Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5cba99b4 by Salvatore Bonaccorso at 2019-09-16T19:36:39Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -9228,13 +9228,13 @@ CVE-2019-13522 (An attacker could use a specially crafted project file to corrup CVE-2019-13521 RESERVED CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 Smart L ...) - TODO: check + NOT-FOR-US: Fuji Electric CVE-2019-13519 RESERVED CVE-2019-13518 (An attacker could use a specially crafted project file to overflow the ...) - TODO: check + NOT-FOR-US: EZAutomation CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Serve ...) - TODO: check + NOT-FOR-US: Pyxis CVE-2019-13516 (In OSIsoft PI Web API and prior, the affected product is vulnerable to ...) NOT-FOR-US: OSIsoft LLC CVE-2019-13515 (OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive in ...) @@ -10195,7 +10195,7 @@ CVE-2019-13158 CVE-2019-13157 RESERVED CVE-2019-13156 (NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer ove ...) - TODO: check + NOT-FOR-US: Naver Cloud Explorer CVE-2019-13155 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...) NOT-FOR-US: TRENDnet TEW-827DRU firmware CVE-2019-13154 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...) @@ -10831,9 +10831,9 @@ CVE-2019-12945 CVE-2019-12944 RESERVED CVE-2019-12943 (TTLock devices do not properly restrict password-reset attempts, leadi ...) - TODO: check + NOT-FOR-US: TTLock devices CVE-2019-12942 (TTLock devices do not properly block guest access in certain situation ...) - TODO: check + NOT-FOR-US: TTLock devices CVE-2019-12941 RESERVED CVE-2019-12940 (LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (me ...) @@ -11175,7 +11175,7 @@ CVE-2019-12812 CVE-2019-12811 RESERVED CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing functiona ...) - TODO: check + NOT-FOR-US: ALSee CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contai ...) NOT-FOR-US: Yes24ViewerX ActiveX Control CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...) @@ -11831,7 +11831,7 @@ CVE-2019-12534 CVE-2019-12533 RESERVED CVE-2019-12532 (Improper access control in the Insyde software tools may allow an auth ...) - TODO: check + NOT-FOR-US: Insyde software tools CVE-2019-12531 RESERVED CVE-2019-12530 (Incorrect access control was discovered in the stdonato Dashboard plug ...) @@ -13490,9 +13490,9 @@ CVE-2019-11901 CVE-2019-11900 RESERVED CVE-2019-11899 (An unauthenticated attacker can achieve unauthorized access to sensiti ...) - TODO: check + NOT-FOR-US: Bosch Access Professional Edition CVE-2019-11898 (Unauthorized APE administration privileges can be achieved by reverse ...) - TODO: check + NOT-FOR-US: Bosch Access Professional Edition CVE-2019-11897 (A Server-Side Request Forgery (SSRF) vulnerability in the backup & ...) TODO: check CVE-2019-11896 (A potential incorrect privilege assignment vulnerability exists in the ...) @@ -13791,7 +13791,7 @@ CVE-2019-11771 (AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs CVE-2019-11770 (In Eclipse Buildship versions prior to 3.1.1, the build files indicate ...) NOT-FOR-US: Eclipse Buildship CVE-2019-11769 (An issue was discovered in TeamViewer 14.2.2558. Updating the product ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability ...) - phpmyadmin <unfixed> (bug #930048) [jessie] - phpmyadmin <not-affected> (vulnerable code is not present) @@ -14439,11 +14439,11 @@ CVE-2019-11605 (An issue was discovered in GitLab Community and Enterprise Editi CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management Appliance bef ...) NOT-FOR-US: Quest KACE Systems Management Appliance CVE-2019-11603 (A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 ...) - TODO: check + NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software CVE-2019-11602 (Leakage of stack traces in remote access to backup & restore in ea ...) - TODO: check + NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software CVE-2019-11601 (A directory traversal vulnerability in remote access to backup & r ...) - TODO: check + NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software CVE-2019-11600 (A SQL injection vulnerability in the activities API in OpenProject bef ...) NOT-FOR-US: OpenProject CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...) @@ -15046,7 +15046,7 @@ CVE-2019-11398 (Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 20 CVE-2019-11397 (GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M. ...) NOT-FOR-US: Rapid4 CVE-2019-11396 (An issue was discovered in Avira Free Security Suite 10. The permissiv ...) - TODO: check + NOT-FOR-US: Avira Free Security Suite CVE-2019-11395 (A buffer overflow in MailCarrier 2.51 allows remote attackers to execu ...) NOT-FOR-US: MailCarrier CVE-2019-11394 @@ -15093,7 +15093,7 @@ CVE-2019-11382 CVE-2019-11381 RESERVED CVE-2019-11380 (The master-password feature in the ES File Explorer File Manager appli ...) - TODO: check + NOT-FOR-US: ES File Explorer File Manager application for Android CVE-2019-11379 RESERVED CVE-2019-11378 (An issue was discovered in ProjectSend r1053. upload-process-form.php ...) @@ -15875,15 +15875,15 @@ CVE-2019-11071 (SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated NOTE: https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36 NOTE: https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e CVE-2019-11064 (A vulnerability of remote credential disclosure was discovered in Adva ...) - TODO: check + NOT-FOR-US: Advan VD-1 firmware CVE-2019-11063 (A broken access control vulnerability in SmartHome app (Android versio ...) - TODO: check + NOT-FOR-US: SmartHome app CVE-2019-11062 (The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Inj ...) NOT-FOR-US: SUNNET WMPro for eLearning system CVE-2019-11061 (A broken access control vulnerability in HG100 firmware versions up to ...) - TODO: check + NOT-FOR-US: HG100 firmware CVE-2019-11060 (The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, ...) - TODO: check + NOT-FOR-US: ASUS HG100 firmware CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit exte ...) - u-boot 2019.01+dfsg-6 (bug #928800) [stretch] - u-boot <no-dsa> (Minor issue) @@ -16121,7 +16121,7 @@ CVE-2019-10990 CVE-2019-10989 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffe ...) NOT-FOR-US: WebAccess/SCADA CVE-2019-10988 (In Philips HDI 4000 Ultrasound Systems, all versions running on old, u ...) - TODO: check + NOT-FOR-US: Philips HDI 4000 Ultrasound Systems CVE-2019-10987 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds wr ...) NOT-FOR-US: WebAccess/SCADA CVE-2019-10986 @@ -16223,7 +16223,7 @@ CVE-2019-10939 CVE-2019-10938 (A vulnerability has been identified in Ethernet plug-in communication ...) NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5 devices CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All version ...) - TODO: check + NOT-FOR-US: SIMATIC TDC CP51M1 CVE-2019-10936 RESERVED CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...) @@ -17877,7 +17877,7 @@ CVE-2019-10258 CVE-2019-10257 (Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Una ...) NOT-FOR-US: Zucchetti HR Portal CVE-2019-10256 (An authentication bypass vulnerability in VIVOTEK IPCam versions prior ...) - TODO: check + NOT-FOR-US: VIVOTEK IPCam CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...) - jupyter-notebook 5.7.8-1 (bug #925939) NOTE: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb @@ -18628,9 +18628,9 @@ CVE-2019-10060 (The Verix Multi-app Conductor application 2.7 for Verifone Verix CVE-2019-10059 (The legacy finger service (TCP port 79) is enabled by default on vario ...) TODO: check CVE-2019-10058 (Various Lexmark products have Incorrect Access Control. ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2019-10057 (Various Lexmark products have CSRF. ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2019-10056 (An issue was discovered in Suricata 4.1.3. The code mishandles the cas ...) - suricata 1:4.1.4-1 [buster] - suricata <no-dsa> (Minor issue) @@ -31425,7 +31425,7 @@ CVE-2019-5505 CVE-2019-5504 RESERVED CVE-2019-5503 (OnCommand Workflow Automation versions prior to 5.0 shipped without ce ...) - TODO: check + NOT-FOR-US: OnCommand Workflow Automation CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has we ...) NOT-FOR-US: Data ONTAP CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose ...) @@ -31486,7 +31486,7 @@ CVE-2019-5480 (A path traversal vulnerability in <= v0.9.7 of statichttpserve CVE-2019-5479 (An unintended require vulnerability in <v0.5.5 larvitbase-api may a ...) TODO: check CVE-2019-5478 (A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ dev ...) - TODO: check + NOT-FOR-US: Encrypt Only boot mode in Zynq UltraScale+ devices CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and earlier allo ...) - rexical <unfixed> - ruby-nokogiri 1.10.4+dfsg1-1 (bug #934802) @@ -31889,9 +31889,9 @@ CVE-2019-5317 CVE-2019-5316 RESERVED CVE-2019-5315 (A command injection vulnerability is present in the web management int ...) - TODO: check + NOT-FOR-US: ArubaOS CVE-2019-5314 (Some web components in the ArubaOS software are vulnerable to HTTP Res ...) - TODO: check + NOT-FOR-US: ArubaOS CVE-2019-5313 RESERVED CVE-2019-5312 (An issue was discovered in weixin-java-tools v3.3.0. There is an XXE v ...) @@ -32379,7 +32379,7 @@ CVE-2019-5072 CVE-2019-5071 RESERVED CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthenticat ...) - TODO: check + NOT-FOR-US: eFront LMS CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...) NOT-FOR-US: Epignosis eFront LMS CVE-2019-5068 @@ -32446,9 +32446,9 @@ CVE-2019-5057 (An exploitable code execution vulnerability exists in the PCX ima CVE-2019-5056 RESERVED CVE-2019-5055 (An exploitable denial-of-service vulnerability exists in the Host Acce ...) - TODO: check + NOT-FOR-US: Netgear CVE-2019-5054 (An exploitable denial-of-service vulnerability exists in the session h ...) - TODO: check + NOT-FOR-US: Netgear CVE-2019-5053 RESERVED CVE-2019-5052 (An exploitable integer overflow vulnerability exists when loading a PC ...) @@ -34663,7 +34663,7 @@ CVE-2019-3977 CVE-2019-3976 RESERVED CVE-2019-3975 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows ...) - TODO: check + NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-3974 (Nessus 8.5.2 and earlier on Windows platforms were found to contain an ...) NOT-FOR-US: Nessus CVE-2019-3973 (Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Deni ...) @@ -35611,13 +35611,13 @@ CVE-2019-3648 CVE-2019-3647 RESERVED CVE-2019-3646 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...) - TODO: check + NOT-FOR-US: McAfee CVE-2019-3645 RESERVED CVE-2019-3644 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...) - TODO: check + NOT-FOR-US: McAfee CVE-2019-3643 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...) - TODO: check + NOT-FOR-US: McAfee CVE-2019-3642 RESERVED CVE-2019-3641 @@ -35627,7 +35627,7 @@ CVE-2019-3640 CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee Web Gate ...) NOT-FOR-US: McAfee CVE-2019-3638 (Reflected Cross Site Scripting vulnerability in Administrators web con ...) - TODO: check + NOT-FOR-US: McAfee CVE-2019-3637 (Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.20 ...) NOT-FOR-US: McAfee CVE-2019-3636 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5cba99b410ce9a1c1cfb4038efdcd57e5796d99a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5cba99b410ce9a1c1cfb4038efdcd57e5796d99a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits