[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Thu, 10 Oct 2019 01:39:00 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f5324224 by Moritz Muehlenhoff at 2019-10-10T08:38:04Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,17 +17,17 @@ CVE-2019-17421
 CVE-2019-17420 (In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and 
other prod ...)
        TODO: check
 CVE-2019-17419 (An issue was discovered in MetInfo 7.0. There is SQL injection 
via the ...)
-       TODO: check
+       NOT-FOR-US: MetInfo
 CVE-2019-17418 (An issue was discovered in MetInfo 7.0. There is SQL injection 
via the ...)
-       TODO: check
+       NOT-FOR-US: MetInfo
 CVE-2019-17417 (PbootCMS 2.0.2 allows XSS via vectors involving the 
Pboot/admin.php?p= ...)
-       TODO: check
+       NOT-FOR-US: PbootCMS
 CVE-2019-17416
        RESERVED
 CVE-2019-17415 (A Structured Exception Handler (SEH) based buffer overflow in 
File Sha ...)
-       TODO: check
+       NOT-FOR-US: File Sharing Wizard
 CVE-2019-17414 (tinylcy Vino through 2017-12-15 allows remote attackers to 
cause a den ...)
-       TODO: check
+       NOT-FOR-US: tinylcy Vino
 CVE-2019-17413
        RESERVED
 CVE-2019-17412
@@ -131,9 +131,9 @@ CVE-2019-17368 (S-CMS v1.5 has XSS in tpl.php via the 
member/member_login.php fr
 CVE-2019-17367
        RESERVED
 CVE-2019-17366 (Citrix Application Delivery Management (ADM) 12.1 before build 
54.13 h ...)
-       TODO: check
+       NOT-FOR-US: Citrix
 CVE-2019-17365 (Nix through 2.3 allows local users to gain access to an 
arbitrary user ...)
-       TODO: check
+       NOT-FOR-US: Nix
 CVE-2019-17364
        RESERVED
 CVE-2019-17363
@@ -166,7 +166,7 @@ CVE-2019-17354 (wan.htm page on Zyxel NBG-418N v2 with 
firmware version V1.00(AA
 CVE-2019-17353 (An issue discovered on D-Link DIR-615 devices with firmware 
version 20 ...)
        NOT-FOR-US: D-Link
 CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there 
is a vul ...)
-       TODO: check
+       NOT-FOR-US: JFinal
 CVE-2019-17339
        RESERVED
 CVE-2019-17338
@@ -343,7 +343,7 @@ CVE-2019-17262 (XnView Classic 2.49.1 allows a User Mode 
Write AV starting at Xw
 CVE-2019-17261 (XnView Classic 2.49.1 allows a User Mode Write AV starting at 
Xwsq+0x0 ...)
        NOT-FOR-US: XnView
 CVE-2019-17260 (MPC-HC through 1.7.13 allows a Read Access Violation on a 
Block Data M ...)
-       TODO: check
+       NOT-FOR-US: MPC-HC
 CVE-2019-17259 (KMPlayer 4.2.2.31 allows a User Mode Write AV starting at 
utils!src_ne ...)
        NOT-FOR-US: KMPlayer (different from src:kmplayer)
 CVE-2019-17258 (IrfanView 4.53 allows Data from a Faulting Address to control 
a subseq ...)
@@ -646,7 +646,7 @@ CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x 
before 0.4.9, ModPlug_Inst
        NOTE: 
https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision&rev=12127&peg=12127
        NOTE: Fixed in upstream versions 0.3.19 and 0.4.9.
 CVE-2019-17112 (An issue was discovered in Zoho ManageEngine DataSecurity Plus 
before  ...)
-       TODO: check
+       NOT-FOR-US: Zoho
 CVE-2019-17111
        RESERVED
 CVE-2019-17110 (A security issue was discovered in kube-state-metrics 1.7.x 
before 1.7 ...)
@@ -3899,7 +3899,7 @@ CVE-2019-15896 (An issue was discovered in the LifterLMS 
plugin through 3.34.5 f
 CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 
for Wor ...)
        NOT-FOR-US: "Search Exclude" plugin for WordPress
 CVE-2019-15894 (An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x 
through 3.0.9, ...)
-       TODO: check
+       NOT-FOR-US: Espressif
 CVE-2019-15893
        RESERVED
 CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x 
through 3. ...)
@@ -3989,7 +3989,7 @@ CVE-2019-15861
 CVE-2019-15860 (Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. 
NOTE: 2. ...)
        - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
 CVE-2019-15859 (Password disclosure in the web interface on socomec DIRIS A-40 
devices ...)
-       TODO: check
+       NOT-FOR-US: DIRIS
 CVE-2019-15858 (admin/includes/class.import.snippet.php in the "Woody ad 
snippets" plu ...)
        NOT-FOR-US: "Woody ad snippets" plugin for WordPress
 CVE-2019-15857
@@ -4350,7 +4350,7 @@ CVE-2019-15721 (An issue was discovered in GitLab 
Community and Enterprise Editi
 CVE-2019-15720 (CloudBerry Backup v6.1.2.34 allows local privilege escalation 
via a Pr ...)
        NOT-FOR-US: CloudBerry Backup
 CVE-2019-15719 (Altair PBS Professional through 19.1.2 allows Privilege 
Escalation bec ...)
-       TODO: check
+       NOT-FOR-US: Altair PBS Professional
 CVE-2019-15718 (In systemd 240, bus_open_system_watch_bind_with_description in 
shared/ ...)
        - systemd 242-7 (bug #939353)
        [buster] - systemd <no-dsa> (Minor issue; systemd-resolved not enabled 
by default)
@@ -4370,7 +4370,7 @@ CVE-2019-15717 (Irssi 1.2.x before 1.2.2 has a 
use-after-free if the IRC server
 CVE-2019-15716 (WTF before 0.19.0 does not set the permissions of config.yml, 
which mi ...)
        NOT-FOR-US: wtfutil
 CVE-2019-15715 (MantisBT before 1.3.20 and 2.22.1 allows Post Authentication 
Command I ...)
-       TODO: check
+       - mantis <removed>
 CVE-2019-15714 (cli/lib/main.js in Entropic before 2019-06-13 does not reject 
/ and \  ...)
        NOT-FOR-US: Entropic
 CVE-2019-15713 (The my-calendar plugin before 3.1.10 for WordPress has XSS. 
...)
@@ -6573,25 +6573,25 @@ CVE-2013-7476 (The simple-fields plugin before 1.2 for 
WordPress has CSRF in the
 CVE-2019-15024
        RESERVED
 CVE-2019-15023 (A security vulnerability exists in Zingbox Inspector versions 
1.294 an ...)
-       TODO: check
+       NOT-FOR-US: Zingbox Inspector
 CVE-2019-15022 (A security vulnerability exists in Zingbox Inspector versions 
1.294 an ...)
-       TODO: check
+       NOT-FOR-US: Zingbox Inspector
 CVE-2019-15021 (A security vulnerability exists in the Zingbox Inspector 
versions 1.29 ...)
-       TODO: check
+       NOT-FOR-US: Zingbox Inspector
 CVE-2019-15020 (A security vulnerability exists in the Zingbox Inspector 
versions 1.29 ...)
-       TODO: check
+       NOT-FOR-US: Zingbox Inspector
 CVE-2019-15019 (A security vulnerability exists in the Zingbox Inspector 
versions 1.29 ...)
-       TODO: check
+       NOT-FOR-US: Zingbox Inspector
 CVE-2019-15018 (A security vulnerability exists in the Zingbox Inspector 
versions 1.28 ...)
-       TODO: check
+       NOT-FOR-US: Zingbox Inspector
 CVE-2019-15017 (The SSH service is enabled on the Zingbox Inspector versions 
1.294 and ...)
-       TODO: check
+       NOT-FOR-US: Zingbox Inspector
 CVE-2019-15016 (An SQL injection vulnerability exists in the management 
interface of Z ...)
-       TODO: check
+       NOT-FOR-US: Zingbox Inspector
 CVE-2019-15015 (In the Zingbox Inspector, versions 1.294 and earlier, 
hardcoded creden ...)
-       TODO: check
+       NOT-FOR-US: Zingbox Inspector
 CVE-2019-15014 (A command injection vulnerability exists in the Zingbox 
Inspector vers ...)
-       TODO: check
+       NOT-FOR-US: Zingbox Inspector
 CVE-2019-15013
        RESERVED
 CVE-2019-15012
@@ -7244,7 +7244,7 @@ CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x 
before 1.12.8 mishandles
        NOTE: 
https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc 
(golang-1.11)
        NOTE: 
https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 
(golang-1.12)
 CVE-2019-14808 (An issue was discovered in the RENPHO application 3.0.0 for 
iOS. It tr ...)
-       TODO: check
+       NOT-FOR-US: RENPHO
 CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for 
MediaWiki, XSS e ...)
        NOT-FOR-US: MobileFrontend extension for MediaWiki
 CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has 
insufficien ...)
@@ -18086,7 +18086,7 @@ CVE-2019-11343
 CVE-2019-11342
        RESERVED
 CVE-2019-11341 (On certain Samsung P(9.0) phones, an attacker with physical 
access can ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2019-11340 (util/emailutils.py in Matrix Sydent before 1.0.2 mishandles 
registrati ...)
        NOT-FOR-US: Matrix Sydent
 CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in 
FFmpeg 4.0 ...)
@@ -18408,7 +18408,7 @@ CVE-2019-11214
 CVE-2019-11213 (In Pulse Secure Pulse Desktop Client and Network Connect, an 
attacker  ...)
        NOT-FOR-US: Pulse Secure Pulse Desktop Client and Network Connect
 CVE-2019-11212 (The MDM server component of TIBCO Software Inc's TIBCO MDM 
contains mu ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2019-11211 (The server component of TIBCO Software Inc.'s TIBCO Enterprise 
Runtime ...)
        NOT-FOR-US: TIBCO
 CVE-2019-11210 (The server component of TIBCO Software Inc.'s TIBCO Enterprise 
Runtime ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f532422446cc1a0ab5d7c13adc4fa07a77fc183c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f532422446cc1a0ab5d7c13adc4fa07a77fc183c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to