[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Jul 4 09:34:52 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
807df9c3 by Moritz Muehlenhoff at 2019-07-04T08:34:31Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33,7 +33,7 @@ CVE-2019-13210
CVE-2019-13209
RESERVED
CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation because th ...)
- TODO: check
+ NOT-FOR-US: Waves MAXX Audio
CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflo ...)
TODO: check
CVE-2019-13206
@@ -99,11 +99,11 @@ CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares versions 3.1 throug
- calamares <unfixed> (bug #931391)
NOTE: https://github.com/calamares/calamares/issues/1190
CVE-2019-13177 (verification.py in django-rest-registration (aka Django REST Registrat ...)
- TODO: check
+ NOT-FOR-US: django-rest-registration
CVE-2019-13176
RESERVED
CVE-2019-13175 (Read the Docs before 3.5.1 has an Open Redirect if certain user-define ...)
- TODO: check
+ NOT-FOR-US: Read the Docs
CVE-2019-13174
RESERVED
CVE-2019-13173 (fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extra ...)
@@ -371,7 +371,7 @@ CVE-2019-13075 (Tor Browser through 8.5.3 has an information exposure vulnerabil
NOTE: https://trac.torproject.org/projects/tor/ticket/30657
NOTE: This affects Firefox, but it's not a security issue in Firefox by itself
CVE-2019-13074 (A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 c ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2019-13073
RESERVED
CVE-2018-20849 (Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the ...)
@@ -413,7 +413,7 @@ CVE-2019-13058
CVE-2019-13057
RESERVED
CVE-2019-13056 (An issue was discovered in CyberPanel through 1.8.4. On the user edit ...)
- TODO: check
+ NOT-FOR-US: CyberPanel
CVE-2019-13055 (Certain Logitech Unifying devices allow attackers to dump AES keys and ...)
NOT-FOR-US: Logitech
CVE-2019-13054 (The Logitech R500 presentation clicker allows attackers to determine t ...)
@@ -939,7 +939,7 @@ CVE-2019-12854
CVE-2019-12853
RESERVED
CVE-2019-12852 (An SSRF attack was possible on a JetBrains YouTrack server. The issue ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2019-12851 (A CSRF vulnerability was detected in one of the admin endpoints of Jet ...)
NOT-FOR-US: JetBrains YouTrack
CVE-2019-12850 (A query injection was possible in JetBrains YouTrack. The issue was fi ...)
@@ -951,17 +951,17 @@ CVE-2019-12848
CVE-2019-12847 (In JetBrains Hub versions earlier than 2018.4.11298, the audit events ...)
NOT-FOR-US: JetBrains Hub
CVE-2019-12846 (A user without the required permissions could gain access to some JetB ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2019-12845 (The generated Kotlin DSL settings allowed usage of an unencrypted conn ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2019-12844 (A possible stored JavaScript injection was detected on one of the JetB ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2019-12843 (A possible stored JavaScript injection requiring a deliberate server a ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2019-12842 (A reflected XSS on a user page was detected on one of the JetBrains Te ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2019-12841 (Incorrect handling of user input in ZIP extraction was detected in Jet ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2019-12840 (In Webmin through 1.910, any user authorized to the "Package Updates" ...)
- webmin <removed>
CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation error with ...)
@@ -7914,11 +7914,11 @@ CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layo
CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Application S ...)
NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate
CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving artifacts using ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it wa ...)
NOT-FOR-US: JetBrains YouTrack Confluence plugin
CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...)
@@ -9693,7 +9693,7 @@ CVE-2019-9732 (An issue was discovered in GitLab Community and Enterprise Editio
CVE-2019-9731
RESERVED
CVE-2019-9730 (Incorrect access control in the CxUtilSvc component of the Synaptics S ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-9729 (In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows pr ...)
NOT-FOR-US: Shanda MapleStory Online
CVE-2019-9728
@@ -16687,13 +16687,13 @@ CVE-2019-6966 (An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom cla
CVE-2019-6965 (An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/ ...)
NOT-FOR-US: i-doit
CVE-2019-6964 (A heap-based buffer over-read in Service_SetParamStringValue in cosa_x ...)
- TODO: check
+ NOT-FOR-US: RDK (Reference Design Kit)
CVE-2019-6963 (A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-2018 ...)
- TODO: check
+ NOT-FOR-US: RDK (Reference Design Kit)
CVE-2019-6962 (A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 ...)
- TODO: check
+ NOT-FOR-US: RDK (Reference Design Kit)
CVE-2019-6961 (Incorrect access control in actionHandlerUtility.php in the RDK RDKB-2 ...)
- TODO: check
+ NOT-FOR-US: RDK (Reference Design Kit)
CVE-2019-6960
RESERVED
- gitlab 11.5.10+dfsg-1 (bug #921059)
@@ -18497,7 +18497,7 @@ CVE-2019-6243 (Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /
CVE-2019-6242 (** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read t ...)
NOT-FOR-US: Kentico
CVE-2019-6241 (In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined wi ...)
- TODO: check
+ NOT-FOR-US: Bevywise MQTTRoute
CVE-2019-6240 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
- gitlab 11.5.7+dfsg-1 (bug #919822)
NOTE: https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/
@@ -20122,11 +20122,15 @@ CVE-2019-5604
CVE-2019-5603
RESERVED
CVE-2019-5602 (In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEAS ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc
+ NOTE: kfreebsd not covered by security support
CVE-2019-5601 (In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEAS ...)
- TODO: check
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:10.ufs.asc
+ NOTE: kfreebsd not covered by security support
CVE-2019-5600 (In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEAS ...)
- TODO: check
+ NOT-FOR-US: FreeBSD iconv
CVE-2019-5599 (In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-REL ...)
- kfreebsd-10 <not-affected> (Only affects FreeBSD 12)
CVE-2019-5598 (In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/807df9c33ca1ade806feba87b5af2342d45723c3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/807df9c33ca1ade806feba87b5af2342d45723c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190704/c073bc74/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list