Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5cba99b4 by Salvatore Bonaccorso at 2019-09-16T19:36:39Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9228,13 +9228,13 @@ CVE-2019-13522 (An attacker could use a specially
crafted project file to corrup
CVE-2019-13521
RESERVED
CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5
Smart L ...)
- TODO: check
+ NOT-FOR-US: Fuji Electric
CVE-2019-13519
RESERVED
CVE-2019-13518 (An attacker could use a specially crafted project file to
overflow the ...)
- TODO: check
+ NOT-FOR-US: EZAutomation
CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis
Enterprise Serve ...)
- TODO: check
+ NOT-FOR-US: Pyxis
CVE-2019-13516 (In OSIsoft PI Web API and prior, the affected product is
vulnerable to ...)
NOT-FOR-US: OSIsoft LLC
CVE-2019-13515 (OSIsoft PI Web API 2018 and prior may allow disclosure of
sensitive in ...)
@@ -10195,7 +10195,7 @@ CVE-2019-13158
CVE-2019-13157
RESERVED
CVE-2019-13156 (NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based
buffer ove ...)
- TODO: check
+ NOT-FOR-US: Naver Cloud Explorer
CVE-2019-13155 (An issue was discovered in TRENDnet TEW-827DRU firmware before
2.05B11 ...)
NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13154 (An issue was discovered in TRENDnet TEW-827DRU firmware before
2.05B11 ...)
@@ -10831,9 +10831,9 @@ CVE-2019-12945
CVE-2019-12944
RESERVED
CVE-2019-12943 (TTLock devices do not properly restrict password-reset
attempts, leadi ...)
- TODO: check
+ NOT-FOR-US: TTLock devices
CVE-2019-12942 (TTLock devices do not properly block guest access in certain
situation ...)
- TODO: check
+ NOT-FOR-US: TTLock devices
CVE-2019-12941
RESERVED
CVE-2019-12940 (LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of
Service (me ...)
@@ -11175,7 +11175,7 @@ CVE-2019-12812
CVE-2019-12811
RESERVED
CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing
functiona ...)
- TODO: check
+ NOT-FOR-US: ALSee
CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier
versions contai ...)
NOT-FOR-US: Yes24ViewerX ActiveX Control
CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a
local priv ...)
@@ -11831,7 +11831,7 @@ CVE-2019-12534
CVE-2019-12533
RESERVED
CVE-2019-12532 (Improper access control in the Insyde software tools may allow
an auth ...)
- TODO: check
+ NOT-FOR-US: Insyde software tools
CVE-2019-12531
RESERVED
CVE-2019-12530 (Incorrect access control was discovered in the stdonato
Dashboard plug ...)
@@ -13490,9 +13490,9 @@ CVE-2019-11901
CVE-2019-11900
RESERVED
CVE-2019-11899 (An unauthenticated attacker can achieve unauthorized access to
sensiti ...)
- TODO: check
+ NOT-FOR-US: Bosch Access Professional Edition
CVE-2019-11898 (Unauthorized APE administration privileges can be achieved by
reverse ...)
- TODO: check
+ NOT-FOR-US: Bosch Access Professional Edition
CVE-2019-11897 (A Server-Side Request Forgery (SSRF) vulnerability in the
backup & ...)
TODO: check
CVE-2019-11896 (A potential incorrect privilege assignment vulnerability
exists in the ...)
@@ -13791,7 +13791,7 @@ CVE-2019-11771 (AIX builds of Eclipse OpenJ9 before
0.15.0 contain unused RPATHs
CVE-2019-11770 (In Eclipse Buildship versions prior to 3.1.1, the build files
indicate ...)
NOT-FOR-US: Eclipse Buildship
CVE-2019-11769 (An issue was discovered in TeamViewer 14.2.2558. Updating the
product ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A
vulnerability ...)
- phpmyadmin <unfixed> (bug #930048)
[jessie] - phpmyadmin <not-affected> (vulnerable code is not present)
@@ -14439,11 +14439,11 @@ CVE-2019-11605 (An issue was discovered in GitLab
Community and Enterprise Editi
CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management
Appliance bef ...)
NOT-FOR-US: Quest KACE Systems Management Appliance
CVE-2019-11603 (A HTTP Traversal Attack in earlier versions than ProSyst mBS
SDK 8.2.6 ...)
