Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2d6e2b85 by Moritz Muehlenhoff at 2019-09-25T21:34:21Z
new node-set-value issue
new libav issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16252,11 +16252,11 @@ CVE-2019-11498 (WavpackSetConfiguration64 in
pack_utils.c in libwavpack.a in Wav
NOTE: https://github.com/dbry/WavPack/issues/67
NOTE:
https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4
CVE-2019-11497 (An issue was discovered in Couchbase Server 5.0.0. When
creating a new ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11496 (An issue was discovered in Couchbase Server 5.0.0. Editing
bucket sett ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11495 (Couchbase Server 5.1.1 generates insufficiently random
numbers. The pr ...)
- TODO: check
+ NOT-FOR-US: Couchbase
CVE-2019-11494 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the
submission-lo ...)
- dovecot 1:2.3.4.1-5 (bug #928235)
[stretch] - dovecot <not-affected> (Vulnerable code not present,
introduced in 2.3)
@@ -16310,7 +16310,7 @@ CVE-2019-11477 (Jonathan Looney discovered that the
TCP_SKB_CB(skb)->tcp_gso_
{DSA-4465-1 DLA-1824-1 DLA-1823-1}
- linux 4.19.37-4
CVE-2019-11476 (An integer overflow in whoopsie before versions
0.2.52.5ubuntu0.1, 0.2 ...)
- TODO: check
+ NOT-FOR-US: whoopsie
CVE-2019-11475
RESERVED
CVE-2019-11474 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to
cause a deni ...)
@@ -16412,7 +16412,7 @@ CVE-2019-11458 (An issue was discovered in
SmtpTransport in CakePHP 3.7.6. An un
NOTE:
https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e
NOTE: https://github.com/cakephp/cakephp/pull/13153
CVE-2019-11457 (Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1
via /chang ...)
- TODO: check
+ NOT-FOR-US: MicroPyramid Django CRM
CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary
PHP code. ...)
NOT-FOR-US: Gila CMS
CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash
Monit bef ...)
@@ -16628,9 +16628,9 @@ CVE-2019-11368 (Stored XSS was discovered in AUO Solar
Data Recorder before 1.3.
CVE-2019-11367 (An issue was discovered in AUO Solar Data Recorder before
1.3.0. The w ...)
NOT-FOR-US: AUO Solar Data Recorder
CVE-2019-11364 (An OS Command Injection vulnerability in Snare Central before
7.4.5 al ...)
- TODO: check
+ NOT-FOR-US: Snare Central
CVE-2019-11363 (A SQL injection vulnerability in Snare Central before 7.4.5
allows rem ...)
- TODO: check
+ NOT-FOR-US: Snare Central
CVE-2019-11362 (app/controllers/frontend/PostController.php in ROCBOSS V2.2.1
has SQL ...)
NOT-FOR-US: ROCBOSS
CVE-2019-11361
@@ -16735,9 +16735,9 @@ CVE-2019-11328 (An issue was discovered in Singularity
3.1.0 to 3.2.0-rc2, a mal
- singularity-container <not-affected> (No released Debian version
contains the issue, cf bug #929042)
NOTE: https://www.openwall.com/lists/oss-security/2019/05/16/1
CVE-2019-11327 (An issue was discovered on Topcon Positioning Net-G5 GNSS
Receiver dev ...)
- TODO: check
+ NOT-FOR-US: Topcon Positioning Net-G5 GNSS Receiver
CVE-2019-11326 (An issue was discovered on Topcon Positioning Net-G5 GNSS
Receiver dev ...)
- TODO: check
+ NOT-FOR-US: Topcon Positioning Net-G5 GNSS Receiver
CVE-2019-11325
RESERVED
CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys,
which trig ...)
@@ -16834,15 +16834,15 @@ CVE-2019-11282
CVE-2019-11281
RESERVED
CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service
versions ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2019-11279
RESERVED
CVE-2019-11278
RESERVED
CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to
1.7.11 and 2 ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service
versions ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2019-11275
RESERVED
CVE-2019-11274 (Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to
an XSS a ...)
@@ -17021,11 +17021,11 @@ CVE-2019-11213 (In Pulse Secure Pulse Desktop Client
and Network Connect, an att
CVE-2019-11212
RESERVED
CVE-2019-11211 (The server component of TIBCO Software Inc.'s TIBCO Enterprise
Runtime ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-11210 (The server component of TIBCO Software Inc.'s TIBCO Enterprise
Runtime ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-11209 (The realm configuration component of TIBCO Software Inc.'s
TIBCO FTL C ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-11208 (The authorization component of TIBCO Software Inc.'s TIBCO API
Exchang ...)
