Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6fb94030 by Salvatore Bonaccorso at 2019-05-08T14:17:32Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2758,7 +2758,7 @@ CVE-2019-10714 (LocaleLowercase in MagickCore/locale.c in
ImageMagick before 7.0
CVE-2019-10713
RESERVED
CVE-2019-10712 (The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829,
750-831 ...)
- TODO: check
+ NOT-FOR-US: WAGO Series devices
CVE-2019-10711 (Incorrect access control in the RTSP stream and web portal on
all IP c ...)
NOT-FOR-US: IP cameras based on Hisilicon Hi3510 firmware
CVE-2019-10710 (Insecure permissions in the Web management portal on all IP
cameras ba ...)
@@ -3741,7 +3741,7 @@ CVE-2019-1003041 (A sandbox bypass vulnerability in
Jenkins Pipeline: Groovy Plu
CVE-2019-1003040 (A sandbox bypass vulnerability in Jenkins Script Security
Plugin 1.55 ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10249 (All Xtext & Xtend versions prior to 2.18.0 were built
using HTTP i ...)
- TODO: check
+ NOT-FOR-US: Eclipse Xtext & Xtend
CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build
artifacts fo ...)
NOT-FOR-US: Eclipse Vorto
CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26
and older, ...)
@@ -11097,7 +11097,7 @@ CVE-2018-20760 (In GPAC 0.7.1 and earlier,
gf_text_get_utf8_line in media_tools/
NOTE:
https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d
NOTE: https://github.com/gpac/gpac/issues/1177
CVE-2019-7541 (Rukovoditel through 2.4.1 allows XSS via a URL that lacks a
module=use ...)
- TODO: check
+ NOT-FOR-US: Rukovoditel
CVE-2019-7540
RESERVED
CVE-2019-7539 (A code injection issue was discovered in ipycache through
2016-05-31. ...)
@@ -16412,15 +16412,15 @@ CVE-2019-5436
CVE-2019-5435
RESERVED
CVE-2019-5434 (An attacker could send a specifically crafted payload to the
XML-RPC i ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2019-5433 (A user having access to the UI of a Revive Adserver instance
could be ...)
- TODO: check
+ NOT-FOR-US: Revive Adserver
CVE-2019-5432 (A specifically malformed MQTT Subscribe packet crashes MQTT
Brokers us ...)
TODO: check
CVE-2019-5431 (This vulnerability was caused by an incomplete fix to
CVE-2017-0911. T ...)
NOT-FOR-US: Twitter Kit for iOS
CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF
protection, i ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti Networks UniFi Video
CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an
attacke ...)
- filezilla <unfixed> (low; bug #928282)
[stretch] - filezilla <no-dsa> (Minor issue)
@@ -65705,9 +65705,9 @@ CVE-2017-18159 (In Android releases from CAF using the
linux kernel (Android for
CVE-2017-18158 (Possible buffer overflows and array out of bounds accesses in
Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18157 (A Use After Free Condition can occur in Thermal Engine in
Snapdragon A ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2017-18156 (While processing camera buffers in camera driver, a use after
free con ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2017-18155 (While playing HEVC content using HD DMB in Snapdragon
Automobile and S ...)
NOT-FOR-US: Snapdragon
CVE-2017-18154 (A crafted binder request can cause an arbitrary unmap in
MediaServer i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fb94030fa39fc2302dc541464a098b9393f8006
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6fb94030fa39fc2302dc541464a098b9393f8006
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
