Skip to content
Commits on Source (3)
Show whitespace changes
Inline Side-by-side
data/CVE/list
View file @ 24a33ed2
......@@ -207,7 +207,7 @@ CVE-2019-11596 (In memcached before 1.5.14, a NULL pointer dereference was found
NOTE: https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02
NOTE: https://github.com/memcached/memcached/issues/474
CVE-2019-11595 (In uBlock before 0.9.5.15, the $rewrite filter option allows filter-li ...)
TODO: check
NOT-FOR-US: uBlock
CVE-2019-11594 (In AdBlock before 3.45.0, the $rewrite filter option allows filter-lis ...)
NOT-FOR-US: AdBlock
CVE-2019-11593 (In Adblock Plus before 3.5.2, the $rewrite filter option allows filter ...)
......@@ -235,7 +235,7 @@ CVE-2019-11581
CVE-2019-11580
RESERVED
CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. ...)
TODO: check
NOT-FOR-US: esoTalk
CVE-2019-11591 (The WebDorado Contact Form plugin before 1.13.5 for WordPress allows C ...)
NOT-FOR-US: WordPress plugin contact-form-maker
CVE-2019-11590 (The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF vi ...)
......@@ -1176,7 +1176,7 @@ CVE-2019-11195
CVE-2019-11194
RESERVED
CVE-2019-11193 (The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via ...)
TODO: check
NOT-FOR-US: DirectAdmin
CVE-2019-11192
RESERVED
CVE-2019-11189
......@@ -1855,7 +1855,6 @@ CVE-2019-10906 (In Pallets Jinja before 2.10.1, str.format_map allows a sandbox
[jessie] - jinja2 <no-dsa> (Minor issue)
NOTE: https://palletsprojects.com/blog/jinja-2-10-1-released/
NOTE: https://github.com/pallets/jinja/commit/a2a6c930bcca591a25d2b316fcfd2d6793897b26
NOTE: https://lists.debian.org/debian-lts/2019/04/msg00107.html
CVE-2019-10905 (Parsedown before 1.7.2, when safe mode is used and HTML markup is disa ...)
NOT-FOR-US: Parsedown
CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and r ...)
......@@ -3340,7 +3339,7 @@ CVE-2019-10274
CVE-2019-10273 (Information leakage vulnerability in the /mc login page in ManageEngin ...)
NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2019-10272 (An issue was discovered in Weaver e-cology 9.0. There is a CRLF Inject ...)
TODO: check
NOT-FOR-US: Weaver e-cology
CVE-2019-10271
RESERVED
CVE-2019-10270
......@@ -13322,7 +13321,7 @@ CVE-2019-6496 (The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, mode
CVE-2019-6495
RESERVED
CVE-2019-6494 (IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privilege ...)
TODO: check
NOT-FOR-US: IObit Malware Fighter
CVE-2019-6493 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
NOT-FOR-US: IObit Smart Defrag
CVE-2019-6492 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...)
......@@ -20122,13 +20121,13 @@ CVE-2019-3565
CVE-2019-3564
RESERVED
CVE-2019-3563 (Wangle's LineBasedFrameDecoder contains logic for identifying newlines ...)
TODO: check
NOT-FOR-US: Facebook Wangle
CVE-2019-3562 (A remote web page could inject arbitrary HTML code into the Oculus Bro ...)
TODO: check
NOT-FOR-US: Oculus Browser UI
CVE-2019-3561 (Insufficient boundary checks for the strrpos and strripos functions al ...)
- hhvm <removed>
CVE-2019-3560 (An improperly performed length calculation on a buffer in PlaintextRec ...)
TODO: check
NOT-FOR-US: Fizz
CVE-2019-3559
RESERVED
CVE-2019-3558
......@@ -21866,7 +21865,7 @@ CVE-2018-20241 (The Edit upload resource for a review in Atlassian Fisheye and C
CVE-2018-20240 (The administrative linker functionality in Atlassian Fisheye and Cruci ...)
NOT-FOR-US: Atlassian
CVE-2018-20239 (Application Links before version 5.0.11, from version 5.1.0 before 5.2 ...)
TODO: check
NOT-FOR-US: Atlassian
CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 and fro ...)
NOT-FOR-US: Atlassian
CVE-2018-20237 (Atlassian Confluence Server and Data Center before version 6.13.1 allo ...)
......@@ -41974,11 +41973,11 @@ CVE-2018-15209 (ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9
NOTE: Upstream fix 1/2: https://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8
NOTE: Upstream fix 2/2: https://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be
CVE-2018-15208 (BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. ...)
TODO: check
NOT-FOR-US: BPC SmartVista
CVE-2018-15207 (BPC SmartVista 2 has Improper Access Control in the SVFE module, where ...)
TODO: check
NOT-FOR-US: BPC SmartVista
CVE-2018-15206 (BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.js ...)
TODO: check
NOT-FOR-US: BPC SmartVista
CVE-2018-15205
RESERVED
CVE-2018-15204
......@@ -60978,7 +60977,8 @@ CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefu
[jessie] - libpdfbox-java <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/06/29/2
CVE-2018-8035 (This vulnerability relates to the user's browser processing of DUCC we ...)
TODO: check
- uimaj <unfixed>
NOTE: https://uima.apache.org/security_report#CVE-2018-8035
CVE-2018-8034 (The host name verification when using TLS with the WebSocket client wa ...)
{DSA-4281-1 DLA-1491-1 DLA-1453-1}
- tomcat9 <not-affected> (Fixed before initial upload to Debian)
......@@ -162062,7 +162062,7 @@ CVE-2016-1588
CVE-2016-1587 (The Snapweb interface before version 0.21.2 was exposing controls to i ...)
NOT-FOR-US: Snapweb
CVE-2016-1586 (A malicious webview could install long-lived unload handlers that re-u ...)
TODO: check
NOT-FOR-US: Oxide
CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally widened when ...)
- apparmor <undetermined>
NOTE: https://bugs.launchpad.net/apparmor/+bug/1597017