[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Oct 18 16:45:31 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7eefa956 by Moritz Muehlenhoff at 2019-10-18T15:45:11Z
NFUs
squid n/a
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4528,11 +4528,11 @@ CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote attackers to execute arbit
CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection vi ...)
NOT-FOR-US: pfSense
CVE-2019-16700 (The slub_events (aka SLUB: Event Registration) extension through 3.0.2 ...)
- TODO: check
+ NOT-FOR-US: Typo3 extenstion
CVE-2019-16699 (The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5 ...)
- TODO: check
+ NOT-FOR-US: Typo3 extenstion
CVE-2019-16698 (The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 ha ...)
- TODO: check
+ NOT-FOR-US: Typo3 extenstion
CVE-2019-16697
RESERVED
CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit. ...)
@@ -4564,7 +4564,7 @@ CVE-2019-16684 (An issue was discovered in the image-manager in Xoops 2.5.10. Wh
CVE-2019-16683 (An issue was discovered in the image-manager in Xoops 2.5.10. When the ...)
NOT-FOR-US: Xoops
CVE-2019-16682 (The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established ...)
NOT-FOR-US: Mastodon
CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.traveloka.and ...)
@@ -5580,9 +5580,9 @@ CVE-2019-16281
CVE-2019-16280
RESERVED
CVE-2019-16279 (Directory Traversal in the function SSL_accept in nostromo nhttpd thro ...)
- TODO: check
+ - nostromo <itp> (bug #493645)
CVE-2019-16278 (Directory Traversal in the function http_verify in nostromo nhttpd thr ...)
- TODO: check
+ - nostromo <itp> (bug #493645)
CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/ ...)
NOT-FOR-US: PicoC
CVE-2017-18634 (The newspaper theme before 6.7.2 for WordPress has script injection vi ...)
@@ -16076,7 +16076,7 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain forma
NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
CVE-2019-13116 (The MuleSoft Mule runtime engine before 3.8 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: MuleSoft Mule
CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha2 ...)
{DLA-1730-3}
- libssh2 <unfixed> (bug #932329)
@@ -22459,15 +22459,15 @@ CVE-2019-10762
CVE-2019-10761
RESERVED
CVE-2019-10760 (safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A ...)
- TODO: check
+ NOT-FOR-US: safer-eval Node module
CVE-2019-10759 (safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A ...)
- TODO: check
+ NOT-FOR-US: safer-eval Node module
CVE-2019-10758
RESERVED
CVE-2019-10757 (knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. ...)
NOT-FOR-US: knex.js
CVE-2019-10756 (It is possible to inject JavaScript within node-red-dashboard versions ...)
- TODO: check
+ NOT-FOR-US: node-red-dashboard
CVE-2019-10755 (The SAML identifier generated within SAML2Utils.java was found to make ...)
NOT-FOR-US: SAML2Utils.java
CVE-2019-10754 (Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes ...)
@@ -22475,7 +22475,7 @@ CVE-2019-10754 (Multiple classes used within Apereo CAS before release 6.1.0-RC5
CVE-2019-10753 (In all versions prior to version 3.9.6 for eclipse-wtp, all versions p ...)
NOT-FOR-US: eclipse-wtp
CVE-2019-10752 (Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnera ...)
- TODO: check
+ NOT-FOR-US: sequelize Node module
CVE-2019-10751 (All versions of the HTTPie package prior to version 1.0.3 are vulnerab ...)
{DLA-1937-1}
- httpie 1.0.3-1 (bug #940058)
@@ -27524,7 +27524,7 @@ CVE-2019-9274 (In the Android kernel in the mnh driver there is a possible out o
CVE-2019-9273 (In the Android kernel in the synaptics_dsx_htc touchscreen driver ther ...)
NOT-FOR-US: Android kernel
CVE-2019-9272 (In WiFi, there is a possible leak of WiFi state due to a permissions b ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-9271 (In the Android kernel in the mnh driver there is a race condition due ...)
NOT-FOR-US: Android kernel
CVE-2019-9270 (In the Android kernel in unifi and r8180 WiFi drivers there is a possi ...)
@@ -41392,7 +41392,8 @@ CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before a
NOTE: When adressing this a related patch to make statd take the user-id from
NOTE: /var/lib/nfs/sm is needed, cf. https://bugzilla.suse.com/show_bug.cgi?id=1150733#c3
CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterpri ...)
- TODO: check
+ - squid <not-affected> (/usr/lib/squid/pinger permissions are root:root)
+ - squid3 <not-affected> (/usr/lib/squid/pinger permissions are root:root)
CVE-2019-3687
RESERVED
CVE-2019-3686
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7eefa95623453834680bde9829271efb8d1cd349
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7eefa95623453834680bde9829271efb8d1cd349
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191018/aaa5a675/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list