Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5a583797 by Moritz Muehlenhoff at 2019-09-25T21:00:56Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10701,9 +10701,9 @@ CVE-2019-13530 (Philips IntelliVue WLAN, portable
patient monitors, WLAN Version
CVE-2019-13529
RESERVED
CVE-2019-13528 (A specific utility may allow an attacker to gain read access
to privil ...)
- TODO: check
+ NOT-FOR-US: Niagara
CVE-2019-13527 (In Rockwell Automation Arena Simulation Software Cat. 9502-Ax,
Version ...)
- TODO: check
+ NOT-FOR-US: Rockwell
CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to
4.6.0.0 ...)
NOT-FOR-US: Datalogic AV7000 Linear barcode scanner
CVE-2019-13525
@@ -10830,7 +10830,7 @@ CVE-2019-13476 (In CentOS-WebPanel.com (aka CWP) CentOS
Web Panel 0.9.8.837, XSS
CVE-2019-13475 (In MobaXterm 11.1, the mobaxterm: URI handler has an argument
injectio ...)
NOT-FOR-US: MobaXterm
CVE-2019-13474 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo,
Imperial i110 ...)
- TODO: check
+ NOT-FOR-US: TELESTAR
CVE-2019-13473 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo,
Imperial i110 ...)
NOT-FOR-US: TELESTAR
CVE-2019-13472 (PHPWind 9.1.0 has XSS vulnerabilities in the c and m
parameters of the ...)
@@ -10881,7 +10881,6 @@ CVE-2019-13456
NOTE:
https://github.com/FreeRADIUS/freeradius-server/commit/a99746c93b8b3ae3be367af0e46f0d6a9626f566
(master)
NOTE:
https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
(3.0.x)
NOTE: Issue seems to be treated as different issue than CVE-2019-11234
and CVE-2019-11235
- TODO: double check assessment and classification
CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow
vulnerability e ...)
{DLA-1898-1}
- xymon 4.3.29-1
@@ -11117,11 +11116,11 @@ CVE-2019-13359 (In CentOS-WebPanel.com (aka CWP)
CentOS Web Panel 0.9.8.836, a c
CVE-2019-13358 (lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that
allows ...)
NOT-FOR-US: OpenCats
CVE-2019-13357 (In Total Defense Anti-virus 9.0.0.773, resource acquisition
from the u ...)
- TODO: check
+ NOT-FOR-US: Total Defense Anti-virus
CVE-2019-13356 (In Total Defense Anti-virus 9.0.0.773, insecure access control
for the ...)
- TODO: check
+ NOT-FOR-US: Total Defense Anti-virus
CVE-2019-13355 (In Total Defense Anti-virus 9.0.0.773, insecure access control
for the ...)
- TODO: check
+ NOT-FOR-US: Total Defense Anti-virus
CVE-2019-13354 (The strong_password gem 0.0.7 for Ruby, as distributed on
RubyGems.org ...)
NOT-FOR-US: strong_password gem
CVE-2019-13353
@@ -11587,7 +11586,7 @@ CVE-2019-13193
CVE-2019-13192
RESERVED
CVE-2019-13191 (A SQL injection vulnerability in IntraMaps MapControl 8 allows
attacke ...)
- TODO: check
+ NOT-FOR-US: IntraMaps MapControl
CVE-2019-13190 (In Knowage through 6.1.1, the sign up page does not invalidate
a valid ...)
NOT-FOR-US: Knowage
CVE-2019-13189 (In Knowage through 6.1.1, there is XSS via the start_url or
user_id fi ...)
@@ -11595,7 +11594,7 @@ CVE-2019-13189 (In Knowage through 6.1.1, there is XSS
via the start_url or user
CVE-2019-13188 (In Knowage through 6.1.1, an unauthenticated user can bypass
access co ...)
NOT-FOR-US: Knowage
CVE-2019-13187 (The Rich Text Formatter (Redactor) extension through v1.1.1
for Sympho ...)
- TODO: check
+ NOT-FOR-US: Symphony CMS addon
CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in
mc-admin/post-edit.php via t ...)
NOT-FOR-US: MiniCMS
CVE-2019-13185
@@ -11720,7 +11719,7 @@ CVE-2019-13142 (The RzSurroundVADStreamingService
(RzSurroundVADStreamingService
CVE-2019-13141
RESERVED
CVE-2019-13140 (Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have
a JUCI ...)
- TODO: check
+ NOT-FOR-US: Inteno
CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of
supplying or m ...)
{DSA-4521-1}
[experimental] - docker.io 18.09.5+dfsg1-1
@@ -11973,7 +11972,7 @@ CVE-2019-13065
CVE-2019-13064
RESERVED
CVE-2019-13063 (Within Sahi Pro 8.0.0, an attacker can send a specially
crafted URL to ...)
- TODO: check
+ NOT-FOR-US: Sahi Pro
CVE-2019-13062
RESERVED
CVE-2019-13061
@@ -13131,7 +13130,7 @@ CVE-2019-12622 (A vulnerability in Cisco RoomOS
Software could allow an authenti
CVE-2019-12621 (A vulnerability in Cisco HyperFlex Software could allow an
unauthentic ...)
