Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aa50c9ac by Moritz Muehlenhoff at 2019-09-25T20:33:04Z
suricata fixed
exiv n/a
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1153,9 +1153,15 @@ CVE-2019-16413 (An issue was discovered in the Linux
kernel before 5.0.4. The 9p
CVE-2019-16412 (In goform/setSysTools on Tenda N301 wireless routers,
attackers can tr ...)
NOT-FOR-US: Tenda
CVE-2019-16411 (An issue was discovered in Suricata 4.1.4. By sending multiple
IPv4 pa ...)
- TODO: check
+ - suricata 1:4.1.5-1 (low)
+ [buster] - suricata <no-dsa> (Minor issue)
+ [stretch] - suricata <no-dsa> (Minor issue)
+ NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
CVE-2019-16410 (An issue was discovered in Suricata 4.1.4. By sending multiple
fragmen ...)
- TODO: check
+ - suricata 1:4.1.5-1 (low)
+ [buster] - suricata <no-dsa> (Minor issue)
+ [stretch] - suricata <no-dsa> (Minor issue)
+ NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
CVE-2019-16409
RESERVED
CVE-2019-16408
@@ -3199,7 +3205,10 @@ CVE-2019-15701 (components/Modals/HelpModal.jsx in
BloodHound 2.2.0 allows remot
CVE-2019-15700 (public/js/frappe/form/footer/timeline.js in Frappe Framework
12 throug ...)
NOT-FOR-US: Frappe Framework
CVE-2019-15699 (An issue was discovered in app-layer-ssl.c in Suricata 4.1.4.
Upon rec ...)
- TODO: check
+ - suricata 1:4.1.5-1 (low)
+ [buster] - suricata <no-dsa> (Minor issue)
+ [stretch] - suricata <no-dsa> (Minor issue)
+ NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/
CVE-2019-15698 (In Octopus Deploy 2019.7.3 through 2019.7.9, in certain
circumstances, ...)
NOT-FOR-US: Octopus Deploy
CVE-2019-15697
@@ -4274,7 +4283,7 @@ CVE-2019-15303
CVE-2019-15302 (The pad management logic in XWiki labs CryptPad before 3.0.0
allows a ...)
NOT-FOR-US: CryptPad
CVE-2019-15301 (A SQL injection vulnerability in the method
Terrasoft.Core.DB.Column.C ...)
- TODO: check
+ NOT-FOR-US: Terrasoft Bpm'online CRM-System SDK
CVE-2019-15300
RESERVED
CVE-2019-15299
@@ -4911,7 +4920,7 @@ CVE-2019-15087 (An issue was discovered in PRiSE adAS
1.7.0. An authenticated us
CVE-2019-15086 (An issue was discovered in PRiSE adAS 1.7.0. The newentityID
parameter ...)
NOT-FOR-US: PRiSE adAS
CVE-2019-15085 (An issue was discovered in PRiSE adAS 1.7.0. The current
database pass ...)
- TODO: check
+ NOT-FOR-US: PRiSE adAS
CVE-2019-15084 (Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell
laptops, insta ...)
NOT-FOR-US: Realtek
CVE-2019-15083
@@ -5341,7 +5350,9 @@ CVE-2019-14984 (eQ-3 Homematic CCU2 and CCU3 with the
XML-API through 1.2.0 AddO
CVE-2019-14983
RESERVED
CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow
vulnerability in ...)
- TODO: check
+ - exiv2 <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/Exiv2/exiv2/issues/960
+ NOTE:
https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62
CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41,
there is ...)
- imagemagick <unfixed>
[jessie] - imagemagick <postponed> (can be fixed along with more
important issues)
@@ -8068,9 +8079,9 @@ CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to
cause a denial of serv
CVE-2019-14240 (WCMS v0.3.2 has a CSRF vulnerability, with resultant directory
travers ...)
NOT-FOR-US: WCMS
CVE-2019-14239 (On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices,
Flash Acce ...)
- TODO: check
+ NOT-FOR-US: NXP Kinetis
CVE-2019-14238 (On STMicroelectronics STM32F7 devices, Proprietary Code Read
Out Prote ...)
- TODO: check
+ NOT-FOR-US: STMicroelectronics
CVE-2019-14237 (On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices,
Flash Acce ...)
NOT-FOR-US: NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices
CVE-2019-14236 (On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4,
STM32F7, and ...)
@@ -8124,7 +8135,7 @@ CVE-2019-14222 (An issue was discovered in Alfresco
Community Edition versions 6
CVE-2019-14221 (1CRM On-Premise Software 8.5.7 allows XSS via a payload that
is mishan ...)
NOT-FOR-US: 1CRM On-Premise Software
CVE-2019-14220 (An issue was discovered in BlueStacks 4.110 and below on macOS
and on ...)
- TODO: check
+ NOT-FOR-US: BlueStacks
CVE-2019-14219
RESERVED
CVE-2019-14218
@@ -10625,11 +10636,11 @@ CVE-2019-13560 (D-Link DIR-655 C devices before
3.02B05 BETA03 allow remote atta
CVE-2019-13559
RESERVED
CVE-2019-13558 (In WebAccess versions 8.4.1 and prior, an exploit executed
over the ne ...)
- TODO: check
+ NOT-FOR-US: WebAccess
CVE-2019-13557
RESERVED
CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based
buffer ove ...)
- TODO: check
+ NOT-FOR-US: WebAccess
CVE-2019-13555
RESERVED
CVE-2019-13554
@@ -10637,11 +10648,11 @@ CVE-2019-13554
CVE-2019-13553
RESERVED
CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command
injection vuln ...)
- TODO: check
+ NOT-FOR-US: WebAccess
CVE-2019-13551
RESERVED
CVE-2019-13550 (In WebAccess, versions 8.4.1 and prior, an improper
authorization vuln ...)
- TODO: check
+ NOT-FOR-US: WebAccess
CVE-2019-13549
RESERVED
CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows
an atta ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa50c9ac5701929dd3d00f9466769a2bbc02a74f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/aa50c9ac5701929dd3d00f9466769a2bbc02a74f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
