Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7545395e by Moritz Muehlenhoff at 2019-11-06T08:28:19Z NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -13,7 +13,7 @@ CVE-2019-18787 CVE-2019-18785 RESERVED CVE-2019-18784 (SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to ...) - TODO: check + NOT-FOR-US: SuiteCRM CVE-2019-18783 RESERVED CVE-2019-18782 @@ -2417,7 +2417,7 @@ CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the L CVE-2019-18675 RESERVED CVE-2019-18674 (An issue was discovered in Joomla! before 3.9.13. A missing access che ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2019-18673 (On SHIFT BitBox02 devices, a side channel for the row-based OLED displ ...) NOT-FOR-US: SHIFT BitBox02 devices CVE-2019-18672 @@ -2465,7 +2465,7 @@ CVE-2019-18652 CVE-2019-18651 RESERVED CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing token chec ...) - TODO: check + NOT-FOR-US: Joomla! CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...) - jupyter-notebook 5.7.4-1 NOTE: https://github.com/jupyter/notebook/pull/3341 @@ -7011,9 +7011,9 @@ CVE-2019-17214 (The WebARX plugin 1.3.0 for WordPress allows firewall bypass by CVE-2019-17213 (The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS v ...) NOT-FOR-US: WebARX plugin for WordPress CVE-2019-17212 (Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5. ...) - TODO: check + NOT-FOR-US: Arm Mbed OS CVE-2019-17211 (An integer overflow was discovered in the CoAP library in Arm Mbed OS ...) - TODO: check + NOT-FOR-US: Arm Mbed OS CVE-2019-17210 (A denial-of-service issue was discovered in the MQTT library in Arm Mb ...) NOT-FOR-US: Arm Mbed OS CVE-2019-17209 @@ -9349,7 +9349,7 @@ CVE-2019-16286 CVE-2019-16285 RESERVED CVE-2019-16284 (A potential security vulnerability has been identified in multiple HP ...) - TODO: check + NOT-FOR-US: HP CVE-2019-16283 RESERVED CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...) @@ -34433,19 +34433,19 @@ CVE-2019-8235 (An insecure direct object reference (IDOR) vulnerability exists i CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site r ...) NOT-FOR-US: Adobe CVE-2019-8233 (In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8232 (In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 pr ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8231 (In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8230 (In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenti ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8229 (In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authent ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8228 (in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenti ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8227 (In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenti ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8226 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8225 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) @@ -34581,111 +34581,111 @@ CVE-2019-8161 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2 CVE-2019-8160 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8159 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8158 (An XPath entity injection vulnerability exists in Magento 2.2 prior to ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8157 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8156 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8155 (Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8154 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8153 (A mitigation bypass to prevent cross-site scripting (XSS) exists in Ma ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8152 (A stored cross-site scripting (XSS) vulnerability exists in in Magento ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8151 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8150 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8149 (Insecure authentication and session management vulnerability exists in ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8148 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8147 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8146 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8145 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8144 (A remote code execution vulnerability exists in Magento 2.3 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8143 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8142 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8141 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8140 (An unrestricted file upload vulnerability exists in Magento 2.2 prior ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8139 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8138 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8137 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8136 (An insecure component vulnerability exists in Magento 2.2 prior to 2.2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8135 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8134 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8133 (A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8132 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8131 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8130 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8129 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8128 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8127 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8126 (An XML entity injection vulnerability exists in Magento 2.2 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8125 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8124 (An insufficient logging and monitoring vulnerability exists in Magento ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8123 (An insufficient logging and monitoring vulnerability exists in Magento ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8122 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8121 (An insecure component vulnerability exists in Magento 2.1 prior to 2.1 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8120 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8119 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8118 (Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8117 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8116 (Insecure authentication and session management vulnerability exists in ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8115 (A reflected cross-site scripting (XSS) vulnerability exists in Magento ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8114 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8113 (Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 us ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8112 (A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8111 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8110 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8109 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8108 (Insecure authentication and session management vulnerability exists in ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8107 (An arbitrary file deletion vulnerability exists in Magento 2.2 prior t ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8106 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...) NOT-FOR-US: Adobe CVE-2019-8105 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...) @@ -34713,13 +34713,13 @@ CVE-2019-8095 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 20 CVE-2019-8094 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...) NOT-FOR-US: Adobe CVE-2019-8093 (An arbitrary file access vulnerability exists in Magento 2.2 prior to ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8092 (A reflected cross-site scripting (XSS) vulnerability exists in Magento ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8091 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8090 (An arbitrary file deletion vulnerability exists in Magento 2.1 prior t ...) - TODO: check + NOT-FOR-US: Magento CVE-2019-8089 (Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross ...) NOT-FOR-US: Adobe CVE-2019-8088 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command ...) @@ -39627,7 +39627,7 @@ CVE-2019-6144 (This vulnerability allows a normal (non-admin) user to disable th CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4 ...) NOT-FOR-US: Forcepoint Next Generation Firewall (Forcepoint NGFW) CVE-2019-6142 (It has been reported that XSS is possible in Forcepoint Email Security ...) - TODO: check + NOT-FOR-US: Forcepoint CVE-2019-6141 RESERVED CVE-2019-6140 (A configuration issue has been discovered in Forcepoint Email Security ...) @@ -42265,9 +42265,9 @@ CVE-2019-5091 CVE-2019-5090 RESERVED CVE-2019-5089 (An exploitable memory corruption vulnerability exists in Investintech ...) - TODO: check + NOT-FOR-US: Investintech CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investintech ...) - TODO: check + NOT-FOR-US: Investintech CVE-2019-5087 RESERVED CVE-2019-5086 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7545395e70e43d4f9801424001f328bb951550d9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7545395e70e43d4f9801424001f328bb951550d9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits