[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 11 20:56:18 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1da36d89 by Salvatore Bonaccorso at 2019-12-11T20:55:48Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1398,9 +1398,9 @@ CVE-2019-19652
CVE-2019-19651
RESERVED
CVE-2019-19650 (Zoho ManageEngine Applications Manager before 13640 allows a remote au ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-19649 (Zoho ManageEngine Applications Manager before 13620 allows a remote un ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, ...)
- yara <unfixed>
NOTE: https://github.com/VirusTotal/yara/issues/1178
@@ -3535,7 +3535,7 @@ CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a configuration where SSL
CVE-2019-19374
RESERVED
CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5. ...)
- TODO: check
+ NOT-FOR-US: Squiz Matrix CMS
CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal vulnera ...)
NOT-FOR-US: rConfig
CVE-2019-19371
@@ -4780,7 +4780,7 @@ CVE-2019-18962
CVE-2019-18961
RESERVED
CVE-2019-18960 (AWS Firecracker through v0.19.0 has a Buffer Overflow. ...)
- TODO: check
+ NOT-FOR-US: AWS Firecracker
CVE-2019-18959
RESERVED
CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the directory where ...)
@@ -4830,7 +4830,7 @@ CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Par
CVE-2019-18936
RESERVED
CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .N ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...)
- unbound <unfixed> (unimportant)
[stretch] - unbound <not-affected> (ipsecmod module introduced later)
@@ -8539,11 +8539,11 @@ CVE-2019-18381 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to
CVE-2019-18380 (Symantec Industrial Control System Protection (ICSP), versions 6.x.x, ...)
NOT-FOR-US: Symantec
CVE-2019-18379 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a s ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a c ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a p ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2019-18376
RESERVED
CVE-2019-18375
@@ -12185,7 +12185,7 @@ CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are s
CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...)
NOT-FOR-US: vBulletin
CVE-2019-17270 (Yachtcontrol through 2019-10-06: It's possible to perform direct Opera ...)
- TODO: check
+ NOT-FOR-US: Yachtcontrol
CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to execute arbitr ...)
NOT-FOR-US: Intellian Remote Access
CVE-2019-17268
@@ -18682,11 +18682,11 @@ CVE-2019-15011
CVE-2019-15010
RESERVED
CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and ...)
- TODO: check
+ NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2019-15008 (The /plugins/servlet/branchreview resource in Atlassian Fisheye and Cr ...)
- TODO: check
+ NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2019-15007 (The review resource in Atlassian Fisheye and Crucible before version 4 ...)
- TODO: check
+ NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2019-15006
RESERVED
CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior to versio ...)
@@ -21624,7 +21624,7 @@ CVE-2019-14253 (An issue was discovered in servletcontroller in the secure porta
CVE-2019-14252 (An issue was discovered in the secure portal in Publisure 2.1.2. Once ...)
NOT-FOR-US: Publisure
CVE-2019-14251 (An issue was discovered in T24 in TEMENOS Channels R15.01. The login p ...)
- TODO: check
+ NOT-FOR-US: T24 in TEMENOS Channels R15.01
CVE-2019-14250 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...)
- binutils 2.33-1 (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924
@@ -59291,71 +59291,71 @@ CVE-2019-1492
CVE-2019-1491
RESERVED
CVE-2019-1490 (A spoofing vulnerability exists when a Skype for Business Server does ...)
- TODO: check
+ NOT-FOR-US: Skype
CVE-2019-1489 (An information disclosure vulnerability exists when the Windows Remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1488 (A security feature bypass vulnerability exists when Microsoft Defender ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1487 (An information disclosure vulnerability in Android Apps using Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1486 (A spoofing vulnerability exists in Visual Studio Live Share when a gue ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1485 (A remote code execution vulnerability exists in the way that the VBScr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1484 (A remote code execution vulnerability exists when Microsoft Windows OL ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1483 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1482
RESERVED
CVE-2019-1481 (An information disclosure vulnerability exists in Windows Media Player ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1480 (An information disclosure vulnerability exists in Windows Media Player ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1479
RESERVED
CVE-2019-1478 (An elevation of privilege vulnerability exists when Windows improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1477 (An elevation of privilege vulnerability exists when the Windows Printe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1476 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1475
RESERVED
CVE-2019-1474 (An information disclosure vulnerability exists when the Windows kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1473
RESERVED
CVE-2019-1472 (An information disclosure vulnerability exists when the Windows kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1471 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1470 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1469 (An information disclosure vulnerability exists when the win32k compone ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1468 (A remote code execution vulnerability exists when the Windows font lib ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1467 (An information disclosure vulnerability exists when the Windows GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1466 (An information disclosure vulnerability exists when the Windows GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1465 (An information disclosure vulnerability exists when the Windows GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1464 (An information disclosure vulnerability exists when Microsoft Excel im ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1463 (An information disclosure vulnerability exists in Microsoft Access sof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1462 (A remote code execution vulnerability exists in Microsoft PowerPoint s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1461 (A denial of service vulnerability exists in Microsoft Word software wh ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1460
RESERVED
CVE-2019-1459
RESERVED
CVE-2019-1458 (An elevation of privilege vulnerability exists in Windows when the Win ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1457 (A security feature bypass vulnerability exists in Microsoft Office sof ...)
NOT-FOR-US: Microsoft
CVE-2019-1456 (A remote code execution vulnerability exists in Microsoft Windows when ...)
@@ -59365,7 +59365,7 @@ CVE-2019-1455
CVE-2019-1454
RESERVED
CVE-2019-1453 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1452
RESERVED
CVE-2019-1451
@@ -59471,7 +59471,7 @@ CVE-2019-1402 (An information disclosure vulnerability exists in Microsoft Offic
CVE-2019-1401
RESERVED
CVE-2019-1400 (An information disclosure vulnerability exists in Microsoft Access sof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1399 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
NOT-FOR-US: Microsoft
CVE-2019-1398 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
@@ -59631,7 +59631,7 @@ CVE-2019-1334 (An information disclosure vulnerability exists when the Windows k
CVE-2019-1333 (A remote code execution vulnerability exists in the Windows Remote Des ...)
NOT-FOR-US: Microsoft
CVE-2019-1332 (A cross-site scripting (XSS) vulnerability exists when Microsoft SQL S ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1331 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
NOT-FOR-US: Microsoft
CVE-2019-1330 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...)
@@ -200954,7 +200954,7 @@ CVE-2015-7894 (The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V
CVE-2015-7893 (SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, ...)
NOT-FOR-US: Samsung
CVE-2015-7892 (Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung Graphics 2D ...)
NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android
CVE-2015-7890
@@ -258888,7 +258888,7 @@ CVE-2013-3693 (The BlackBerry Universal Device Service in BlackBerry Enterprise
CVE-2013-3692 (BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses ...)
NOT-FOR-US: Blackberry OS
CVE-2013-3691 (AirLive POE-2600HD allows remote attackers to cause a denial of servic ...)
- TODO: check
+ NOT-FOR-US: AirLive POE-2600HD
CVE-2013-3690 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi i ...)
NOT-FOR-US: Brickcom
CVE-2013-3689 (Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, ...)
@@ -259264,7 +259264,7 @@ CVE-2013-3544
CVE-2013-3543 (The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) ...)
NOT-FOR-US: AXIS Media Control
CVE-2013-3542 (Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2013-3541 (Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive ...)
NOT-FOR-US: AirLive
CVE-2013-3540 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1da36d89f82cf319c2ccd8a29e80fd57afa1c58b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1da36d89f82cf319c2ccd8a29e80fd57afa1c58b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191211/030d7bf9/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list