[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 17 21:30:57 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
100ffec0 by Salvatore Bonaccorso at 2019-10-17T20:30:34Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2032,11 +2032,11 @@ CVE-2019-17678
CVE-2019-17677
RESERVED
CVE-2019-17676 (app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a C ...)
- TODO: check
+ NOT-FOR-US: MetInfo
CVE-2019-17668 (Samsung Galaxy S10 and Note10 devices allow unlock operations via unre ...)
- TODO: check
+ NOT-FOR-US: Samsung Galaxy S10 and Note10 devices
CVE-2019-17667 (Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML inj ...)
- TODO: check
+ NOT-FOR-US: Comtech H8 Heights Remote Gateway devices
CVE-2019-17666 (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Lin ...)
- linux <unfixed>
NOTE: https://lkml.org/lkml/2019/10/16/1226
@@ -3437,19 +3437,19 @@ CVE-2019-17122
CVE-2019-17121 (REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-si ...)
NOT-FOR-US: REDCap
CVE-2019-17120 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...)
- TODO: check
+ NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17119 (Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterp ...)
- TODO: check
+ NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17118 (A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows ...)
- TODO: check
+ NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17117 (A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterpri ...)
- TODO: check
+ NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17116 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...)
- TODO: check
+ NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17115 (Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enter ...)
- TODO: check
+ NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17114 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...)
- TODO: check
+ NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_Instrument ...)
- libopenmpt 0.4.9-1
NOTE: https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe
@@ -3922,7 +3922,7 @@ CVE-2019-16919
CVE-2019-16918
RESERVED
CVE-2019-16917 (WiKID Enterprise 2FA (two factor authentication) Enterprise Server thr ...)
- TODO: check
+ NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-16916
REJECTED
CVE-2019-16915 (An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/p ...)
@@ -5468,7 +5468,7 @@ CVE-2019-12412 [Remotely exploitable null pointer dereference bug]
CVE-2019-16331
RESERVED
CVE-2019-16330 (In NCH Express Accounts Accounting v7.02, persistent cross site script ...)
- TODO: check
+ NOT-FOR-US: NCH Express Accounts Accounting
CVE-2019-16329
RESERVED
CVE-2019-16328 (In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify ...)
@@ -6838,9 +6838,9 @@ CVE-2019-15852
CVE-2019-15851
REJECTED
CVE-2019-15850 (eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execut ...)
- TODO: check
+ NOT-FOR-US: eQ-3 HomeMatic CCU3
CVE-2019-15849 (eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attac ...)
- TODO: check
+ NOT-FOR-US: eQ-3 HomeMatic CCU3
CVE-2019-15848 (JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XS ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2019-15847 (The POWER9 backend in GNU Compiler Collection (GCC) before version 10 ...)
@@ -11729,9 +11729,9 @@ CVE-2019-14426
CVE-2019-14425
RESERVED
CVE-2019-14424 (A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of th ...)
- TODO: check
+ NOT-FOR-US: eQ-3 Homematic CCU-Firmware
CVE-2019-14423 (A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of t ...)
- TODO: check
+ NOT-FOR-US: eQ-3 Homematic CCU-Firmware
CVE-2019-14422 (An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI han ...)
NOT-FOR-US: TortoiseSVN
CVE-2019-14421
@@ -13595,7 +13595,7 @@ CVE-2019-13659
CVE-2019-13658 (CA Network Flow Analysis 9.x and 10.0.x have a default credential vuln ...)
NOT-FOR-US: CA Network Flow Analysis
CVE-2019-13657 (CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before ...)
- TODO: check
+ NOT-FOR-US: CA Performance Management
CVE-2019-13656 (An access vulnerability in CA Common Services DIA of CA Technologies C ...)
NOT-FOR-US: CA Technologies Client Automation
CVE-2019-13655 (Imgix through 2019-06-19 allows remote attackers to cause a denial of ...)
@@ -15249,7 +15249,7 @@ CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injec
CVE-2019-13412
RESERVED
CVE-2019-13411 (An “invalid command” handler issue was discovered in HiNet ...)
- TODO: check
+ NOT-FOR-US: HiNet GPON firmware
CVE-2019-13410
RESERVED
CVE-2019-13409
@@ -17370,9 +17370,9 @@ CVE-2019-12639
CVE-2019-12638 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2019-12637 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12636 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12635 (A vulnerability in the authorization module of Cisco Content Security ...)
NOT-FOR-US: Cisco
CVE-2019-12634 (A vulnerability in the web-based management interface of Cisco Integra ...)
@@ -17421,7 +17421,7 @@ CVE-2019-12613
CVE-2019-12612
RESERVED
CVE-2019-12611 (An issue was discovered in Bitdefender BOX firmware versions before 2. ...)
- TODO: check
+ NOT-FOR-US: Bitdefender BOX firmware
CVE-2019-12610
RESERVED
CVE-2019-12609
@@ -30682,7 +30682,7 @@ CVE-2019-8073 (ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update
CVE-2019-8072 (ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 a ...)
NOT-FOR-US: Adobe
CVE-2019-8071 (Adobe Download Manager versions 2.0.0.363 have an insecure file permis ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8070 (Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and ear ...)
NOT-FOR-US: Adobe
CVE-2019-8069 (Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and ear ...)
@@ -35036,7 +35036,7 @@ CVE-2019-6336
CVE-2019-6335 (A potential security vulnerability has been identified with Samsung La ...)
NOT-FOR-US: Samsung Laser Printers
CVE-2019-6334 (HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Prin ...)
- TODO: check
+ NOT-FOR-US: HP printers
CVE-2019-6333 (A potential security vulnerability has been identified with certain ve ...)
NOT-FOR-US: HP Touchpoint Analytics
CVE-2019-6332
@@ -44441,25 +44441,25 @@ CVE-2019-3028 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu
- virtualbox 6.0.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3027 (Vulnerability in the Oracle Application Object Library product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-3026 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.0.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3025 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle F ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-3024 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-3023 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-3022 (Vulnerability in the Oracle Content Manager product of Oracle E-Busine ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-3021 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.0.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3020 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-3019 (Vulnerability in the Oracle Banking Digital Experience product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-3018 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -44468,21 +44468,21 @@ CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu
CVE-2019-3016
RESERVED
CVE-2019-3015 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-3014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
TODO: check
CVE-2019-3013
RESERVED
CVE-2019-3012 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-3011 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-3010 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-3009 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-3008 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-3007
RESERVED
CVE-2019-3006
@@ -44498,9 +44498,9 @@ CVE-2019-3002 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu
- virtualbox 6.0.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3001 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-3000 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2999 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
@@ -44512,9 +44512,9 @@ CVE-2019-2997 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
CVE-2019-2996 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2019-2995 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2994 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2993 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
@@ -44525,7 +44525,7 @@ CVE-2019-2992 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
CVE-2019-2991 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2990 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2989 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
@@ -44537,9 +44537,9 @@ CVE-2019-2988 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
CVE-2019-2987 (Vulnerability in the Java SE product of Oracle Java SE (component: 2D) ...)
- openjdk-11 11.0.5+10-1
CVE-2019-2986 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2985 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2984 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.0.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
@@ -44554,9 +44554,9 @@ CVE-2019-2981 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
- openjdk-8 <unfixed>
- openjdk-7 <removed>
CVE-2019-2980 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2979 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2978 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
@@ -44564,7 +44564,7 @@ CVE-2019-2978 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
CVE-2019-2977 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...)
- openjdk-11 11.0.5+10-1
CVE-2019-2976 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2975 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
@@ -44576,11 +44576,11 @@ CVE-2019-2973 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
- openjdk-8 <unfixed>
- openjdk-7 <removed>
CVE-2019-2972 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2971 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2970 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2969 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
@@ -44591,7 +44591,7 @@ CVE-2019-2967 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
CVE-2019-2966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2965 (Vulnerability in the Siebel Core - DB Deployment and Configuration pro ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2964 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
@@ -44603,12 +44603,12 @@ CVE-2019-2962 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
- openjdk-8 <unfixed>
- openjdk-7 <removed>
CVE-2019-2961 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2960 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2959 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2958 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
@@ -44616,17 +44616,17 @@ CVE-2019-2958 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
CVE-2019-2957 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2956 (Vulnerability in the Core RDBMS (jackson-databind) component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2955 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2954 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2953 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2952 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2951 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2950 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2949 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
@@ -44637,7 +44637,7 @@ CVE-2019-2948 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2947 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2946 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/100ffec02b546b830e5195c358056632c1e0603c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/100ffec02b546b830e5195c358056632c1e0603c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191017/c8e8f6fb/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list