[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Thu Oct 10 09:38:22 BST 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5324224 by Moritz Muehlenhoff at 2019-10-10T08:38:04Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,17 +17,17 @@ CVE-2019-17421
 CVE-2019-17420 (In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other prod ...)
 	TODO: check
 CVE-2019-17419 (An issue was discovered in MetInfo 7.0. There is SQL injection via the ...)
-	TODO: check
+	NOT-FOR-US: MetInfo
 CVE-2019-17418 (An issue was discovered in MetInfo 7.0. There is SQL injection via the ...)
-	TODO: check
+	NOT-FOR-US: MetInfo
 CVE-2019-17417 (PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p= ...)
-	TODO: check
+	NOT-FOR-US: PbootCMS
 CVE-2019-17416
 	RESERVED
 CVE-2019-17415 (A Structured Exception Handler (SEH) based buffer overflow in File Sha ...)
-	TODO: check
+	NOT-FOR-US: File Sharing Wizard
 CVE-2019-17414 (tinylcy Vino through 2017-12-15 allows remote attackers to cause a den ...)
-	TODO: check
+	NOT-FOR-US: tinylcy Vino
 CVE-2019-17413
 	RESERVED
 CVE-2019-17412
@@ -131,9 +131,9 @@ CVE-2019-17368 (S-CMS v1.5 has XSS in tpl.php via the member/member_login.php fr
 CVE-2019-17367
 	RESERVED
 CVE-2019-17366 (Citrix Application Delivery Management (ADM) 12.1 before build 54.13 h ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2019-17365 (Nix through 2.3 allows local users to gain access to an arbitrary user ...)
-	TODO: check
+	NOT-FOR-US: Nix
 CVE-2019-17364
 	RESERVED
 CVE-2019-17363
@@ -166,7 +166,7 @@ CVE-2019-17354 (wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AA
 CVE-2019-17353 (An issue discovered on D-Link DIR-615 devices with firmware version 20 ...)
 	NOT-FOR-US: D-Link
 CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vul ...)
-	TODO: check
+	NOT-FOR-US: JFinal
 CVE-2019-17339
 	RESERVED
 CVE-2019-17338
@@ -343,7 +343,7 @@ CVE-2019-17262 (XnView Classic 2.49.1 allows a User Mode Write AV starting at Xw
 CVE-2019-17261 (XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0 ...)
 	NOT-FOR-US: XnView
 CVE-2019-17260 (MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data M ...)
-	TODO: check
+	NOT-FOR-US: MPC-HC
 CVE-2019-17259 (KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_ne ...)
 	NOT-FOR-US: KMPlayer (different from src:kmplayer)
 CVE-2019-17258 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...)
@@ -646,7 +646,7 @@ CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_Inst
 	NOTE: https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision&rev=12127&peg=12127
 	NOTE: Fixed in upstream versions 0.3.19 and 0.4.9.
 CVE-2019-17112 (An issue was discovered in Zoho ManageEngine DataSecurity Plus before  ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2019-17111
 	RESERVED
 CVE-2019-17110 (A security issue was discovered in kube-state-metrics 1.7.x before 1.7 ...)
@@ -3899,7 +3899,7 @@ CVE-2019-15896 (An issue was discovered in the LifterLMS plugin through 3.34.5 f
 CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 for Wor ...)
 	NOT-FOR-US: "Search Exclude" plugin for WordPress
 CVE-2019-15894 (An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, ...)
-	TODO: check
+	NOT-FOR-US: Espressif
 CVE-2019-15893
 	RESERVED
 CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3. ...)
@@ -3989,7 +3989,7 @@ CVE-2019-15861
 CVE-2019-15860 (Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2. ...)
 	- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
 CVE-2019-15859 (Password disclosure in the web interface on socomec DIRIS A-40 devices ...)
-	TODO: check
+	NOT-FOR-US: DIRIS
 CVE-2019-15858 (admin/includes/class.import.snippet.php in the "Woody ad snippets" plu ...)
 	NOT-FOR-US: "Woody ad snippets" plugin for WordPress
 CVE-2019-15857
@@ -4350,7 +4350,7 @@ CVE-2019-15721 (An issue was discovered in GitLab Community and Enterprise Editi
 CVE-2019-15720 (CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pr ...)
