[Git][security-tracker-team/security-tracker][master] new mongodb issue
Moritz Muehlenhoff
jmm at debian.org
Wed Sep 25 22:45:55 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23febc50 by Moritz Muehlenhoff at 2019-09-25T21:45:20Z
new mongodb issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31558,13 +31558,13 @@ CVE-2019-6012
CVE-2019-6011
RESERVED
CVE-2019-6010 (Integer overflow vulnerability in LINE(Android) from 4.4.0 to the vers ...)
- TODO: check
+ NOT-FOR-US: LINE(Android)
CVE-2019-6009 (Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows rem ...)
NOT-FOR-US: SHIRASAGI
CVE-2019-6008
RESERVED
CVE-2019-6007 (Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows ...)
- TODO: check
+ NOT-FOR-US: apng-drawable
CVE-2019-6006
RESERVED
CVE-2019-6005 (Smart TV Box firmware version prior to 1300 allows remote attackers to ...)
@@ -32951,11 +32951,11 @@ CVE-2019-5487
CVE-2019-5486
RESERVED
CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injec ...)
- TODO: check
+ NOT-FOR-US: node gitlabhook
CVE-2019-5484 (Bower before 1.8.8 has a path traversal vulnerability permitting file ...)
- TODO: check
+ NOT-FOR-US: Bower
CVE-2019-5483 (Seneca < 3.9.0 contains a vulnerability that could lead to exposing ...)
- TODO: check
+ NOT-FOR-US: Seneca
CVE-2019-5482 (Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7. ...)
{DLA-1917-1}
- curl 7.66.0-1 (bug #940010)
@@ -32969,9 +32969,9 @@ CVE-2019-5481 (Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0
NOTE: Introduced by: https://github.com/curl/curl/commit/0649433da53c7165f839e24e889e131e2894dd32 (curl-7_52_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5 (curl-7_66_0)
CVE-2019-5480 (A path traversal vulnerability in <= v0.9.7 of statichttpserver npm ...)
- TODO: check
+ NOT-FOR-US: Node statichttpserver
CVE-2019-5479 (An unintended require vulnerability in <v0.5.5 larvitbase-api may a ...)
- TODO: check
+ NOT-FOR-US: Node larvitbase-api
CVE-2019-5478 (A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ dev ...)
NOT-FOR-US: Encrypt Only boot mode in Zynq UltraScale+ devices
CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and earlier allo ...)
@@ -33981,7 +33981,7 @@ CVE-2019-5044
CVE-2019-5043
RESERVED
CVE-2019-5042 (An exploitable Use-After-Free vulnerability exists in the way Function ...)
- TODO: check
+ NOT-FOR-US: Aspose
CVE-2019-5041 (An exploitable Stack Based Buffer Overflow vulnerability exists in the ...)
NOT-FOR-US: Aspose
CVE-2019-5040 (An exploitable information disclosure vulnerability exists in the Weav ...)
@@ -36864,21 +36864,21 @@ CVE-2019-3765
CVE-2019-3764
RESERVED
CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-3762
RESERVED
CVE-2019-3761 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-3760 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-3759 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-3758 (RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper au ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-3757
RESERVED
CVE-2019-3756 (RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-3755
RESERVED
CVE-2019-3754 (Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, ...)
@@ -37697,7 +37697,7 @@ CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impa
CVE-2019-3417 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...)
NOT-FOR-US: ZTE
CVE-2019-3416 (All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impa ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2019-3415 (ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traver ...)
NOT-FOR-US: ZTE
CVE-2019-3414 (All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS ...)
@@ -38634,7 +38634,7 @@ CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote fu
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/192
CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack ...)
- TODO: check
+ NOT-FOR-US: ASUSWRT
CVE-2018-20335
RESERVED
CVE-2018-20334
@@ -41871,7 +41871,8 @@ CVE-2019-2391
CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can create ...)
NOT-FOR-US: Microsoft
CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...)
- TODO: check
+ - mongodb <unfixed> (low)
+ [stretch] - mongodb <ignored> (Minor issue)
CVE-2019-2388
RESERVED
CVE-2019-2387
@@ -42435,7 +42436,7 @@ CVE-2019-2117 (In checkQueryPermission of TelephonyProvider.java, there is a pos
CVE-2019-2116 (In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound ...)
NOT-FOR-US: Android
CVE-2019-2115 (In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2114
RESERVED
CVE-2019-2113 (In setup wizard there is a bypass of some checks when wifi connection ...)
@@ -42459,7 +42460,7 @@ CVE-2019-2105 (In FileInputStream::Read of file_input_stream.cc, there is a poss
CVE-2019-2104 (In HIDL, safe_union, and other C++ structs/unions being sent to applic ...)
NOT-FOR-US: Android
CVE-2019-2103 (In Google Assistant in Android 9, there is a possible permissions bypa ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2102 (In the Bluetooth Low Energy (BLE) specification, there is a provided e ...)
NOT-FOR-US: Android
CVE-2019-2101 (In uvc_parse_standard_control of uvc_driver.c, there is a possible out ...)
@@ -43007,7 +43008,7 @@ CVE-2019-1977 (A vulnerability within the Endpoint Learning feature of Cisco Nex
CVE-2019-1976 (A vulnerability in the “plug-and-play” services co ...)
NOT-FOR-US: Cisco
CVE-2019-1975 (A vulnerability in the web-based interface of Cisco HyperFlex Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1974 (A vulnerability in the web-based management interface of Cisco Integra ...)
NOT-FOR-US: Cisco
CVE-2019-1973 (A vulnerability in the web portal framework of Cisco Enterprise NFV In ...)
@@ -45214,7 +45215,7 @@ CVE-2019-1369
CVE-2019-1368
RESERVED
CVE-2019-1367 (A remote code execution vulnerability exists in the way that the scrip ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1366
RESERVED
CVE-2019-1365
@@ -45438,7 +45439,7 @@ CVE-2019-1257 (A remote code execution vulnerability exists in Microsoft SharePo
CVE-2019-1256 (An elevation of privilege vulnerability exists in Windows when the Win ...)
NOT-FOR-US: Microsoft
CVE-2019-1255 (A denial of service vulnerability exists when Microsoft Defender impro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1254 (An information disclosure vulnerability exists when Windows Hyper-V wr ...)
NOT-FOR-US: Microsoft
CVE-2019-1253 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
@@ -50281,7 +50282,7 @@ CVE-2018-18670 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject
CVE-2018-18669 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
NOT-FOR-US: GNU Board
CVE-2018-18668 (GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to injec ...)
- TODO: check
+ NOT-FOR-US: GNU Board
CVE-2018-18667 (The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum to ...)
NOT-FOR-US: Some Ethereum token
CVE-2018-18666 (The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum t ...)
@@ -50397,7 +50398,7 @@ CVE-2018-18883 (An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x8
CVE-2018-18631 (mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 befo ...)
NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2018-18630 (A vulnerability was found in McKesson Cardiology product 13.x and 14.x ...)
- TODO: check
+ NOT-FOR-US: McKesson Cardiology
CVE-2018-18629 (An issue was discovered in the Keybase command-line client before 2.8. ...)
NOT-FOR-US: Keybase command-line client
CVE-2018-18628 (An issue was discovered in Pippo 1.11.0. The function SerializationSes ...)
@@ -50541,9 +50542,9 @@ CVE-2018-18575
CVE-2018-18574
RESERVED
CVE-2018-18573 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...)
- TODO: check
+ NOT-FOR-US: osCommerce
CVE-2018-18572 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...)
- TODO: check
+ NOT-FOR-US: osCommerce
CVE-2018-18571 (An Incorrect Access Control vulnerability has been identified in Citri ...)
NOT-FOR-US: Citrix
CVE-2018-18570 (Planon before Live Build 41 has XSS. ...)
@@ -51142,9 +51143,9 @@ CVE-2018-18373 (In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.
CVE-2018-18372 (A Stored XSS vulnerability has been discovered in KAASoft Library CMS ...)
NOT-FOR-US: KAASoft Library CMS
CVE-2018-18371 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...)
- TODO: check
+ NOT-FOR-US: ASG/ProxySG FTP proxy WebFTP
CVE-2018-18370 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...)
- TODO: check
+ NOT-FOR-US: ASG/ProxySG FTP proxy WebFTP
CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows ...)
NOT-FOR-US: Norton Security
CVE-2018-18368
@@ -52074,7 +52075,7 @@ CVE-2018-18058 (An issue was discovered in Bitdefender Engines before 7.76662. A
CVE-2018-18057
RESERVED
CVE-2018-18056 (An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E an ...)
- TODO: check
+ NOT-FOR-US: Texas Instruments
CVE-2018-1000810 (The Rust Programming Language Standard Library version 1.29.0, 1.28.0, ...)
- rustc 1.30.0+dfsg1-1
[stretch] - rustc <not-affected> (Introduced in 1.26)
@@ -52792,11 +52793,11 @@ CVE-2018-17793 (** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "py
CVE-2018-17792 (MDaemon Webmail (formerly WorldClient) has CSRF. ...)
NOT-FOR-US: MDaemon Webmail
CVE-2018-17791 (Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an " ...)
- TODO: check
+ NOT-FOR-US: Newgen OmniFlow Intelligent Business Process Suite
CVE-2018-17790 (Prospecta Master Data Online (MDO) 2.0 has Stored XSS. ...)
NOT-FOR-US: Prospecta Master Data Online (MDO)
CVE-2018-17789 (Prospecta Master Data Online (MDO) allows CSRF. ...)
- TODO: check
+ NOT-FOR-US: Prospecta Master Data Online (MDO)
CVE-2018-17788
RESERVED
CVE-2018-17787 (On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Co ...)
@@ -58749,13 +58750,13 @@ CVE-2018-15515 (The CaptivelPortal service on D-Link Central WiFiManager CWM-100
CVE-2018-15514 (HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 ( ...)
NOT-FOR-US: Docker for Windows
CVE-2018-15513 (Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs o ...)
- TODO: check
+ NOT-FOR-US: totemomail
CVE-2018-15512 (Cross-site scripting (XSS) vulnerability in the 'Authorisation Service ...)
- TODO: check
+ NOT-FOR-US: totemomail
CVE-2018-15511 (Cross-site scripting (XSS) vulnerability in the 'Notification template ...)
- TODO: check
+ NOT-FOR-US: totemomail
CVE-2018-15510 (Cross-site scripting (XSS) vulnerability in the 'Certificate' feature ...)
- TODO: check
+ NOT-FOR-US: totemomail
CVE-2018-15509 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 ...)
NOT-FOR-US: Five9 Agent Desktop Plus
CVE-2018-15508 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing ...)
@@ -62490,7 +62491,7 @@ CVE-2018-14064 (The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devic
CVE-2018-14063 (The increaseApproval function of a smart contract implementation for T ...)
NOT-FOR-US: smart contract
CVE-2018-14062 (The COSPAS-SARSAT protocol allows remote attackers to forge messages, ...)
- TODO: check
+ NOT-FOR-US: COSPAS-SARSAT protocol
CVE-2018-14061
RESERVED
CVE-2018-14060 (OS command injection in the AP mode settings feature in /cgi-bin/luci ...)
@@ -64102,7 +64103,7 @@ CVE-2018-13369
CVE-2018-13368 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
NOT-FOR-US: Fortinet FortiClient
CVE-2018-13367 (An information exposure vulnerability in FortiOS 6.2.0 and below may a ...)
- TODO: check
+ NOT-FOR-US: FortiOS
CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6 ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13365 (An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 ...)
@@ -69137,7 +69138,7 @@ CVE-2018-11571 (ClipperCMS 1.3.3 allows Session Fixation. ...)
