Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 807df9c3 by Moritz Muehlenhoff at 2019-07-04T08:34:31Z NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -33,7 +33,7 @@ CVE-2019-13210 CVE-2019-13209 RESERVED CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation because th ...) - TODO: check + NOT-FOR-US: Waves MAXX Audio CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflo ...) TODO: check CVE-2019-13206 @@ -99,11 +99,11 @@ CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares versions 3.1 throug - calamares <unfixed> (bug #931391) NOTE: https://github.com/calamares/calamares/issues/1190 CVE-2019-13177 (verification.py in django-rest-registration (aka Django REST Registrat ...) - TODO: check + NOT-FOR-US: django-rest-registration CVE-2019-13176 RESERVED CVE-2019-13175 (Read the Docs before 3.5.1 has an Open Redirect if certain user-define ...) - TODO: check + NOT-FOR-US: Read the Docs CVE-2019-13174 RESERVED CVE-2019-13173 (fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extra ...) @@ -371,7 +371,7 @@ CVE-2019-13075 (Tor Browser through 8.5.3 has an information exposure vulnerabil NOTE: https://trac.torproject.org/projects/tor/ticket/30657 NOTE: This affects Firefox, but it's not a security issue in Firefox by itself CVE-2019-13074 (A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 c ...) - TODO: check + NOT-FOR-US: MikroTik CVE-2019-13073 RESERVED CVE-2018-20849 (Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the ...) @@ -413,7 +413,7 @@ CVE-2019-13058 CVE-2019-13057 RESERVED CVE-2019-13056 (An issue was discovered in CyberPanel through 1.8.4. On the user edit ...) - TODO: check + NOT-FOR-US: CyberPanel CVE-2019-13055 (Certain Logitech Unifying devices allow attackers to dump AES keys and ...) NOT-FOR-US: Logitech CVE-2019-13054 (The Logitech R500 presentation clicker allows attackers to determine t ...) @@ -939,7 +939,7 @@ CVE-2019-12854 CVE-2019-12853 RESERVED CVE-2019-12852 (An SSRF attack was possible on a JetBrains YouTrack server. The issue ...) - TODO: check + NOT-FOR-US: JetBrains YouTrack CVE-2019-12851 (A CSRF vulnerability was detected in one of the admin endpoints of Jet ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-12850 (A query injection was possible in JetBrains YouTrack. The issue was fi ...) @@ -951,17 +951,17 @@ CVE-2019-12848 CVE-2019-12847 (In JetBrains Hub versions earlier than 2018.4.11298, the audit events ...) NOT-FOR-US: JetBrains Hub CVE-2019-12846 (A user without the required permissions could gain access to some JetB ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2019-12845 (The generated Kotlin DSL settings allowed usage of an unencrypted conn ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2019-12844 (A possible stored JavaScript injection was detected on one of the JetB ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2019-12843 (A possible stored JavaScript injection requiring a deliberate server a ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2019-12842 (A reflected XSS on a user page was detected on one of the JetBrains Te ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2019-12841 (Incorrect handling of user input in ZIP extraction was detected in Jet ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2019-12840 (In Webmin through 1.910, any user authorized to the "Package Updates" ...) - webmin <removed> CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation error with ...) @@ -7914,11 +7914,11 @@ CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layo CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Application S ...) NOT-FOR-US: JetBrains IntelliJ IDEA Ultimate CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving artifacts using ...) - TODO: check + NOT-FOR-US: JetBrains CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it wa ...) NOT-FOR-US: JetBrains YouTrack Confluence plugin CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...) @@ -9693,7 +9693,7 @@ CVE-2019-9732 (An issue was discovered in GitLab Community and Enterprise Editio CVE-2019-9731 RESERVED CVE-2019-9730 (Incorrect access control in the CxUtilSvc component of the Synaptics S ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2019-9729 (In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows pr ...) NOT-FOR-US: Shanda MapleStory Online CVE-2019-9728 @@ -16687,13 +16687,13 @@ CVE-2019-6966 (An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom cla CVE-2019-6965 (An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/ ...) NOT-FOR-US: i-doit CVE-2019-6964 (A heap-based buffer over-read in Service_SetParamStringValue in cosa_x ...) - TODO: check + NOT-FOR-US: RDK (Reference Design Kit) CVE-2019-6963 (A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-2018 ...) - TODO: check + NOT-FOR-US: RDK (Reference Design Kit) CVE-2019-6962 (A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 ...) - TODO: check + NOT-FOR-US: RDK (Reference Design Kit) CVE-2019-6961 (Incorrect access control in actionHandlerUtility.php in the RDK RDKB-2 ...) - TODO: check + NOT-FOR-US: RDK (Reference Design Kit) CVE-2019-6960 RESERVED - gitlab 11.5.10+dfsg-1 (bug #921059) @@ -18497,7 +18497,7 @@ CVE-2019-6243 (Frog CMS 0.9.5 allows XSS via the forgot password page (aka the / CVE-2019-6242 (** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read t ...) NOT-FOR-US: Kentico CVE-2019-6241 (In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined wi ...) - TODO: check + NOT-FOR-US: Bevywise MQTTRoute CVE-2019-6240 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.7+dfsg-1 (bug #919822) NOTE: https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/ @@ -20122,11 +20122,15 @@ CVE-2019-5604 CVE-2019-5603 RESERVED CVE-2019-5602 (In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEAS ...) - TODO: check + - kfreebsd-10 <unfixed> (unimportant) + NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc + NOTE: kfreebsd not covered by security support CVE-2019-5601 (In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEAS ...) - TODO: check + - kfreebsd-10 <unfixed> (unimportant) + NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:10.ufs.asc + NOTE: kfreebsd not covered by security support CVE-2019-5600 (In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEAS ...) - TODO: check + NOT-FOR-US: FreeBSD iconv CVE-2019-5599 (In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-REL ...) - kfreebsd-10 <not-affected> (Only affects FreeBSD 12) CVE-2019-5598 (In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/807df9c33ca1ade806feba87b5af2342d45723c3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/807df9c33ca1ade806feba87b5af2342d45723c3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits