[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 12 20:39:56 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2ae2c0c0 by Salvatore Bonaccorso at 2019-12-12T20:38:04Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -999,7 +999,7 @@ CVE-2020-3111
CVE-2020-3110
RESERVED
CVE-2019-19766 (The Bitwarden server through 1.32.0 has a potentially unwanted KDF. ...)
- TODO: check
+ NOT-FOR-US: Bitwarden server
CVE-2019-19765
RESERVED
CVE-2019-19764
@@ -1031,7 +1031,7 @@ CVE-2019-19752
CVE-2019-19751
RESERVED
CVE-2019-19750 (minerstat msOS before 2019-10-23 does not have a unique SSH key for ea ...)
- TODO: check
+ NOT-FOR-US: minerstat msOS
CVE-2019-19749
RESERVED
CVE-2019-19748 (The Work Time Calendar app before 4.7.1 for Jira allows XSS. ...)
@@ -5142,9 +5142,9 @@ CVE-2019-19250 (OpenTrade before 2019-11-23 allows SQL injection, related to ser
CVE-2019-19249 (Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta m ...)
NOT-FOR-US: QueryTree
CVE-2019-19248 (Electronic Arts Origin through 10.5.x allows Elevation of Privilege (i ...)
- TODO: check
+ NOT-FOR-US: Electronic Arts Origin
CVE-2019-19247 (Electronic Arts Origin through 10.5.x allows Elevation of Privilege (i ...)
- TODO: check
+ NOT-FOR-US: Electronic Arts Origin
CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has ...)
{DLA-2020-1}
- libonig <unfixed> (low; bug #946344)
@@ -12942,7 +12942,7 @@ CVE-2015-9458 (The searchterms-tagging-2 plugin through 1.535 for WordPress has
CVE-2015-9457 (The pretty-link plugin before 1.6.8 for WordPress has PrliLinksControl ...)
NOT-FOR-US: pretty-link plugin for WordPress
CVE-2019-17428 (An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the en ...)
- TODO: check
+ NOT-FOR-US: Intesync Solismed
CVE-2019-17427 (In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists ...)
{DSA-4574-1}
- redmine 4.0.4-1
@@ -16054,7 +16054,7 @@ CVE-2019-16248 (The "delete for" feature in Telegram before 5.11 on Android does
CVE-2019-16247 (Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommL ...)
NOT-FOR-US: Delta DCISoft
CVE-2019-16246 (Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a differen ...)
- TODO: check
+ NOT-FOR-US: Intesync Solismed
CVE-2019-16245
RESERVED
CVE-2019-16244
@@ -16880,19 +16880,19 @@ CVE-2019-15938 (Pengutronix barebox through 2019.08.1 has a remote buffer overfl
CVE-2019-15937 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in ...)
NOT-FOR-US: Pengutronix barebox
CVE-2019-15936 (Intesync Solismed 3.3sp allows Insecure File Upload. ...)
- TODO: check
+ NOT-FOR-US: Intesync Solismed
CVE-2019-15935 (Intesync Solismed 3.3sp has XSS. ...)
- TODO: check
+ NOT-FOR-US: Intesync Solismed
CVE-2019-15934 (Intesync Solismed 3.3sp has CSRF. ...)
- TODO: check
+ NOT-FOR-US: Intesync Solismed
CVE-2019-15933 (Intesync Solismed 3.3sp has SQL Injection. ...)
- TODO: check
+ NOT-FOR-US: Intesync Solismed
CVE-2019-15932 (Intesync Solismed 3.3sp has Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: Intesync Solismed
CVE-2019-15931 (Intesync Solismed 3.3sp allows Directory Traversal, a different vulner ...)
- TODO: check
+ NOT-FOR-US: Intesync Solismed
CVE-2019-15930 (Intesync Solismed 3.3sp allows Clickjacking. ...)
- TODO: check
+ NOT-FOR-US: Intesync Solismed
CVE-2019-15929 (In Craft CMS through 3.1.7, the elevated session password prompt was n ...)
NOT-FOR-US: Craft CMS
CVE-2019-15928
@@ -20382,7 +20382,7 @@ CVE-2019-14850 [denial of service due to premature opening of back-end connectio
NOTE: https://github.com/libguestfs/nbdkit/commit/22b30adb796bb6dca264a38598f80b8a234ff978
NOTE: https://github.com/libguestfs/nbdkit/commit/b2bc6683ea3cd1f6be694e8a681dfa411b7d15f3
CVE-2019-14849 (A vulnerability was found in 3scale before version 2.6, did not set th ...)
- TODO: check
+ NOT-FOR-US: Red Hat 3scale
CVE-2019-14848
RESERVED
CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x b ...)
@@ -23444,7 +23444,7 @@ CVE-2019-13947
CVE-2019-13946
RESERVED
CVE-2019-13945 (A vulnerability has been identified in S7-1200 CPU (All versions). The ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-13944
RESERVED
CVE-2019-13943
@@ -23480,7 +23480,7 @@ CVE-2019-13929 (A vulnerability has been identified in SIMATIC IT UADM (All vers
CVE-2019-13928
RESERVED
CVE-2019-13927 (A vulnerability has been identified in Desigo PX automation controller ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-13926
RESERVED
CVE-2019-13925
@@ -33678,7 +33678,7 @@ CVE-2019-10594
CVE-2019-10593
RESERVED
CVE-2019-10592 (Possible integer overflow while multiplying two integers of 32 bit in ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10591
RESERVED
CVE-2019-10590
@@ -33877,7 +33877,7 @@ CVE-2019-10496 (Lack of checking a variable received from driver and populating
CVE-2019-10495 (Arbitrary buffer write issue while processing sequence header during H ...)
NOT-FOR-US: Snapdragon
CVE-2019-10494 (Race condition between the camera functions due to lack of resource lo ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-10493 (Position determination accuracy may be degraded due to wrongly decoded ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon ...)
@@ -48962,7 +48962,7 @@ CVE-2019-5156
CVE-2019-5155
RESERVED
CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
- TODO: check
+ NOT-FOR-US: LEADTOOLS
CVE-2019-5153
RESERVED
CVE-2019-5152
@@ -49074,7 +49074,7 @@ CVE-2019-5100 (An exploitable integer overflow vulnerability exists in the BMP h
CVE-2019-5099 (An exploitable integer underflow vulnerability exists in the CMP-parsi ...)
NOT-FOR-US: LEADTOOLS
CVE-2019-5098 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...)
- TODO: check
+ NOT-FOR-US: AMD ATIDXX64.DLL driver
CVE-2019-5097 (A denial-of-service vulnerability exists in the processing of multi-pa ...)
NOT-FOR-US: GoAhead
CVE-2019-5096 (An exploitable code execution vulnerability exists in the processing o ...)
@@ -49087,13 +49087,13 @@ CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota f
NOTE: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=8dbe7b475ec5e91ed767239f0e85880f416fc384
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887
CVE-2019-5093 (An exploitable code execution vulnerability exists in the DICOM networ ...)
- TODO: check
+ NOT-FOR-US: LEADTOOLS
CVE-2019-5092 (An exploitable heap out of bounds write vulnerability exists in the UI ...)
- TODO: check
+ NOT-FOR-US: LEADTOOLS
CVE-2019-5091 (An exploitable denial-of-service vulnerability exists in the Dicom-pac ...)
- TODO: check
+ NOT-FOR-US: LEADTOOLS
CVE-2019-5090 (An exploitable information disclosure vulnerability exists in the DICO ...)
- TODO: check
+ NOT-FOR-US: LEADTOOLS
CVE-2019-5089 (An exploitable memory corruption vulnerability exists in Investintech ...)
NOT-FOR-US: Investintech
CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investintech ...)
@@ -52342,7 +52342,7 @@ CVE-2019-3669
CVE-2019-3668
RESERVED
CVE-2019-3667 (DLL Search Order Hijacking vulnerability in the Microsoft Windows clie ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3666 (API Abuse/Misuse vulnerability in the web interface in McAfee Web Advi ...)
NOT-FOR-US: McAfee
CVE-2019-3665 (Code Injection vulnerability in the web interface in McAfee Web Adviso ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ae2c0c0035e78b5cae200f9501d93779a287a1d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2ae2c0c0035e78b5cae200f9501d93779a287a1d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191212/9db94923/attachment.html>
More information about the debian-security-tracker-commits
mailing list