NOT-FOR-US: TIBCO
CVE-2019-11207 (The web server component of TIBCO Software Inc.'s TIBCO
LogLogic Enter ...)
@@ -17121,7 +17121,7 @@ CVE-2019-11168
CVE-2019-11167
RESERVED
CVE-2019-11166 (Improper file permissions in the installer for Intel(R) Easy
Streaming ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-11165
RESERVED
CVE-2019-11164
@@ -17545,7 +17545,7 @@ CVE-2019-11015 (A vulnerability was found in the MIUI
OS version 10.1.3.0 that a
CVE-2019-11014 (The VStarCam vstc.vscam.client library and vstc.vscam shared
object, a ...)
NOT-FOR-US: VStarCam
CVE-2019-11013 (Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory
traversal ...)
- TODO: check
+ NOT-FOR-US: Nimble Streamer
CVE-2019-11012
RESERVED
CVE-2019-11011 (Akamai CloudTest before 58.30 allows remote code execution.
...)
@@ -17599,7 +17599,7 @@ CVE-2019-10998 (An issue was discovered on Phoenix
Contact AXC F 2152 (No.240426
CVE-2019-10997 (An issue was discovered on Phoenix Contact AXC F 2152
(No.2404267) bef ...)
NOT-FOR-US: Phoenix Contact
CVE-2019-10996 (Red Lion Controls Crimson, version 3.0 and prior and version
3.1 prior ...)
- TODO: check
+ NOT-FOR-US: Red Lion Controls Crimson
CVE-2019-10995
RESERVED
CVE-2019-10994 (Processing a specially crafted project file in LAquis SCADA
4.3.1.71 m ...)
@@ -17611,7 +17611,7 @@ CVE-2019-10992 (Delta Electronics CNCSoft ScreenEditor,
Versions 1.00.89 and pri
CVE-2019-10991 (In WebAccess/SCADA, Versions 8.3.5 and prior, multiple
stack-based buf ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10990 (Red Lion Controls Crimson, version 3.0 and prior and version
3.1 prior ...)
- TODO: check
+ NOT-FOR-US: Red Lion Controls Crimson
CVE-2019-10989 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple
heap-based buffe ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10988 (In Philips HDI 4000 Ultrasound Systems, all versions running
on old, u ...)
@@ -17623,7 +17623,7 @@ CVE-2019-10986
CVE-2019-10985 (In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal
vulnera ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10984 (Red Lion Controls Crimson, version 3.0 and prior and version
3.1 prior ...)
- TODO: check
+ NOT-FOR-US: Red Lion Controls Crimson
CVE-2019-10983 (In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds
read vul ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10982 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and
prior. Mu ...)
@@ -17635,7 +17635,7 @@ CVE-2019-10980 (A type confusion vulnerability may be
exploited when LAquis SCAD
CVE-2019-10979 (SICK MSC800 all versions prior to Version 4.0, the affected
firmware v ...)
NOT-FOR-US: SICK MSC800
CVE-2019-10978 (Red Lion Controls Crimson, version 3.0 and prior and version
3.1 prior ...)
- TODO: check
+ NOT-FOR-US: Red Lion Controls Crimson
CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module
QJ71E71-100 ser ...)
NOT-FOR-US: Mitsubishi
CVE-2019-10976 (Mitsubishi Electric FR Configurator2, Version 1.16S and prior.
This vu ...)
@@ -18194,7 +18194,7 @@ CVE-2019-10755 (The SAML identifier generated within
SAML2Utils.java was found t
CVE-2019-10754 (Multiple classes used within Apereo CAS before release
6.1.0-RC5 makes ...)
TODO: check
CVE-2019-10753 (In all versions prior to version 3.9.6 for eclipse-wtp, all
versions p ...)
- TODO: check
+ NOT-FOR-US: eclipse-wtp
CVE-2019-10752
RESERVED
CVE-2019-10751 (All versions of the HTTPie package prior to version 1.0.3 are
vulnerab ...)
@@ -18210,7 +18210,9 @@ CVE-2019-10749
CVE-2019-10748
RESERVED
CVE-2019-10747 (set-value is vulnerable to Prototype Pollution in versions
lower than ...)
- TODO: check
+ - node-set-value <unfixed>
+ [stretch] - node-mixin-deep <ignored> (Nodejs in stretch not covered by
security support)
+ NOTE: https://snyk.io/vuln/SNYK-JS-SETVALUE-450213
CVE-2019-10746 (mixin-deep is vulnerable to Prototype Pollution in versions
before 1.3 ...)
- node-mixin-deep 2.0.1-1 (bug #932500)
[buster] - node-mixin-deep 1.1.3-3+deb10u1
@@ -18219,7 +18221,7 @@ CVE-2019-10746 (mixin-deep is vulnerable to Prototype
Pollution in versions befo
NOTE:
https://github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9
NOTE: https://github.com/jonschlinkert/mixin-deep/issues/6
CVE-2019-10745 (assign-deep is vulnerable to Prototype Pollution in versions
before 0. ...)
- TODO: check
+ NOT-FOR-US: Node assign-deep
CVE-2019-10744 (Versions of lodash lower than 4.17.12 are vulnerable to
Prototype Poll ...)
- node-lodash 4.17.15+dfsg-1 (bug #933079)
[buster] - node-lodash 4.17.11+dfsg-2+deb10u1
@@ -18475,7 +18477,7 @@ CVE-2019-10689 (VVX products using UCS software version
5.9.2 and earlier with B
CVE-2019-10688 (VVX products with software versions including and prior to,
UCS 5.9.2 ...)
NOT-FOR-US: VVX products using UCS
CVE-2019-10687 (KBPublisher 6.0.2.1 has SQL Injection via the
admin/index.php?module=r ...)
- TODO: check
+ NOT-FOR-US: KBPublisher
CVE-2019-10686 (An SSRF vulnerability was found in an API from Ctrip Apollo
through 1. ...)
NOT-FOR-US: Ctrip Apollo
CVE-2019-10685 (A Reflected Cross Site Scripting (XSS) Vulnerability was
discovered in ...)
@@ -18495,7 +18497,7 @@ CVE-2019-10679
CVE-2019-10678 (Domoticz before 4.10579 neglects to categorize \n and \r as
insecure a ...)
- domoticz <itp> (bug #899058)
CVE-2019-10677 (Multiple Cross-Site Scripting (XSS) issues in the web
interface on DAS ...)
- TODO: check
+ NOT-FOR-US: DASAN
CVE-2019-10676 (An issue was discovered in Uniqkey Password Manager 1.14. Upon
enterin ...)
NOT-FOR-US: Uniqkey Password Manager
CVE-2019-10675
@@ -21992,9 +21994,9 @@ CVE-2019-9721 (A denial of service in the subtitle
decoder in FFmpeg 4.1 allows
- libav <removed>
[jessie] - libav <not-affected> (Vulnerable code not present)
CVE-2019-9720 (A stack-based buffer overflow in the subtitle decoder in Libav
12.3 al ...)
- TODO: check
+ - libav <removed>
CVE-2019-9719 (A stack-based buffer overflow in the subtitle decoder in Libav
12.3 al ...)
- TODO: check
+ - libav <removed>
CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder
allows atta ...)
{DSA-4449-1}
- ffmpeg 7:4.1.3-1 (low; bug #926666)
@@ -22002,7 +22004,7 @@ CVE-2019-9718 (In FFmpeg 4.1, a denial of service in
the subtitle decoder allows
- libav <removed>
[jessie] - libav <not-affected> (Vulnerable code not present)
CVE-2019-9717 (In Libav 12.3, a denial of service in the subtitle decoder
allows atta ...)
- TODO: check
+ - libav <removed>
CVE-2019-9716
RESERVED
CVE-2019-9715
@@ -22796,7 +22798,7 @@ CVE-2019-9463
CVE-2019-9462
RESERVED
CVE-2019-9461 (In the Android kernel in VPN routing there is a possible
information d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-9460
RESERVED
CVE-2019-9459
@@ -22829,15 +22831,15 @@ CVE-2019-9453 (In the Android kernel in F2FS touch
driver there is a possible ou
[buster] - linux 4.19.67-1
NOTE:
https://git.kernel.org/linus/2777e654371dd4207a3a7f4fb5fa39550053a080
CVE-2019-9452 (In the Android kernel in SEC_TS touch driver there is a
possible out o ...)
- TODO: check
+ NOT-FOR-US: Android kernel (sec_ts not in mainline)
CVE-2019-9451 (In the Android kernel in the touchscreen driver there is a
possible ou ...)
- TODO: check
+ NOT-FOR-US: Android kernel (sec_ts not in mainline)
CVE-2019-9450 (In the Android kernel in the FingerTipS touchscreen driver
there is a ...)
- TODO: check
+ NOT-FOR-US: Android kernel (stm not in mainline)
CVE-2019-9449 (In the Android kernel in FingerTipS touchscreen driver there is
a poss ...)
- TODO: check
+ NOT-FOR-US: Android kernel (stm not in mainline)
CVE-2019-9448 (In the Android kernel in the FingerTipS touchscreen driver
there is a ...)
- NOT-FOR-US: Android kernel
+ NOT-FOR-US: Android kernel (stm not in mainline)
CVE-2019-9447 (In the Android kernel in the FingerTipS touchscreen driver
there is a ...)
NOT-FOR-US: Android kernel
CVE-2019-9446 (In the Android kernel in the FingerTipS touchscreen driver
there is a ...)
@@ -22848,11 +22850,11 @@ CVE-2019-9445 (In the Android kernel in F2FS driver
there is a possible out of b
CVE-2019-9444 (In the Android kernel in sync debug fs driver there is a kernel
pointe ...)
TODO: check
CVE-2019-9443 (In the Android kernel in the vl53L0 driver there is a possible
out of ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9442 (In the Android kernel in the mnh driver there is possible
memory corru ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9441 (In the Android kernel in the mnh driver there is a possible out
of bou ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9440
RESERVED
CVE-2019-9439
@@ -23044,7 +23046,7 @@ CVE-2019-9347
CVE-2019-9346
RESERVED
CVE-2019-9345 (In the Android kernel in sdcardfs there is a possible violation
of the ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9344
RESERVED
CVE-2019-9343
@@ -23182,19 +23184,19 @@ CVE-2019-9278
CVE-2019-9277
RESERVED
CVE-2019-9276 (In the Android kernel in the synaptics_dsx_htc touchscreen
driver ther ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9275 (In the Android kernel in the mnh driver there is a use after
free due ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9274 (In the Android kernel in the mnh driver there is a possible out
of bou ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9273 (In the Android kernel in the synaptics_dsx_htc touchscreen
driver ther ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9272
RESERVED
CVE-2019-9271 (In the Android kernel in the mnh driver there is a race
condition due ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9270 (In the Android kernel in unifi and r8180 WiFi drivers there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9269
RESERVED
CVE-2019-9268
@@ -23226,7 +23228,7 @@ CVE-2019-9256
CVE-2019-9255
RESERVED
CVE-2019-9254 (In readArgumentList of zygote.java in Android 10, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-9253
RESERVED
CVE-2019-9252
@@ -23238,7 +23240,7 @@ CVE-2019-9250
CVE-2019-9249
RESERVED
CVE-2019-9248 (In the Android kernel in the FingerTipS touchscreen driver
there is a ...)
- TODO: check
+ NOT-FOR-US: Android kernel
CVE-2019-9247
RESERVED
CVE-2019-9246
@@ -29439,35 +29441,35 @@ CVE-2019-6842
CVE-2019-6841
RESERVED
CVE-2019-6840 (A Format String: CWE-134 vulnerability exists in U.motion
Server (MEG6 ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6839 (An Improper Access Control: CWE-284 vulnerability exists in
U.motion S ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6838 (An Improper Access Control: CWE-284 vulnerability exists in
U.motion S ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6837 (A Server-Side Request Forgery (SSRF): CWE-918 vulnerability
exists in ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6836 (An Improper Access Control: CWE-284 vulnerability exists in
U.motion S ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6835 (A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in
U.motion S ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6834
RESERVED
CVE-2019-6833 (A CWE-754 – Improper Check for Unusual or Exceptional
Conditions ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6832 (A CWE-287: Authentication vulnerability exists in spaceLYnk
(all versi ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6831 (A CWE-754: Improper Check for Unusual or Exceptional Conditions
vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6830 (A CWE-248: Uncaught Exception vulnerability exists IN Modicon
M580 all ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6829 (A CWE-248: Uncaught Exception vulnerability exists in Modicon
M580 (fi ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6828 (A CWE-248: Uncaught Exception vulnerability exists Modicon M580
(firmw ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6827 (A CWE-787: Out-of-bounds Write vulnerability exists in
Interactive Gra ...)
NOT-FOR-US: Interactive Graphical SCADA System (IGSS)
CVE-2019-6826 (A CWE-426: Untrusted Search Path vulnerability exists in
SoMachine HVA ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6825 (A CWE-427: Uncontrolled Search Path Element vulnerability
exists in Pr ...)
