Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1da36d89 by Salvatore Bonaccorso at 2019-12-11T20:55:48Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1398,9 +1398,9 @@ CVE-2019-19652 CVE-2019-19651 RESERVED CVE-2019-19650 (Zoho ManageEngine Applications Manager before 13640 allows a remote au ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2019-19649 (Zoho ManageEngine Applications Manager before 13620 allows a remote un ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, ...) - yara <unfixed> NOTE: https://github.com/VirusTotal/yara/issues/1178 @@ -3535,7 +3535,7 @@ CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a configuration where SSL CVE-2019-19374 RESERVED CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5. ...) - TODO: check + NOT-FOR-US: Squiz Matrix CMS CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal vulnera ...) NOT-FOR-US: rConfig CVE-2019-19371 @@ -4780,7 +4780,7 @@ CVE-2019-18962 CVE-2019-18961 RESERVED CVE-2019-18960 (AWS Firecracker through v0.19.0 has a Buffer Overflow. ...) - TODO: check + NOT-FOR-US: AWS Firecracker CVE-2019-18959 RESERVED CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the directory where ...) @@ -4830,7 +4830,7 @@ CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Par CVE-2019-18936 RESERVED CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .N ...) - TODO: check + NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...) - unbound <unfixed> (unimportant) [stretch] - unbound <not-affected> (ipsecmod module introduced later) @@ -8539,11 +8539,11 @@ CVE-2019-18381 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to CVE-2019-18380 (Symantec Industrial Control System Protection (ICSP), versions 6.x.x, ...) NOT-FOR-US: Symantec CVE-2019-18379 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a s ...) - TODO: check + NOT-FOR-US: Symantec CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a c ...) - TODO: check + NOT-FOR-US: Symantec CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a p ...) - TODO: check + NOT-FOR-US: Symantec CVE-2019-18376 RESERVED CVE-2019-18375 @@ -12185,7 +12185,7 @@ CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are s CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...) NOT-FOR-US: vBulletin CVE-2019-17270 (Yachtcontrol through 2019-10-06: It's possible to perform direct Opera ...) - TODO: check + NOT-FOR-US: Yachtcontrol CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to execute arbitr ...) NOT-FOR-US: Intellian Remote Access CVE-2019-17268 @@ -18682,11 +18682,11 @@ CVE-2019-15011 CVE-2019-15010 RESERVED CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and ...) - TODO: check + NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2019-15008 (The /plugins/servlet/branchreview resource in Atlassian Fisheye and Cr ...) - TODO: check + NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2019-15007 (The review resource in Atlassian Fisheye and Crucible before version 4 ...) - TODO: check + NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2019-15006 RESERVED CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior to versio ...) @@ -21624,7 +21624,7 @@ CVE-2019-14253 (An issue was discovered in servletcontroller in the secure porta CVE-2019-14252 (An issue was discovered in the secure portal in Publisure 2.1.2. Once ...) NOT-FOR-US: Publisure CVE-2019-14251 (An issue was discovered in T24 in TEMENOS Channels R15.01. The login p ...) - TODO: check + NOT-FOR-US: T24 in TEMENOS Channels R15.01 CVE-2019-14250 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...) - binutils 2.33-1 (unimportant) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924 @@ -59291,71 +59291,71 @@ CVE-2019-1492 CVE-2019-1491 RESERVED CVE-2019-1490 (A spoofing vulnerability exists when a Skype for Business Server does ...) - TODO: check + NOT-FOR-US: Skype CVE-2019-1489 (An information disclosure vulnerability exists when the Windows Remote ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1488 (A security feature bypass vulnerability exists when Microsoft Defender ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1487 (An information disclosure vulnerability in Android Apps using Microsof ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1486 (A spoofing vulnerability exists in Visual Studio Live Share when a gue ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1485 (A remote code execution vulnerability exists in the way that the VBScr ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1484 (A remote code execution vulnerability exists when Microsoft Windows OL ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1483 (An elevation of privilege vulnerability exists when the Windows AppX D ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1482 RESERVED CVE-2019-1481 (An information disclosure vulnerability exists in Windows Media Player ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1480 (An information disclosure vulnerability exists in Windows Media Player ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1479 RESERVED CVE-2019-1478 (An elevation of privilege vulnerability exists when Windows improperly ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1477 (An elevation of privilege vulnerability exists when the Windows Printe ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1476 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1475 RESERVED CVE-2019-1474 (An information disclosure vulnerability exists when the Windows kernel ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1473 RESERVED CVE-2019-1472 (An information disclosure vulnerability exists when the Windows kernel ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1471 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1470 (An information disclosure vulnerability exists when Windows Hyper-V on ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1469 (An information disclosure vulnerability exists when the win32k compone ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1468 (A remote code execution vulnerability exists when the Windows font lib ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1467 (An information disclosure vulnerability exists when the Windows GDI co ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1466 (An information disclosure vulnerability exists when the Windows GDI co ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1465 (An information disclosure vulnerability exists when the Windows GDI co ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1464 (An information disclosure vulnerability exists when Microsoft Excel im ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1463 (An information disclosure vulnerability exists in Microsoft Access sof ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1462 (A remote code execution vulnerability exists in Microsoft PowerPoint s ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1461 (A denial of service vulnerability exists in Microsoft Word software wh ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1460 RESERVED CVE-2019-1459 RESERVED CVE-2019-1458 (An elevation of privilege vulnerability exists in Windows when the Win ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1457 (A security feature bypass vulnerability exists in Microsoft Office sof ...) NOT-FOR-US: Microsoft CVE-2019-1456 (A remote code execution vulnerability exists in Microsoft Windows when ...) @@ -59365,7 +59365,7 @@ CVE-2019-1455 CVE-2019-1454 RESERVED CVE-2019-1453 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1452 RESERVED CVE-2019-1451 @@ -59471,7 +59471,7 @@ CVE-2019-1402 (An information disclosure vulnerability exists in Microsoft Offic CVE-2019-1401 RESERVED CVE-2019-1400 (An information disclosure vulnerability exists in Microsoft Access sof ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1399 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2019-1398 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) @@ -59631,7 +59631,7 @@ CVE-2019-1334 (An information disclosure vulnerability exists when the Windows k CVE-2019-1333 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2019-1332 (A cross-site scripting (XSS) vulnerability exists when Microsoft SQL S ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2019-1331 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2019-1330 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...) @@ -200954,7 +200954,7 @@ CVE-2015-7894 (The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V CVE-2015-7893 (SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, ...) NOT-FOR-US: Samsung CVE-2015-7892 (Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in ...) - TODO: check + NOT-FOR-US: Samsung CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung Graphics 2D ...) NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android CVE-2015-7890 @@ -258888,7 +258888,7 @@ CVE-2013-3693 (The BlackBerry Universal Device Service in BlackBerry Enterprise CVE-2013-3692 (BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses ...) NOT-FOR-US: Blackberry OS CVE-2013-3691 (AirLive POE-2600HD allows remote attackers to cause a denial of servic ...) - TODO: check + NOT-FOR-US: AirLive POE-2600HD CVE-2013-3690 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi i ...) NOT-FOR-US: Brickcom CVE-2013-3689 (Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, ...) @@ -259264,7 +259264,7 @@ CVE-2013-3544 CVE-2013-3543 (The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) ...) NOT-FOR-US: AXIS Media Control CVE-2013-3542 (Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV ...) - TODO: check + NOT-FOR-US: Grandstream CVE-2013-3541 (Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive ...) NOT-FOR-US: AirLive CVE-2013-3540 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1da36d89f82cf319c2ccd8a29e80fd57afa1c58b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1da36d89f82cf319c2ccd8a29e80fd57afa1c58b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits