[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 16 20:37:03 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5cba99b4 by Salvatore Bonaccorso at 2019-09-16T19:36:39Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9228,13 +9228,13 @@ CVE-2019-13522 (An attacker could use a specially crafted project file to corrup
CVE-2019-13521
RESERVED
CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 Smart L ...)
- TODO: check
+ NOT-FOR-US: Fuji Electric
CVE-2019-13519
RESERVED
CVE-2019-13518 (An attacker could use a specially crafted project file to overflow the ...)
- TODO: check
+ NOT-FOR-US: EZAutomation
CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Serve ...)
- TODO: check
+ NOT-FOR-US: Pyxis
CVE-2019-13516 (In OSIsoft PI Web API and prior, the affected product is vulnerable to ...)
NOT-FOR-US: OSIsoft LLC
CVE-2019-13515 (OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive in ...)
@@ -10195,7 +10195,7 @@ CVE-2019-13158
CVE-2019-13157
RESERVED
CVE-2019-13156 (NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer ove ...)
- TODO: check
+ NOT-FOR-US: Naver Cloud Explorer
CVE-2019-13155 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13154 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
@@ -10831,9 +10831,9 @@ CVE-2019-12945
CVE-2019-12944
RESERVED
CVE-2019-12943 (TTLock devices do not properly restrict password-reset attempts, leadi ...)
- TODO: check
+ NOT-FOR-US: TTLock devices
CVE-2019-12942 (TTLock devices do not properly block guest access in certain situation ...)
- TODO: check
+ NOT-FOR-US: TTLock devices
CVE-2019-12941
RESERVED
CVE-2019-12940 (LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (me ...)
@@ -11175,7 +11175,7 @@ CVE-2019-12812
CVE-2019-12811
RESERVED
CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing functiona ...)
- TODO: check
+ NOT-FOR-US: ALSee
CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contai ...)
NOT-FOR-US: Yes24ViewerX ActiveX Control
CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...)
@@ -11831,7 +11831,7 @@ CVE-2019-12534
CVE-2019-12533
RESERVED
CVE-2019-12532 (Improper access control in the Insyde software tools may allow an auth ...)
- TODO: check
+ NOT-FOR-US: Insyde software tools
CVE-2019-12531
RESERVED
CVE-2019-12530 (Incorrect access control was discovered in the stdonato Dashboard plug ...)
@@ -13490,9 +13490,9 @@ CVE-2019-11901
CVE-2019-11900
RESERVED
CVE-2019-11899 (An unauthenticated attacker can achieve unauthorized access to sensiti ...)
- TODO: check
+ NOT-FOR-US: Bosch Access Professional Edition
CVE-2019-11898 (Unauthorized APE administration privileges can be achieved by reverse ...)
- TODO: check
+ NOT-FOR-US: Bosch Access Professional Edition
CVE-2019-11897 (A Server-Side Request Forgery (SSRF) vulnerability in the backup & ...)
TODO: check
CVE-2019-11896 (A potential incorrect privilege assignment vulnerability exists in the ...)
@@ -13791,7 +13791,7 @@ CVE-2019-11771 (AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs
CVE-2019-11770 (In Eclipse Buildship versions prior to 3.1.1, the build files indicate ...)
NOT-FOR-US: Eclipse Buildship
CVE-2019-11769 (An issue was discovered in TeamViewer 14.2.2558. Updating the product ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability ...)
- phpmyadmin <unfixed> (bug #930048)
[jessie] - phpmyadmin <not-affected> (vulnerable code is not present)
@@ -14439,11 +14439,11 @@ CVE-2019-11605 (An issue was discovered in GitLab Community and Enterprise Editi
CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management Appliance bef ...)
NOT-FOR-US: Quest KACE Systems Management Appliance
CVE-2019-11603 (A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 ...)
- TODO: check
+ NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11602 (Leakage of stack traces in remote access to backup & restore in ea ...)
- TODO: check
+ NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11601 (A directory traversal vulnerability in remote access to backup & r ...)
- TODO: check
+ NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11600 (A SQL injection vulnerability in the activities API in OpenProject bef ...)
NOT-FOR-US: OpenProject
CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...)
@@ -15046,7 +15046,7 @@ CVE-2019-11398 (Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 20
CVE-2019-11397 (GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M. ...)
NOT-FOR-US: Rapid4
CVE-2019-11396 (An issue was discovered in Avira Free Security Suite 10. The permissiv ...)
- TODO: check
+ NOT-FOR-US: Avira Free Security Suite
CVE-2019-11395 (A buffer overflow in MailCarrier 2.51 allows remote attackers to execu ...)
NOT-FOR-US: MailCarrier
CVE-2019-11394
@@ -15093,7 +15093,7 @@ CVE-2019-11382
CVE-2019-11381
RESERVED
CVE-2019-11380 (The master-password feature in the ES File Explorer File Manager appli ...)
- TODO: check
+ NOT-FOR-US: ES File Explorer File Manager application for Android
CVE-2019-11379
RESERVED
CVE-2019-11378 (An issue was discovered in ProjectSend r1053. upload-process-form.php ...)
@@ -15875,15 +15875,15 @@ CVE-2019-11071 (SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated
NOTE: https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36
NOTE: https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e
CVE-2019-11064 (A vulnerability of remote credential disclosure was discovered in Adva ...)
- TODO: check
+ NOT-FOR-US: Advan VD-1 firmware
CVE-2019-11063 (A broken access control vulnerability in SmartHome app (Android versio ...)
- TODO: check
+ NOT-FOR-US: SmartHome app
CVE-2019-11062 (The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Inj ...)
NOT-FOR-US: SUNNET WMPro for eLearning system
CVE-2019-11061 (A broken access control vulnerability in HG100 firmware versions up to ...)
- TODO: check
+ NOT-FOR-US: HG100 firmware
CVE-2019-11060 (The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, ...)
- TODO: check
+ NOT-FOR-US: ASUS HG100 firmware
CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit exte ...)
- u-boot 2019.01+dfsg-6 (bug #928800)
[stretch] - u-boot <no-dsa> (Minor issue)
@@ -16121,7 +16121,7 @@ CVE-2019-10990
CVE-2019-10989 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffe ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10988 (In Philips HDI 4000 Ultrasound Systems, all versions running on old, u ...)
- TODO: check
+ NOT-FOR-US: Philips HDI 4000 Ultrasound Systems
CVE-2019-10987 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds wr ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10986
@@ -16223,7 +16223,7 @@ CVE-2019-10939
CVE-2019-10938 (A vulnerability has been identified in Ethernet plug-in communication ...)
NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5 devices
CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All version ...)
- TODO: check
+ NOT-FOR-US: SIMATIC TDC CP51M1
CVE-2019-10936
RESERVED
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
@@ -17877,7 +17877,7 @@ CVE-2019-10258
CVE-2019-10257 (Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Una ...)
NOT-FOR-US: Zucchetti HR Portal
CVE-2019-10256 (An authentication bypass vulnerability in VIVOTEK IPCam versions prior ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK IPCam
CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...)
- jupyter-notebook 5.7.8-1 (bug #925939)
NOTE: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb
@@ -18628,9 +18628,9 @@ CVE-2019-10060 (The Verix Multi-app Conductor application 2.7 for Verifone Verix
CVE-2019-10059 (The legacy finger service (TCP port 79) is enabled by default on vario ...)
TODO: check
CVE-2019-10058 (Various Lexmark products have Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2019-10057 (Various Lexmark products have CSRF. ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2019-10056 (An issue was discovered in Suricata 4.1.3. The code mishandles the cas ...)
- suricata 1:4.1.4-1
[buster] - suricata <no-dsa> (Minor issue)
@@ -31425,7 +31425,7 @@ CVE-2019-5505
CVE-2019-5504
RESERVED
CVE-2019-5503 (OnCommand Workflow Automation versions prior to 5.0 shipped without ce ...)
- TODO: check
+ NOT-FOR-US: OnCommand Workflow Automation
CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has we ...)
NOT-FOR-US: Data ONTAP
CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose ...)
@@ -31486,7 +31486,7 @@ CVE-2019-5480 (A path traversal vulnerability in <= v0.9.7 of statichttpserve
CVE-2019-5479 (An unintended require vulnerability in <v0.5.5 larvitbase-api may a ...)
TODO: check
CVE-2019-5478 (A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ dev ...)
- TODO: check
+ NOT-FOR-US: Encrypt Only boot mode in Zynq UltraScale+ devices
CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and earlier allo ...)
- rexical <unfixed>
- ruby-nokogiri 1.10.4+dfsg1-1 (bug #934802)
@@ -31889,9 +31889,9 @@ CVE-2019-5317
CVE-2019-5316
RESERVED
CVE-2019-5315 (A command injection vulnerability is present in the web management int ...)
- TODO: check
+ NOT-FOR-US: ArubaOS
CVE-2019-5314 (Some web components in the ArubaOS software are vulnerable to HTTP Res ...)
- TODO: check
+ NOT-FOR-US: ArubaOS
CVE-2019-5313
RESERVED
CVE-2019-5312 (An issue was discovered in weixin-java-tools v3.3.0. There is an XXE v ...)
@@ -32379,7 +32379,7 @@ CVE-2019-5072
CVE-2019-5071
RESERVED
CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthenticat ...)
- TODO: check
+ NOT-FOR-US: eFront LMS
CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...)
NOT-FOR-US: Epignosis eFront LMS
CVE-2019-5068
@@ -32446,9 +32446,9 @@ CVE-2019-5057 (An exploitable code execution vulnerability exists in the PCX ima
CVE-2019-5056
RESERVED
CVE-2019-5055 (An exploitable denial-of-service vulnerability exists in the Host Acce ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-5054 (An exploitable denial-of-service vulnerability exists in the session h ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-5053
RESERVED
CVE-2019-5052 (An exploitable integer overflow vulnerability exists when loading a PC ...)
@@ -34663,7 +34663,7 @@ CVE-2019-3977
CVE-2019-3976
RESERVED
CVE-2019-3975 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-3974 (Nessus 8.5.2 and earlier on Windows platforms were found to contain an ...)
NOT-FOR-US: Nessus
CVE-2019-3973 (Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Deni ...)
@@ -35611,13 +35611,13 @@ CVE-2019-3648
CVE-2019-3647
RESERVED
CVE-2019-3646 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3645
RESERVED
CVE-2019-3644 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3643 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3642
RESERVED
CVE-2019-3641
@@ -35627,7 +35627,7 @@ CVE-2019-3640
CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee Web Gate ...)
NOT-FOR-US: McAfee
CVE-2019-3638 (Reflected Cross Site Scripting vulnerability in Administrators web con ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3637 (Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.20 ...)
NOT-FOR-US: McAfee
CVE-2019-3636
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5cba99b410ce9a1c1cfb4038efdcd57e5796d99a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5cba99b410ce9a1c1cfb4038efdcd57e5796d99a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190916/50ffa87a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list