CVE-2018-11570
RESERVED
CVE-2018-11569 (Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deseri ...)
- TODO: check
+ NOT-FOR-US: Eventum
CVE-2018-11568 (Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for W ...)
NOT-FOR-US: GamePlan theme for WordPress
CVE-2018-11567 (** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Ech ...)
@@ -70243,11 +70244,11 @@ CVE-2018-11202 (A NULL pointer dereference was discovered in H5S_hyper_make_span
CVE-2018-11201
RESERVED
CVE-2018-11200 (An issue was discovered in Mautic 2.13.1. It has Stored XSS via the co ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2018-11199
RESERVED
CVE-2018-11198 (An issue was discovered in Mautic 2.13.1. There is Stored XSS via the ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2018-11197
RESERVED
CVE-2018-11196 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before ...)
@@ -75776,7 +75777,7 @@ CVE-2018-9092 (There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.1
CVE-2018-9091 (A critical vulnerability in the KEMP LoadMaster Operating System (LMOS ...)
NOT-FOR-US: KEMP LoadMaster Operating System
CVE-2018-9090 (CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Gr ...)
- TODO: check
+ NOT-FOR-US: CoreOS Tectonic
CVE-2018-9089
RESERVED
CVE-2018-9088
@@ -79021,7 +79022,7 @@ CVE-2018-7822 (An Incorrect Default Permissions (CWE-276) vulnerability exists i
CVE-2018-7821 (An Environment (CWE-2) vulnerability exists in SoMachine Basic, all ve ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7820 (A Credentials Management CWE-255 vulnerability exists in the APC UPS N ...)
- TODO: check
+ NOT-FOR-US: APC
CVE-2018-7819
RESERVED
CVE-2018-7818
@@ -81518,7 +81519,7 @@ CVE-2018-7083 (If a process running within Aruba Instant crashes, it may leave b
CVE-2018-7082 (A command injection vulnerability is present in Aruba Instant that per ...)
NOT-FOR-US: Aruba
CVE-2018-7081 (A remote code execution vulnerability is present in network-listening ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2018-7080 (A vulnerability exists in the firmware of embedded BLE radios that are ...)
NOT-FOR-US: Aruba
CVE-2018-7079 (Aruba ClearPass Policy Manager guest authorization failure. Certain ad ...)
@@ -84144,7 +84145,7 @@ CVE-2018-6242 (Some NVIDIA Tegra mobile processors released prior to 2016 contai
CVE-2018-6241 (NVIDIA Tegra Gralloc module contains a vulnerability in driver in whic ...)
NOT-FOR-US: NVIDIA
CVE-2018-6240 (NVIDIA Tegra contains a vulnerability in BootRom where a user with ker ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2018-6239 (NVIDIA Jetson TX2 contains a vulnerability by means of speculative exe ...)
NOT-FOR-US: NVIDIA
CVE-2018-6238
@@ -111500,9 +111501,9 @@ CVE-2017-14204
CVE-2017-14203
RESERVED
CVE-2017-14202 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2017-14201 (Use After Free vulnerability in the Zephyr shell allows a serial or te ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2017-14200
RESERVED
CVE-2017-14199 (A buffer overflow has been found in the Zephyr Project's getaddrinfo() ...)
@@ -164466,7 +164467,7 @@ CVE-2016-6156 (Race condition in the ec_device_ioctl_xcmd function in drivers/pl
CVE-2016-6155
RESERVED
CVE-2016-6154 (The authentication applet in Watchguard Fireware 11.11 Operating Syste ...)
- TODO: check
+ NOT-FOR-US: Watchguard
CVE-2016-6152 (CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated ...)
NOT-FOR-US: eHealth
CVE-2016-6151 (CA eHealth 6.2.x allows remote authenticated users to cause a denial o ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23febc50e3b632a7f382f787a73d967ebf57562c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23febc50e3b632a7f382f787a73d967ebf57562c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190925/51d86761/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list