE-2019-11191 (** DISPUTED ** The Linux kernel through 5.0.7, when
CONFIG_IA32_AOUT i ...)
- linux <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
@@ -61237,7 +61237,7 @@ CVE-2019-6197
CVE-2019-6196
RESERVED
CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller
(XCC) ver ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was
reported in ...)
NOT-FOR-US: Lenovo
CVE-2019-6193 (An information disclosure vulnerability was reported in Lenovo
XClarit ...)
@@ -73390,7 +73390,7 @@ CVE-2019-1952 (A vulnerability in the CLI of Cisco
Enterprise NFV Infrastructure
CVE-2019-1951 (A vulnerability in the packet filtering features of Cisco
SD-WAN Solut ...)
NOT-FOR-US: Cisco
CVE-2019-1950 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an
unauthe ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco
Firepow ...)
NOT-FOR-US: Cisco
CVE-2019-1948 (A vulnerability in Cisco Webex Meetings Mobile (iOS) could
allow an un ...)
@@ -85147,7 +85147,7 @@ CVE-2018-16996
CVE-2018-16995
RESERVED
CVE-2018-16994 (An issue was discovered on PHOENIX CONTACT AXL F BK PN
<=1.0.4, AXL ...)
- TODO: check
+ NOT-FOR-US: PHOENIX CONTACT AXL
CVE-2018-16993
RESERVED
CVE-2018-16992
@@ -120972,7 +120972,7 @@ CVE-2018-3989 (An exploitable kernel memory
disclosure vulnerability exists in t
CVE-2018-3988 (Signal Messenger for Android 4.24.8 may expose private
information whe ...)
NOT-FOR-US: Signal Messenger
CVE-2018-3987 (An exploitable information disclosure vulnerability exists in
the 'Sec ...)
- TODO: check
+ NOT-FOR-US: Rakuten Viber on Android
CVE-2018-3986 (An exploitable information disclosure vulnerability exists in
the "Sec ...)
NOT-FOR-US: Telegram Android
CVE-2018-3985 (An exploitable double free vulnerability exists in the mdnscap
binary ...)
@@ -237137,17 +237137,17 @@ CVE-2014-9619 (Unrestricted file upload
vulnerability in webadmin/ajaxfilemanage
CVE-2014-9618 (The Client Filter Admin portal in Netsweeper before 3.1.10,
4.0.x befo ...)
NOT-FOR-US: Netsweeper
CVE-2014-9617 (Open redirect vulnerability in remotereporter/load_logfiles.php
in Net ...)
- TODO: check
+ NOT-FOR-US: Netsweeper
CVE-2014-9616 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before
4.1.2 a ...)
NOT-FOR-US: Netsweeper
CVE-2014-9615 (Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4
allows re ...)
- TODO: check
+ NOT-FOR-US: Netsweeper
CVE-2014-9614 (The Web Panel in Netsweeper before 4.0.5 has a default password
of bra ...)
- TODO: check
+ NOT-FOR-US: Netsweeper
CVE-2014-9613 (Multiple SQL injection vulnerabilities in Netsweeper before
2.6.29.10 ...)
- TODO: check
+ NOT-FOR-US: Netsweeper
CVE-2014-9612 (SQL injection vulnerability in remotereporter/load_logfiles.php
in Net ...)
- TODO: check
+ NOT-FOR-US: Netsweeper
CVE-2014-9611 (Netsweeper before 4.0.5 allows remote attackers to bypass
authenticati ...)
NOT-FOR-US: Netsweeper
CVE-2014-9610 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before
4.1.2 a ...)
@@ -242598,7 +242598,8 @@ CVE-2014-8741 (Directory traversal vulnerability in
the GfdFileUploadServerlet s
CVE-2014-8740
RESERVED
CVE-2014-8739 (Unrestricted file upload vulnerability in
server/php/UploadHandler.php ...)
- TODO: check
+ - libjs-jquery-file-upload <undetermined>
+ TODO: check, might be considered only as specific use in WordPress and
Joomla?
CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows
remote a ...)
NOT-FOR-US: Drupal module Open Atrium Core
CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x
before 7 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b74ebbc2bfd46def03c495391307c0baa079b32...0e4e851c30689a093912b2caf7fcf0726c546523
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b74ebbc2bfd46def03c495391307c0baa079b32...0e4e851c30689a093912b2caf7fcf0726c546523
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
