[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Mon Nov 25 20:24:21 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
874c85ee by Salvatore Bonaccorso at 2019-11-25T20:23:50Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26,7 +26,7 @@ CVE-2019-19252 (vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel thro
CVE-2019-19251
RESERVED
CVE-2019-19250 (OpenTrade before 2019-11-23 allows SQL injection, related to server/mo ...)
- TODO: check
+ NOT-FOR-US: OpenTrade
CVE-2019-19249 (Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta m ...)
TODO: check
CVE-2019-19248
@@ -4431,7 +4431,7 @@ CVE-2019-18376
CVE-2019-18375
RESERVED
CVE-2019-18374 (Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2019-18373 (Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass ex ...)
NOT-FOR-US: Norton
CVE-2019-18372 (Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to ...)
@@ -7750,13 +7750,13 @@ CVE-2019-XXXX [Remote code execution vulnerability]
NOTE: https://github.com/libguestfs/libnbd/commit/f75f602a6361c0c5f42debfeea6980f698ce7f09 (1.1.4)
NOTE: https://github.com/libguestfs/libnbd/commit/2c1987fc23d6d0f537edc6d4701e95a2387f7917 (stable-1.0)
CVE-2019-17406 (Nokia IMPACT < 18A has path traversal that may lead to RCE if chain ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2019-17405 (Nokia IMPACT < 18A: has Reflected self XSS ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2019-17404 (Nokia IMPACT < 18A: allows full path disclosure ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2019-17403 (Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was f ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2019-17402 (Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in ...)
TODO: check
CVE-2019-17401 (** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-rea ...)
@@ -10497,7 +10497,7 @@ CVE-2019-16289 (The insert-php (aka Woody ad snippets) plugin before 2.2.8 for W
CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID paramete ...)
NOT-FOR-US: Tenda
CVE-2019-16287 (An attacker may be able to leverage the application filter bypass vuln ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2019-16286 (An attacker may be able to bypass the OS application filter meant to r ...)
NOT-FOR-US: HP
CVE-2019-16285 (If a local user has been configured and logged in, an unauthenticated ...)
@@ -12330,7 +12330,7 @@ CVE-2019-15686
CVE-2019-15685
RESERVED
CVE-2019-15684 (Kaspersky Protection extension for web browser Google Chrome prior to ...)
- TODO: check
+ NOT-FOR-US: Kaspersky Protection extension for web browser Google Chrome
CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerability in c ...)
NOT-FOR-US: TurboVNC
CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access read vuln ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/874c85ee87226ee7cc4198863aa54ede831534cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/874c85ee87226ee7cc4198863aa54ede831534cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191125/9d89b6b6/attachment.html>
More information about the debian-security-tracker-commits
mailing list