[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Oct 25 22:16:58 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3808b34 by Moritz Muehlenhoff at 2019-10-25T21:16:31Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3963,21 +3963,21 @@ CVE-2019-17147
CVE-2019-17146
RESERVED
CVE-2019-17145 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2019-17144 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2019-17143 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2019-17142 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2019-17141 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2019-17140 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2019-17139 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2019-17138 (This vulnerability allows remote attackers to disclose sensitive infor ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2019-17137
RESERVED
CVE-2019-17136
@@ -6249,7 +6249,7 @@ CVE-2019-16267
CVE-2019-16266
RESERVED
CVE-2019-16265 (3S-Smart CODESYS V2.3 ENI server V3.2.2.23 has a Buffer Overflow. ...)
- TODO: check
+ NOT-FOR-US: 3S-Smart CODESYS
CVE-2019-16264 (In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado d ...)
NOT-FOR-US: Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC)
CVE-2019-16263 (The Twitter Kit framework through 3.4.2 for iOS does not properly vali ...)
@@ -12274,7 +12274,7 @@ CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allo
NOTE: https://github.com/Sigil-Ebook/Sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f
NOTE: https://github.com/Sigil-Ebook/Sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4
CVE-2019-14451 (RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not proper ...)
- TODO: check
+ NOT-FOR-US: Repetier-Server
CVE-2019-14450
RESERVED
CVE-2019-14449
@@ -15552,7 +15552,7 @@ CVE-2019-13555
CVE-2019-13554
RESERVED
CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
- TODO: check
+ NOT-FOR-US: Rittal Chiller SK 3232-Series
CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command injection vuln ...)
NOT-FOR-US: WebAccess
CVE-2019-13551
@@ -15560,13 +15560,13 @@ CVE-2019-13551
CVE-2019-13550 (In WebAccess, versions 8.4.1 and prior, an improper authorization vuln ...)
NOT-FOR-US: WebAccess
CVE-2019-13549 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...)
- TODO: check
+ NOT-FOR-US: Rittal Chiller SK 3232-Series
CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
NOT-FOR-US: CODESYS
CVE-2019-13547
RESERVED
CVE-2019-13546 (In IntelliSpace Perinatal, Versions K and prior, a vulnerability withi ...)
- TODO: check
+ NOT-FOR-US: IntelliSpace Perinatal
CVE-2019-13545 (In Horner Automation Cscape 9.90 and prior, improper validation of dat ...)
NOT-FOR-US: Horner Automation Cscape
CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-b ...)
@@ -15608,7 +15608,7 @@ CVE-2019-13527 (In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, V
CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 ...)
NOT-FOR-US: Datalogic AV7000 Linear barcode scanner
CVE-2019-13525 (In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrat ...)
- TODO: check
+ NOT-FOR-US: IP-AK2 Access Control Panel
CVE-2019-13524
RESERVED
CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the integrat ...)
@@ -19679,7 +19679,7 @@ CVE-2019-12019
CVE-2019-12018
RESERVED
CVE-2019-12017 (A remote code execution vulnerability exists in MapR CLDB code, specif ...)
- TODO: check
+ NOT-FOR-US: MapR
CVE-2019-12016
RESERVED
CVE-2019-12015
@@ -31081,7 +31081,7 @@ CVE-2019-8236 (Creative Cloud Desktop Application version 4.6.1 and earlier vers
CVE-2019-8235
RESERVED
CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site r ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8233
RESERVED
CVE-2019-8232
@@ -31373,21 +31373,21 @@ CVE-2019-8090
CVE-2019-8089 (Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross ...)
NOT-FOR-US: Adobe
CVE-2019-8088 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8087 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml ext ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8086 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml ext ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8085 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflect ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8084 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflect ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8083 (Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site s ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8082 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8081 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authen ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8080 (Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site ...)
NOT-FOR-US: Adobe
CVE-2019-8079 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
@@ -37979,7 +37979,7 @@ CVE-2019-5510
CVE-2019-5509
RESERVED
CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vul ...)
- TODO: check
+ NOT-FOR-US: Clustered Data ONTAP
CVE-2019-5507 (SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a v ...)
NOT-FOR-US: SnapManager for Oracle
CVE-2019-5506 (Clustered Data ONTAP versions 9.0 and higher do not enforce hostname v ...)
@@ -38833,11 +38833,11 @@ CVE-2019-5131
CVE-2019-5130
RESERVED
CVE-2019-5129 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube Encoder
CVE-2019-5128 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube Encoder
CVE-2019-5127 (A command injection have been found in YouPHPTube Encoder. A successfu ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube Encoder
CVE-2019-5126
RESERVED
CVE-2019-5125
@@ -38845,25 +38845,25 @@ CVE-2019-5125
CVE-2019-5124
RESERVED
CVE-2019-5123 (Specially crafted web requests can cause SQL injections in YouPHPTube ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube
CVE-2019-5122 (SQL injection vulnerabilities exists in the authenticated part of YouP ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube
CVE-2019-5121 (SQL injection vulnerabilities exists in the authenticated part of YouP ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube
CVE-2019-5120 (An exploitable SQL injection vulnerability exists in the authenticated ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube
CVE-2019-5119 (An exploitable SQL injection vulnerability exist in the authenticated ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube
CVE-2019-5118
RESERVED
CVE-2019-5117 (Exploitable SQL injection vulnerabilities exists in the authenticated ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube
CVE-2019-5116 (An exploitable SQL injection vulnerability exists in the authenticated ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube
CVE-2019-5115
RESERVED
CVE-2019-5114 (An exploitable SQL injection vulnerability exists in the authenticated ...)
- TODO: check
+ NOT-FOR-US: YouPHPTube
CVE-2019-5113
RESERVED
CVE-2019-5112
@@ -40266,7 +40266,7 @@ CVE-2019-4463
CVE-2019-4462
RESERVED
CVE-2019-4461 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4460 (IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a ...)
NOT-FOR-US: IBM
CVE-2019-4459 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
@@ -40388,19 +40388,19 @@ CVE-2019-4402 (IBM API Connect 2018.1 through 2018.4.1.6 developer portal could
CVE-2019-4401
RESERVED
CVE-2019-4400 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 cou ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4399 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 use ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4398 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
NOT-FOR-US: IBM
CVE-2019-4397 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...)
NOT-FOR-US: IBM
CVE-2019-4396 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4395 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 cou ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 con ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4393
RESERVED
CVE-2019-4392
@@ -41116,7 +41116,7 @@ CVE-2019-4038 (IBM Security Identity Manager 6.0 and 7.0 could allow an attacker
CVE-2019-4037
RESERVED
CVE-2019-4036 (IBM Security Access Manager Appliance could allow unauthenticated atta ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4035 (IBM Content Navigator 3.0CD could allow attackers to direct web traffi ...)
NOT-FOR-US: IBM
CVE-2019-4034 (IBM Content Navigator 3.0CD is could allow an attacker to execute arbi ...)
@@ -181690,15 +181690,15 @@ CVE-2016-2362 (Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-
CVE-2016-2361
RESERVED
CVE-2016-2360 (Milesight IP security cameras through 2016-11-14 have a default root p ...)
- TODO: check
+ NOT-FOR-US: Milesight IP security cameras
CVE-2016-2359 (Milesight IP security cameras through 2016-11-14 allow remote attacker ...)
- TODO: check
+ NOT-FOR-US: Milesight IP security cameras
CVE-2016-2358 (Milesight IP security cameras through 2016-11-14 have a default set of ...)
- TODO: check
+ NOT-FOR-US: Milesight IP security cameras
CVE-2016-2357 (Milesight IP security cameras through 2016-11-14 have a hardcoded SSL ...)
- TODO: check
+ NOT-FOR-US: Milesight IP security cameras
CVE-2016-2356 (Milesight IP security cameras through 2016-11-14 have a buffer overflo ...)
- TODO: check
+ NOT-FOR-US: Milesight IP security cameras
CVE-2016-2355 (SQL injection vulnerability in the REST API in dotCMS before 3.3.2 all ...)
NOT-FOR-US: dotCMS
CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver befor ...)
@@ -246342,11 +246342,11 @@ CVE-2013-4859
CVE-2013-4858 (Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remo ...)
NOT-FOR-US: Microsoft Windows Movie Maker
CVE-2013-4857 (D-Link DIR-865L has PHP File Inclusion in the router xml file. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2013-4856 (D-Link DIR-865L has Information Disclosure. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2013-4855 (D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in t ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2013-4854 (The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x bef ...)
{DSA-2728-1}
- bind9 1:9.8.4.dfsg.P1-6+nmu3 (bug #717936)
@@ -246372,7 +246372,7 @@ CVE-2013-4850
CVE-2013-4849
RESERVED
CVE-2013-4848 (TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2013-4847
RESERVED
CVE-2013-4846 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
@@ -246806,7 +246806,7 @@ CVE-2013-4660 (The JS-YAML module before 2.0.5 for Node.js parses input without
CVE-2013-4659 (Buffer overflow in Broadcom ACSD allows remote attackers to execute ar ...)
NOT-FOR-US: Broadcom ACSD
CVE-2013-4658 (Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2013-4657
RESERVED
CVE-2013-4656
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3808b342c99f2d174ec3b45f0c77b54dcee7673
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d3808b342c99f2d174ec3b45f0c77b54dcee7673
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191025/e699e855/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list