- TODO: check
+ NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11602 (Leakage of stack traces in remote access to backup &
restore in ea ...)
- TODO: check
+ NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11601 (A directory traversal vulnerability in remote access to backup
& r ...)
- TODO: check
+ NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software
CVE-2019-11600 (A SQL injection vulnerability in the activities API in
OpenProject bef ...)
NOT-FOR-US: OpenProject
CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An
Arbitrary File O ...)
@@ -15046,7 +15046,7 @@ CVE-2019-11398 (Multiple cross-site scripting (XSS)
vulnerabilities in UliCMS 20
CVE-2019-11397 (GetFile.aspx in Rapid4 RapidFlows Enterprise Application
Builder 4.5M. ...)
NOT-FOR-US: Rapid4
CVE-2019-11396 (An issue was discovered in Avira Free Security Suite 10. The
permissiv ...)
- TODO: check
+ NOT-FOR-US: Avira Free Security Suite
CVE-2019-11395 (A buffer overflow in MailCarrier 2.51 allows remote attackers
to execu ...)
NOT-FOR-US: MailCarrier
CVE-2019-11394
@@ -15093,7 +15093,7 @@ CVE-2019-11382
CVE-2019-11381
RESERVED
CVE-2019-11380 (The master-password feature in the ES File Explorer File
Manager appli ...)
- TODO: check
+ NOT-FOR-US: ES File Explorer File Manager application for Android
CVE-2019-11379
RESERVED
CVE-2019-11378 (An issue was discovered in ProjectSend r1053.
upload-process-form.php ...)
@@ -15875,15 +15875,15 @@ CVE-2019-11071 (SPIP 3.1 before 3.1.10 and 3.2 before
3.2.4 allows authenticated
NOTE:
https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36
NOTE:
https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e
CVE-2019-11064 (A vulnerability of remote credential disclosure was discovered
in Adva ...)
- TODO: check
+ NOT-FOR-US: Advan VD-1 firmware
CVE-2019-11063 (A broken access control vulnerability in SmartHome app
(Android versio ...)
- TODO: check
+ NOT-FOR-US: SmartHome app
CVE-2019-11062 (The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS
Command Inj ...)
NOT-FOR-US: SUNNET WMPro for eLearning system
CVE-2019-11061 (A broken access control vulnerability in HG100 firmware
versions up to ...)
- TODO: check
+ NOT-FOR-US: HG100 firmware
CVE-2019-11060 (The web api server on Port 8080 of ASUS HG100 firmware up to
1.05.12, ...)
- TODO: check
+ NOT-FOR-US: ASUS HG100 firmware
CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4
64-bit exte ...)
- u-boot 2019.01+dfsg-6 (bug #928800)
[stretch] - u-boot <no-dsa> (Minor issue)
@@ -16121,7 +16121,7 @@ CVE-2019-10990
CVE-2019-10989 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple
heap-based buffe ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10988 (In Philips HDI 4000 Ultrasound Systems, all versions running
on old, u ...)
- TODO: check
+ NOT-FOR-US: Philips HDI 4000 Ultrasound Systems
CVE-2019-10987 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple
out-of-bounds wr ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10986
@@ -16223,7 +16223,7 @@ CVE-2019-10939
CVE-2019-10938 (A vulnerability has been identified in Ethernet plug-in
communication ...)
NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5
devices
CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All
version ...)
- TODO: check
+ NOT-FOR-US: SIMATIC TDC CP51M1
CVE-2019-10936
RESERVED
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and
earlier ...)
@@ -17877,7 +17877,7 @@ CVE-2019-10258
CVE-2019-10257 (Zucchetti HR Portal through 2019-03-15 allows Directory
Traversal. Una ...)
NOT-FOR-US: Zucchetti HR Portal
CVE-2019-10256 (An authentication bypass vulnerability in VIVOTEK IPCam
versions prior ...)
- TODO: check
+ NOT-FOR-US: VIVOTEK IPCam
CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter
Notebook be ...)
- jupyter-notebook 5.7.8-1 (bug #925939)
NOTE:
https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb
@@ -18628,9 +18628,9 @@ CVE-2019-10060 (The Verix Multi-app Conductor
application 2.7 for Verifone Verix
CVE-2019-10059 (The legacy finger service (TCP port 79) is enabled by default
on vario ...)
TODO: check
CVE-2019-10058 (Various Lexmark products have Incorrect Access Control. ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2019-10057 (Various Lexmark products have CSRF. ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2019-10056 (An issue was discovered in Suricata 4.1.3. The code mishandles
the cas ...)
- suricata 1:4.1.4-1
[buster] - suricata <no-dsa> (Minor issue)
@@ -31425,7 +31425,7 @@ CVE-2019-5505
CVE-2019-5504
RESERVED
CVE-2019-5503 (OnCommand Workflow Automation versions prior to 5.0 shipped
without ce ...)
- TODO: check
+ NOT-FOR-US: OnCommand Workflow Automation
CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3
has we ...)
NOT-FOR-US: Data ONTAP
CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may
disclose ...)
@@ -31486,7 +31486,7 @@ CVE-2019-5480 (A path traversal vulnerability in <=
v0.9.7 of statichttpserve
CVE-2019-5479 (An unintended require vulnerability in <v0.5.5
larvitbase-api may a ...)
TODO: check
CVE-2019-5478 (A weakness was found in Encrypt Only boot mode in Zynq
UltraScale+ dev ...)
- TODO: check
+ NOT-FOR-US: Encrypt Only boot mode in Zynq UltraScale+ devices
CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and
earlier allo ...)
- rexical <unfixed>
- ruby-nokogiri 1.10.4+dfsg1-1 (bug #934802)
@@ -31889,9 +31889,9 @@ CVE-2019-5317
CVE-2019-5316
RESERVED
CVE-2019-5315 (A command injection vulnerability is present in the web
management int ...)
- TODO: check
+ NOT-FOR-US: ArubaOS
CVE-2019-5314 (Some web components in the ArubaOS software are vulnerable to
HTTP Res ...)
- TODO: check
+ NOT-FOR-US: ArubaOS
CVE-2019-5313
RESERVED
CVE-2019-5312 (An issue was discovered in weixin-java-tools v3.3.0. There is
an XXE v ...)
@@ -32379,7 +32379,7 @@ CVE-2019-5072
CVE-2019-5071
RESERVED
CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the
unauthenticat ...)
- TODO: check
+ NOT-FOR-US: eFront LMS
CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS
v5.2.12. ...)
NOT-FOR-US: Epignosis eFront LMS
CVE-2019-5068
@@ -32446,9 +32446,9 @@ CVE-2019-5057 (An exploitable code execution
vulnerability exists in the PCX ima
CVE-2019-5056
RESERVED
CVE-2019-5055 (An exploitable denial-of-service vulnerability exists in the
Host Acce ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-5054 (An exploitable denial-of-service vulnerability exists in the
session h ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-5053
RESERVED
CVE-2019-5052 (An exploitable integer overflow vulnerability exists when
loading a PC ...)
@@ -34663,7 +34663,7 @@ CVE-2019-3977
CVE-2019-3976
RESERVED
CVE-2019-3975 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1
allows ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-3974 (Nessus 8.5.2 and earlier on Windows platforms were found to
contain an ...)
NOT-FOR-US: Nessus
CVE-2019-3973 (Comodo Antivirus versions 11.0.0.6582 and below are vulnerable
to Deni ...)
@@ -35611,13 +35611,13 @@ CVE-2019-3648
CVE-2019-3647
RESERVED
CVE-2019-3646 (DLL Search Order Hijacking vulnerability in Microsoft Windows
client i ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3645
RESERVED
CVE-2019-3644 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to
a remo ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3643 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to
a remo ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3642
RESERVED
CVE-2019-3641
@@ -35627,7 +35627,7 @@ CVE-2019-3640
CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee
Web Gate ...)
NOT-FOR-US: McAfee
CVE-2019-3638 (Reflected Cross Site Scripting vulnerability in Administrators
web con ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2019-3637 (Privilege Escalation vulnerability in McAfee FRP 5.x prior to
5.1.0.20 ...)
NOT-FOR-US: McAfee
CVE-2019-3636
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5cba99b410ce9a1c1cfb4038efdcd57e5796d99a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5cba99b410ce9a1c1cfb4038efdcd57e5796d99a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
