[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 26 20:32:53 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
43102f71 by Salvatore Bonaccorso at 2019-12-26T20:32:21Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,9 +13,9 @@ CVE-2019-19998 (Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token
CVE-2019-19997
RESERVED
CVE-2019-19996 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malfor ...)
- TODO: check
+ NOT-FOR-US: Intelbras IWR 3000N devices
CVE-2019-19995 (A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, lead ...)
- TODO: check
+ NOT-FOR-US: Intelbras IWR 3000N devices
CVE-2019-19994
RESERVED
CVE-2019-19993
@@ -17077,9 +17077,9 @@ CVE-2019-16329
CVE-2019-16328 (In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify ...)
- rpyc <removed>
CVE-2019-16327 (D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypa ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-16326 (D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2019-16325
RESERVED
CVE-2019-16324
@@ -41851,21 +41851,21 @@ CVE-2019-8535 (A memory corruption issue was addressed with improved state manag
CVE-2019-8534
RESERVED
CVE-2019-8533 (A lock handling issue was addressed with improved lock handling. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8532
RESERVED
CVE-2019-8531
RESERVED
CVE-2019-8530 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8529 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8528
RESERVED
CVE-2019-8527 (A buffer overflow was addressed with improved size validation. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8526 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8525
RESERVED
CVE-2019-8524 (Multiple memory corruption issues were addressed with improved memory ...)
@@ -41879,59 +41879,59 @@ CVE-2019-8523 (Multiple memory corruption issues were addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8522 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8521 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8520 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8519 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8518 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8517 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8516 (A validation issue was addressed with improved logic. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8515 (A cross-origin issue existed with the fetch API. This was addressed wi ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8514 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8513 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8512 (This issue was addressed with improved transparency. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8511 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8510 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8509
RESERVED
CVE-2019-8508 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8507 (Multiple memory corruption issues were addressed with improved input v ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8506 (A type confusion issue was addressed with improved memory handling. Th ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8505 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8504 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8503 (A logic issue was addressed with improved validation. This issue is fi ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-8502 (An API issue existed in the handling of dictation requests. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8501
RESERVED
CVE-2019-8500
@@ -42009,7 +42009,7 @@ CVE-2019-8465
CVE-2019-8464
RESERVED
CVE-2019-8463 (A denial of service vulnerability was reported in Check Point Endpoint ...)
- TODO: check
+ NOT-FOR-US: Check Point Endpoint Security Client for Windows
CVE-2019-8462 (In a rare scenario, Check Point R80.30 Security Gateway before JHF Tak ...)
NOT-FOR-US: Check Point R80.30 Security Gateway
CVE-2019-8461 (Check Point Endpoint Security Initial Client for Windows before versio ...)
@@ -42562,9 +42562,9 @@ CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure inherit
CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection vulnerabil ...)
TODO: check
CVE-2019-8254 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 hav ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8253 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 hav ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8252
RESERVED
CVE-2019-8251
@@ -44342,23 +44342,23 @@ CVE-2019-7491
CVE-2019-7490
RESERVED
CVE-2019-7489 (A vulnerability in SonicWall Email Security appliance allow an unauthe ...)
- TODO: check
+ NOT-FOR-US: SonicWall Email Security appliance
CVE-2019-7488 (Weak default password cause vulnerability in SonicWall Email Security ...)
- TODO: check
+ NOT-FOR-US: SonicWall Email Security appliance
CVE-2019-7487 (Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operati ...)
- TODO: check
+ NOT-FOR-US: onicOS SSLVPN NACagent
CVE-2019-7486 (Code injection in SonicWall SMA100 allows an authenticated user to exe ...)
- TODO: check
+ NOT-FOR-US: SonicWall SMA100
CVE-2019-7485 (Buffer overflow in SonicWall SMA100 allows an authenticated user to ex ...)
- TODO: check
+ NOT-FOR-US: SonicWall SMA100
CVE-2019-7484 (Authenticated SQL Injection in SonicWall SMA100 allow user to gain rea ...)
- TODO: check
+ NOT-FOR-US: SonicWall SMA100
CVE-2019-7483 (In SonicWall SMA100, an unauthenticated Directory Traversal vulnerabil ...)
- TODO: check
+ NOT-FOR-US: SonicWall SMA100
CVE-2019-7482 (Stack-based buffer overflow in SonicWall SMA100 allows an unauthentica ...)
- TODO: check
+ NOT-FOR-US: SonicWall SMA100
CVE-2019-7481 (Vulnerability in SonicWall SMA100 allow unauthenticated user to gain r ...)
- TODO: check
+ NOT-FOR-US: SonicWall SMA100
CVE-2019-7480
RESERVED
CVE-2019-7479
@@ -44981,7 +44981,7 @@ CVE-2019-7295 (typora through 0.9.63 has XSS, with resultant remote command exec
CVE-2019-7294
RESERVED
CVE-2019-7293 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-7292 (A validation issue was addressed with improved logic. This issue is fi ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -44996,16 +44996,16 @@ CVE-2019-7289 (A parsing issue in the handling of directory paths was addressed
CVE-2019-7288
RESERVED
CVE-2019-7287 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-7286 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-7285 (A use after free issue was addressed with improved memory management. ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
CVE-2019-7284 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-7281 (Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated u ...)
NOT-FOR-US: Prima Systems FlexAir
CVE-2019-7280 (Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of ...)
@@ -47591,7 +47591,7 @@ CVE-2018-20699 (Docker Engine before 18.09 allows attackers to cause a denial of
NOTE: https://github.com/moby/moby/pull/37967
NOTE: Negligible security impact
CVE-2019-6239 (This issue was addressed with improved handling of file metadata. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6238
RESERVED
CVE-2019-6237 (Multiple memory corruption issues were addressed with improved memory ...)
@@ -48096,9 +48096,9 @@ CVE-2019-6036
CVE-2019-6035 (Open redirect vulnerability in Athenz v1.8.24 and earlier allows remot ...)
TODO: check
CVE-2019-6034 (a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver ...)
- TODO: check
+ NOT-FOR-US: a-blog cms
CVE-2019-6033 (Cross-site scripting vulnerability in a-blog cms versions prior to Ver ...)
- TODO: check
+ NOT-FOR-US: a-blog cms
CVE-2019-6032 (The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates f ...)
TODO: check
CVE-2019-6031 (Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 ...)
@@ -48112,17 +48112,17 @@ CVE-2019-6028
CVE-2019-6027 (Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1. ...)
TODO: check
CVE-2019-6026 (Privilege escalation vulnerability in Multiple MOTEX products (LanScop ...)
- TODO: check
+ NOT-FOR-US: MOTEX
CVE-2019-6025 (Open redirect vulnerability in Movable Type series Movable Type 7 r.46 ...)
TODO: check
CVE-2019-6024 (Rakuma App for Android version 7.15.0 and earlier, and for iOS version ...)
- TODO: check
+ NOT-FOR-US: Rakuma App for Android
CVE-2019-6023 (Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers t ...)
- TODO: check
+ NOT-FOR-US: Cybozu Office
CVE-2019-6022 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 al ...)
- TODO: check
+ NOT-FOR-US: Cybozu Office
CVE-2019-6021 (Open redirect vulnerability in Library Information Management System L ...)
- TODO: check
+ NOT-FOR-US: Library Information Management System LIMEDIO
CVE-2019-6020 (Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x ...)
TODO: check
CVE-2019-6019 (Untrusted search path vulnerability in STAMP Workbench installer all v ...)
@@ -48130,15 +48130,15 @@ CVE-2019-6019 (Untrusted search path vulnerability in STAMP Workbench installer
CVE-2019-6018 (Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (Ne ...)
TODO: check
CVE-2019-6017 (REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier ...)
- TODO: check
+ NOT-FOR-US: REMISE Payment Module
CVE-2019-6016 (Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.1 ...)
- TODO: check
+ NOT-FOR-US: REMISE Payment Module
CVE-2019-6015 (FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firm ...)
NOT-FOR-US: FON routers
CVE-2019-6014 (DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute ...)
- TODO: check
+ NOT-FOR-US: DBA-1510P firmware
CVE-2019-6013 (DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers ...)
- TODO: check
+ NOT-FOR-US: DBA-1510P firmware
CVE-2019-6012 (SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 an ...)
TODO: check
CVE-2019-6011 (Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 ...)
@@ -49418,7 +49418,7 @@ CVE-2019-5541 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 1
CVE-2019-5540 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...)