NOT-FOR-US: Cisco
CVE-2019-12620 (A vulnerability in the statistics collection service of Cisco
HyperFle ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12619
RESERVED
CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access
Control via t ...)
@@ -14139,7 +14138,7 @@ CVE-2019-12247 (** DISPUTED ** QEMU 3.0.0 has an
Integer Overflow because the qg
CVE-2019-12246
RESERVED
CVE-2019-12245 (SilverStripe through 4.3.3 has incorrect access control for
protected ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-12244
RESERVED
CVE-2019-12243 (Istio 1.1.x through 1.1.6 has Incorrect Access Control. ...)
@@ -14295,11 +14294,11 @@ CVE-2019-12207 (njs through 0.3.1, used in NGINX, has
a heap-based buffer over-r
CVE-2019-12206 (njs through 0.3.1, used in NGINX, has a heap-based buffer
overflow in ...)
NOT-FOR-US: njs
CVE-2019-12205 (SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS.
...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-12204 (In SilverStripe through 4.3.3, a missing warning about leaving
install ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-12203 (SilverStripe through 4.3.3 allows session fixation in the
"change pass ...)
- TODO: check
+ NOT-FOR-US: SilverStripe
CVE-2019-12202
RESERVED
CVE-2019-12201
@@ -14930,7 +14929,7 @@ CVE-2019-11926 (Insufficient boundary checks when
processing M_SOFx markers from
CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12
block mark ...)
- hhvm <removed>
CVE-2019-11924 (A peer could send empty handshake fragments containing only
padding wh ...)
- TODO: check
+ NOT-FOR-US: fizz
CVE-2019-11923
RESERVED
CVE-2019-11922 (A race condition in the one-pass compression functions of
Zstandard pr ...)
@@ -14986,7 +14985,7 @@ CVE-2019-11899 (An unauthenticated attacker can achieve
unauthorized access to s
CVE-2019-11898 (Unauthorized APE administration privileges can be achieved by
reverse ...)
NOT-FOR-US: Bosch Access Professional Edition
CVE-2019-11897 (A Server-Side Request Forgery (SSRF) vulnerability in the
backup & ...)
- TODO: check
+ NOT-FOR-US: proSyst
CVE-2019-11896 (A potential incorrect privilege assignment vulnerability
exists in the ...)
NOT-FOR-US: Bosch
CVE-2019-11895 (A potential improper access control vulnerability exists in
the JSON-R ...)
@@ -15269,15 +15268,15 @@ CVE-2019-11778 (If an MQTT v5 client connects to
Eclipse Mosquitto versions 1.6.
- mosquitto 1.6.6-1
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=551162
CVE-2019-11777 (In the Eclipse Paho Java client library version 1.2.0, when
connecting ...)
- TODO: check
+ NOT-FOR-US: Eclipse Paho Java client
CVE-2019-11776 (In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows
Reflecte ...)
NOT-FOR-US: Eclipse BIRT
CVE-2019-11775 (All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where
the loo ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2019-11774 (Prior to 0.1, all builds of Eclipse OMR contain a bug where
the loop v ...)
- TODO: check
+ NOT-FOR-US: Eclipe OMR
CVE-2019-11773 (Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs
which ma ...)
- TODO: check
+ NOT-FOR-US: Eclipe OMR
CVE-2019-11772 (In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int,
byte[], ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2019-11771 (AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused
RPATHs which ...)
@@ -16094,7 +16093,7 @@ CVE-2019-11561 (The Chuango 433 MHz burglar-alarm
product line is vulnerable to
CVE-2019-11560 (A buffer overflow vulnerability in the streaming server
provided by hi ...)
NOT-FOR-US: hisilicon
CVE-2019-11559 (A reflected Cross-site scripting (XSS) vulnerability in
HRworks V 1.16 ...)
- TODO: check
+ NOT-FOR-US: HRworks
CVE-2019-11558
RESERVED
CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for
WordPress ...)
@@ -16372,13 +16371,13 @@ CVE-2019-11469 (Zoho ManageEngine Applications
Manager 12 through 14 allows Faul
CVE-2019-11468
RESERVED
CVE-2019-11467 (An issue was discovered in Couchbase Server 4.6.3 and 5.5.0. A
JSON do ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11466 (An issue was discovered in Couchbase Server 5.5.0 and 6.0.0.
The Event ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11465 (An issue was discovered in Couchbase Server 5.5.x through
5.5.3 and 6. ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11464 (An issue was discovered in Couchbase Server 5.1.2 and 5.5.0.
The http ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11463 (A memory leak in archive_read_format_zip_cleanup in
archive_read_suppo ...)
- libarchive <not-affected> (Vulnerable code not present)
NOTE: Introduced in
https://github.com/libarchive/libarchive/commit/121035c83e18b70d3128e9ac966109ebedb7e516
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a583797b0cfe61bd742757340823f84be06ca7d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/5a583797b0cfe61bd742757340823f84be06ca7d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