NOT-FOR-US: ProClima
CVE-2019-6824 (A CWE-119: Buffer Errors vulnerability exists in ProClima (all
version ...)
@@ -29493,15 +29495,15 @@ CVE-2019-6815 (In Modicon Quantum all firmware
versions, CWE-264: Permissions, P
CVE-2019-6814 (An Improper Access Control: CWE-284 vulnerability exists in the
NET55X ...)
NOT-FOR-US: Schneider Electric
CVE-2019-6813 (A CWE-754: Improper Check for Unusual or Exceptional Conditions
vulner ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6812 (A CWE-798 use of hardcoded credentials vulnerability exists in
BMX-NOR ...)
NOT-FOR-US: Schneider Electric
CVE-2019-6811 (An Improper Check for Unusual or Exceptional Conditions
(CWE-754) vuln ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6810 (CWE-284: Improper Access Control vulnerability exists in
BMXNOR0200H E ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6809 (A CWE-248: Uncaught Exception vulnerability exists in Modicon
M580 (fi ...)
- TODO: check
+ NOT-FOR-US: Schneider
CVE-2019-6808 (A CWE-284: Improper Access Control vulnerability exists in all
version ...)
NOT-FOR-US: Schneider Electric
CVE-2019-6807 (A CWE-248: Uncaught Exception vulnerability exists in all
versions of ...)
@@ -29866,21 +29868,21 @@ CVE-2019-6658
CVE-2019-6657
RESERVED
CVE-2019-6656 (BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705)
logs t ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6655 (On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4,
and 11.5. ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6654 (On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and
11.5.1-11 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6653 (There is a Stored Cross Site Scripting vulnerability in the
undisclose ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6652 (In BIG-IQ 6.0.0-6.1.0, services for stats do not require
authenticatio ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6651 (In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5,
13.0.0-13.1.1.5, 1 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6650 (F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5,
13.0.0-13.1.1. ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6649 (F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5,
13.0.0-13.1.1.5, 1 ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2019-6648 (On version 1.9.0, If DEBUG logging is enable, F5 Container
Ingress Ser ...)
NOT-FOR-US: F5
CVE-2019-6647 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2,
12.1.0-12.1 ...)
@@ -31207,7 +31209,7 @@ CVE-2019-6147
CVE-2019-6146
RESERVED
CVE-2019-6145 (Forcepoint VPN Client for Windows versions lower than 6.6.1
have an un ...)
- TODO: check
+ NOT-FOR-US: Forcepoint
CVE-2019-6144
RESERVED
CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x
before 6.4 ...)
@@ -32850,13 +32852,13 @@ CVE-2019-5536
CVE-2019-5535
RESERVED
CVE-2019-5534 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5
U3 and ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5533
RESERVED
CVE-2019-5532 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5
U3 and ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5531 (VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5
prior to E ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5530 (Windows binaries generated with InstallBuilder versions earlier
than 1 ...)
NOT-FOR-US: InstallBuilder
CVE-2019-5529
@@ -32876,7 +32878,7 @@ CVE-2019-5523 (VMware vCloud Director for Service
Providers 9.5.x prior to 9.5.0
CVE-2019-5522 (VMware Tools for Windows update addresses an out of bounds read
vulner ...)
NOT-FOR-US: VMware
CVE-2019-5521 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before
ESXi650-20 ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2019-5520 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before
ESXi650-20 ...)
NOT-FOR-US: VMware
CVE-2019-5519 (VMware ESXi (6.7 before ESXi670-201903001, 6.5 before
ESXi650-20190300 ...)
@@ -32908,9 +32910,9 @@ CVE-2019-5507
CVE-2019-5506
RESERVED
CVE-2019-5505 (ONTAP Select Deploy administration utility versions 2.2 through
2.12.1 ...)
- TODO: check
+ NOT-FOR-US: ONTAP
CVE-2019-5504 (ONTAP Select Deploy administration utility versions 2.12 &
2.12.1 ...)
- TODO: check
+ NOT-FOR-US: ONTAP
CVE-2019-5503 (OnCommand Workflow Automation versions prior to 5.0 shipped
without ce ...)
NOT-FOR-US: OnCommand Workflow Automation
CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3
has we ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d6e2b85a85e4ff21baf3cd0ddd752e732dc684c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2d6e2b85a85e4ff21baf3cd0ddd752e732dc684c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
