[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 26 20:35:02 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8faf8e23 by Salvatore Bonaccorso at 2019-11-26T20:34:40Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -396,7 +396,7 @@ CVE-2019-19131
CVE-2019-19130
RESERVED
CVE-2019-19129 (Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11 ...)
- TODO: check
+ NOT-FOR-US: Afterlogic
CVE-2019-19128
RESERVED
CVE-2019-19127
@@ -7878,7 +7878,7 @@ CVE-2019-17394 (In the Seesaw Parent and Family application 6.2.5 for Android, t
CVE-2019-17393 (The Customer's Tomedo Server in Version 1.7.3 communicates to the Vend ...)
NOT-FOR-US: Tomedo Server
CVE-2019-17392 (Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a ...)
- TODO: check
+ NOT-FOR-US: Progress Sitefinity
CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-0 ...)
NOT-FOR-US: Espressif ESP32
CVE-2019-17390
@@ -10291,11 +10291,11 @@ CVE-2019-16390
CVE-2019-16389
RESERVED
CVE-2019-16388 (PEGA Platform 8.3.0 is vulnerable to Information disclosure via a dire ...)
- TODO: check
+ NOT-FOR-US: PEGA Platform
CVE-2019-16387 (PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/! ...)
- TODO: check
+ NOT-FOR-US: PEGA Platform
CVE-2019-16386 (PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via ...)
- TODO: check
+ NOT-FOR-US: PEGA Platform
CVE-2019-16385
RESERVED
CVE-2019-16384
@@ -10833,11 +10833,11 @@ CVE-2019-16245
CVE-2019-16244
RESERVED
CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocument ...)
- TODO: check
+ NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineerin ...)
- TODO: check
+ NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
CVE-2019-16241 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can ...)
- TODO: check
+ NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
CVE-2019-16240
RESERVED
CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer Overflow ...)
@@ -12415,13 +12415,13 @@ CVE-2019-15690
CVE-2019-15689
RESERVED
CVE-2019-15688 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...)
- TODO: check
+ NOT-FOR-US: Kaspersky
CVE-2019-15687 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...)
- TODO: check
+ NOT-FOR-US: Kaspersky
CVE-2019-15686 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...)
- TODO: check
+ NOT-FOR-US: Kaspersky
CVE-2019-15685 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...)
- TODO: check
+ NOT-FOR-US: Kaspersky
CVE-2019-15684 (Kaspersky Protection extension for web browser Google Chrome prior to ...)
NOT-FOR-US: Kaspersky Protection extension for web browser Google Chrome
CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerability in c ...)
@@ -16841,7 +16841,7 @@ CVE-2019-14451 (RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not
CVE-2019-14450 (A directory traversal vulnerability was discovered in RepetierServer.e ...)
NOT-FOR-US: Repetier-Server
CVE-2019-14449 (An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x b ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2019-14448
RESERVED
CVE-2019-14447
@@ -22970,7 +22970,7 @@ CVE-2019-12491 (OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacke
CVE-2019-12490
RESERVED
CVE-2019-12489 (An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Aske ...)
- TODO: check
+ NOT-FOR-US: Fastweb Askey RTV1907VW devices
CVE-2019-12488
RESERVED
CVE-2019-12487
@@ -38251,7 +38251,7 @@ CVE-2018-20751 (An issue was discovered in crop_page in PoDoFo 0.9.6. For a craf
NOTE: https://sourceforge.net/p/podofo/tickets/33/
NOTE: https://sourceforge.net/p/podofo/code/1954
CVE-2019-7319 (An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When usin ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2019-7318
RESERVED
CVE-2019-7317 (png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...)
@@ -39792,7 +39792,7 @@ CVE-2019-6677
CVE-2019-6676
RESERVED
CVE-2019-6675 (BIG-IP configurations using Active Directory, LDAP, or Client Certific ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP
CVE-2019-6674
RESERVED
CVE-2019-6673
@@ -51759,7 +51759,7 @@ CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is vulnerable to a director
CVE-2018-20091 (An SQL injection vulnerability was found in Cloudera Data Science Work ...)
NOT-FOR-US: Cloudera Data Science Workbench
CVE-2018-20090 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4. ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2018-20089
RESERVED
CVE-2018-20088
@@ -62723,7 +62723,7 @@ CVE-2018-17862
CVE-2018-17861
RESERVED
CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be revoked.Th ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks in ...)
NOT-FOR-US: Joomla!
CVE-2018-17858 (An issue was discovered in Joomla! before 3.8.13. com_installer action ...)
