Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a400962c by Salvatore Bonaccorso at 2019-10-02T20:31:55Z
Process some NFUs
- - - - -
c783d226 by Salvatore Bonaccorso at 2019-10-02T20:32:16Z
Add CVE-2019-14958/pycharm (itp'ed)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1690,7 +1690,7 @@ CVE-2019-16409 (In the Versioned Files module through
2.0.3 for SilverStripe 3.x
CVE-2019-16408
RESERVED
CVE-2019-16407 (JetBrains ReSharper installers for versions before 2019.2 had
a DLL Hi ...)
- TODO: check
+ NOT-FOR-US: JetBrains ReSharper installer
CVE-2019-16406
RESERVED
CVE-2019-16405
@@ -2480,7 +2480,7 @@ CVE-2019-16173 (LimeSurvey before v3.17.14 allows
reflected XSS for escalating p
CVE-2019-16172 (LimeSurvey before v3.17.14 allows stored XSS for escalating
privileges ...)
- limesurvey <itp> (bug #472802)
CVE-2019-16171 (In JetBrains YouTrack through 2019.2.56594, stored XSS was
found on th ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2019-16170 (An issue was discovered in GitLab Enterprise Edition 11.x and
12.x bef ...)
[experimental] - gitlab 12.0.9-1
- gitlab <unfixed> (bug #940007)
@@ -2624,7 +2624,7 @@ CVE-2019-16118 (Cross site scripting (XSS) in the
photo-gallery (10Web Photo Gal
CVE-2019-16117 (Cross site scripting (XSS) in the photo-gallery (10Web Photo
Gallery) ...)
NOT-FOR-US: photo-gallery (10Web Photo Gallery) plugin for WordPress
CVE-2019-16116 (EnterpriseDT CompleteFTP Server prior to version 12.1.3 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: EnterpriseDT CompleteFTP Server
CVE-2019-16115 (In Xpdf 4.01.01, a stack-based buffer under-read could be
triggered in ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-16114 (In ATutor 2.2.4, an unauthenticated attacker can change the
applicatio ...)
@@ -4893,7 +4893,7 @@ CVE-2019-15274
CVE-2019-15273
RESERVED
CVE-2019-15272 (A vulnerability in the web-based interface of Cisco Unified
Communicat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-15271
RESERVED
CVE-2019-15270
@@ -4919,13 +4919,13 @@ CVE-2019-15261
CVE-2019-15260
RESERVED
CVE-2019-15259 (A vulnerability in Cisco Unified Contact Center Express (UCCX)
Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-15258
RESERVED
CVE-2019-15257
RESERVED
CVE-2019-15256 (A vulnerability in the Internet Key Exchange version 1 (IKEv1)
feature ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-15255
RESERVED
CVE-2019-15254
@@ -5723,15 +5723,15 @@ CVE-2019-15042 (An issue was discovered in JetBrains
TeamCity 2018.2.4. It had n
CVE-2019-15041 (JetBrains YouTrack versions before 2019.1.52545 allowed
unbounded URL ...)
NOT-FOR-US: JetBrains YouTrack
CVE-2019-15040 (JetBrains YouTrack versions before 2019.1 had a CSRF
vulnerability on ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2019-15039 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had
a possi ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2019-15038 (An issue was discovered in JetBrains TeamCity 2018.2.4. The
TeamCity s ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2019-15037 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had
several ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2019-15036 (An issue was discovered in JetBrains TeamCity 2018.2.4. A
TeamCity Pro ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2019-15035 (An issue was discovered in JetBrains TeamCity 2018.2.4. A
TeamCity Pro ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2019-15034
@@ -5978,13 +5978,13 @@ CVE-2019-14961 (JetBrains Upsource before 2019.1.1412
was not properly escaping
CVE-2019-14960 (JetBrains Rider before 2019.1.2 was using an unsigned
JetBrains.Rider. ...)
NOT-FOR-US: JetBrains Rider
CVE-2019-14959 (JetBrains Toolbox before 1.15.5605 was resolving an internal
URL via a ...)
- TODO: check
+ NOT-FOR-US: JetBrains Toolbox
CVE-2019-14958 (JetBrains PyCharm before 2019.2 was allocating a buffer of
unknown siz ...)
- TODO: check
+ - pycharm <itp> (bug #742394)
CVE-2019-14957 (The JetBrains Vim plugin before version 0.52 was storing
individual pr ...)
NOT-FOR-US: JetBrains Vim plugin
CVE-2019-14956 (JetBrains YouTrack before 2019.2.53938 was using incorrect
settings, a ...)
- TODO: check
+ NOT-FOR-US: JetBrains YouTrack
CVE-2019-14955 (In JetBrains Hub versions earlier than 2018.4.11436, there was
no opti ...)
NOT-FOR-US: JetBrains Hub
CVE-2019-14954 (JetBrains IntelliJ IDEA before 2019.2 was resolving the
markdown plant ...)
@@ -7456,7 +7456,7 @@ CVE-2019-14456 (Opengear console server firmware releases
prior to 4.5.0 have a
CVE-2019-14455
RESERVED
CVE-2019-14454 (SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2013-7474 (Windu CMS 2.2 allows XSS via the name parameter to
admin/content/edit ...)
NOT-FOR-US: Windu CMS
CVE-2013-7473 (Windu CMS 2.2 allows CSRF via
admin/users/?mn=admin.message.error to a ...)
@@ -9962,7 +9962,7 @@ CVE-2019-13659
RESERVED
- chromium <unfixed>
CVE-2019-13658 (CA Network Flow Analysis 9.x and 10.0.x have a default
credential vuln ...)
- TODO: check
+ NOT-FOR-US: CA Network Flow Analysis
CVE-2019-13657
RESERVED
CVE-2019-13656 (An access vulnerability in CA Common Services DIA of CA
Technologies C ...)
@@ -11804,7 +11804,7 @@ CVE-2019-13337 (In WESEEK GROWI before 3.5.0, the
site-wide basic authentication
CVE-2019-13336
RESERVED
CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and
7.11.7 has ...)
- TODO: check
+ NOT-FOR-US: SalesAgility SuiteCRM
CVE-2019-13334
RESERVED
CVE-2019-13333
@@ -12697,7 +12697,7 @@ CVE-2019-13027 (Realization Concerto Critical Chain
Planner (aka CCPM) 5.10.8071
CVE-2019-13026 (OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows
SQL Inject ...)
NOT-FOR-US: OXID eShop
CVE-2019-13025 (Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have
Incorre ...)
- TODO: check
+ NOT-FOR-US: Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices
CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and
Centreon web be ...)
NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2019-13023
@@ -13526,9 +13526,9 @@ CVE-2019-12739 (lib/Controller/ExtractionController.php
in the Extract add-on be
CVE-2019-12738
RESERVED
CVE-2019-12737 (UserHashedTableAuth in JetBrains Ktor framework before
1.2.0-rc uses a ...)
- TODO: check
+ NOT-FOR-US: JetBrains Ktor
CVE-2019-12736 (JetBrains Ktor framework before 1.2.0-rc does not sanitize the
usernam ...)
- TODO: check
+ NOT-FOR-US: JetBrains Ktor
CVE-2019-12734
RESERVED
CVE-2019-12733
@@ -13575,27 +13575,27 @@ CVE-2019-12718
CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization
manager ...)
NOT-FOR-US: Cisco
CVE-2019-12716 (A vulnerability in the web-based interface of Cisco Unified
Communicat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12715 (A vulnerability in the web-based interface of Cisco Unified
Communicat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12714 (A vulnerability in the web-based management interface of Cisco
IC3000 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12713 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12712 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12711 (A vulnerability in the web-based interface of Cisco Unified
Communicat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12710 (A vulnerability in the web-based interface of Cisco Unified
Communicat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12709 (A vulnerability in a CLI command related to the virtualization
manager ...)
NOT-FOR-US: Cisco
CVE-2019-12708
RESERVED
CVE-2019-12707 (A vulnerability in the web-based interface of multiple Cisco
Unified C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12706 (A vulnerability in the Sender Policy Framework (SPF)
functionality of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12705
RESERVED
CVE-2019-12704
@@ -13605,63 +13605,63 @@ CVE-2019-12703
CVE-2019-12702
RESERVED
CVE-2019-12701 (A vulnerability in the file and malware inspection feature of
Cisco Fi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12700 (A vulnerability in the configuration of the Pluggable
Authentication M ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12699 (Multiple vulnerabilities in the CLI of Cisco FXOS Software and
Cisco F ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12698 (A vulnerability in the WebVPN feature of Cisco Adaptive
Security Appli ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12697 (Multiple vulnerabilities in the Cisco Firepower System
Software Detect ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12696 (Multiple vulnerabilities in the Cisco Firepower System
Software Detect ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12695 (A vulnerability in the Clientless SSL VPN (WebVPN) portal of
Cisco Ada ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12694 (A vulnerability in the command line interface (CLI) of Cisco
Firepower ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12693 (A vulnerability in the Secure Copy (SCP) feature of Cisco
Adaptive Sec ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12692
RESERVED
CVE-2019-12691 (A vulnerability in the web-based management interface of Cisco
Firepow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12690 (A vulnerability in the web UI of the Cisco Firepower
Management Center ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12689 (A vulnerability in the web-based management interface of Cisco
Firepow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12688 (A vulnerability in the web UI of the Cisco Firepower
Management Center ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12687 (A vulnerability in the web UI of the Cisco Firepower
Management Center ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12686 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12685 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12684 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12683 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12682 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12681 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12680 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12679 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12678 (A vulnerability in the Session Initiation Protocol (SIP)
inspection mo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12677 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12676 (A vulnerability in the Open Shortest Path First (OSPF)
implementation ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12675 (Multiple vulnerabilities in the multi-instance feature of
Cisco Firepo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12674 (Multiple vulnerabilities in the multi-instance feature of
Cisco Firepo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12673 (A vulnerability in the FTP inspection engine of Cisco Adaptive
Securit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12672 (A vulnerability in the filesystem of Cisco IOS XE Software
could allow ...)
NOT-FOR-US: Cisco
CVE-2019-12671 (A vulnerability in the CLI of Cisco IOS XE Software could
allow an aut ...)
@@ -13745,9 +13745,9 @@ CVE-2019-12633 (A vulnerability in Cisco Unified
Contact Center Express (Unified
CVE-2019-12632 (A vulnerability in Cisco Finesse could allow an
unauthenticated, remot ...)
NOT-FOR-US: Cisco
CVE-2019-12631 (A vulnerability in the web-based guest portal of Cisco
Identity Servic ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12630 (A vulnerability in the Java deserialization function used by
Cisco Sec ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-12629
RESERVED
CVE-2019-12628
@@ -15030,9 +15030,9 @@ CVE-2019-12159 (GoHTTP through 2017-07-25 has a
stack-based buffer over-read in
CVE-2019-12158 (GoHTTP through 2017-07-25 has a GetExtension heap-based buffer
overflo ...)
NOT-FOR-US: GoHTTP
CVE-2019-12157 (In JetBrains TeamCity versions before 2018.2.5 and UpSource
versions b ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2019-12156 (Server metadata could be exposed because one of the error
messages ref ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 4.0.0
has a NUL ...)
{DSA-4454-1 DLA-1927-1}
- qemu 1:3.1+dfsg-8 (bug #929353)
@@ -26088,7 +26088,7 @@ CVE-2019-8464
CVE-2019-8463
RESERVED
CVE-2019-8462 (In a rare scenario, Check Point R80.30 Security Gateway before
JHF Tak ...)
- TODO: check
+ NOT-FOR-US: Check Point R80.30 Security Gateway
CVE-2019-8461 (Check Point Endpoint Security Initial Client for Windows before
versio ...)
NOT-FOR-US: Check Point
CVE-2019-8460 (Reuven Plevinsky and Tal Vainshtein of Check Point Software
Technologi ...)
@@ -34664,7 +34664,7 @@ CVE-2019-5033 (An exploitable out-of-bounds read
vulnerability exists in the Num
CVE-2019-5032 (An exploitable out-of-bounds read vulnerability exists in the
LabelSst ...)
NOT-FOR-US: Aspose
CVE-2019-5031 (An exploitable memory corruption vulnerability exists in the
JavaScrip ...)
- TODO: check
+ NOT-FOR-US: Foxit PDF Reader
CVE-2019-5030
RESERVED
CVE-2019-5029
@@ -43790,7 +43790,7 @@ CVE-2019-1917 (A vulnerability in the REST API
interface of Cisco Vision Dynamic
CVE-2019-1916
RESERVED
CVE-2019-1915 (A vulnerability in the web-based interface of Cisco Unified
Communicat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1914 (A vulnerability in the web management interface of Cisco Small
Busines ...)
NOT-FOR-US: Cisco
CVE-2019-1913 (Multiple vulnerabilities in the web management interface of
Cisco Smal ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/651c282a57949d47adb820badab6e9e2ae407f42...c783d226399cad4eb3193b84af48b70e88a4de90
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/651c282a57949d47adb820badab6e9e2ae407f42...c783d226399cad4eb3193b84af48b70e88a4de90
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
