[Git][security-tracker-team/security-tracker][master] new mediawiki issue
Moritz Muehlenhoff
jmm at debian.org
Thu Dec 12 11:19:30 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
393a649c by Moritz Muehlenhoff at 2019-12-12T11:19:05Z
new mediawiki issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40,7 +40,7 @@ CVE-2019-19731
CVE-2019-19730
RESERVED
CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...)
- TODO: check
+ NOT-FOR-US: bsjon-objectid node module
CVE-2019-19728
RESERVED
CVE-2019-19727
@@ -1286,7 +1286,9 @@ CVE-2019-19711
CVE-2019-19710
RESERVED
CVE-2019-19709 (MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklis ...)
- TODO: check
+ - mediawiki <unfixed>
+ NOTE: https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8
+ NOTE: https://phabricator.wikimedia.org/T239466
CVE-2019-19708 (The VisualEditor extension through 1.34 for MediaWiki allows XSS via p ...)
NOT-FOR-US: VisualEditor MediaWiki extension
CVE-2019-19707 (On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware thr ...)
@@ -36818,7 +36820,7 @@ CVE-2019-9466
CVE-2019-9465
RESERVED
CVE-2019-9464 (In various functions of RecentLocationApps.java, DevicePolicyManagerSe ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-9463 (In Platform, there is a possible bypass of user interaction requiremen ...)
NOT-FOR-US: Android
CVE-2019-9462 (In Bluetooth, there is a possible out of bounds read due to an incorre ...)
@@ -48074,11 +48076,11 @@ CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flatt
NOTE: https://github.com/j-jorge/xcftools/issues/12
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
CVE-2019-5085 (An exploitable code execution vulnerability exists in the DICOM packet ...)
- TODO: check
+ NOT-FOR-US: LEADTOOLS
CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in the TI ...)
NOT-FOR-US: LEADTOOLS
CVE-2019-5083 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2019-5082
RESERVED
CVE-2019-5081
@@ -48092,7 +48094,7 @@ CVE-2019-5078
CVE-2019-5077
RESERVED
CVE-2019-5076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2019-5075
RESERVED
CVE-2019-5074
@@ -50365,19 +50367,19 @@ CVE-2019-3991
CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present in the ...)
NOT-FOR-US: Harbor
CVE-2019-3989 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
- TODO: check
+ NOT-FOR-US: Blink XT2
CVE-2019-3988 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
- TODO: check
+ NOT-FOR-US: Blink XT2
CVE-2019-3987 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
- TODO: check
+ NOT-FOR-US: Blink XT2
CVE-2019-3986 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
- TODO: check
+ NOT-FOR-US: Blink XT2
CVE-2019-3985 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
- TODO: check
+ NOT-FOR-US: Blink XT2
CVE-2019-3984
RESERVED
CVE-2019-3983 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...)
- TODO: check
+ NOT-FOR-US: Blink XT2
CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a Denial of Se ...)
NOT-FOR-US: Nessus
CVE-2019-3981
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/393a649ccea17e2b610939f4e746a56df825e66d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/393a649ccea17e2b610939f4e746a56df825e66d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191212/57ec08f1/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list