[Git][security-tracker-team/security-tracker][master] new node-set-value issue
Moritz Muehlenhoff
jmm at debian.org
Wed Sep 25 22:34:51 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2d6e2b85 by Moritz Muehlenhoff at 2019-09-25T21:34:21Z
new node-set-value issue
new libav issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16252,11 +16252,11 @@ CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in Wav
NOTE: https://github.com/dbry/WavPack/issues/67
NOTE: https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4
CVE-2019-11497 (An issue was discovered in Couchbase Server 5.0.0. When creating a new ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11496 (An issue was discovered in Couchbase Server 5.0.0. Editing bucket sett ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11495 (Couchbase Server 5.1.1 generates insufficiently random numbers. The pr ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11494 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ...)
- dovecot 1:2.3.4.1-5 (bug #928235)
[stretch] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
@@ -16310,7 +16310,7 @@ CVE-2019-11477 (Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_
{DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux 4.19.37-4
CVE-2019-11476 (An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2 ...)
- TODO: check
+ NOT-FOR-US: whoopsie
CVE-2019-11475
RESERVED
CVE-2019-11474 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...)
@@ -16412,7 +16412,7 @@ CVE-2019-11458 (An issue was discovered in SmtpTransport in CakePHP 3.7.6. An un
NOTE: https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e
NOTE: https://github.com/cakephp/cakephp/pull/13153
CVE-2019-11457 (Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /chang ...)
- TODO: check
+ NOT-FOR-US: MicroPyramid Django CRM
CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. ...)
NOT-FOR-US: Gila CMS
CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit bef ...)
@@ -16628,9 +16628,9 @@ CVE-2019-11368 (Stored XSS was discovered in AUO Solar Data Recorder before 1.3.
CVE-2019-11367 (An issue was discovered in AUO Solar Data Recorder before 1.3.0. The w ...)
NOT-FOR-US: AUO Solar Data Recorder
CVE-2019-11364 (An OS Command Injection vulnerability in Snare Central before 7.4.5 al ...)
- TODO: check
+ NOT-FOR-US: Snare Central
CVE-2019-11363 (A SQL injection vulnerability in Snare Central before 7.4.5 allows rem ...)
- TODO: check
+ NOT-FOR-US: Snare Central
CVE-2019-11362 (app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL ...)
NOT-FOR-US: ROCBOSS
CVE-2019-11361
@@ -16735,9 +16735,9 @@ CVE-2019-11328 (An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a mal
- singularity-container <not-affected> (No released Debian version contains the issue, cf bug #929042)
NOTE: https://www.openwall.com/lists/oss-security/2019/05/16/1
CVE-2019-11327 (An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver dev ...)
- TODO: check
+ NOT-FOR-US: Topcon Positioning Net-G5 GNSS Receiver
CVE-2019-11326 (An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver dev ...)
- TODO: check
+ NOT-FOR-US: Topcon Positioning Net-G5 GNSS Receiver
CVE-2019-11325
RESERVED
CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, which trig ...)
@@ -16834,15 +16834,15 @@ CVE-2019-11282
CVE-2019-11281
RESERVED
CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2019-11279
RESERVED
CVE-2019-11278
RESERVED
CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2 ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2019-11275
RESERVED
CVE-2019-11274 (Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS a ...)
@@ -17021,11 +17021,11 @@ CVE-2019-11213 (In Pulse Secure Pulse Desktop Client and Network Connect, an att
CVE-2019-11212
RESERVED
CVE-2019-11211 (The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-11210 (The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-11209 (The realm configuration component of TIBCO Software Inc.'s TIBCO FTL C ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-11208 (The authorization component of TIBCO Software Inc.'s TIBCO API Exchang ...)
NOT-FOR-US: TIBCO
CVE-2019-11207 (The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enter ...)
@@ -17121,7 +17121,7 @@ CVE-2019-11168
CVE-2019-11167
RESERVED
CVE-2019-11166 (Improper file permissions in the installer for Intel(R) Easy Streaming ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-11165
RESERVED
CVE-2019-11164
@@ -17545,7 +17545,7 @@ CVE-2019-11015 (A vulnerability was found in the MIUI OS version 10.1.3.0 that a
CVE-2019-11014 (The VStarCam vstc.vscam.client library and vstc.vscam shared object, a ...)
NOT-FOR-US: VStarCam
CVE-2019-11013 (Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal ...)
