Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
90385e0f by Salvatore Bonaccorso at 2019-10-04T20:34:13Z
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2019-17179 (XSS in library/custom_template/add_template.php in OpenEMR
through 5.0 ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG
through 2019-0 ...)
TODO: check
CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x
through 2.0 ...)
@@ -7,7 +7,7 @@ CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through
1.1.x and 2.x throu
CVE-2019-17176
RESERVED
CVE-2019-17175 (joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath=
absolute path ...)
- TODO: check
+ NOT-FOR-US: joyplus-cms
CVE-2019-17174
RESERVED
CVE-2019-17173
@@ -91,11 +91,11 @@ CVE-2019-17135
CVE-2019-17134
RESERVED
CVE-2019-17132 (vBulletin through 5.5.4 mishandles custom avatars. ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2019-17131 (vBulletin before 5.5.4 allows clickjacking. ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2019-17130 (vBulletin through 5.5.4 mishandles external URLs within the
/core/vb/v ...)
- TODO: check
+ NOT-FOR-US: vBulletin
CVE-2019-17133 (In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid
in net/w ...)
- linux <unfixed>
NOTE: https://marc.info/?l=linux-wireless&m=157018270915487&w=2
@@ -668,7 +668,7 @@ CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file
can bypass applicati
NOTE:
https://github.com/rubyzip/rubyzip/commit/7849f7362ab0cd23d5730ef8b6f2c39252da2285
NOTE:
https://github.com/rubyzip/rubyzip/commit/97cb6aefe6d12bd2429d7a2e119ccb26f259d71d
CVE-2019-16891 (Liferay Portal CE 6.2.5 allows remote command execution
because of des ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to
api/content ...)
NOT-FOR-US: Halo
CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers
to cause ...)
@@ -2571,7 +2571,7 @@ CVE-2019-16200
CVE-2019-16199 (eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18
allow Remot ...)
NOT-FOR-US: eQ-3 Homematic CCU2
CVE-2019-16198 (KSLabs KSWEB 3.93 allows ../ directory traversal, as
demonstrated by t ...)
- TODO: check
+ NOT-FOR-US: KSLabs KSWEB
CVE-2019-16197 (In htdocs/societe/card.php in Dolibarr 10.0.1, the value of
the User-A ...)
- dolibarr <removed>
CVE-2019-16196
@@ -3671,7 +3671,7 @@ CVE-2019-15767 (In GNU Chess 6.2.5, there is a
stack-based buffer overflow in th
NOTE:
https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00004.html
NOTE: Neutralised by toolchain hardening, no security impact
CVE-2019-15766 (The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for
Android al ...)
- TODO: check
+ NOT-FOR-US: KSLABS KSWEB
CVE-2019-15765
RESERVED
CVE-2019-15764
@@ -11997,7 +11997,7 @@ CVE-2019-13345 (The cachemgr.cgi web module of Squid
through 4.7 has XSS via the
CVE-2019-13344 (An authentication bypass vulnerability in the CRUDLab WP Like
Button p ...)
NOT-FOR-US: CRUDLab WP Like Button plugin for WordPress
CVE-2019-13343 (Butor Portal before 1.0.27 is affected by a Path Traversal
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Butor Portal
CVE-2019-13342
RESERVED
CVE-2019-13341 (In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php
(comment b ...)
@@ -12049,9 +12049,9 @@ CVE-2019-13319 (This vulnerability allows remote
attackers to execute arbitrary
CVE-2019-13318 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
NOT-FOR-US: Foxit Reader
CVE-2019-13317 (This vulnerability allows remote atackers to execute arbitrary
code on ...)
- TODO: check
+ NOT-FOR-US: Foxit PhantomPDF
CVE-2019-13316 (This vulnerability allows remote atackers to execute arbitrary
code on ...)
- TODO: check
+ NOT-FOR-US: Foxit PhantomPDF
CVE-2019-13315 (This vulnerability allows remote atackers to execute arbitrary
code on ...)
NOT-FOR-US: Foxit Reader
CVE-2019-13314 (virt-bootstrap 1.1.0 allows local users to discover a root
password by ...)
@@ -30466,7 +30466,7 @@ CVE-2019-6777 (An issue was discovered in ZoneMinder
v1.32.3. Reflected XSS exis
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2436
NOTE:
https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41
CVE-2019-6776 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
- TODO: check
+ NOT-FOR-US: Foxit PhantomPDF
CVE-2019-6775 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
NOT-FOR-US: Foxit Reader
CVE-2019-6774 (This vulnerability allows remote attackers to execute arbitrary
code o ...)
@@ -32406,7 +32406,7 @@ CVE-2019-6017
CVE-2019-6016
RESERVED
CVE-2019-6015 (FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B
with firm ...)
- TODO: check
+ NOT-FOR-US: FON routers
CVE-2019-6014
RESERVED
CVE-2019-6013
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90385e0f1326282641957e6f1a4cffa59b592c03
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/90385e0f1326282641957e6f1a4cffa59b592c03
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
