Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 97d67f83 by Moritz Muehlenhoff at 2019-11-14T09:33:26Z NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -9,17 +9,17 @@ CVE-2019-18956 CVE-2019-18955 RESERVED CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data. A malici ...) - TODO: check + NOT-FOR-US: Pomelo CVE-2019-18953 RESERVED CVE-2019-18952 (SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary fil ...) - TODO: check + NOT-FOR-US: SibSoft Xfilesharing CVE-2019-18951 (SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directo ...) - TODO: check + NOT-FOR-US: SibSoft Xfilesharing CVE-2019-18950 RESERVED CVE-2019-18949 (SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaSc ...) - TODO: check + NOT-FOR-US: SnowHaze CVE-2019-18948 RESERVED CVE-2019-18947 @@ -71,7 +71,7 @@ CVE-2019-18925 (Systematic IRIS WebForms 5.4 and its functionalities can be acce CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By ...) NOT-FOR-US: Systematic IRIS WebForms CVE-2019-18923 (Insufficient content type validation of proxied resources in go-camo b ...) - TODO: check + NOT-FOR-US: go-camo CVE-2019-18922 RESERVED CVE-2019-18921 @@ -162,9 +162,9 @@ CVE-2019-18886 [Prevent user enumeration using switch user functionality] CVE-2019-18885 RESERVED CVE-2019-18884 (index.php/team_members/add_team_member in RISE Ultimate Project Manage ...) - TODO: check + NOT-FOR-US: RISE CVE-2019-18883 (XSS exists in Lavalite CMS 5.7 via the admin/profile name or designati ...) - TODO: check + NOT-FOR-US: Lavalite CMS CVE-2019-18882 (WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.ja ...) NOT-FOR-US: WSO2 IS CVE-2019-18881 (WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in t ...) @@ -217,7 +217,7 @@ CVE-2019-18859 CVE-2019-18858 RESERVED CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and data val ...) - TODO: check + NOT-FOR-US: darylldoyle svg-sanitizer CVE-2019-18856 (A Denial Of Service vulnerability exists in the SVG Sanitizer module t ...) NOT-FOR-US: SVG Sanitizer module for Drupal CVE-2019-18855 (A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG ...) @@ -247,7 +247,7 @@ CVE-2019-18846 CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 ...) NOT-FOR-US: Patriot Viper RGB CVE-2019-18844 (The Device Model in ACRN before 2019w25.5-140000p relies on assert cal ...) - TODO: check + NOT-FOR-US: ACRN CVE-2019-18843 RESERVED CVE-2019-18842 @@ -261,11 +261,11 @@ CVE-2019-18840 (In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks NOTE: https://github.com/wolfSSL/wolfssl/issues/2555 NOTE: https://github.com/wolfSSL/wolfssl/commit/52f28bd5149360f8e3bf8ca13d3fb9a77283df7c CVE-2019-18839 (FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. T ...) - TODO: check + NOT-FOR-US: FUDForum CVE-2019-18838 RESERVED CVE-2019-18837 (An issue was discovered in crun before 0.10.5. With a crafted image, i ...) - TODO: check + - crun <not-affected> (Fixed in initial upload) CVE-2019-18836 (Envoy 1.12.0 allows a remote denial of service because of resource loo ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...) @@ -391,7 +391,7 @@ CVE-2019-18795 CVE-2019-18794 RESERVED CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/inde ...) - TODO: check + NOT-FOR-US: Parallels Plesk Panel CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : ...) NOT-FOR-US: Progress Sitefinity CMS CVE-2019-18792 @@ -4008,7 +4008,7 @@ CVE-2019-18242 CVE-2019-18241 RESERVED CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer o ...) - TODO: check + NOT-FOR-US: Fuji CVE-2019-18239 RESERVED CVE-2019-18238 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/97d67f834285a7b8107aa1c400d4ae0b68aa6853 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/97d67f834285a7b8107aa1c400d4ae0b68aa6853 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits