[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Sep 25 22:01:20 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a583797 by Moritz Muehlenhoff at 2019-09-25T21:00:56Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10701,9 +10701,9 @@ CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version
CVE-2019-13529
RESERVED
CVE-2019-13528 (A specific utility may allow an attacker to gain read access to privil ...)
- TODO: check
+ NOT-FOR-US: Niagara
CVE-2019-13527 (In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Version ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 ...)
NOT-FOR-US: Datalogic AV7000 Linear barcode scanner
CVE-2019-13525
@@ -10830,7 +10830,7 @@ CVE-2019-13476 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS
CVE-2019-13475 (In MobaXterm 11.1, the mobaxterm: URI handler has an argument injectio ...)
NOT-FOR-US: MobaXterm
CVE-2019-13474 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110 ...)
- TODO: check
+ NOT-FOR-US: TELESTAR
CVE-2019-13473 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110 ...)
NOT-FOR-US: TELESTAR
CVE-2019-13472 (PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the ...)
@@ -10881,7 +10881,6 @@ CVE-2019-13456
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/a99746c93b8b3ae3be367af0e46f0d6a9626f566 (master)
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586 (3.0.x)
NOTE: Issue seems to be treated as different issue than CVE-2019-11234 and CVE-2019-11235
- TODO: double check assessment and classification
CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...)
{DLA-1898-1}
- xymon 4.3.29-1
@@ -11117,11 +11116,11 @@ CVE-2019-13359 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a c
CVE-2019-13358 (lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows ...)
NOT-FOR-US: OpenCats
CVE-2019-13357 (In Total Defense Anti-virus 9.0.0.773, resource acquisition from the u ...)
- TODO: check
+ NOT-FOR-US: Total Defense Anti-virus
CVE-2019-13356 (In Total Defense Anti-virus 9.0.0.773, insecure access control for the ...)
- TODO: check
+ NOT-FOR-US: Total Defense Anti-virus
CVE-2019-13355 (In Total Defense Anti-virus 9.0.0.773, insecure access control for the ...)
- TODO: check
+ NOT-FOR-US: Total Defense Anti-virus
CVE-2019-13354 (The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org ...)
NOT-FOR-US: strong_password gem
CVE-2019-13353
@@ -11587,7 +11586,7 @@ CVE-2019-13193
CVE-2019-13192
RESERVED
CVE-2019-13191 (A SQL injection vulnerability in IntraMaps MapControl 8 allows attacke ...)
- TODO: check
+ NOT-FOR-US: IntraMaps MapControl
CVE-2019-13190 (In Knowage through 6.1.1, the sign up page does not invalidate a valid ...)
NOT-FOR-US: Knowage
CVE-2019-13189 (In Knowage through 6.1.1, there is XSS via the start_url or user_id fi ...)
@@ -11595,7 +11594,7 @@ CVE-2019-13189 (In Knowage through 6.1.1, there is XSS via the start_url or user
CVE-2019-13188 (In Knowage through 6.1.1, an unauthenticated user can bypass access co ...)
NOT-FOR-US: Knowage
CVE-2019-13187 (The Rich Text Formatter (Redactor) extension through v1.1.1 for Sympho ...)
- TODO: check
+ NOT-FOR-US: Symphony CMS addon
CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via t ...)
NOT-FOR-US: MiniCMS
CVE-2019-13185
@@ -11720,7 +11719,7 @@ CVE-2019-13142 (The RzSurroundVADStreamingService (RzSurroundVADStreamingService
CVE-2019-13141
RESERVED
CVE-2019-13140 (Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ...)
- TODO: check
+ NOT-FOR-US: Inteno
CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of supplying or m ...)
{DSA-4521-1}
[experimental] - docker.io 18.09.5+dfsg1-1
@@ -11973,7 +11972,7 @@ CVE-2019-13065
CVE-2019-13064
RESERVED
CVE-2019-13063 (Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to ...)
- TODO: check
+ NOT-FOR-US: Sahi Pro
CVE-2019-13062
RESERVED
CVE-2019-13061
@@ -13131,7 +13130,7 @@ CVE-2019-12622 (A vulnerability in Cisco RoomOS Software could allow an authenti
CVE-2019-12621 (A vulnerability in Cisco HyperFlex Software could allow an unauthentic ...)
