[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Oct 10 09:38:22 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f5324224 by Moritz Muehlenhoff at 2019-10-10T08:38:04Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,17 +17,17 @@ CVE-2019-17421
CVE-2019-17420 (In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other prod ...)
TODO: check
CVE-2019-17419 (An issue was discovered in MetInfo 7.0. There is SQL injection via the ...)
- TODO: check
+ NOT-FOR-US: MetInfo
CVE-2019-17418 (An issue was discovered in MetInfo 7.0. There is SQL injection via the ...)
- TODO: check
+ NOT-FOR-US: MetInfo
CVE-2019-17417 (PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p= ...)
- TODO: check
+ NOT-FOR-US: PbootCMS
CVE-2019-17416
RESERVED
CVE-2019-17415 (A Structured Exception Handler (SEH) based buffer overflow in File Sha ...)
- TODO: check
+ NOT-FOR-US: File Sharing Wizard
CVE-2019-17414 (tinylcy Vino through 2017-12-15 allows remote attackers to cause a den ...)
- TODO: check
+ NOT-FOR-US: tinylcy Vino
CVE-2019-17413
RESERVED
CVE-2019-17412
@@ -131,9 +131,9 @@ CVE-2019-17368 (S-CMS v1.5 has XSS in tpl.php via the member/member_login.php fr
CVE-2019-17367
RESERVED
CVE-2019-17366 (Citrix Application Delivery Management (ADM) 12.1 before build 54.13 h ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2019-17365 (Nix through 2.3 allows local users to gain access to an arbitrary user ...)
- TODO: check
+ NOT-FOR-US: Nix
CVE-2019-17364
RESERVED
CVE-2019-17363
@@ -166,7 +166,7 @@ CVE-2019-17354 (wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AA
CVE-2019-17353 (An issue discovered on D-Link DIR-615 devices with firmware version 20 ...)
NOT-FOR-US: D-Link
CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vul ...)
- TODO: check
+ NOT-FOR-US: JFinal
CVE-2019-17339
RESERVED
CVE-2019-17338
@@ -343,7 +343,7 @@ CVE-2019-17262 (XnView Classic 2.49.1 allows a User Mode Write AV starting at Xw
CVE-2019-17261 (XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0 ...)
NOT-FOR-US: XnView
CVE-2019-17260 (MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data M ...)
- TODO: check
+ NOT-FOR-US: MPC-HC
CVE-2019-17259 (KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_ne ...)
NOT-FOR-US: KMPlayer (different from src:kmplayer)
CVE-2019-17258 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...)
@@ -646,7 +646,7 @@ CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_Inst
NOTE: https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision&rev=12127&peg=12127
NOTE: Fixed in upstream versions 0.3.19 and 0.4.9.
CVE-2019-17112 (An issue was discovered in Zoho ManageEngine DataSecurity Plus before ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2019-17111
RESERVED
CVE-2019-17110 (A security issue was discovered in kube-state-metrics 1.7.x before 1.7 ...)
@@ -3899,7 +3899,7 @@ CVE-2019-15896 (An issue was discovered in the LifterLMS plugin through 3.34.5 f
CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 for Wor ...)
NOT-FOR-US: "Search Exclude" plugin for WordPress
CVE-2019-15894 (An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, ...)
- TODO: check
+ NOT-FOR-US: Espressif
CVE-2019-15893
RESERVED
CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3. ...)
@@ -3989,7 +3989,7 @@ CVE-2019-15861
CVE-2019-15860 (Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2. ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-15859 (Password disclosure in the web interface on socomec DIRIS A-40 devices ...)
- TODO: check
+ NOT-FOR-US: DIRIS
CVE-2019-15858 (admin/includes/class.import.snippet.php in the "Woody ad snippets" plu ...)
NOT-FOR-US: "Woody ad snippets" plugin for WordPress
CVE-2019-15857
@@ -4350,7 +4350,7 @@ CVE-2019-15721 (An issue was discovered in GitLab Community and Enterprise Editi
CVE-2019-15720 (CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pr ...)
NOT-FOR-US: CloudBerry Backup
CVE-2019-15719 (Altair PBS Professional through 19.1.2 allows Privilege Escalation bec ...)
- TODO: check
+ NOT-FOR-US: Altair PBS Professional
CVE-2019-15718 (In systemd 240, bus_open_system_watch_bind_with_description in shared/ ...)
- systemd 242-7 (bug #939353)
[buster] - systemd <no-dsa> (Minor issue; systemd-resolved not enabled by default)
@@ -4370,7 +4370,7 @@ CVE-2019-15717 (Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server
CVE-2019-15716 (WTF before 0.19.0 does not set the permissions of config.yml, which mi ...)
NOT-FOR-US: wtfutil
CVE-2019-15715 (MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command I ...)
- TODO: check
+ - mantis <removed>
CVE-2019-15714 (cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ ...)
NOT-FOR-US: Entropic
CVE-2019-15713 (The my-calendar plugin before 3.1.10 for WordPress has XSS. ...)
@@ -6573,25 +6573,25 @@ CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the
CVE-2019-15024
RESERVED
CVE-2019-15023 (A security vulnerability exists in Zingbox Inspector versions 1.294 an ...)
- TODO: check
+ NOT-FOR-US: Zingbox Inspector
CVE-2019-15022 (A security vulnerability exists in Zingbox Inspector versions 1.294 an ...)
- TODO: check
+ NOT-FOR-US: Zingbox Inspector
CVE-2019-15021 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...)
- TODO: check
+ NOT-FOR-US: Zingbox Inspector
CVE-2019-15020 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...)
- TODO: check
+ NOT-FOR-US: Zingbox Inspector
CVE-2019-15019 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...)
- TODO: check
+ NOT-FOR-US: Zingbox Inspector
CVE-2019-15018 (A security vulnerability exists in the Zingbox Inspector versions 1.28 ...)
- TODO: check
+ NOT-FOR-US: Zingbox Inspector
CVE-2019-15017 (The SSH service is enabled on the Zingbox Inspector versions 1.294 and ...)
- TODO: check
+ NOT-FOR-US: Zingbox Inspector
CVE-2019-15016 (An SQL injection vulnerability exists in the management interface of Z ...)
- TODO: check
+ NOT-FOR-US: Zingbox Inspector
CVE-2019-15015 (In the Zingbox Inspector, versions 1.294 and earlier, hardcoded creden ...)
- TODO: check
+ NOT-FOR-US: Zingbox Inspector
CVE-2019-15014 (A command injection vulnerability exists in the Zingbox Inspector vers ...)
- TODO: check
+ NOT-FOR-US: Zingbox Inspector
CVE-2019-15013
RESERVED
CVE-2019-15012
@@ -7244,7 +7244,7 @@ CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles
NOTE: https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc (golang-1.11)
NOTE: https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 (golang-1.12)
CVE-2019-14808 (An issue was discovered in the RENPHO application 3.0.0 for iOS. It tr ...)
- TODO: check
+ NOT-FOR-US: RENPHO
CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS e ...)
NOT-FOR-US: MobileFrontend extension for MediaWiki
CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has insufficien ...)
@@ -18086,7 +18086,7 @@ CVE-2019-11343
CVE-2019-11342
RESERVED
CVE-2019-11341 (On certain Samsung P(9.0) phones, an attacker with physical access can ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2019-11340 (util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registrati ...)
NOT-FOR-US: Matrix Sydent
CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 ...)
@@ -18408,7 +18408,7 @@ CVE-2019-11214
CVE-2019-11213 (In Pulse Secure Pulse Desktop Client and Network Connect, an attacker ...)
NOT-FOR-US: Pulse Secure Pulse Desktop Client and Network Connect
CVE-2019-11212 (The MDM server component of TIBCO Software Inc's TIBCO MDM contains mu ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-11211 (The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime ...)
NOT-FOR-US: TIBCO
CVE-2019-11210 (The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f532422446cc1a0ab5d7c13adc4fa07a77fc183c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f532422446cc1a0ab5d7c13adc4fa07a77fc183c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191010/40e9d330/attachment.html>
More information about the debian-security-tracker-commits
mailing list