[Git][security-tracker-team/security-tracker][master] new puma issue
Moritz Muehlenhoff
jmm at debian.org
Fri Dec 6 22:01:39 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3fbea57d by Moritz Muehlenhoff at 2019-12-06T22:00:42Z
new puma issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2019-19629
CVE-2019-19628
RESERVED
CVE-2019-19627 (SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-rela ...)
- TODO: check
+ NOT-FOR-US: SROS
CVE-2019-19626
RESERVED
CVE-2019-19625 (SROS 2 0.8.1 (which provides the tools that generate and distribute ke ...)
- TODO: check
+ NOT-FOR-US: SROS
CVE-2019-19624 (An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifica ...)
TODO: check
CVE-2019-19623
@@ -17,16 +17,16 @@ CVE-2019-19622
CVE-2019-19621
RESERVED
CVE-2019-19620 (In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user ca ...)
- TODO: check
+ NOT-FOR-US: SecureWorks Red Cloak Windows Agent
CVE-2019-19619 (domain/section/markdown/markdown.go in Documize before 3.5.1 mishandle ...)
- TODO: check
+ NOT-FOR-US: Documize
CVE-2019-19618
RESERVED
CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git information, relat ...)
- phpmyadmin 4:4.9.2+dfsg1-1
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9
CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia ...)
- TODO: check
+ NOT-FOR-US: Microsoft Dynamics NAV
CVE-2019-19615
RESERVED
CVE-2019-19614
@@ -40,7 +40,7 @@ CVE-2019-19611
CVE-2019-19610
RESERVED
CVE-2019-19609 (The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Co ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2019-19608
RESERVED
CVE-2019-19607
@@ -1100,7 +1100,7 @@ CVE-2019-19598 (D-Link DAP-1860 devices before v1.04b03 Beta allow access to adm
CVE-2019-19597 (D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote co ...)
NOT-FOR-US: D-Link
CVE-2019-19596 (GitBook through 2.6.9 allows XSS via a local .md file. ...)
- TODO: check
+ NOT-FOR-US: GitBook
CVE-2019-19595 (reset/modules/advanced_form_maker_edit/multiupload/upload.php in the R ...)
NOT-FOR-US: RESET.PRO Adobe Stock API integration for PrestaShop
CVE-2019-19594 (reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stoc ...)
@@ -1118,7 +1118,7 @@ CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the var
CVE-2019-19589 (The Lever PDF Embedder plugin 4.4 for WordPress does not block the dis ...)
NOT-FOR-US: Lever PDF Embedder plugin for WordPress
CVE-2019-19588 (The validators package 0.12.2 through 0.12.5 for Python enters an infi ...)
- TODO: check
+ NOT-FOR-US: validators Python package
CVE-2019-19587 (In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updatin ...)
NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2019-19586
@@ -1201,9 +1201,9 @@ CVE-2019-19553 (In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissect
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=34d2e0d5318d0a7e9889498c721639e5cbf4ce45
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-22.html
CVE-2019-19552 (In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists i ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2019-19551 (In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists i ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2020-1974
RESERVED
CVE-2020-1973
@@ -1303,13 +1303,13 @@ CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug
- linux 5.3.7-1
NOTE: https://git.kernel.org/linus/44efc269db7929f6275a1fa927ef082e533ecde0
CVE-2019-19522 (OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey aut ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2019-19521 (libc in OpenBSD 6.6 allows authentication bypass via the -schallenge u ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2019-19520 (xlock in OpenBSD 6.6 allows local users to gain the privileges of the ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2019-19519 (In OpenBSD 6.6, local users can use the su -L option to achieve any lo ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2019-19518
RESERVED
CVE-2020-1964
@@ -1793,7 +1793,7 @@ CVE-2020-1786
CVE-2020-1785
RESERVED
CVE-2019-19466 (SCEditor 2.1.3 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: SCEditor
CVE-2019-19465
RESERVED
CVE-2019-19464 (The CBC Gem application before 9.24.1 for Android and before 9.26.0 fo ...)
