Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5a583797 by Moritz Muehlenhoff at 2019-09-25T21:00:56Z NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -10701,9 +10701,9 @@ CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version CVE-2019-13529 RESERVED CVE-2019-13528 (A specific utility may allow an attacker to gain read access to privil ...) - TODO: check + NOT-FOR-US: Niagara CVE-2019-13527 (In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Version ...) - TODO: check + NOT-FOR-US: Rockwell CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 ...) NOT-FOR-US: Datalogic AV7000 Linear barcode scanner CVE-2019-13525 @@ -10830,7 +10830,7 @@ CVE-2019-13476 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS CVE-2019-13475 (In MobaXterm 11.1, the mobaxterm: URI handler has an argument injectio ...) NOT-FOR-US: MobaXterm CVE-2019-13474 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110 ...) - TODO: check + NOT-FOR-US: TELESTAR CVE-2019-13473 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110 ...) NOT-FOR-US: TELESTAR CVE-2019-13472 (PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the ...) @@ -10881,7 +10881,6 @@ CVE-2019-13456 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/a99746c93b8b3ae3be367af0e46f0d6a9626f566 (master) NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586 (3.0.x) NOTE: Issue seems to be treated as different issue than CVE-2019-11234 and CVE-2019-11235 - TODO: double check assessment and classification CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...) {DLA-1898-1} - xymon 4.3.29-1 @@ -11117,11 +11116,11 @@ CVE-2019-13359 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a c CVE-2019-13358 (lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows ...) NOT-FOR-US: OpenCats CVE-2019-13357 (In Total Defense Anti-virus 9.0.0.773, resource acquisition from the u ...) - TODO: check + NOT-FOR-US: Total Defense Anti-virus CVE-2019-13356 (In Total Defense Anti-virus 9.0.0.773, insecure access control for the ...) - TODO: check + NOT-FOR-US: Total Defense Anti-virus CVE-2019-13355 (In Total Defense Anti-virus 9.0.0.773, insecure access control for the ...) - TODO: check + NOT-FOR-US: Total Defense Anti-virus CVE-2019-13354 (The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org ...) NOT-FOR-US: strong_password gem CVE-2019-13353 @@ -11587,7 +11586,7 @@ CVE-2019-13193 CVE-2019-13192 RESERVED CVE-2019-13191 (A SQL injection vulnerability in IntraMaps MapControl 8 allows attacke ...) - TODO: check + NOT-FOR-US: IntraMaps MapControl CVE-2019-13190 (In Knowage through 6.1.1, the sign up page does not invalidate a valid ...) NOT-FOR-US: Knowage CVE-2019-13189 (In Knowage through 6.1.1, there is XSS via the start_url or user_id fi ...) @@ -11595,7 +11594,7 @@ CVE-2019-13189 (In Knowage through 6.1.1, there is XSS via the start_url or user CVE-2019-13188 (In Knowage through 6.1.1, an unauthenticated user can bypass access co ...) NOT-FOR-US: Knowage CVE-2019-13187 (The Rich Text Formatter (Redactor) extension through v1.1.1 for Sympho ...) - TODO: check + NOT-FOR-US: Symphony CMS addon CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via t ...) NOT-FOR-US: MiniCMS CVE-2019-13185 @@ -11720,7 +11719,7 @@ CVE-2019-13142 (The RzSurroundVADStreamingService (RzSurroundVADStreamingService CVE-2019-13141 RESERVED CVE-2019-13140 (Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ...) - TODO: check + NOT-FOR-US: Inteno CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of supplying or m ...) {DSA-4521-1} [experimental] - docker.io 18.09.5+dfsg1-1 @@ -11973,7 +11972,7 @@ CVE-2019-13065 CVE-2019-13064 RESERVED CVE-2019-13063 (Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to ...) - TODO: check + NOT-FOR-US: Sahi Pro CVE-2019-13062 RESERVED CVE-2019-13061 @@ -13131,7 +13130,7 @@ CVE-2019-12622 (A vulnerability in Cisco RoomOS Software could allow an authenti CVE-2019-12621 (A vulnerability in Cisco HyperFlex Software could allow an unauthentic ...) NOT-FOR-US: Cisco CVE-2019-12620 (A vulnerability in the statistics collection service of Cisco HyperFle ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-12619 RESERVED CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via t ...) @@ -14139,7 +14138,7 @@ CVE-2019-12247 (** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qg CVE-2019-12246 