[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Dec 20 08:32:13 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7c3c96b6 by Moritz Muehlenhoff at 2019-12-20T08:31:46Z
NFUs
new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2019-19912
CVE-2019-19911
TODO: check
CVE-2019-19910
- TODO: check
+ NOT-FOR-US: Mediawiki skin
CVE-2019-19909
NOT-FOR-US: Public Knowledge Project (PKP) pkp-lib
CVE-2019-19908
@@ -24,7 +24,7 @@ CVE-2019-19901 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and
CVE-2019-19900 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14. ...)
- backdrop <itp> (bug #914257)
CVE-2019-19899 (Pebble Templates 3.1.2 allows attackers to bypass a protection mechani ...)
- TODO: check
+ NOT-FOR-US: Pebble Templates
CVE-2019-19898
RESERVED
CVE-2019-19897
@@ -6793,13 +6793,13 @@ CVE-2019-18999
CVE-2019-18998
RESERVED
CVE-2019-18997 (The HMISimulator component of ABB PB610 Panel Builder 600 uses the rea ...)
- TODO: check
+ NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18996 (Path settings in HMIStudio component of ABB PB610 Panel Builder 600 ve ...)
- TODO: check
+ NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18995 (The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8 ...)
- TODO: check
+ NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18994 (Due to a lack of file length check, the HMIStudio component of ABB PB6 ...)
- TODO: check
+ NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18993 (OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to th ...)
NOT-FOR-US: OpenWrt
CVE-2019-18992 (OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/a ...)
@@ -6882,10 +6882,10 @@ CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the directory
CVE-2019-18957 (Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has r ...)
NOT-FOR-US: Microstrategy Library
CVE-2019-18956 (Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 an ...)
- TODO: check
+ NOT-FOR-US: Divisa Proxia Suite
CVE-2019-18955
RESERVED
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data. A malici ...)
NOT-FOR-US: Pomelo
CVE-2019-18953
@@ -9886,7 +9886,7 @@ CVE-2019-18616
RESERVED
CVE-2019-18615
RESERVED
- TODO: check
+ NOT-FOR-US: CloudVision Portal
CVE-2019-18614
RESERVED
CVE-2019-18613
@@ -9977,11 +9977,11 @@ CVE-2019-18575 (Dell Command Configure versions prior to 4.2.1 contain an uncont
CVE-2019-18574 (RSA Authentication Manager software versions prior to 8.4 P8 contain a ...)
NOT-FOR-US: RSA Authentication Manager software
CVE-2019-18573 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Go ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-18572 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Go ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-18571 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Go ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2020-0600
RESERVED
CVE-2020-0599
@@ -10900,7 +10900,7 @@ CVE-2019-18269 (In Omron PLC CJ series, all versions, and Omron PLC CS series, a
CVE-2019-18268
RESERVED
CVE-2019-18267 (An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G ...)
- TODO: check
+ NOT-FOR-US: GE
CVE-2019-18266
RESERVED
CVE-2019-18265
@@ -13182,7 +13182,7 @@ CVE-2019-17634
RESERVED
CVE-2019-17633
RESERVED
- TODO: check
+ NOT-FOR-US: Eclipse Che
CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4. ...)
- jetty9 <unfixed>
[buster] - jetty9 <no-dsa> (Minor issue)
@@ -18966,11 +18966,11 @@ CVE-2019-15593 (GitLab 12.2.3 contains a security vulnerability that allows a us
CVE-2019-15592
RESERVED
CVE-2019-15591 (An improper access control vulnerability exists in GitLab <12.3.3 t ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2019-15590
RESERVED
CVE-2019-15589 (An improper access control vulnerability exists in Gitlab <v12.3.2, ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2019-15588 (There is an OS Command Injection in Nexus Repository Manager <= 2.1 ...)
NOT-FOR-US: Nexus Repository Manager
CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may o ...)
@@ -18990,17 +18990,17 @@ CVE-2019-15582
CVE-2019-15581
RESERVED
CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com <v12.3.2 ...)
- TODO: check
+ - gitlab <not-affected> (Only affects EE)
CVE-2019-15579
RESERVED
CVE-2019-15578
RESERVED
CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2019-15576 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2019-15575 (A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, a ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2019-15574 (Gesior-AAC before 2019-05-01 allows serviceID SQL injection in account ...)
NOT-FOR-US: Gesior-AAC
CVE-2019-15573 (Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. ...)
@@ -22172,9 +22172,9 @@ CVE-2019-14593
CVE-2019-14592
RESERVED
CVE-2019-14591 (Improper input validation in the API for Intel(R) Graphics Driver vers ...)
- NOT-FOR-US: Intel
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-14590 (Improper access control in the API for the Intel(R) Graphics Driver ve ...)
- NOT-FOR-US: Intel
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-14589
RESERVED
CVE-2019-14588
@@ -22206,7 +22206,7 @@ CVE-2019-14576
CVE-2019-14575
RESERVED
CVE-2019-14574 (Out of bounds read in a subsystem for Intel(R) Graphics Driver version ...)
- NOT-FOR-US: Intel
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-14573
RESERVED
CVE-2019-14572
@@ -33247,11 +33247,11 @@ CVE-2019-11115
CVE-2019-11114 (Insufficient input validation in Intel(R) Driver & Support Assista ...)
NOT-FOR-US: Intel(R) Driver & Support Assistant
CVE-2019-11113 (Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver bef ...)
- TODO: check
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-11112 (Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver be ...)
- TODO: check
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-11111 (Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics ...)
- NOT-FOR-US: Intel
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-11110 (Authentication bypass in the subsystem for Intel(R) CSME before versio ...)
NOT-FOR-US: Intel
CVE-2019-11109 (Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_0 ...)
@@ -33305,7 +33305,7 @@ CVE-2019-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Unc
CVE-2019-11090 (Cryptographic timing conditions in the subsystem for Intel(R) PTT befo ...)
NOT-FOR-US: Intel
CVE-2019-11089 (Insufficient input validation in Kernel Mode module for Intel(R) Graph ...)
- TODO: check
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-11088 (Insufficient input validation in subsystem in Intel(R) AMT before vers ...)
NOT-FOR-US: Intel
CVE-2019-11087 (Insufficient input validation in the subsystem for Intel(R) CSME befor ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c3c96b68d4fca2fc11e2d050bf643f44525bef3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c3c96b68d4fca2fc11e2d050bf643f44525bef3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191220/45276fdd/attachment.html>
More information about the debian-security-tracker-commits
mailing list