[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Nov 1 13:07:10 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f1af2cb8 by Moritz Muehlenhoff at 2019-11-01T13:06:49Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -800,7 +800,7 @@ CVE-2019-18398
CVE-2019-18397
RESERVED
CVE-2019-18396 (An issue was discovered in certain Oi third-party firmware that may be ...)
- TODO: check
+ NOT-FOR-US: Technicolor
CVE-2019-18395
RESERVED
CVE-2019-18394 (A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.j ...)
@@ -1152,15 +1152,15 @@ CVE-2019-18232
CVE-2019-18231
RESERVED
CVE-2019-18230 (Honeywell equIP and Performance series IP cameras, multiple versions, ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2019-18229 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitizati ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2019-18228 (Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vul ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2019-18227 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilitie ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2019-18226 (Honeywell equIP series and Performance series IP cameras and recorders ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2019-18225 (An issue was discovered in Citrix Application Delivery Controller (ADC ...)
NOT-FOR-US: Citrix
CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a hea ...)
@@ -5244,9 +5244,9 @@ CVE-2019-16909
CVE-2019-16908
RESERVED
CVE-2019-16907 (An issue was discovered in the Infosysta "In-App & Desktop Notific ...)
- TODO: check
+ NOT-FOR-US: Infosysta
CVE-2019-16906 (An issue was discovered in the Infosysta "In-App & Desktop Notific ...)
- TODO: check
+ NOT-FOR-US: Infosysta
CVE-2019-16905 (OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an expe ...)
- openssh 1:8.1p1-1 (unimportant)
[stretch] - openssh <not-affected> (Vulnerable code introduced later)
@@ -5885,7 +5885,7 @@ CVE-2019-16676 (Plataformatec Simple Form has Incorrect Access Control in file_m
NOTE: https://github.com/plataformatec/simple_form/commit/8c91bd76a5052ddf3e3ab9fd8333f9aa7b2e2dd6
NOTE: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
CVE-2019-16675 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Wo ...)
- TODO: check
+ NOT-FOR-US: PHOENIX CONTACT PC Worx
CVE-2019-16674
RESERVED
CVE-2019-16673
@@ -6847,7 +6847,7 @@ CVE-2019-16297
CVE-2019-16296
RESERVED
CVE-2019-16295 (Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS ...)
- TODO: check
+ NOT-FOR-US: CentOS-WebPanel.com
CVE-2019-16294 (SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote ...)
NOT-FOR-US: Notepad++
CVE-2019-16293 (The Create Discoveries feature of Open-AudIT before 3.2.0 allows an au ...)
@@ -8605,7 +8605,7 @@ CVE-2019-15712
CVE-2019-15711
RESERVED
CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.1 and below ...)
- TODO: check
+ NOT-FOR-US: FortiExtender
CVE-2019-15709
RESERVED
CVE-2019-15708
@@ -16308,7 +16308,7 @@ CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel
CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command injection vuln ...)
NOT-FOR-US: WebAccess
CVE-2019-13551 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vul ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2019-13550 (In WebAccess, versions 8.4.1 and prior, an improper authorization vuln ...)
NOT-FOR-US: WebAccess
CVE-2019-13549 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
@@ -16316,7 +16316,7 @@ CVE-2019-13549 (Rittal Chiller SK 3232-Series web interface as built upon Carel
CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
NOT-FOR-US: CODESYS
CVE-2019-13547 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecu ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2019-13546 (In IntelliSpace Perinatal, Versions K and prior, a vulnerability withi ...)
NOT-FOR-US: IntelliSpace Perinatal
CVE-2019-13545 (In Horner Automation Cscape 9.90 and prior, improper validation of dat ...)
@@ -39620,9 +39620,9 @@ CVE-2019-5153
CVE-2019-5152
RESERVED
CVE-2019-5151 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube
CVE-2019-5150 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Wh ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube
CVE-2019-5149
RESERVED
CVE-2019-5148
@@ -39732,7 +39732,7 @@ CVE-2019-5097
CVE-2019-5096
RESERVED
CVE-2019-5095 (An issue summary information disclosure vulnerability exists in Atlass ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota file f ...)
{DSA-4535-1 DLA-1935-1}
- e2fsprogs 1.45.4-1 (bug #941139)
@@ -39880,7 +39880,7 @@ CVE-2019-5051 (An exploitable heap-based buffer overflow vulnerability exists wh
CVE-2019-5050 (A specifically crafted PDF file can lead to a heap corruption when ope ...)
NOT-FOR-US: NitroPDF
CVE-2019-5049 (An exploitable memory corruption vulnerability exists in AMD ATIDXX64. ...)
- TODO: check
+ NOT-FOR-US: AMD Windows driver
CVE-2019-5048 (A specifically crafted PDF file can lead to a heap corruption when ope ...)
NOT-FOR-US: NitroPDF
CVE-2019-5047 (An exploitable Use After Free vulnerability exists in the CharProcs pa ...)
@@ -39892,7 +39892,7 @@ CVE-2019-5045 (A specifically crafted jpeg2000 file embedded in a PDF file can l
CVE-2019-5044
REJECTED
CVE-2019-5043 (An exploitable denial-of-service vulnerability exists in the Weave dae ...)
- TODO: check
+ NOT-FOR-US: Nest
CVE-2019-5042 (An exploitable Use-After-Free vulnerability exists in the way Function ...)
NOT-FOR-US: Aspose
CVE-2019-5041 (An exploitable Stack Based Buffer Overflow vulnerability exists in the ...)
@@ -39918,7 +39918,7 @@ CVE-2019-5032 (An exploitable out-of-bounds read vulnerability exists in the Lab
CVE-2019-5031 (An exploitable memory corruption vulnerability exists in the JavaScrip ...)
NOT-FOR-US: Foxit PDF Reader
CVE-2019-5030 (A buffer overflow vulnerability exists in the PowerPoint document conv ...)
- TODO: check
+ NOT-FOR-US: Rainbow PDF Office Server Document Converter
CVE-2019-5029
RESERVED
CVE-2019-5028
@@ -39932,7 +39932,7 @@ CVE-2019-5025
CVE-2019-5024 (A restricted environment escape vulnerability exists in the "kiosk mod ...)
NOT-FOR-US: Capsule Technologies SmartLinx Neuron
CVE-2019-5023 (An exploitable vulnerability exists in the grsecurity PaX patch for th ...)
- TODO: check
+ - linux-grsec <removed>
CVE-2019-5022
REJECTED
CVE-2019-5021 (Versions of the Official Alpine Linux Docker images (since v3.3) conta ...)
@@ -96330,7 +96330,7 @@ CVE-2018-4066 (An exploitable cross-site request forgery vulnerability exists in
CVE-2018-4065 (An exploitable cross-site scripting vulnerability exists in the ACEMan ...)
NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4064 (An exploitable unverified password change vulnerability exists in the ...)
- TODO: check
+ NOT-FOR-US: Sierra Wireless AirLink ES250 firmware
CVE-2018-4063 (An exploitable remote code execution vulnerability exists in the uploa ...)
NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4062 (A hard-coded credentials vulnerability exists in the snmpd function of ...)
@@ -96399,7 +96399,7 @@ CVE-2018-4033 (The CleanMyMac X software contains an exploitable privilege escal
CVE-2018-4032 (An exploitable privilege escalation vulnerability exists in the way th ...)
NOT-FOR-US: Clean My Mac X
CVE-2018-4031 (An exploitable vulnerability exists in the safe browsing function of t ...)
- TODO: check
+ NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4030 (An exploitable vulnerability exists the safe browsing function of the ...)
NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4029 (An exploitable code execution vulnerability exists in the HTTP request ...)
@@ -96464,7 +96464,7 @@ CVE-2018-4004 (An exploitable privilege escalation vulnerability exists in the S
CVE-2018-4003 (An exploitable heap overflow vulnerability exists in the mdnscap binar ...)
NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4002 (An exploitable denial-of-service vulnerability exists in the mdnscap b ...)
- TODO: check
+ NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4001 (An exploitable uninitialized pointer vulnerability exists in the Offic ...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-4000 (An exploitable double-free vulnerability exists in the Office Open XML ...)
@@ -96502,7 +96502,7 @@ CVE-2018-3985 (An exploitable double free vulnerability exists in the mdnscap bi
CVE-2018-3984 (An exploitable uninitialized length vulnerability exists within the Wo ...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-3983 (An exploitable uninitialized pointer vulnerability exists in the Word ...)
- TODO: check
+ NOT-FOR-US: Atlantis Word Processor
CVE-2018-3982 (An exploitable arbitrary write vulnerability exists in the Word docume ...)
NOT-FOR-US: Atlantis Word Processor
CVE-2018-3981 (An exploitable out-of-bounds write exists in the TIFF-parsing function ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1af2cb89fb97e0062a366307f665f7e11e6f21d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1af2cb89fb97e0062a366307f665f7e11e6f21d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191101/5930bd1e/attachment.html>
More information about the debian-security-tracker-commits
mailing list