Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23febc50 by Moritz Muehlenhoff at 2019-09-25T21:45:20Z
new mongodb issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31558,13 +31558,13 @@ CVE-2019-6012
CVE-2019-6011
RESERVED
CVE-2019-6010 (Integer overflow vulnerability in LINE(Android) from 4.4.0 to
the vers ...)
- TODO: check
+ NOT-FOR-US: LINE(Android)
CVE-2019-6009 (Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier
allows rem ...)
NOT-FOR-US: SHIRASAGI
CVE-2019-6008
RESERVED
CVE-2019-6007 (Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0
allows ...)
- TODO: check
+ NOT-FOR-US: apng-drawable
CVE-2019-6006
RESERVED
CVE-2019-6005 (Smart TV Box firmware version prior to 1300 allows remote
attackers to ...)
@@ -32951,11 +32951,11 @@ CVE-2019-5487
CVE-2019-5486
RESERVED
CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a
Command Injec ...)
- TODO: check
+ NOT-FOR-US: node gitlabhook
CVE-2019-5484 (Bower before 1.8.8 has a path traversal vulnerability
permitting file ...)
- TODO: check
+ NOT-FOR-US: Bower
CVE-2019-5483 (Seneca < 3.9.0 contains a vulnerability that could lead to
exposing ...)
- TODO: check
+ NOT-FOR-US: Seneca
CVE-2019-5482 (Heap buffer overflow in the TFTP protocol handler in cURL
7.19.4 to 7. ...)
{DLA-1917-1}
- curl 7.66.0-1 (bug #940010)
@@ -32969,9 +32969,9 @@ CVE-2019-5481 (Double-free vulnerability in the
FTP-kerberos code in cURL 7.52.0
NOTE: Introduced by:
https://github.com/curl/curl/commit/0649433da53c7165f839e24e889e131e2894dd32
(curl-7_52_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5
(curl-7_66_0)
CVE-2019-5480 (A path traversal vulnerability in <= v0.9.7 of
statichttpserver npm ...)
- TODO: check
+ NOT-FOR-US: Node statichttpserver
CVE-2019-5479 (An unintended require vulnerability in <v0.5.5
larvitbase-api may a ...)
- TODO: check
+ NOT-FOR-US: Node larvitbase-api
CVE-2019-5478 (A weakness was found in Encrypt Only boot mode in Zynq
UltraScale+ dev ...)
NOT-FOR-US: Encrypt Only boot mode in Zynq UltraScale+ devices
CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and
earlier allo ...)
@@ -33981,7 +33981,7 @@ CVE-2019-5044
CVE-2019-5043
RESERVED
CVE-2019-5042 (An exploitable Use-After-Free vulnerability exists in the way
Function ...)
- TODO: check
+ NOT-FOR-US: Aspose
CVE-2019-5041 (An exploitable Stack Based Buffer Overflow vulnerability exists
in the ...)
NOT-FOR-US: Aspose
CVE-2019-5040 (An exploitable information disclosure vulnerability exists in
the Weav ...)
@@ -36864,21 +36864,21 @@ CVE-2019-3765
CVE-2019-3764
RESERVED
CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via
Lifecyc ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-3762
RESERVED
CVE-2019-3761 (The RSA Identity Governance and Lifecycle software and RSA Via
Lifecyc ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-3760 (The RSA Identity Governance and Lifecycle software and RSA Via
Lifecyc ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-3759 (The RSA Identity Governance and Lifecycle software and RSA Via
Lifecyc ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-3758 (RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an
improper au ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-3757
RESERVED
CVE-2019-3756 (RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an
information ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-3755
RESERVED
CVE-2019-3754 (Dell EMC Unity Operating Environment versions prior to
5.0.0.0.5.116, ...)
@@ -37697,7 +37697,7 @@ CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE
ZXHN F670 product are impa
CVE-2019-3417 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are
impacted ...)
NOT-FOR-US: ZTE
CVE-2019-3416 (All versions up to V81511329.1008 of ZTE ZXV10 B860A products
are impa ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2019-3415 (ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path
traver ...)
NOT-FOR-US: ZTE
CVE-2019-3414 (All versions up to V1.19.20.02 of ZTE OTCP product are impacted
by XSS ...)
@@ -38634,7 +38634,7 @@ CVE-2018-20337 (There is a stack-based buffer overflow
in the parse_makernote fu
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/192
CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is
a stack ...)
- TODO: check
+ NOT-FOR-US: ASUSWRT
CVE-2018-20335
RESERVED
CVE-2018-20334
@@ -41871,7 +41871,8 @@ CVE-2019-2391
CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can
create ...)
NOT-FOR-US: Microsoft
CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's
packaged SysV ...)
- TODO: check
+ - mongodb <unfixed> (low)
+ [stretch] - mongodb <ignored> (Minor issue)
CVE-2019-2388
RESERVED
CVE-2019-2387
@@ -42435,7 +42436,7 @@ CVE-2019-2117 (In checkQueryPermission of
TelephonyProvider.java, there is a pos
CVE-2019-2116 (In save_attr_seq of sdp_discovery.cc, there is a possible
out-of-bound ...)
NOT-FOR-US: Android
CVE-2019-2115 (In GateKeeper::MintAuthToken of gatekeeper.cpp in Android
7.1.1, 7.1.2 ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2114
RESERVED
CVE-2019-2113 (In setup wizard there is a bypass of some checks when wifi
connection ...)
@@ -42459,7 +42460,7 @@ CVE-2019-2105 (In FileInputStream::Read of
file_input_stream.cc, there is a poss
CVE-2019-2104 (In HIDL, safe_union, and other C++ structs/unions being sent to
applic ...)
NOT-FOR-US: Android
CVE-2019-2103 (In Google Assistant in Android 9, there is a possible
permissions bypa ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-2102 (In the Bluetooth Low Energy (BLE) specification, there is a
provided e ...)
NOT-FOR-US: Android
CVE-2019-2101 (In uvc_parse_standard_control of uvc_driver.c, there is a
possible out ...)
@@ -43007,7 +43008,7 @@ CVE-2019-1977 (A vulnerability within the Endpoint
Learning feature of Cisco Nex
CVE-2019-1976 (A vulnerability in the &ldquo;plug-and-play&rdquo;
services co ...)
NOT-FOR-US: Cisco
CVE-2019-1975 (A vulnerability in the web-based interface of Cisco HyperFlex
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1974 (A vulnerability in the web-based management interface of Cisco
Integra ...)
NOT-FOR-US: Cisco
CVE-2019-1973 (A vulnerability in the web portal framework of Cisco Enterprise
NFV In ...)
@@ -45214,7 +45215,7 @@ CVE-2019-1369
CVE-2019-1368
RESERVED
CVE-2019-1367 (A remote code execution vulnerability exists in the way that
the scrip ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1366
RESERVED
CVE-2019-1365
@@ -45438,7 +45439,7 @@ CVE-2019-1257 (A remote code execution vulnerability
exists in Microsoft SharePo
CVE-2019-1256 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
NOT-FOR-US: Microsoft
CVE-2019-1255 (A denial of service vulnerability exists when Microsoft
Defender impro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1254 (An information disclosure vulnerability exists when Windows
Hyper-V wr ...)
NOT-FOR-US: Microsoft
CVE-2019-1253 (An elevation of privilege vulnerability exists when the Windows
AppX D ...)
@@ -50281,7 +50282,7 @@ CVE-2018-18670 (GNUBOARD5 5.3.1.9 has XSS that allows
remote attackers to inject
CVE-2018-18669 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to
inject arbit ...)
NOT-FOR-US: GNU Board
CVE-2018-18668 (GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers
to injec ...)
- TODO: check
+ NOT-FOR-US: GNU Board
CVE-2018-18667 (The mintToken function of Pylon (PYLNT) aka PylonToken, an
Ethereum to ...)
NOT-FOR-US: Some Ethereum token
CVE-2018-18666 (The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an
Ethereum t ...)
@@ -50397,7 +50398,7 @@ CVE-2018-18883 (An issue was discovered in Xen 4.9.x
through 4.11.x, on Intel x8
CVE-2018-18631 (mailboxd component in Synacor Zimbra Collaboration Suite 8.6,
8.7 befo ...)
NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2018-18630 (A vulnerability was found in McKesson Cardiology product 13.x
and 14.x ...)
- TODO: check
+ NOT-FOR-US: McKesson Cardiology
CVE-2018-18629 (An issue was discovered in the Keybase command-line client
before 2.8. ...)
NOT-FOR-US: Keybase command-line client
CVE-2018-18628 (An issue was discovered in Pippo 1.11.0. The function
SerializationSes ...)
@@ -50541,9 +50542,9 @@ CVE-2018-18575
CVE-2018-18574
RESERVED
CVE-2018-18573 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist
filteri ...)
- TODO: check
+ NOT-FOR-US: osCommerce
CVE-2018-18572 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist
filteri ...)
- TODO: check
+ NOT-FOR-US: osCommerce
CVE-2018-18571 (An Incorrect Access Control vulnerability has been identified
in Citri ...)
NOT-FOR-US: Citrix
CVE-2018-18570 (Planon before Live Build 41 has XSS. ...)
