Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d221b298 by Salvatore Bonaccorso at 2019-08-16T20:41:30Z
Process NFUs
- - - - -
1f42abc8 by Salvatore Bonaccorso at 2019-08-16T20:41:31Z
Add CVE-2017-14232/flif
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2019-15122
CVE-2019-15121
RESERVED
CVE-2019-15120 (The Kunena extension before 5.1.14 for Joomla! allows XSS via
BBCode. ...)
- TODO: check
+ NOT-FOR-US: Kunena extension for Joomla!
CVE-2019-15119 (lib/install/install.go in cnlh nps through 0.23.2 uses 0777
permission ...)
TODO: check
CVE-2019-15118 (check_input_term in sound/usb/mixer.c in the Linux kernel
through 5.2. ...)
@@ -61,7 +61,7 @@ CVE-2019-15093
CVE-2019-15092
RESERVED
CVE-2019-15091 (filemgr.php in Artica Integria IMS 5.0.86 allows
index.php?sec=wiki&am ...)
- TODO: check
+ NOT-FOR-US: Artica Integria IMS
CVE-2019-15089
RESERVED
CVE-2019-15088
@@ -741,7 +741,7 @@ CVE-2019-14925
CVE-2019-14924 (An issue was discovered in GCDWebServer before 3.5.3. The
method moveI ...)
NOT-FOR-US: GCDWebServer
CVE-2019-14923 (EyesOfNetwork 5.1 allows Remote Command Execution via shell
metacharac ...)
- TODO: check
+ NOT-FOR-US: EyesOfNetwork (EON)
CVE-2019-14922
RESERVED
CVE-2019-14921
@@ -20844,7 +20844,7 @@ CVE-2019-8065
CVE-2019-8064
RESERVED
CVE-2019-8063 (Creative Cloud Desktop Application 4.6.1 and earlier versions
have an ...)
- TODO: check
+ NOT-FOR-US: Creative Cloud Desktop Application
CVE-2019-8062 (Adobe After Effects versions 16 and earlier have an insecure
library l ...)
NOT-FOR-US: Adobe
CVE-2019-8061
@@ -21042,7 +21042,7 @@ CVE-2019-7966
CVE-2019-7965
RESERVED
CVE-2019-7964 (Adobe Experience Manager versions 6.5, and 6.4 have an
authentication ...)
- TODO: check
+ NOT-FOR-US: Adobe Experience Manager
CVE-2019-7963 (Adobe Bridge CC version 9.0.2 and earlier versions have an out
of boun ...)
NOT-FOR-US: Adobe Bridge CC
CVE-2019-7962
@@ -21052,11 +21052,11 @@ CVE-2019-7961 (Adobe Prelude CC versions 8.1 and
earlier have an insecure librar
CVE-2019-7960
RESERVED
CVE-2019-7959 (Creative Cloud Desktop Application versions 4.6.1 and earlier
have a u ...)
- TODO: check
+ NOT-FOR-US: Creative Cloud Desktop Application
CVE-2019-7958 (Creative Cloud Desktop Application versions 4.6.1 and earlier
have an ...)
- TODO: check
+ NOT-FOR-US: Creative Cloud Desktop Application
CVE-2019-7957 (Creative Cloud Desktop Application versions 4.6.1 and earlier
have a s ...)
- TODO: check
+ NOT-FOR-US: Creative Cloud Desktop Application
CVE-2019-7956 (Adobe Dreamweaver direct download installer versions 19.0 and
below, 1 ...)
NOT-FOR-US: Adobe
CVE-2019-7955 (Adobe Experience Manager version 6.4 and ealier have a
Reflected Cross ...)
@@ -39871,15 +39871,15 @@ CVE-2019-1228 (An information disclosure
vulnerability exists when the Windows k
CVE-2019-1227 (An information disclosure vulnerability exists when the Windows
kernel ...)
NOT-FOR-US: Microsoft
CVE-2019-1226 (A remote code execution vulnerability exists in Remote Desktop
Service ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1225 (An information disclosure vulnerability exists when the Windows
RDP se ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1224 (An information disclosure vulnerability exists when the Windows
RDP se ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1223 (A denial of service vulnerability exists in Remote Desktop
Protocol (R ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1222 (A remote code execution vulnerability exists in Remote Desktop
Service ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1221
RESERVED
CVE-2019-1220
@@ -39957,11 +39957,11 @@ CVE-2019-1185 (An elevation of privilege
vulnerability exists due to a stack cor
CVE-2019-1184 (An elevation of privilege vulnerability exists when Windows
Core Shell ...)
NOT-FOR-US: Microsoft
CVE-2019-1183 (A remote code execution vulnerability exists in the way that
the VBScr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1182 (A remote code execution vulnerability exists in Remote Desktop
Service ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1181 (A remote code execution vulnerability exists in Remote Desktop
Service ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1180 (An elevation of privilege vulnerability exists in the way that
the wcm ...)
NOT-FOR-US: Microsoft
CVE-2019-1179 (An elevation of privilege vulnerability exists in the way that
the uni ...)
@@ -40001,7 +40001,7 @@ CVE-2019-1163 (A security feature bypass exists when
Windows incorrectly validat
CVE-2019-1162 (An elevation of privilege vulnerability exists when Windows
improperly ...)
NOT-FOR-US: Microsoft
CVE-2019-1161 (An elevation of privilege vulnerability exists when the
MpSigStub.exe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1160
RESERVED
CVE-2019-1159 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
@@ -40009,11 +40009,11 @@ CVE-2019-1159 (An elevation of privilege
vulnerability exists when the Windows k
CVE-2019-1158 (An information disclosure vulnerability exists when the Windows
GDI co ...)
NOT-FOR-US: Microsoft
CVE-2019-1157 (A remote code execution vulnerability exists when the Windows
Jet Data ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1156 (A remote code execution vulnerability exists when the Windows
Jet Data ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1155 (A remote code execution vulnerability exists when the Windows
Jet Data ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1154 (An information disclosure vulnerability exists when the Windows
GDI co ...)
NOT-FOR-US: Microsoft
CVE-2019-1153 (An information disclosure vulnerability exists when the
Microsoft Wind ...)
@@ -47157,7 +47157,7 @@ CVE-2018-17792 (MDaemon Webmail (formerly WorldClient)
has CSRF. ...)
CVE-2018-17791
RESERVED
CVE-2018-17790 (Prospecta Master Data Online (MDO) 2.0 has Stored XSS. ...)
- TODO: check
+ NOT-FOR-US: Prospecta Master Data Online (MDO)
CVE-2018-17789
RESERVED
CVE-2018-17788
@@ -55034,15 +55034,15 @@ CVE-2018-14674
CVE-2018-14673
RESERVED
CVE-2018-14672 (In ClickHouse before 18.12.13, functions for loading CatBoost
models a ...)
- TODO: check
+ NOT-FOR-US: ClickHouse
CVE-2018-14671 (In ClickHouse before 18.10.3, unixODBC allowed loading
arbitrary share ...)
- TODO: check
+ NOT-FOR-US: ClickHouse
CVE-2018-14670 (Incorrect configuration in deb package in ClickHouse before
1.1.54131 ...)
- TODO: check
+ NOT-FOR-US: ClickHouse
CVE-2018-14669 (ClickHouse MySQL client before versions 1.1.54390 had "LOAD
DATA LOCAL ...)
- TODO: check
+ NOT-FOR-US: ClickHouse
CVE-2018-14668 (In ClickHouse before 1.1.54388, "remote" table function
allowed arbitr ...)
- TODO: check
+ NOT-FOR-US: ClickHouse
CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before
0.7alpha. ...)
{DSA-4260-1 DLA-1460-1}
- libmspack 0.7-1 (bug #904802)
@@ -57065,7 +57065,7 @@ CVE-2018-14010 (OS command injection in the guest Wi-Fi
settings feature in /cgi
CVE-2018-14009 (Codiad through 2.8.4 allows Remote Code Execution, a different
vulnera ...)
NOT-FOR-US: Codiad
CVE-2018-14008 (Arista EOS through 4.21.0F allows a crash because 802.1x
authenticatio ...)
- TODO: check
+ NOT-FOR-US: Arista EOS
CVE-2018-14007 (Citrix XenServer 7.1 and newer allows Directory Traversal. ...)
NOT-FOR-US: xapi
CVE-2018-14006 (An integer overflow vulnerability exists in the function
multipleTrans ...)
@@ -61360,7 +61360,7 @@ CVE-2018-12423 (In Synapse before 0.31.2, unauthorised
users can hijack rooms wh
- matrix-synapse 0.31.2+dfsg-1 (bug #901549)
NOTE: https://github.com/matrix-org/synapse/pull/3397
CVE-2018-12357 (Arista CloudVision Portal through 2018.1.1 has Incorrect
Permissions. ...)
- TODO: check
+ NOT-FOR-US: Arista CloudVision Portal
CVE-2018-12356 (An issue was discovered in password-store.sh in pass in Simple
Passwor ...)
- password-store 1.7.2-1 (bug #901574)
[stretch] - password-store <not-affected> (Signature verification
support added in 1.7)
@@ -62011,7 +62011,7 @@ CVE-2018-12103 (An issue was discovered on D-Link
DIR-890L with firmware 1.21B02
CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function
md_process_l ...)
NOT-FOR-US: md4c
CVE-2018-12101 (CMS Clipper 1.3.3 has XSS in the Security tab search, User
Groups, Res ...)
- TODO: check
+ NOT-FOR-US: CMS Clipper
CVE-2018-12100 (Sonatype Nexus Repository Manager versions 3.x before 3.12.0
has XSS i ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-12099 (Grafana before 5.2.0-beta1 has XSS vulnerabilities in
dashboard links. ...)
@@ -105753,7 +105753,7 @@ CVE-2017-14234
CVE-2017-14233
RESERVED
CVE-2017-14232 (The read_chunk function in flif-dec.cpp in Free Lossless Image
Format ...)
- TODO: check
+ - flif <removed>
CVE-2017-14231 (GeniXCMS before 1.1.0 allows remote attackers to cause a
denial of ser ...)
NOT-FOR-US: GenixCMS
CVE-2017-14230 (In the mboxlist_do_find function in imap/mboxlist.c in Cyrus
IMAP befo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/cec7b22393408110f6673e65fc5507b33410a364...1f42abc83e02ac8ca0e9c15b8f9fe6676811bc8c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/cec7b22393408110f6673e65fc5507b33410a364...1f42abc83e02ac8ca0e9c15b8f9fe6676811bc8c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
