[Git][security-tracker-team/security-tracker][master] new novnc, glpi issues
Moritz Muehlenhoff
jmm at debian.org
Thu Sep 26 21:44:00 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f2c3876a by Moritz Muehlenhoff at 2019-09-26T20:43:32Z
new novnc, glpi issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -74,7 +74,10 @@ CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/c
CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause ...)
NOT-FOR-US: Ubiquiti EdgeMAX
CVE-2017-18635 (An XSS vulnerability was discovered in noVNC before 0.6.2 in which the ...)
- TODO: check
+ - novnc 1:1.0.0-1
+ NOTE: https://bugs.launchpad.net/horizon/+bug/1656435
+ NOTE: https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
+ NOTE: https://github.com/novnc/noVNC/issues/748
CVE-2019-16888
RESERVED
CVE-2019-16887 (In IrfanView 4.53, Data from a Faulting Address controls a subsequent ...)
@@ -1242,7 +1245,7 @@ CVE-2019-16410 (An issue was discovered in Suricata 4.1.4. By sending multiple f
[jessie] - suricata <no-dsa> (Minor issue)
NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
CVE-2019-16409 (In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpu ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-16408
RESERVED
CVE-2019-16407
@@ -1776,7 +1779,7 @@ CVE-2019-16255
CVE-2019-16254
RESERVED
CVE-2019-16253 (The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2019-16252
RESERVED
CVE-2019-16251
@@ -6383,7 +6386,9 @@ CVE-2019-14667 (Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues
CVE-2015-9292 (6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code p ...)
NOT-FOR-US: 6kbbs
CVE-2019-14666 (GLPI through 9.4.3 is prone to account takeover by abusing the ajax/au ...)
- TODO: check
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-47hq-pfrr-jh5q
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...)
- brandy <unfixed> (unimportant; bug #933996)
NOTE: https://sourceforge.net/p/brandy/bugs/8/
@@ -8096,9 +8101,9 @@ CVE-2019-14274 (MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() func
[jessie] - mcpp <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mcpp/bugs/13/
CVE-2019-14273 (In SilverStripe assets 4.0, there is broken access control on files. ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-14272 (In SilverStripe asset-admin 4.0, there is XSS in file titles managed t ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-14271 (In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka ...)
{DSA-4521-1}
- docker.io 18.09.1+dfsg1-9
@@ -10812,7 +10817,7 @@ CVE-2019-13525
CVE-2019-13524
RESERVED
CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the integrat ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2019-13522 (An attacker could use a specially crafted project file to corrupt the ...)
NOT-FOR-US: EZ PLC Editor
CVE-2019-13521
@@ -13039,7 +13044,7 @@ CVE-2019-12719
CVE-2019-12718
RESERVED
CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization manager ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12716
RESERVED
CVE-2019-12715
@@ -13055,7 +13060,7 @@ CVE-2019-12711
CVE-2019-12710
RESERVED
CVE-2019-12709 (A vulnerability in a CLI command related to the virtualization manager ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12708
RESERVED
CVE-2019-12707
@@ -13129,59 +13134,59 @@ CVE-2019-12674
CVE-2019-12673
RESERVED
CVE-2019-12672 (A vulnerability in the filesystem of Cisco IOS XE Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12671 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12670 (A vulnerability in the filesystem of Cisco IOS XE Software could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12669 (A vulnerability in the RADIUS Change of Authorization (CoA) code of Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12668 (A vulnerability in the web framework code of Cisco IOS and Cisco IOS X ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12667 (A vulnerability in the web framework code of Cisco IOS XE Software cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12666 (A vulnerability in the Guest Shell of Cisco IOS XE Software could allo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12665 (A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Sof ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12664 (A vulnerability in the Dialer interface feature for ISDN connections i ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12663 (A vulnerability in the Cisco TrustSec (CTS) Protected Access Credentia ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12662 (A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software coul ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12661 (A vulnerability in a Virtualization Manager (VMAN) related CLI command ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12660 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12659 (A vulnerability in the HTTP server code of Cisco IOS XE Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12658 (A vulnerability in the filesystem resource management code of Cisco IO ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12657 (A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Softwa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12656 (A vulnerability in the IOx application environment of multiple Cisco p ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12655 (A vulnerability in the FTP application layer gateway (ALG) functionali ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12654 (A vulnerability in the common Session Initiation Protocol (SIP) librar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12653 (A vulnerability in the Raw Socket Transport feature of Cisco IOS XE So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12652 (A vulnerability in the ingress packet processing function of Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12651 (Multiple vulnerabilities in the web-based user interface (Web UI) of C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12650 (Multiple vulnerabilities in the web-based user interface (Web UI) of C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12649 (A vulnerability in the Image Verification feature of Cisco IOS XE Soft ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12648 (A vulnerability in the IOx application environment for Cisco IOS Softw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12647 (A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12646 (A vulnerability in the Network Address Translation (NAT) Session Initi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12645 (A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Softwar ...)
NOT-FOR-US: Cisco
CVE-2019-12644 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -13239,7 +13244,7 @@ CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control
NOTE: https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2
NOTE: https://github.com/hashicorp/nomad/issues/5783
CVE-2019-12617 (In SilverStripe through 4.3.3, there is access escalation for CMS user ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...)
{DLA-1821-1}
- phpmyadmin <unfixed> (bug #930017)
@@ -31259,7 +31264,7 @@ CVE-2019-6177 (A vulnerability reported in Lenovo Solution Center version 03.12.
CVE-2019-6176
RESERVED
CVE-2019-6175 (A denial of service vulnerability was reported in Lenovo System Update ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2019-6174
RESERVED
CVE-2019-6173
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2c3876ab37d04411527336a8939f2b6a3742867
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2c3876ab37d04411527336a8939f2b6a3742867
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190926/6e15301e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list