 	NOT-FOR-US: CloudBerry Backup
 CVE-2019-15719 (Altair PBS Professional through 19.1.2 allows Privilege Escalation bec ...)
-	TODO: check
+	NOT-FOR-US: Altair PBS Professional
 CVE-2019-15718 (In systemd 240, bus_open_system_watch_bind_with_description in shared/ ...)
 	- systemd 242-7 (bug #939353)
 	[buster] - systemd <no-dsa> (Minor issue; systemd-resolved not enabled by default)
@@ -4370,7 +4370,7 @@ CVE-2019-15717 (Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server
 CVE-2019-15716 (WTF before 0.19.0 does not set the permissions of config.yml, which mi ...)
 	NOT-FOR-US: wtfutil
 CVE-2019-15715 (MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command I ...)
-	TODO: check
+	- mantis <removed>
 CVE-2019-15714 (cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \  ...)
 	NOT-FOR-US: Entropic
 CVE-2019-15713 (The my-calendar plugin before 3.1.10 for WordPress has XSS. ...)
@@ -6573,25 +6573,25 @@ CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the
 CVE-2019-15024
 	RESERVED
 CVE-2019-15023 (A security vulnerability exists in Zingbox Inspector versions 1.294 an ...)
-	TODO: check
+	NOT-FOR-US: Zingbox Inspector
 CVE-2019-15022 (A security vulnerability exists in Zingbox Inspector versions 1.294 an ...)
-	TODO: check
+	NOT-FOR-US: Zingbox Inspector
 CVE-2019-15021 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...)
-	TODO: check
+	NOT-FOR-US: Zingbox Inspector
 CVE-2019-15020 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...)
-	TODO: check
+	NOT-FOR-US: Zingbox Inspector
 CVE-2019-15019 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...)
-	TODO: check
+	NOT-FOR-US: Zingbox Inspector
 CVE-2019-15018 (A security vulnerability exists in the Zingbox Inspector versions 1.28 ...)
-	TODO: check
+	NOT-FOR-US: Zingbox Inspector
 CVE-2019-15017 (The SSH service is enabled on the Zingbox Inspector versions 1.294 and ...)
-	TODO: check
+	NOT-FOR-US: Zingbox Inspector
 CVE-2019-15016 (An SQL injection vulnerability exists in the management interface of Z ...)
-	TODO: check
+	NOT-FOR-US: Zingbox Inspector
 CVE-2019-15015 (In the Zingbox Inspector, versions 1.294 and earlier, hardcoded creden ...)
-	TODO: check
+	NOT-FOR-US: Zingbox Inspector
 CVE-2019-15014 (A command injection vulnerability exists in the Zingbox Inspector vers ...)
-	TODO: check
+	NOT-FOR-US: Zingbox Inspector
 CVE-2019-15013
 	RESERVED
 CVE-2019-15012
@@ -7244,7 +7244,7 @@ CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles
 	NOTE: https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc (golang-1.11)
 	NOTE: https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 (golang-1.12)
 CVE-2019-14808 (An issue was discovered in the RENPHO application 3.0.0 for iOS. It tr ...)
-	TODO: check
+	NOT-FOR-US: RENPHO
 CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS e ...)
 	NOT-FOR-US: MobileFrontend extension for MediaWiki
 CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has insufficien ...)
@@ -18086,7 +18086,7 @@ CVE-2019-11343
 CVE-2019-11342
 	RESERVED
 CVE-2019-11341 (On certain Samsung P(9.0) phones, an attacker with physical access can ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2019-11340 (util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registrati ...)
 	NOT-FOR-US: Matrix Sydent
 CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 ...)
@@ -18408,7 +18408,7 @@ CVE-2019-11214
 CVE-2019-11213 (In Pulse Secure Pulse Desktop Client and Network Connect, an attacker  ...)
 	NOT-FOR-US: Pulse Secure Pulse Desktop Client and Network Connect
 CVE-2019-11212 (The MDM server component of TIBCO Software Inc's TIBCO MDM contains mu ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2019-11211 (The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime ...)
 	NOT-FOR-US: TIBCO
 CVE-2019-11210 (The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f532422446cc1a0ab5d7c13adc4fa07a77fc183c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f532422446cc1a0ab5d7c13adc4fa07a77fc183c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191010/40e9d330/attachment.html>


More information about the debian-security-tracker-commits mailing list