- TODO: check
+ NOT-FOR-US: Nimble Streamer
CVE-2019-11012
RESERVED
CVE-2019-11011 (Akamai CloudTest before 58.30 allows remote code execution. ...)
@@ -17599,7 +17599,7 @@ CVE-2019-10998 (An issue was discovered on Phoenix Contact AXC F 2152 (No.240426
CVE-2019-10997 (An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) bef ...)
NOT-FOR-US: Phoenix Contact
CVE-2019-10996 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
- TODO: check
+ NOT-FOR-US: Red Lion Controls Crimson
CVE-2019-10995
RESERVED
CVE-2019-10994 (Processing a specially crafted project file in LAquis SCADA 4.3.1.71 m ...)
@@ -17611,7 +17611,7 @@ CVE-2019-10992 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and pri
CVE-2019-10991 (In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buf ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10990 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
- TODO: check
+ NOT-FOR-US: Red Lion Controls Crimson
CVE-2019-10989 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffe ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10988 (In Philips HDI 4000 Ultrasound Systems, all versions running on old, u ...)
@@ -17623,7 +17623,7 @@ CVE-2019-10986
CVE-2019-10985 (In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnera ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10984 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
- TODO: check
+ NOT-FOR-US: Red Lion Controls Crimson
CVE-2019-10983 (In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vul ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10982 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Mu ...)
@@ -17635,7 +17635,7 @@ CVE-2019-10980 (A type confusion vulnerability may be exploited when LAquis SCAD
CVE-2019-10979 (SICK MSC800 all versions prior to Version 4.0, the affected firmware v ...)
NOT-FOR-US: SICK MSC800
CVE-2019-10978 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...)
- TODO: check
+ NOT-FOR-US: Red Lion Controls Crimson
CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 ser ...)
NOT-FOR-US: Mitsubishi
CVE-2019-10976 (Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vu ...)
@@ -18194,7 +18194,7 @@ CVE-2019-10755 (The SAML identifier generated within SAML2Utils.java was found t
CVE-2019-10754 (Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes ...)
TODO: check
CVE-2019-10753 (In all versions prior to version 3.9.6 for eclipse-wtp, all versions p ...)
- TODO: check
+ NOT-FOR-US: eclipse-wtp
CVE-2019-10752
RESERVED
CVE-2019-10751 (All versions of the HTTPie package prior to version 1.0.3 are vulnerab ...)
@@ -18210,7 +18210,9 @@ CVE-2019-10749
CVE-2019-10748
RESERVED
CVE-2019-10747 (set-value is vulnerable to Prototype Pollution in versions lower than ...)
- TODO: check
+ - node-set-value <unfixed>
+ [stretch] - node-mixin-deep <ignored> (Nodejs in stretch not covered by security support)
+ NOTE: https://snyk.io/vuln/SNYK-JS-SETVALUE-450213
CVE-2019-10746 (mixin-deep is vulnerable to Prototype Pollution in versions before 1.3 ...)
- node-mixin-deep 2.0.1-1 (bug #932500)
[buster] - node-mixin-deep 1.1.3-3+deb10u1
@@ -18219,7 +18221,7 @@ CVE-2019-10746 (mixin-deep is vulnerable to Prototype Pollution in versions befo
NOTE: https://github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9
NOTE: https://github.com/jonschlinkert/mixin-deep/issues/6
CVE-2019-10745 (assign-deep is vulnerable to Prototype Pollution in versions before 0. ...)
- TODO: check
+ NOT-FOR-US: Node assign-deep
CVE-2019-10744 (Versions of lodash lower than 4.17.12 are vulnerable to Prototype Poll ...)
- node-lodash 4.17.15+dfsg-1 (bug #933079)
[buster] - node-lodash 4.17.11+dfsg-2+deb10u1
@@ -18475,7 +18477,7 @@ CVE-2019-10689 (VVX products using UCS software version 5.9.2 and earlier with B
CVE-2019-10688 (VVX products with software versions including and prior to, UCS 5.9.2 ...)
NOT-FOR-US: VVX products using UCS
CVE-2019-10687 (KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=r ...)
- TODO: check
+ NOT-FOR-US: KBPublisher
CVE-2019-10686 (An SSRF vulnerability was found in an API from Ctrip Apollo through 1. ...)
NOT-FOR-US: Ctrip Apollo
CVE-2019-10685 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
@@ -18495,7 +18497,7 @@ CVE-2019-10679
CVE-2019-10678 (Domoticz before 4.10579 neglects to categorize \n and \r as insecure a ...)
