[Git][security-tracker-team/security-tracker][master] new novnc, glpi issues

Moritz Muehlenhoff jmm at debian.org
Thu Sep 26 21:44:00 BST 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f2c3876a by Moritz Muehlenhoff at 2019-09-26T20:43:32Z
new novnc, glpi issues
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -74,7 +74,10 @@ CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/c
 CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause  ...)
 	NOT-FOR-US: Ubiquiti EdgeMAX
 CVE-2017-18635 (An XSS vulnerability was discovered in noVNC before 0.6.2 in which the ...)
-	TODO: check
+	- novnc 1:1.0.0-1
+	NOTE: https://bugs.launchpad.net/horizon/+bug/1656435
+	NOTE: https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
+	NOTE: https://github.com/novnc/noVNC/issues/748
 CVE-2019-16888
 	RESERVED
 CVE-2019-16887 (In IrfanView 4.53, Data from a Faulting Address controls a subsequent  ...)
@@ -1242,7 +1245,7 @@ CVE-2019-16410 (An issue was discovered in Suricata 4.1.4. By sending multiple f
 	[jessie] - suricata <no-dsa> (Minor issue)
 	NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
 CVE-2019-16409 (In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpu ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe
 CVE-2019-16408
 	RESERVED
 CVE-2019-16407
@@ -1776,7 +1779,7 @@ CVE-2019-16255
 CVE-2019-16254
 	RESERVED
 CVE-2019-16253 (The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2019-16252
 	RESERVED
 CVE-2019-16251
@@ -6383,7 +6386,9 @@ CVE-2019-14667 (Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues
 CVE-2015-9292 (6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code p ...)
 	NOT-FOR-US: 6kbbs
 CVE-2019-14666 (GLPI through 9.4.3 is prone to account takeover by abusing the ajax/au ...)
-	TODO: check
+	- glpi <removed> (unimportant)
+	NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-47hq-pfrr-jh5q
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...)
 	- brandy <unfixed> (unimportant; bug #933996)
 	NOTE: https://sourceforge.net/p/brandy/bugs/8/
@@ -8096,9 +8101,9 @@ CVE-2019-14274 (MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() func
 	[jessie] - mcpp <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/mcpp/bugs/13/
 CVE-2019-14273 (In SilverStripe assets 4.0, there is broken access control on files. ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe
 CVE-2019-14272 (In SilverStripe asset-admin 4.0, there is XSS in file titles managed t ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe
 CVE-2019-14271 (In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka ...)
 	{DSA-4521-1}
 	- docker.io 18.09.1+dfsg1-9
@@ -10812,7 +10817,7 @@ CVE-2019-13525
 CVE-2019-13524
 	RESERVED
 CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the integrat ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2019-13522 (An attacker could use a specially crafted project file to corrupt the  ...)
 	NOT-FOR-US: EZ PLC Editor
 CVE-2019-13521
@@ -13039,7 +13044,7 @@ CVE-2019-12719
 CVE-2019-12718
 	RESERVED
 CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization manager ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12716
 	RESERVED
 CVE-2019-12715
@@ -13055,7 +13060,7 @@ CVE-2019-12711
 CVE-2019-12710
 	RESERVED
 CVE-2019-12709 (A vulnerability in a CLI command related to the virtualization manager ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12708
 	RESERVED
 CVE-2019-12707
@@ -13129,59 +13134,59 @@ CVE-2019-12674
 CVE-2019-12673
 	RESERVED
 CVE-2019-12672 (A vulnerability in the filesystem of Cisco IOS XE Software could allow ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12671 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12670 (A vulnerability in the filesystem of Cisco IOS XE Software could allow ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12669 (A vulnerability in the RADIUS Change of Authorization (CoA) code of Ci ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12668 (A vulnerability in the web framework code of Cisco IOS and Cisco IOS X ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12667 (A vulnerability in the web framework code of Cisco IOS XE Software cou ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12666 (A vulnerability in the Guest Shell of Cisco IOS XE Software could allo ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12665 (A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Sof ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12664 (A vulnerability in the Dialer interface feature for ISDN connections i ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12663 (A vulnerability in the Cisco TrustSec (CTS) Protected Access Credentia ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12662 (A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software coul ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12661 (A vulnerability in a Virtualization Manager (VMAN) related CLI command ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12660 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12659 (A vulnerability in the HTTP server code of Cisco IOS XE Software could ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12658 (A vulnerability in the filesystem resource management code of Cisco IO ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12657 (A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Softwa ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12656 (A vulnerability in the IOx application environment of multiple Cisco p ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12655 (A vulnerability in the FTP application layer gateway (ALG) functionali ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12654 (A vulnerability in the common Session Initiation Protocol (SIP) librar ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12653 (A vulnerability in the Raw Socket Transport feature of Cisco IOS XE So ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12652 (A vulnerability in the ingress packet processing function of Cisco IOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12651 (Multiple vulnerabilities in the web-based user interface (Web UI) of C ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12650 (Multiple vulnerabilities in the web-based user interface (Web UI) of C ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12649 (A vulnerability in the Image Verification feature of Cisco IOS XE Soft ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12648 (A vulnerability in the IOx application environment for Cisco IOS Softw ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12647 (A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12646 (A vulnerability in the Network Address Translation (NAT) Session Initi ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2019-12645 (A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Softwar ...)
 	NOT-FOR-US: Cisco
 CVE-2019-12644 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -13239,7 +13244,7 @@ CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control
 	NOTE: https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2
 	NOTE: https://github.com/hashicorp/nomad/issues/5783
 CVE-2019-12617 (In SilverStripe through 4.3.3, there is access escalation for CMS user ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe
 CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...)
 	{DLA-1821-1}
 	- phpmyadmin <unfixed> (bug #930017)
@@ -31259,7 +31264,7 @@ CVE-2019-6177 (A vulnerability reported in Lenovo Solution Center version 03.12.
 CVE-2019-6176
 	RESERVED
 CVE-2019-6175 (A denial of service vulnerability was reported in Lenovo System Update ...)
-	TODO: check
+	NOT-FOR-US: Lenovo
 CVE-2019-6174
 	RESERVED
 CVE-2019-6173



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2c3876ab37d04411527336a8939f2b6a3742867

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f2c3876ab37d04411527336a8939f2b6a3742867
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190926/6e15301e/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list