@@ -51142,9 +51143,9 @@ CVE-2018-18373 (In the Schiocco "Support Board - Chat
And Help Desk" plugin 1.2.
CVE-2018-18372 (A Stored XSS vulnerability has been discovered in KAASoft
Library CMS ...)
NOT-FOR-US: KAASoft Library CMS
CVE-2018-18371 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP
connecti ...)
- TODO: check
+ NOT-FOR-US: ASG/ProxySG FTP proxy WebFTP
CVE-2018-18370 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP
connecti ...)
- TODO: check
+ NOT-FOR-US: ASG/ProxySG FTP proxy WebFTP
CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE
(Windows ...)
NOT-FOR-US: Norton Security
CVE-2018-18368
@@ -52074,7 +52075,7 @@ CVE-2018-18058 (An issue was discovered in Bitdefender
Engines before 7.76662. A
CVE-2018-18057
RESERVED
CVE-2018-18056 (An issue was discovered in the Texas Instruments (TI) TM4C,
MSP432E an ...)
- TODO: check
+ NOT-FOR-US: Texas Instruments
CVE-2018-1000810 (The Rust Programming Language Standard Library version
1.29.0, 1.28.0, ...)
- rustc 1.30.0+dfsg1-1
[stretch] - rustc <not-affected> (Introduced in 1.26)
@@ -52792,11 +52793,11 @@ CVE-2018-17793 (** DISPUTED ** Virtualenv 16.0.0
allows a sandbox escape via "py
CVE-2018-17792 (MDaemon Webmail (formerly WorldClient) has CSRF. ...)
NOT-FOR-US: MDaemon Webmail
CVE-2018-17791 (Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0
has an " ...)
- TODO: check
+ NOT-FOR-US: Newgen OmniFlow Intelligent Business Process Suite
CVE-2018-17790 (Prospecta Master Data Online (MDO) 2.0 has Stored XSS. ...)
NOT-FOR-US: Prospecta Master Data Online (MDO)
CVE-2018-17789 (Prospecta Master Data Online (MDO) allows CSRF. ...)
- TODO: check
+ NOT-FOR-US: Prospecta Master Data Online (MDO)
CVE-2018-17788
RESERVED
CVE-2018-17787 (On D-Link DIR-823G devices, the GoAhead configuration allows
/HNAP1 Co ...)
@@ -58749,13 +58750,13 @@ CVE-2018-15515 (The CaptivelPortal service on D-Link
Central WiFiManager CWM-100
CVE-2018-15514 (HandleRequestAsync in Docker for Windows before
18.06.0-ce-rc3-win68 ( ...)
NOT-FOR-US: Docker for Windows
CVE-2018-15513 (Log viewer in totemomail 6.0.0 build 570 allows access to
sessionIDs o ...)
- TODO: check
+ NOT-FOR-US: totemomail
CVE-2018-15512 (Cross-site scripting (XSS) vulnerability in the 'Authorisation
Service ...)
- TODO: check
+ NOT-FOR-US: totemomail
CVE-2018-15511 (Cross-site scripting (XSS) vulnerability in the 'Notification
template ...)
- TODO: check
+ NOT-FOR-US: totemomail
CVE-2018-15510 (Cross-site scripting (XSS) vulnerability in the 'Certificate'
feature ...)
- TODO: check
+ NOT-FOR-US: totemomail
CVE-2018-15509 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control
(issue 2 ...)
NOT-FOR-US: Five9 Agent Desktop Plus
CVE-2018-15508 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control
allowing ...)
@@ -62490,7 +62491,7 @@ CVE-2018-14064 (The uc-http service 1.0.0 on
VelotiSmart WiFi B-380 camera devic
CVE-2018-14063 (The increaseApproval function of a smart contract
implementation for T ...)
NOT-FOR-US: smart contract
CVE-2018-14062 (The COSPAS-SARSAT protocol allows remote attackers to forge
messages, ...)
- TODO: check
+ NOT-FOR-US: COSPAS-SARSAT protocol
CVE-2018-14061
RESERVED
CVE-2018-14060 (OS command injection in the AP mode settings feature in
/cgi-bin/luci ...)
@@ -64102,7 +64103,7 @@ CVE-2018-13369
CVE-2018-13368 (A local privilege escalation in Fortinet FortiClient for
Windows 6.0.4 ...)
NOT-FOR-US: Fortinet FortiClient
CVE-2018-13367 (An information exposure vulnerability in FortiOS 6.2.0 and
below may a ...)
- TODO: check
+ NOT-FOR-US: FortiOS
CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS
6.0.1, 5.6 ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13365 (An Information Exposure vulnerability in Fortinet FortiOS
6.0.1, 5.6.5 ...)
