[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Thu Oct 24 21:34:22 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e679d4ab by Moritz Muehlenhoff at 2019-10-24T20:33:58Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2019-18419 (A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB ...)
- TODO: check
+ NOT-FOR-US: ClosOS
CVE-2019-18418 (clonos.php in ClonOS WEB control panel 19.09 allows remote attackers t ...)
- TODO: check
+ NOT-FOR-US: ClosOS
CVE-2019-18417 (Sourcecodester Restaurant Management System 1.0 allows an authenticate ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Restaurant Management System
CVE-2019-18416 (Sourcecodester Restaurant Management System 1.0 allows XSS via the Las ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Restaurant Management System
CVE-2019-18415 (Sourcecodester Restaurant Management System 1.0 allows XSS via the "se ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Restaurant Management System
CVE-2019-18414 (Sourcecodester Restaurant Management System 1.0 is affected by an admi ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Restaurant Management System
CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input validation can b ...)
- TODO: check
+ NOT-FOR-US: TypeStack class-validator
CVE-2019-18412
RESERVED
CVE-2019-18411
@@ -19,7 +19,7 @@ CVE-2019-18411
CVE-2019-18410
RESERVED
CVE-2019-18409 (The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local pr ...)
- TODO: check
+ NOT-FOR-US: ruby_parser-legacy packaging issue
CVE-2019-18408 (archive_read_format_rar_read_data in archive_read_support_format_rar.c ...)
TODO: check
CVE-2019-18407
@@ -49,9 +49,9 @@ CVE-2019-18396
CVE-2019-18395
RESERVED
CVE-2019-18394 (A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.j ...)
- TODO: check
+ NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-18393 (PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ...)
- TODO: check
+ NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-18392
RESERVED
CVE-2019-18391
@@ -449,11 +449,11 @@ CVE-2019-18203 (On the RICOH MP 501 printer, HTML Injection and Stored XSS vulne
CVE-2019-18202 (Information Disclosure is possible on WAGO Series PFC100 and PFC200 de ...)
NOT-FOR-US: WAGO Series PFC100 and PFC200 devices
CVE-2019-18201 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 d ...)
- TODO: check
+ NOT-FOR-US: Fujitsu
CVE-2019-18200 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 d ...)
- TODO: check
+ NOT-FOR-US: Fujitsu
CVE-2019-18199 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 d ...)
- TODO: check
+ NOT-FOR-US: Fujitsu
CVE-2019-18197 (In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable i ...)
- libxslt <unfixed> (bug #942646)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
@@ -461,7 +461,7 @@ CVE-2019-18197 (In xsltCopyText in transform.c in libxslt 1.1.33, a pointer vari
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
CVE-2019-18196 (A DLL side loading vulnerability in the Windows Service in TeamViewer ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2019-18198 (In the Linux kernel before 5.3.4, a reference count usage error in the ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26
@@ -2751,7 +2751,7 @@ CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial
CVE-2019-17582
RESERVED
CVE-2019-17581 (tonyy dormsystem through 1.3 allows DOM XSS. ...)
- TODO: check
+ NOT-FOR-US: tonyy dormsystem
CVE-2019-17580 (tonyy dormsystem through 1.3 allows SQL Injection in admin.php. ...)
NOT-FOR-US: tonyy dormsystem
CVE-2019-17579 (SonarSource SonarQube before 7.8 has XSS in project links on account/p ...)
@@ -7125,7 +7125,7 @@ CVE-2019-15931
CVE-2019-15930
RESERVED
CVE-2019-15929 (In Craft CMS through 3.1.7, the elevated session password prompt was n ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2019-15928
RESERVED
CVE-2019-15927 (An issue was discovered in the Linux kernel before 4.20.2. An out-of-b ...)
@@ -7823,7 +7823,7 @@ CVE-2019-15705
CVE-2019-15704
RESERVED
CVE-2019-15703 (An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-15702 (In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the pars ...)
NOT-FOR-US: RIOT RIOT-OS
CVE-2019-15701 (components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote atta ...)
