[Git][security-tracker-team/security-tracker][master] new ruby-rack-cors issue

Moritz Muehlenhoff jmm at debian.org
Fri Nov 15 11:47:53 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
712b1868 by Moritz Muehlenhoff at 2019-11-15T11:47:25Z
new ruby-rack-cors issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,25 +1,27 @@
 CVE-2019-18988
 	RESERVED
 CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for  ...)
-	TODO: check
+	NOT-FOR-US: AbuseFilter MediaWiki extension
 CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess) valid user ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2019-18985 (Pimcore before 6.2.2 lacks brute force protection for the 2FA token. ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2019-18984
 	RESERVED
 CVE-2019-18983
 	RESERVED
 CVE-2019-18982 (bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore be ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2019-18981 (Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scen ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022 ...)
-	TODO: check
+	NOT-FOR-US: Signify Philips Taolight
 CVE-2019-18979
 	RESERVED
 CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...)
-	TODO: check
+	- ruby-rack-cors <unfixed>
+	NOTE: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d
+	NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4 
 CVE-2019-18977
 	RESERVED
 CVE-2019-18976
@@ -61,7 +63,7 @@ CVE-2019-18959
 CVE-2019-18958
 	RESERVED
 CVE-2019-18957 (Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has r ...)
-	TODO: check
+	NOT-FOR-US: Microstrategy Library
 CVE-2019-18956
 	RESERVED
 CVE-2019-18955
@@ -186,7 +188,7 @@ CVE-2019-18897
 CVE-2019-18896
 	RESERVED
 CVE-2019-18895 (Scanguard through 2019-11-12 on Windows has Insecure Permissions for t ...)
-	TODO: check
+	NOT-FOR-US: Scanguard
 CVE-2019-18894
 	RESERVED
 CVE-2019-18893
@@ -2939,20 +2941,20 @@ CVE-2019-18653 (A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Fr
 CVE-2019-18652
 	RESERVED
 CVE-2019-18651 (A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias  ...)
-	TODO: check
+	NOT-FOR-US: 3xLogic
 CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing token chec ...)
 	NOT-FOR-US: Joomla!
 CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...)
 	- jupyter-notebook 5.7.4-1
 	NOTE: https://github.com/jupyter/notebook/pull/3341
 CVE-2019-18649 (When logged in as an admin user, the Title input field (under Reports) ...)
-	TODO: check
+	NOT-FOR-US: Untangle NG firewall
 CVE-2019-18648 (When logged in as an admin user, the Untangle NG firewall 14.2.0 is vu ...)
-	TODO: check
+	NOT-FOR-US: Untangle NG firewall
 CVE-2019-18647 (The Untangle NG firewall 14.2.0 is vulnerable to an authenticated comm ...)
-	TODO: check
+	NOT-FOR-US: Untangle NG firewall
 CVE-2019-18646 (The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline- ...)
-	TODO: check
+	NOT-FOR-US: Untangle NG firewall
 CVE-2019-18645 (The quarantine restoration function in Total Defense Anti-virus 11.5.2 ...)
 	NOT-FOR-US: Total Defense Anti-virus
 CVE-2019-18644 (The malware scan function in Total Defense Anti-virus 11.5.2.28 is vul ...)
@@ -7125,7 +7127,7 @@ CVE-2019-17393 (The Customer's Tomedo Server in Version 1.7.3 communicates to th
 CVE-2019-17392
 	RESERVED
 CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-0 ...)
-	TODO: check
+	NOT-FOR-US: Espressif ESP32
 CVE-2019-17390
 	RESERVED
 CVE-2019-17389 (In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles erro ...)
@@ -10463,7 +10465,7 @@ CVE-2019-16112
 CVE-2019-16111
 	RESERVED
 CVE-2019-16110 (The network protocol of Blade Shadow though 2.13.3 allows remote attac ...)
-	TODO: check
+	NOT-FOR-US: Blade Shadow
 CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It confi ...)
 	NOT-FOR-US: Plataformatec Devise
 CVE-2019-16108
@@ -11254,17 +11256,17 @@ CVE-2019-15806 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-1
 CVE-2019-15805 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301  ...)
 	NOT-FOR-US: CommScope ARRIS TR4400 devices
 CVE-2019-15804 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2019-15803 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2019-15802 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2019-15801 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2019-15800 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2019-15799 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...)
-	TODO: check
+	NOT-FOR-US: Zyxel
 CVE-2019-15798
 	RESERVED
 CVE-2019-15797
@@ -14815,7 +14817,7 @@ CVE-2019-14680 (The admin-renamer-extended (aka Admin renamer extended) plugin 3
 CVE-2019-14679 (core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 fo ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-14678 (SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability tha ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-14677
 	RESERVED
 CVE-2019-14676
@@ -23687,7 +23689,7 @@ CVE-2019-11933 (A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2
 CVE-2019-11932 (A double free vulnerability in the DDGifSlurp function in decoding.c i ...)
 	NOT-FOR-US: libpl_droidsonroids_gif
 CVE-2019-11931 (A stack-based buffer overflow could be triggered in WhatsApp by sendin ...)
-	TODO: check
+	NOT-FOR-US: WhatsApp
 CVE-2019-11930
 	RESERVED
 CVE-2019-11929 (Insufficient boundary checks when formatting numbers in number_format  ...)
@@ -35139,7 +35141,7 @@ CVE-2019-8250
 CVE-2019-8249
 	RESERVED
 CVE-2019-8248 (Adobe Illustrator CC versions 23.1 and earlier have a memory corruptio ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2019-8247 (Adobe Illustrator CC versions 23.1 and earlier have a memory corruptio ...)
 	NOT-FOR-US: Adobe
 CVE-2019-8246 (Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds wr ...)
@@ -255301,7 +255303,7 @@ CVE-2013-3075 (Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX
 CVE-2013-3074
 	RESERVED
 CVE-2013-3073 (A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 F ...)
-	TODO: check
+	NOT-FOR-US: NETGEAR
 CVE-2013-3072 (An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4 ...)
 	NOT-FOR-US: NETGEAR
 CVE-2013-3071



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/712b1868a6b664ffc03c7aa92022c7be97dfd457

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/712b1868a6b664ffc03c7aa92022c7be97dfd457
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191115/c3184234/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list