RESERVED CVE-2019-12245 (SilverStripe through 4.3.3 has incorrect access control for protected ...) - TODO: check + NOT-FOR-US: SilverStripe CVE-2019-12244 RESERVED CVE-2019-12243 (Istio 1.1.x through 1.1.6 has Incorrect Access Control. ...) @@ -14295,11 +14294,11 @@ CVE-2019-12207 (njs through 0.3.1, used in NGINX, has a heap-based buffer over-r CVE-2019-12206 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...) NOT-FOR-US: njs CVE-2019-12205 (SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. ...) - TODO: check + NOT-FOR-US: SilverStripe CVE-2019-12204 (In SilverStripe through 4.3.3, a missing warning about leaving install ...) - TODO: check + NOT-FOR-US: SilverStripe CVE-2019-12203 (SilverStripe through 4.3.3 allows session fixation in the "change pass ...) - TODO: check + NOT-FOR-US: SilverStripe CVE-2019-12202 RESERVED CVE-2019-12201 @@ -14930,7 +14929,7 @@ CVE-2019-11926 (Insufficient boundary checks when processing M_SOFx markers from CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12 block mark ...) - hhvm <removed> CVE-2019-11924 (A peer could send empty handshake fragments containing only padding wh ...) - TODO: check + NOT-FOR-US: fizz CVE-2019-11923 RESERVED CVE-2019-11922 (A race condition in the one-pass compression functions of Zstandard pr ...) @@ -14986,7 +14985,7 @@ CVE-2019-11899 (An unauthenticated attacker can achieve unauthorized access to s CVE-2019-11898 (Unauthorized APE administration privileges can be achieved by reverse ...) NOT-FOR-US: Bosch Access Professional Edition CVE-2019-11897 (A Server-Side Request Forgery (SSRF) vulnerability in the backup & ...) - TODO: check + NOT-FOR-US: proSyst CVE-2019-11896 (A potential incorrect privilege assignment vulnerability exists in the ...) NOT-FOR-US: Bosch CVE-2019-11895 (A potential improper access control vulnerability exists in the JSON-R ...) @@ -15269,15 +15268,15 @@ CVE-2019-11778 (If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6. - mosquitto 1.6.6-1 NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=551162 CVE-2019-11777 (In the Eclipse Paho Java client library version 1.2.0, when connecting ...) - TODO: check + NOT-FOR-US: Eclipse Paho Java client CVE-2019-11776 (In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflecte ...) NOT-FOR-US: Eclipse BIRT CVE-2019-11775 (All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loo ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2019-11774 (Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop v ...) - TODO: check + NOT-FOR-US: Eclipe OMR CVE-2019-11773 (Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which ma ...) - TODO: check + NOT-FOR-US: Eclipe OMR CVE-2019-11772 (In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2019-11771 (AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which ...) @@ -16094,7 +16093,7 @@ CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable to CVE-2019-11560 (A buffer overflow vulnerability in the streaming server provided by hi ...) NOT-FOR-US: hisilicon CVE-2019-11559 (A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16 ...) - TODO: check + NOT-FOR-US: HRworks CVE-2019-11558 RESERVED CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress ...) @@ -16372,13 +16371,13 @@ CVE-2019-11469 (Zoho ManageEngine Applications Manager 12 through 14 allows Faul CVE-2019-11468 RESERVED CVE-2019-11467 (An issue was discovered in Couchbase Server 4.6.3 and 5.5.0. A JSON do ...) - TODO: check + NOT-FOR-US: Couchbase CVE-2019-11466 (An issue was discovered in Couchbase Server 5.5.0 and 6.0.0. The Event ...) - TODO: check + NOT-FOR-US: Couchbase CVE-2019-11465 (An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6. ...) - TODO: check + NOT-FOR-US: Couchbase CVE-2019-11464 (An issue was discovered in Couchbase Server 5.1.2 and 5.5.0. The http ...) - TODO: check + NOT-FOR-US: Couchbase CVE-2019-11463 (A memory leak in archive_read_format_zip_cleanup in archive_read_suppo ...) - libarchive <not-affected> (Vulnerable code not present) NOTE: Introduced in https://github.com/libarchive/libarchive/commit/121035c83e18b70d3128e9ac966109ebedb7e516 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a583797b0cfe61bd742757340823f84be06ca7d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a583797b0cfe61bd742757340823f84be06ca7d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits