[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Dec 4 17:08:48 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
18b385e7 by Moritz Muehlenhoff at 2019-12-04T17:06:34Z
NFUs
new zabbix issue (more of a hardening than a real vulnerability)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -736,7 +736,9 @@ CVE-2019-19396 (illumos, as used in OmniOS Community Edition before r151030y, al
CVE-2019-19395
RESERVED
CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with unsalte ...)
- TODO: check
+ - zabbix <unfixed>
+ [buster] - zabbix <no-dsa> (Minor issue)
+ [stretch] - zabbix <no-dsa> (Minor issue)
CVE-2020-1784
RESERVED
CVE-2020-1783
@@ -803,7 +805,7 @@ CVE-2019-19385 (A cross-site scripting (XSS) vulnerability in app/dialplans/dial
CVE-2019-19384 (A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php ...)
NOT-FOR-US: FusionPBX
CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted ...)
- TODO: check
+ NOT-FOR-US: freeFTPd
CVE-2019-19382 (Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the ...)
NOT-FOR-US: Max Secure Anti Virus Plus
CVE-2019-19381
@@ -31409,7 +31411,7 @@ CVE-2019-9974 (diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-002
CVE-2019-9973
RESERVED
CVE-2019-10013 (The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS t ...)
- TODO: check
+ - axtls <itp> (bug #932027)
CVE-2019-10012 (Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote at ...)
NOT-FOR-US: Jenzabar
CVE-2019-10011 (ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campu ...)
@@ -45095,9 +45097,9 @@ CVE-2019-5135
CVE-2019-5134
RESERVED
CVE-2019-5133 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
- TODO: check
+ NOT-FOR-US: ImageGear
CVE-2019-5132 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
- TODO: check
+ NOT-FOR-US: ImageGear
CVE-2019-5131
RESERVED
CVE-2019-5130
@@ -45137,13 +45139,13 @@ CVE-2019-5114 (An exploitable SQL injection vulnerability exists in the authenti
CVE-2019-5113
RESERVED
CVE-2019-5112 (Exploitable SQL injection vulnerability exists in the authenticated po ...)
- TODO: check
+ NOT-FOR-US: Forma LMS
CVE-2019-5111 (Exploitable SQL injection vulnerability exists in the authenticated po ...)
- TODO: check
+ NOT-FOR-US: Forma LMS
CVE-2019-5110 (Exploitable SQL injection vulnerabilities exist in the authenticated p ...)
- TODO: check
+ NOT-FOR-US: Forma LMS
CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the authenticated ...)
- TODO: check
+ NOT-FOR-US: Forma LMS
CVE-2019-5108
RESERVED
CVE-2019-5107
@@ -45167,9 +45169,9 @@ CVE-2019-5099 (An exploitable integer underflow vulnerability exists in the CMP-
CVE-2019-5098
RESERVED
CVE-2019-5097 (A denial-of-service vulnerability exists in the processing of multi-pa ...)
- TODO: check
+ NOT-FOR-US: GoAhead
CVE-2019-5096 (An exploitable code execution vulnerability exists in the processing o ...)
- TODO: check
+ NOT-FOR-US: GoAhead
CVE-2019-5095 (An issue summary information disclosure vulnerability exists in Atlass ...)
NOT-FOR-US: Atlassian
CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota file f ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/18b385e7d31049e768787f2bfcf99cf495c40002
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/18b385e7d31049e768787f2bfcf99cf495c40002
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191204/527b3d27/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list