NOT-FOR-US: VMware
CVE-2019-5539 (VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5538 (Sensitive information disclosure vulnerability resulting from a lack o ...)
NOT-FOR-US: VMware
CVE-2019-5537 (Sensitive information disclosure vulnerability resulting from a lack o ...)
@@ -50039,15 +50039,15 @@ CVE-2019-5278 (There is an out-of-bounds read vulnerability in the Advanced Pack
CVE-2019-5277 (Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak v ...)
NOT-FOR-US: Huawei
CVE-2019-5276 (Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C0 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5275 (USG9500 with versions of V500R001C30;V500R001C60 have a denial of serv ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5274 (USG9500 with versions of V500R001C30;V500R001C60 have a denial of serv ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5273 (USG9500 with versions of V500R001C30;V500R001C60 have a denial of serv ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5272 (USG9500 with versions of V500R001C30;V500R001C60 have a missing integr ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5271 (There is an information leak vulnerability in Huawei smart speaker Myn ...)
NOT-FOR-US: Huawei
CVE-2019-5270
@@ -50057,11 +50057,11 @@ CVE-2019-5269 (Some Huawei home routers have an improper authorization vulnerabi
CVE-2019-5268 (Some Huawei home routers have an input validation vulnerability. Due t ...)
NOT-FOR-US: Huawei
CVE-2019-5267 (Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5266 (Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5265 (Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-5264 (There is an information disclosure vulnerability in certain Huawei sma ...)
NOT-FOR-US: Huawei
CVE-2019-5263 (HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and ear ...)
@@ -51932,7 +51932,7 @@ CVE-2019-4390
CVE-2019-4389
RESERVED
CVE-2019-4388 (HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site s ...)
- TODO: check
+ NOT-FOR-US: HCL AppScan Source
CVE-2019-4387 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 i ...)
NOT-FOR-US: IBM
CVE-2019-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
@@ -54292,11 +54292,11 @@ CVE-2019-3433
CVE-2019-3432
RESERVED
CVE-2019-3431 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product h ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2019-3430 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product h ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2019-3429 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product h ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2019-3428 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a c ...)
NOT-FOR-US: ZTE
CVE-2019-3427 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a c ...)
@@ -58753,7 +58753,7 @@ CVE-2019-2306 (Improper casting of structure while handling the buffer leads to
CVE-2019-2305 (Out of bound access when reason code is extracted from frame data with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2304 (Integer overflow to buffer overflow due to lack of validation of event ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2303 (SNDCP module may access array out side its boundary when it receives m ...)
NOT-FOR-US: Snapdragon
CVE-2019-2302 (While processing vendor command which contains corrupted channel count ...)
@@ -58813,7 +58813,7 @@ CVE-2019-2276 (Possible out of bound read occurs while processing beaconing requ
CVE-2019-2275 (While deserializing any key blob during key operations, buffer overflo ...)
NOT-FOR-US: Snapdragon
CVE-2019-2274 (Improper Access Control for RPU write access from secure processor in ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial of serv ...)
NOT-FOR-US: Snapdragon
CVE-2019-2272 (Buffer overflow can occur in display function due to lack of validatio ...)
@@ -58877,7 +58877,7 @@ CVE-2019-2244 (Possible integer underflow can happen when calculating length of
CVE-2019-2243 (Possible buffer overflow at the end of iterating loop while getting th ...)
NOT-FOR-US: Snapdragon
CVE-2019-2242 (Device memory may get corrupted because of buffer overflow/underflow. ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-2241 (While rendering the layout background, Error status check is not caugh ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2240 (While sending the rendered surface content to the screen, Error handli ...)
@@ -68191,7 +68191,7 @@ CVE-2018-18290 (** DISPUTED ** An issue was discovered in nc-cms through 2017-03
CVE-2018-18289 (The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allow ...)
NOT-FOR-US: Zabbix Plugin for Confluence
CVE-2018-18288 (CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redi ...)
- TODO: check
+ NOT-FOR-US: CrushFTP
CVE-2018-18287 (On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discov ...)
NOT-FOR-US: ASUS RT-AC58U devices
CVE-2018-18286 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43102f713f872b3a84ed3f60a2447a05841ee49b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/43102f713f872b3a84ed3f60a2447a05841ee49b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191226/494853ad/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list