@@ -142644,7 +142644,7 @@ CVE-2016-1000348
CVE-2016-1000268
REJECTED
CVE-2017-7399 (Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x be ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2017-7398 (D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request For ...)
NOT-FOR-US: D-Link
CVE-2017-7397 (** DISPUTED ** BackBox Linux 4.6 allows remote attackers to cause a de ...)
@@ -164284,7 +164284,7 @@ CVE-2016-9274 (Untrusted search path vulnerability in Git 1.x for Windows allows
CVE-2016-9272 (A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, wit ...)
NOT-FOR-US: Exponent CMS
CVE-2016-9271 (Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x bef ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2016-9270
RESERVED
CVE-2016-9269 (Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches i ...)
@@ -173532,7 +173532,7 @@ CVE-2016-6356 (A vulnerability in the email message filtering feature of Cisco A
CVE-2016-6355 (Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, ...)
NOT-FOR-US: Cisco
CVE-2016-6353 (Cloudera Search in CDH before 5.7.0 allows unauthorized document acces ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote attackers to co ...)
- resteasy <unfixed> (low; bug #837170)
[jessie] - resteasy <no-dsa> (Minor issue)
@@ -175825,7 +175825,7 @@ CVE-2016-5725 (Directory traversal vulnerability in JCraft JSch before 0.1.54 on
[jessie] - jsch <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/jsch/mailman/message/35318093/
CVE-2016-5724 (Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagn ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local users to ...)
NOT-FOR-US: Huawei
CVE-2016-5722 (Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3 ...)
@@ -180001,7 +180001,7 @@ CVE-2016-4579 (Libksba before 1.3.4 allows remote attackers to cause a denial of
[jessie] - libksba 1.3.2-1+deb8u1
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64
CVE-2016-4572 (In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2016-4574 (Off-by-one error in the append_utf8_value function in the DN decoder ( ...)
- libksba 1.3.4-3
[jessie] - libksba <not-affected> (Incomplete fix not applied)
@@ -183905,7 +183905,7 @@ CVE-2016-3194 (Cross-site scripting (XSS) vulnerability in the address added pag
CVE-2016-3193 (Cross-site scripting (XSS) vulnerability in the appliance web-applicat ...)
NOT-FOR-US: Fortinet
CVE-2016-3192 (Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext R ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c ...)
- cairo 1.14.2-2
[jessie] - cairo 1.14.0-2.1+deb8u1
@@ -184044,7 +184044,7 @@ CVE-2016-3132 (Double free vulnerability in the SplDoublyLinkedList::offsetSet f
NOTE: https://bugs.php.net/bug.php?id=71735
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5
CVE-2016-3131 (Cloudera CDH before 5.6.1 allows authorization bypass via direct inter ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2016-3130 (An information disclosure vulnerability in the Core and Management Con ...)
NOT-FOR-US: BlackBerry
CVE-2016-3129 (A remote shell execution vulnerability in the BlackBerry Good Enterpri ...)
@@ -196881,7 +196881,7 @@ CVE-2015-7833 (The usbvision driver in the Linux kernel package 3.10.0-123.20.1.
CVE-2015-7832
RESERVED
CVE-2015-7831 (In Cloudera Hue, there is privilege escalation by a read-only user whe ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2015-7829 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
NOT-FOR-US: Adobe
CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require authentication ...)
@@ -200672,7 +200672,7 @@ CVE-2015-6498 (Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.
CVE-2015-6497
RESERVED
CVE-2015-6495 (There is Sensitive Information in Cloudera Manager before 5.4.6 Diagno ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2015-6494 (Cross-site scripting (XSS) vulnerability in Infinite Automation Mango ...)
NOT-FOR-US: Infinite Automation Mango Automation
CVE-2015-6493 (Cross-site request forgery (CSRF) vulnerability in Infinite Automation ...)
@@ -206369,7 +206369,7 @@ CVE-2015-2967 (Cross-site scripting (XSS) vulnerability in settings.php in Cacti
NOTE: http://jvn.jp/en/jp/JVN78187936/
NOTE: Fixed upstream in 0.8.8d
CVE-2015-4457 (Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Ma ...)
- TODO: check
+ NOT-FOR-US: Cloudera
CVE-2015-4456 (ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::igno ...)
{DSA-3363-1}
- owncloud-client 1.8.4+dfsg-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8faf8e23805151f8719b25cf18135165140ada7e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8faf8e23805151f8719b25cf18135165140ada7e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191126/22907275/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list