- domoticz <itp> (bug #899058)
CVE-2019-10677 (Multiple Cross-Site Scripting (XSS) issues in the web interface on DAS ...)
- TODO: check
+ NOT-FOR-US: DASAN
CVE-2019-10676 (An issue was discovered in Uniqkey Password Manager 1.14. Upon enterin ...)
NOT-FOR-US: Uniqkey Password Manager
CVE-2019-10675
@@ -21992,9 +21994,9 @@ CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 4.1 allows
- libav <removed>
[jessie] - libav <not-affected> (Vulnerable code not present)
CVE-2019-9720 (A stack-based buffer overflow in the subtitle decoder in Libav 12.3 al ...)
- TODO: check
+ - libav <removed>
CVE-2019-9719 (A stack-based buffer overflow in the subtitle decoder in Libav 12.3 al ...)
- TODO: check
+ - libav <removed>
CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows atta ...)
{DSA-4449-1}
- ffmpeg 7:4.1.3-1 (low; bug #926666)
@@ -22002,7 +22004,7 @@ CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows
- libav <removed>
[jessie] - libav <not-affected> (Vulnerable code not present)
CVE-2019-9717 (In Libav 12.3, a denial of service in the subtitle decoder allows atta ...)
- TODO: check
+ - libav <removed>
CVE-2019-9716
RESERVED
CVE-2019-9715
@@ -22796,7 +22798,7 @@ CVE-2019-9463
CVE-2019-9462
RESERVED
CVE-2019-9461 (In the Android kernel in VPN routing there is a possible information d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-9460
RESERVED
CVE-2019-9459
@@ -22829,15 +22831,15 @@ CVE-2019-9453 (In the Android kernel in F2FS touch driver there is a possible ou
[buster] - linux 4.19.67-1
NOTE: https://git.kernel.org/linus/2777e654371dd4207a3a7f4fb5fa39550053a080
CVE-2019-9452 (In the Android kernel in SEC_TS touch driver there is a possible out o ...)
- TODO: check
+ NOT-FOR-US: Android kernel (sec_ts not in mainline)
CVE-2019-9451 (In the Android kernel in the touchscreen driver there is a possible ou ...)
- TODO: check
+ NOT-FOR-US: Android kernel (sec_ts not in mainline)
CVE-2019-9450 (In the Android kernel in the FingerTipS touchscreen driver there is a ...)
- TODO: check
+ NOT-FOR-US: Android kernel (stm not in mainline)
CVE-2019-9449 (In the Android kernel in FingerTipS touchscreen driver there is a poss ...)
- TODO: check
+ NOT-FOR-US: Android kernel (stm not in mainline)
CVE-2019-9448 (In the Android kernel in the FingerTipS touchscreen driver there is a ...)
- NOT-FOR-US: Android kernel
+ NOT-FOR-US: Android kernel (stm not in mainline)
CVE-2019-9447 (In the Android kernel in the FingerTipS touchscreen driver there is a ...)
NOT-FOR-US: Android kernel
CVE-2019-9446 (In the Android kernel in the FingerTipS touchscreen driver there is a ...)
@@ -22848,11 +22850,11 @@ CVE-2019-9445 (In the Android kernel in F2FS driver there is a possible out of b
CVE-2019-9444 (In the Android kernel in sync debug fs driver there is a kernel pointe ...)
TODO: check
CVE-2019-9443 (In the Android kernel in the vl53L0 driver there is a possible out of ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9442 (In the Android kernel in the mnh driver there is possible memory corru ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9441 (In the Android kernel in the mnh driver there is a possible out of bou ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9440
RESERVED
CVE-2019-9439
@@ -23044,7 +23046,7 @@ CVE-2019-9347
CVE-2019-9346
RESERVED
CVE-2019-9345 (In the Android kernel in sdcardfs there is a possible violation of the ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9344
RESERVED
CVE-2019-9343
@@ -23182,19 +23184,19 @@ CVE-2019-9278
CVE-2019-9277
RESERVED
CVE-2019-9276 (In the Android kernel in the synaptics_dsx_htc touchscreen driver ther ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9275 (In the Android kernel in the mnh driver there is a use after free due ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9274 (In the Android kernel in the mnh driver there is a possible out of bou ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9273 (In the Android kernel in the synaptics_dsx_htc touchscreen driver ther ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9272
RESERVED
CVE-2019-9271 (In the Android kernel in the mnh driver there is a race condition due ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9270 (In the Android kernel in unifi and r8180 WiFi drivers there is a possi ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9269
RESERVED
CVE-2019-9268
@@ -23226,7 +23228,7 @@ CVE-2019-9256
CVE-2019-9255
RESERVED
CVE-2019-9254 (In readArgumentList of zygote.java in Android 10, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-9253
RESERVED
CVE-2019-9252
@@ -23238,7 +23240,7 @@ CVE-2019-9250
CVE-2019-9249
RESERVED
CVE-2019-9248 (In the Android kernel in the FingerTipS touchscreen driver there is a ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9247
RESERVED
CVE-2019-9246
@@ -29439,35 +29441,35 @@ CVE-2019-6842
CVE-2019-6841
RESERVED
CVE-2019-6840 (A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6 ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6839 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6838 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6837 (A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6836 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6835 (A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion S ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6834
RESERVED
CVE-2019-6833 (A CWE-754 – Improper Check for Unusual or Exceptional Conditions ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6832 (A CWE-287: Authentication vulnerability exists in spaceLYnk (all versi ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6831 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6830 (A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6829 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (fi ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6828 (A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmw ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6827 (A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Gra ...)
