Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8faf8e23 by Salvatore Bonaccorso at 2019-11-26T20:34:40Z Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -396,7 +396,7 @@ CVE-2019-19131 CVE-2019-19130 RESERVED CVE-2019-19129 (Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11 ...) - TODO: check + NOT-FOR-US: Afterlogic CVE-2019-19128 RESERVED CVE-2019-19127 @@ -7878,7 +7878,7 @@ CVE-2019-17394 (In the Seesaw Parent and Family application 6.2.5 for Android, t CVE-2019-17393 (The Customer's Tomedo Server in Version 1.7.3 communicates to the Vend ...) NOT-FOR-US: Tomedo Server CVE-2019-17392 (Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a ...) - TODO: check + NOT-FOR-US: Progress Sitefinity CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-0 ...) NOT-FOR-US: Espressif ESP32 CVE-2019-17390 @@ -10291,11 +10291,11 @@ CVE-2019-16390 CVE-2019-16389 RESERVED CVE-2019-16388 (PEGA Platform 8.3.0 is vulnerable to Information disclosure via a dire ...) - TODO: check + NOT-FOR-US: PEGA Platform CVE-2019-16387 (PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/! ...) - TODO: check + NOT-FOR-US: PEGA Platform CVE-2019-16386 (PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via ...) - TODO: check + NOT-FOR-US: PEGA Platform CVE-2019-16385 RESERVED CVE-2019-16384 @@ -10833,11 +10833,11 @@ CVE-2019-16245 CVE-2019-16244 RESERVED CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocument ...) - TODO: check + NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineerin ...) - TODO: check + NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices CVE-2019-16241 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can ...) - TODO: check + NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices CVE-2019-16240 RESERVED CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer Overflow ...) @@ -12415,13 +12415,13 @@ CVE-2019-15690 CVE-2019-15689 RESERVED CVE-2019-15688 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) - TODO: check + NOT-FOR-US: Kaspersky CVE-2019-15687 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) - TODO: check + NOT-FOR-US: Kaspersky CVE-2019-15686 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) - TODO: check + NOT-FOR-US: Kaspersky CVE-2019-15685 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) - TODO: check + NOT-FOR-US: Kaspersky CVE-2019-15684 (Kaspersky Protection extension for web browser Google Chrome prior to ...) NOT-FOR-US: Kaspersky Protection extension for web browser Google Chrome CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerability in c ...) @@ -16841,7 +16841,7 @@ CVE-2019-14451 (RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not CVE-2019-14450 (A directory traversal vulnerability was discovered in RepetierServer.e ...) NOT-FOR-US: Repetier-Server CVE-2019-14449 (An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x b ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2019-14448 RESERVED CVE-2019-14447 @@ -22970,7 +22970,7 @@ CVE-2019-12491 (OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacke CVE-2019-12490 RESERVED CVE-2019-12489 (An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Aske ...) - TODO: check + NOT-FOR-US: Fastweb Askey RTV1907VW devices CVE-2019-12488 RESERVED CVE-2019-12487 @@ -38251,7 +38251,7 @@ CVE-2018-20751 (An issue was discovered in crop_page in PoDoFo 0.9.6. For a craf NOTE: https://sourceforge.net/p/podofo/tickets/33/ NOTE: https://sourceforge.net/p/podofo/code/1954 CVE-2019-7319 (An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When usin ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2019-7318 RESERVED CVE-2019-7317 (png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...) @@ -39792,7 +39792,7 @@ CVE-2019-6677 CVE-2019-6676 RESERVED CVE-2019-6675 (BIG-IP configurations using Active Directory, LDAP, or Client Certific ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2019-6674 RESERVED CVE-2019-6673 @@ -51759,7 +51759,7 @@ CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is vulnerable to a director CVE-2018-20091 (An SQL injection vulnerability was found in Cloudera Data Science Work ...) NOT-FOR-US: Cloudera Data Science Workbench CVE-2018-20090 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4. ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2018-20089 RESERVED CVE-2018-20088 @@ -62723,7 +62723,7 @@ CVE-2018-17862 CVE-2018-17861 RESERVED CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be revoked.Th ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks in ...) NOT-FOR-US: Joomla! CVE-2018-17858 (An issue was discovered in Joomla! before 3.8.13. com_installer action ...) @@ -142644,7 +142644,7 @@ CVE-2016-1000348 CVE-2016-1000268 REJECTED CVE-2017-7399 (Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x be ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2017-7398 (D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request For ...) NOT-FOR-US: D-Link CVE-2017-7397 (** DISPUTED ** BackBox Linux 4.6 allows remote attackers to cause a de ...) @@ -164284,7 +164284,7 @@ CVE-2016-9274 (Untrusted search path vulnerability in Git 1.x for Windows allows CVE-2016-9272 (A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, wit ...) NOT-FOR-US: Exponent CMS CVE-2016-9271 (Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x bef ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2016-9270 RESERVED CVE-2016-9269 (Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches i ...) @@ -173532,7 +173532,7 @@ CVE-2016-6356 (A vulnerability in the email message filtering feature of Cisco A CVE-2016-6355 (Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, ...) NOT-FOR-US: Cisco CVE-2016-6353 (Cloudera Search in CDH before 5.7.0 allows unauthorized document acces ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote attackers to co ...) - resteasy <unfixed> (low; bug #837170) [jessie] - resteasy <no-dsa> (Minor issue) @@ -175825,7 +175825,7 @@ CVE-2016-5725 (Directory traversal vulnerability in JCraft JSch before 0.1.54 on [jessie] - jsch <no-dsa> (Minor issue) NOTE: https://sourceforge.net/p/jsch/mailman/message/35318093/ CVE-2016-5724 (Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagn ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local users to ...) NOT-FOR-US: Huawei CVE-2016-5722 (Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3 ...) @@ -180001,7 +180001,7 @@ CVE-2016-4579 (Libksba before 1.3.4 allows remote attackers to cause a denial of [jessie] - libksba 1.3.2-1+deb8u1 NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64 CVE-2016-4572 (In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2016-4574 (Off-by-one error in the append_utf8_value function in the DN decoder ( ...) - libksba 1.3.4-3 [jessie] - libksba <not-affected> (Incomplete fix not applied) @@ -183905,7 +183905,7 @@ CVE-2016-3194 (Cross-site scripting (XSS) vulnerability in the address added pag CVE-2016-3193 (Cross-site scripting (XSS) vulnerability in the appliance web-applicat ...) NOT-FOR-US: Fortinet CVE-2016-3192 (Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext R ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c ...) - cairo 1.14.2-2 [jessie] - cairo 1.14.0-2.1+deb8u1 @@ -184044,7 +184044,7 @@ CVE-2016-3132 (Double free vulnerability in the SplDoublyLinkedList::offsetSet f NOTE: https://bugs.php.net/bug.php?id=71735 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5 CVE-2016-3131 (Cloudera CDH before 5.6.1 allows authorization bypass via direct inter ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2016-3130 (An information disclosure vulnerability in the Core and Management Con ...) NOT-FOR-US: BlackBerry CVE-2016-3129 (A remote shell execution vulnerability in the BlackBerry Good Enterpri ...) @@ -196881,7 +196881,7 @@ CVE-2015-7833 (The usbvision driver in the Linux kernel package 3.10.0-123.20.1. CVE-2015-7832 RESERVED CVE-2015-7831 (In Cloudera Hue, there is privilege escalation by a read-only user whe ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2015-7829 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...) NOT-FOR-US: Adobe CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require authentication ...) @@ -200672,7 +200672,7 @@ CVE-2015-6498 (Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4. CVE-2015-6497 RESERVED CVE-2015-6495 (There is Sensitive Information in Cloudera Manager before 5.4.6 Diagno ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2015-6494 (Cross-site scripting (XSS) vulnerability in Infinite Automation Mango ...) NOT-FOR-US: Infinite Automation Mango Automation CVE-2015-6493 (Cross-site request forgery (CSRF) vulnerability in Infinite Automation ...) @@ -206369,7 +206369,7 @@ CVE-2015-2967 (Cross-site scripting (XSS) vulnerability in settings.php in Cacti NOTE: http://jvn.jp/en/jp/JVN78187936/ NOTE: Fixed upstream in 0.8.8d CVE-2015-4457 (Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Ma ...) - TODO: check + NOT-FOR-US: Cloudera CVE-2015-4456 (ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::igno ...) {DSA-3363-1} - owncloud-client 1.8.4+dfsg-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8faf8e23805151f8719b25cf18135165140ada7e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8faf8e23805151f8719b25cf18135165140ada7e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits