[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Oct 9 12:54:36 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
594ef57a by Moritz Muehlenhoff at 2019-10-09T11:54:21Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4106,17 +4106,17 @@ CVE-2017-18594 (nse_libssh2.cc in Nmap 7.70 is subject to a denial of service co
NOTE: https://github.com/nmap/nmap/issues/1227
NOTE: Crash in CLI tool, no security impact
CVE-2019-15751 (An unrestricted file upload vulnerability in SITOS six Build v6.2.1 al ...)
- TODO: check
+ NOT-FOR-US: SITOS
CVE-2019-15750 (A Cross-Site Scripting (XSS) vulnerability in the blog function in SIT ...)
- TODO: check
+ NOT-FOR-US: SITOS
CVE-2019-15749 (SITOS six Build v6.2.1 allows a user to change their password and reco ...)
- TODO: check
+ NOT-FOR-US: SITOS
CVE-2019-15748 (SITOS six Build v6.2.1 permits unauthorised users to upload and import ...)
- TODO: check
+ NOT-FOR-US: SITOS
CVE-2019-15747 (SITOS six Build v6.2.1 allows a user with the user role of Seminar Coo ...)
- TODO: check
+ NOT-FOR-US: SITOS
CVE-2019-15746 (SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP comm ...)
- TODO: check
+ NOT-FOR-US: SITOS
CVE-2019-15745 (The Eques elf smart plug and the mobile app use a hardcoded AES 256 bi ...)
NOT-FOR-US: Eques elf smart plug
CVE-2019-15744
@@ -7517,9 +7517,9 @@ CVE-2019-14659
CVE-2019-14658
RESERVED
CVE-2019-14657 (Yealink phones through 2019-08-04 have an issue with OpenVPN file uplo ...)
- TODO: check
+ NOT-FOR-US: Yealink
CVE-2019-14656 (Yealink phones through 2019-08-04 do not properly check user roles in ...)
- TODO: check
+ NOT-FOR-US: Yealink
CVE-2019-14655
REJECTED
CVE-2019-14654 (In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authoris ...)
@@ -12414,7 +12414,7 @@ CVE-2019-13338 (In WESEEK GROWI before 3.5.0, a remote attacker can obtain the p
CVE-2019-13337 (In WESEEK GROWI before 3.5.0, the site-wide basic authentication can b ...)
NOT-FOR-US: WESEEK GROWI
CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attack ...)
- TODO: check
+ NOT-FOR-US: dbell Wi-Fi Smart Video Doorbell
CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has ...)
NOT-FOR-US: SalesAgility SuiteCRM
CVE-2019-13334
@@ -13023,7 +13023,7 @@ CVE-2019-13121 [SSRF Vulnerability in Project GitHub Integration]
- gitlab <unfixed>
NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
CVE-2019-13120 (Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checki ...)
- TODO: check
+ NOT-FOR-US: Amazon FreeRTOS
CVE-2019-13119
RESERVED
CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping characters of ...)
@@ -13910,9 +13910,9 @@ CVE-2019-12814 (A Polymorphic Typing issue was discovered in FasterXML jackson-d
CVE-2019-12813 (An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Re ...)
NOT-FOR-US: Digital Persona U.are.U 4500 Fingerprint Reader
CVE-2019-12812 (MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbi ...)
- TODO: check
+ NOT-FOR-US: MyBuilder
CVE-2019-12811 (ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to ...)
- TODO: check
+ NOT-FOR-US: MyBuilder
CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing functiona ...)
NOT-FOR-US: ALSee
CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contai ...)
@@ -18894,7 +18894,7 @@ CVE-2019-10971 (The application (Network Configurator for DeviceNet Safety 3.41
CVE-2019-10970 (In Rockwell Automation PanelView 5510 (all versions manufactured befor ...)
NOT-FOR-US: Rockwell Automation PanelView
CVE-2019-10969 (Moxa EDR 810, all versions 5.1 and prior, allows an authenticated atta ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-10968 (Philips Holter 2010 Plus, all versions. A vulnerability has been ident ...)
NOT-FOR-US: Philips Holter 2010 Plus
CVE-2019-10967 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based ...)
@@ -18906,7 +18906,7 @@ CVE-2019-10965 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-b
CVE-2019-10964 (In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, ...)
NOT-FOR-US: Medtronic
CVE-2019-10963 (Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated at ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2019-10962 (BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1. ...)
NOT-FOR-US: BD Alaris Gateway
CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, proces ...)
@@ -37448,7 +37448,7 @@ CVE-2019-3982
CVE-2019-3981
RESERVED
CVE-2019-3980 (The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports s ...)
- TODO: check
+ NOT-FOR-US: Solarwinds
CVE-2019-3979
RESERVED
CVE-2019-3978
@@ -38202,7 +38202,7 @@ CVE-2019-3747 (Dell EMC Integrated Data Protection Appliance versions prior to 2
CVE-2019-3746 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do ...)
NOT-FOR-US: EMC
CVE-2019-3745 (The vulnerability is limited to the installers of Dell Encryption Ente ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2019-3744 (Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a pri ...)
NOT-FOR-US: Dell/Alienware Digital Delivery
CVE-2019-3743
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/594ef57ad8fc7c42395df83a30aa51f740c98b71
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/594ef57ad8fc7c42395df83a30aa51f740c98b71
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191009/fce8d1c1/attachment.html>
More information about the debian-security-tracker-commits
mailing list