NOT-FOR-US: Interactive Graphical SCADA System (IGSS)
CVE-2019-6826 (A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVA ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6825 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...)
NOT-FOR-US: ProClima
CVE-2019-6824 (A CWE-119: Buffer Errors vulnerability exists in ProClima (all version ...)
@@ -29493,15 +29495,15 @@ CVE-2019-6815 (In Modicon Quantum all firmware versions, CWE-264: Permissions, P
CVE-2019-6814 (An Improper Access Control: CWE-284 vulnerability exists in the NET55X ...)
NOT-FOR-US: Schneider Electric
CVE-2019-6813 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6812 (A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR ...)
NOT-FOR-US: Schneider Electric
CVE-2019-6811 (An Improper Check for Unusual or Exceptional Conditions (CWE-754) vuln ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6810 (CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H E ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6809 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (fi ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6808 (A CWE-284: Improper Access Control vulnerability exists in all version ...)
NOT-FOR-US: Schneider Electric
CVE-2019-6807 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...)
@@ -29866,21 +29868,21 @@ CVE-2019-6658
CVE-2019-6657
RESERVED
CVE-2019-6656 (BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs t ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6655 (On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5. ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6654 (On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6653 (There is a Stored Cross Site Scripting vulnerability in the undisclose ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6652 (In BIG-IQ 6.0.0-6.1.0, services for stats do not require authenticatio ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6651 (In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 1 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6650 (F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1. ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6649 (F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 1 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6648 (On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Ser ...)
NOT-FOR-US: F5
CVE-2019-6647 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1 ...)
@@ -31207,7 +31209,7 @@ CVE-2019-6147
CVE-2019-6146
RESERVED
CVE-2019-6145 (Forcepoint VPN Client for Windows versions lower than 6.6.1 have an un ...)
- TODO: check
+ NOT-FOR-US: Forcepoint
CVE-2019-6144
RESERVED
CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4 ...)
@@ -32850,13 +32852,13 @@ CVE-2019-5536
CVE-2019-5535
RESERVED
CVE-2019-5534 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5533
RESERVED
CVE-2019-5532 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5531 (VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to E ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5530 (Windows binaries generated with InstallBuilder versions earlier than 1 ...)
NOT-FOR-US: InstallBuilder
CVE-2019-5529
@@ -32876,7 +32878,7 @@ CVE-2019-5523 (VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0
CVE-2019-5522 (VMware Tools for Windows update addresses an out of bounds read vulner ...)
NOT-FOR-US: VMware
CVE-2019-5521 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5520 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
NOT-FOR-US: VMware
CVE-2019-5519 (VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-20190300 ...)
@@ -32908,9 +32910,9 @@ CVE-2019-5507
CVE-2019-5506
RESERVED
CVE-2019-5505 (ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 ...)
- TODO: check
+ NOT-FOR-US: ONTAP
CVE-2019-5504 (ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ...)
- TODO: check
+ NOT-FOR-US: ONTAP
CVE-2019-5503 (OnCommand Workflow Automation versions prior to 5.0 shipped without ce ...)
NOT-FOR-US: OnCommand Workflow Automation
CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has we ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d6e2b85a85e4ff21baf3cd0ddd752e732dc684c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d6e2b85a85e4ff21baf3cd0ddd752e732dc684c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190925/9b50c37e/attachment.html>
More information about the debian-security-tracker-commits
mailing list