@@ -3533,7 +3533,7 @@ CVE-2019-18852 (Certain D-Link devices have a hardcoded Alphanetworks user accou
CVE-2019-18851
RESERVED
CVE-2019-18850 (TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a dis ...)
- TODO: check
+ NOT-FOR-US: TrevorC2
CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the victim' ...)
{DLA-2005-1}
- tnef 1.4.18-1 (bug #944851)
@@ -6150,9 +6150,9 @@ CVE-2019-18674 (An issue was discovered in Joomla! before 3.9.13. A missing acce
CVE-2019-18673 (On SHIFT BitBox02 devices, a side channel for the row-based OLED displ ...)
NOT-FOR-US: SHIFT BitBox02 devices
CVE-2019-18672 (Insufficient checks in the finite state machine of the ShapeShift Keep ...)
- TODO: check
+ NOT-FOR-US: ShapeShift
CVE-2019-18671 (Insufficient checks in the USB packet handling of the ShapeShift KeepK ...)
- TODO: check
+ NOT-FOR-US: ShapeShift
CVE-2019-18670
RESERVED
CVE-2019-18669
@@ -11943,13 +11943,14 @@ CVE-2019-16773
CVE-2019-16772
RESERVED
CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable ...)
- TODO: check
+ NOT-FOR-US: Armeria
CVE-2019-16770 (In Puma before version 4.3.2, a poorly-behaved client could use keepal ...)
- TODO: check
+ - puma <unfixed>
+ NOTE: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
CVE-2019-16769 (The serialize-javascript npm package before version 2.1.1 is vulnerabl ...)
TODO: check
CVE-2019-16768 (In affected versions of Sylius, exception messages from internal excep ...)
- TODO: check
+ NOT-FOR-US: Sylius
CVE-2019-16767 (The admin sys mode is now conditional and dedicated for the special ca ...)
NOT-FOR-US: ezmaster
CVE-2019-16766 (When using wagtail-2fa before 1.3.0, if someone gains access to someon ...)
@@ -12186,15 +12187,15 @@ CVE-2019-16676 (Plataformatec Simple Form has Incorrect Access Control in file_m
CVE-2019-16675 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Wo ...)
NOT-FOR-US: PHOENIX CONTACT PC Worx
CVE-2019-16674 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
- TODO: check
+ NOT-FOR-US: Weidmueller IE-SW-VL05M
CVE-2019-16673 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
- TODO: check
+ NOT-FOR-US: Weidmueller IE-SW-VL05M
CVE-2019-16672 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
- TODO: check
+ NOT-FOR-US: Weidmueller IE-SW-VL05M
CVE-2019-16671 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
- TODO: check
+ NOT-FOR-US: Weidmueller IE-SW-VL05M
CVE-2019-16670 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...)
- TODO: check
+ NOT-FOR-US: Weidmueller IE-SW-VL05M
CVE-2019-16669 (The Reset Password feature in Pagekit 1.0.17 gives a different respons ...)
NOT-FOR-US: Pagekit CMS
CVE-2019-16668
@@ -25014,9 +25015,9 @@ CVE-2019-12737 (UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc
CVE-2019-12736 (JetBrains Ktor framework before 1.2.0-rc does not sanitize the usernam ...)
NOT-FOR-US: JetBrains Ktor
CVE-2019-12734 (SiteVision 4 has Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: SiteVision
CVE-2019-12733 (SiteVision 4 allows Remote Code Execution. ...)
- TODO: check
+ NOT-FOR-US: SiteVision
CVE-2019-12735 (getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote ...)
{DSA-4487-1 DSA-4467-1 DLA-1871-1}
- vim 2:8.1.0875-4 (bug #930020)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fbea57da53ba50a4a2c7e9c8aedae6807292d16
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3fbea57da53ba50a4a2c7e9c8aedae6807292d16
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191206/bc3ef5cb/attachment.html>
More information about the debian-security-tracker-commits
mailing list