@@ -69137,7 +69138,7 @@ CVE-2018-11571 (ClipperCMS 1.3.3 allows Session
Fixation. ...)
CVE-2018-11570
RESERVED
CVE-2018-11569 (Controller/ListController.php in Eventum 3.5.0 is vulnerable
to Deseri ...)
- TODO: check
+ NOT-FOR-US: Eventum
CVE-2018-11568 (Reflected XSS is possible in the GamePlan theme through
1.5.13.2 for W ...)
NOT-FOR-US: GamePlan theme for WordPress
CVE-2018-11567 (** DISPUTED ** Prior to 2018-04-27, the reprompt feature in
Amazon Ech ...)
@@ -70243,11 +70244,11 @@ CVE-2018-11202 (A NULL pointer dereference was
discovered in H5S_hyper_make_span
CVE-2018-11201
RESERVED
CVE-2018-11200 (An issue was discovered in Mautic 2.13.1. It has Stored XSS
via the co ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2018-11199
RESERVED
CVE-2018-11198 (An issue was discovered in Mautic 2.13.1. There is Stored XSS
via the ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2018-11197
RESERVED
CVE-2018-11196 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04
before ...)
@@ -75776,7 +75777,7 @@ CVE-2018-9092 (There is a CSRF vulnerability in
mc-admin/conf.php in MiniCMS 1.1
CVE-2018-9091 (A critical vulnerability in the KEMP LoadMaster Operating
System (LMOS ...)
NOT-FOR-US: KEMP LoadMaster Operating System
CVE-2018-9090 (CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys
the Gr ...)
- TODO: check
+ NOT-FOR-US: CoreOS Tectonic
CVE-2018-9089
RESERVED
CVE-2018-9088
@@ -79021,7 +79022,7 @@ CVE-2018-7822 (An Incorrect Default Permissions
(CWE-276) vulnerability exists i
CVE-2018-7821 (An Environment (CWE-2) vulnerability exists in SoMachine Basic,
all ve ...)
NOT-FOR-US: Schneider Electric
CVE-2018-7820 (A Credentials Management CWE-255 vulnerability exists in the
APC UPS N ...)
- TODO: check
+ NOT-FOR-US: APC
CVE-2018-7819
RESERVED
CVE-2018-7818
@@ -81518,7 +81519,7 @@ CVE-2018-7083 (If a process running within Aruba
Instant crashes, it may leave b
CVE-2018-7082 (A command injection vulnerability is present in Aruba Instant
that per ...)
NOT-FOR-US: Aruba
CVE-2018-7081 (A remote code execution vulnerability is present in
network-listening ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2018-7080 (A vulnerability exists in the firmware of embedded BLE radios
that are ...)
NOT-FOR-US: Aruba
CVE-2018-7079 (Aruba ClearPass Policy Manager guest authorization failure.
Certain ad ...)
@@ -84144,7 +84145,7 @@ CVE-2018-6242 (Some NVIDIA Tegra mobile processors
released prior to 2016 contai
CVE-2018-6241 (NVIDIA Tegra Gralloc module contains a vulnerability in driver
in whic ...)
NOT-FOR-US: NVIDIA
CVE-2018-6240 (NVIDIA Tegra contains a vulnerability in BootRom where a user
with ker ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2018-6239 (NVIDIA Jetson TX2 contains a vulnerability by means of
speculative exe ...)
NOT-FOR-US: NVIDIA
CVE-2018-6238
@@ -111500,9 +111501,9 @@ CVE-2017-14204
CVE-2017-14203
RESERVED
CVE-2017-14202 (Improper Restriction of Operations within the Bounds of a
Memory Buffe ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2017-14201 (Use After Free vulnerability in the Zephyr shell allows a
serial or te ...)
- TODO: check
+ NOT-FOR-US: Zephyr
CVE-2017-14200
RESERVED
CVE-2017-14199 (A buffer overflow has been found in the Zephyr Project's
getaddrinfo() ...)
@@ -164466,7 +164467,7 @@ CVE-2016-6156 (Race condition in the
ec_device_ioctl_xcmd function in drivers/pl
CVE-2016-6155
RESERVED
CVE-2016-6154 (The authentication applet in Watchguard Fireware 11.11
Operating Syste ...)
- TODO: check
+ NOT-FOR-US: Watchguard
CVE-2016-6152 (CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote
authenticated ...)
NOT-FOR-US: eHealth
CVE-2016-6151 (CA eHealth 6.2.x allows remote authenticated users to cause a
denial o ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23febc50e3b632a7f382f787a73d967ebf57562c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23febc50e3b632a7f382f787a73d967ebf57562c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