NOT-FOR-US: Cisco
CVE-2019-12620 (A vulnerability in the statistics collection service of Cisco HyperFle ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12619
RESERVED
CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via t ...)
@@ -14139,7 +14138,7 @@ CVE-2019-12247 (** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qg
CVE-2019-12246
RESERVED
CVE-2019-12245 (SilverStripe through 4.3.3 has incorrect access control for protected ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-12244
RESERVED
CVE-2019-12243 (Istio 1.1.x through 1.1.6 has Incorrect Access Control. ...)
@@ -14295,11 +14294,11 @@ CVE-2019-12207 (njs through 0.3.1, used in NGINX, has a heap-based buffer over-r
CVE-2019-12206 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...)
NOT-FOR-US: njs
CVE-2019-12205 (SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-12204 (In SilverStripe through 4.3.3, a missing warning about leaving install ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-12203 (SilverStripe through 4.3.3 allows session fixation in the "change pass ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-12202
RESERVED
CVE-2019-12201
@@ -14930,7 +14929,7 @@ CVE-2019-11926 (Insufficient boundary checks when processing M_SOFx markers from
CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12 block mark ...)
- hhvm <removed>
CVE-2019-11924 (A peer could send empty handshake fragments containing only padding wh ...)
- TODO: check
+ NOT-FOR-US: fizz
CVE-2019-11923
RESERVED
CVE-2019-11922 (A race condition in the one-pass compression functions of Zstandard pr ...)
@@ -14986,7 +14985,7 @@ CVE-2019-11899 (An unauthenticated attacker can achieve unauthorized access to s
CVE-2019-11898 (Unauthorized APE administration privileges can be achieved by reverse ...)
NOT-FOR-US: Bosch Access Professional Edition
CVE-2019-11897 (A Server-Side Request Forgery (SSRF) vulnerability in the backup & ...)
- TODO: check
+ NOT-FOR-US: proSyst
CVE-2019-11896 (A potential incorrect privilege assignment vulnerability exists in the ...)
NOT-FOR-US: Bosch
CVE-2019-11895 (A potential improper access control vulnerability exists in the JSON-R ...)
@@ -15269,15 +15268,15 @@ CVE-2019-11778 (If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.
- mosquitto 1.6.6-1
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=551162
CVE-2019-11777 (In the Eclipse Paho Java client library version 1.2.0, when connecting ...)
- TODO: check
+ NOT-FOR-US: Eclipse Paho Java client
CVE-2019-11776 (In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflecte ...)
NOT-FOR-US: Eclipse BIRT
CVE-2019-11775 (All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loo ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2019-11774 (Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop v ...)
- TODO: check
+ NOT-FOR-US: Eclipe OMR
CVE-2019-11773 (Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which ma ...)
- TODO: check
+ NOT-FOR-US: Eclipe OMR
CVE-2019-11772 (In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2019-11771 (AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which ...)
@@ -16094,7 +16093,7 @@ CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable to
CVE-2019-11560 (A buffer overflow vulnerability in the streaming server provided by hi ...)
NOT-FOR-US: hisilicon
CVE-2019-11559 (A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16 ...)
- TODO: check
+ NOT-FOR-US: HRworks
CVE-2019-11558
RESERVED
CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress ...)
@@ -16372,13 +16371,13 @@ CVE-2019-11469 (Zoho ManageEngine Applications Manager 12 through 14 allows Faul
CVE-2019-11468
RESERVED
CVE-2019-11467 (An issue was discovered in Couchbase Server 4.6.3 and 5.5.0. A JSON do ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11466 (An issue was discovered in Couchbase Server 5.5.0 and 6.0.0. The Event ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11465 (An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6. ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11464 (An issue was discovered in Couchbase Server 5.1.2 and 5.5.0. The http ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11463 (A memory leak in archive_read_format_zip_cleanup in archive_read_suppo ...)
- libarchive <not-affected> (Vulnerable code not present)
NOTE: Introduced in https://github.com/libarchive/libarchive/commit/121035c83e18b70d3128e9ac966109ebedb7e516
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a583797b0cfe61bd742757340823f84be06ca7d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a583797b0cfe61bd742757340823f84be06ca7d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190925/9552ed41/attachment.html>
More information about the debian-security-tracker-commits
mailing list