@@ -14177,15 +14177,15 @@ CVE-2019-13655 (Imgix through 2019-06-19 allows remote attackers to cause a deni
CVE-2019-13654
RESERVED
CVE-2019-13653 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow trig ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2019-13652 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serv ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2019-13651 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow port ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2019-13650 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow inte ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2019-13649 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow exte ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, when hardwa ...)
{DSA-4497-1 DSA-4495-1 DLA-1885-1}
- linux 5.2.6-1
@@ -22419,7 +22419,7 @@ CVE-2019-11023 (The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz
CVE-2019-11022
RESERVED
CVE-2019-11021 (admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unre ...)
- TODO: check
+ NOT-FOR-US: Schlix CMS
CVE-2019-11020 (Lack of authentication in file-viewing components in DDRT Dashcom Live ...)
NOT-FOR-US: DDRT Dashcom
CVE-2019-11019 (Lack of authentication in case-exporting components in DDRT Dashcom Li ...)
@@ -26981,7 +26981,7 @@ CVE-2019-9701 (DLP 15.5 MP1 and all prior versions may be susceptible to a cross
CVE-2019-9700 (Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an ...)
NOT-FOR-US: Norton Password Manager
CVE-2019-9699 (Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2019-9698 (Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbit ...)
NOT-FOR-US: Symantec
CVE-2019-9697 (An information disclosure vulnerability in the Management Center (MC) ...)
@@ -30981,11 +30981,11 @@ CVE-2019-8240
CVE-2019-8239
RESERVED
CVE-2019-8238 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8237 (Adobe Acrobat and Reader versions 2019.012.20034 and earlier; 2019.012 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8236 (Creative Cloud Desktop Application version 4.6.1 and earlier versions ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8235
RESERVED
CVE-2019-8234
@@ -31297,11 +31297,11 @@ CVE-2019-8082
CVE-2019-8081
RESERVED
CVE-2019-8080 (Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8079 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8078 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8077 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
NOT-FOR-US: Adobe
CVE-2019-8076 (Adobe application manager installer version 10.0 have an Insecure Libr ...)
@@ -34763,7 +34763,7 @@ CVE-2019-6694
CVE-2019-6693
RESERVED
CVE-2019-6692 (A malicious DLL preload vulnerability in Fortinet FortiClient for Wind ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=bac ...)
NOT-FOR-US: phpwind
CVE-2019-6690 (python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg t ...)
@@ -39038,9 +39038,9 @@ CVE-2019-5015 (A local privilege escalation vulnerability exists in the Mac OS X
CVE-2019-5014 (An exploitable improper access control vulnerability exists in the blu ...)
NOT-FOR-US: Winco Fireworks FireFly FW-1007
CVE-2019-5013 (An exploitable privilege escalation vulnerability exists in the Wacom, ...)
- TODO: check
+ NOT-FOR-US: Wacom MacOS driver
CVE-2019-5012 (An exploitable privilege escalation vulnerability exists in the Wacom, ...)
- TODO: check
+ NOT-FOR-US: Wacom MacOS driver
CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the helper ...)
NOT-FOR-US: CleanMyMac
CVE-2019-5010 [NULL pointer dereference using a specially crafted X509 certificate]
@@ -40124,7 +40124,7 @@ CVE-2019-4488
CVE-2019-4487
RESERVED
CVE-2019-4486 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4485 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
NOT-FOR-US: IBM
CVE-2019-4484 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...)
@@ -40178,7 +40178,7 @@ CVE-2019-4461
CVE-2019-4460 (IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a ...)
NOT-FOR-US: IBM
CVE-2019-4459 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4458
RESERVED
CVE-2019-4457
@@ -40300,9 +40300,9 @@ CVE-2019-4400
CVE-2019-4399
RESERVED
CVE-2019-4398 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4397 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4396
RESERVED
CVE-2019-4395
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e679d4abc5ee5e3b3ed45edb3b8cb88d530a0a2e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e679d4abc5ee5e3b3ed45edb3b8cb88d530a0a2e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191024/da4c3448/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list