Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 100ffec0 by Salvatore Bonaccorso at 2019-10-17T20:30:34Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2032,11 +2032,11 @@ CVE-2019-17678 CVE-2019-17677 RESERVED CVE-2019-17676 (app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a C ...) - TODO: check + NOT-FOR-US: MetInfo CVE-2019-17668 (Samsung Galaxy S10 and Note10 devices allow unlock operations via unre ...) - TODO: check + NOT-FOR-US: Samsung Galaxy S10 and Note10 devices CVE-2019-17667 (Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML inj ...) - TODO: check + NOT-FOR-US: Comtech H8 Heights Remote Gateway devices CVE-2019-17666 (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Lin ...) - linux <unfixed> NOTE: https://lkml.org/lkml/2019/10/16/1226 @@ -3437,19 +3437,19 @@ CVE-2019-17122 CVE-2019-17121 (REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-si ...) NOT-FOR-US: REDCap CVE-2019-17120 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...) - TODO: check + NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17119 (Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterp ...) - TODO: check + NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17118 (A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows ...) - TODO: check + NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17117 (A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterpri ...) - TODO: check + NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17116 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...) - TODO: check + NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17115 (Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enter ...) - TODO: check + NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17114 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...) - TODO: check + NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_Instrument ...) - libopenmpt 0.4.9-1 NOTE: https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe @@ -3922,7 +3922,7 @@ CVE-2019-16919 CVE-2019-16918 RESERVED CVE-2019-16917 (WiKID Enterprise 2FA (two factor authentication) Enterprise Server thr ...) - TODO: check + NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-16916 REJECTED CVE-2019-16915 (An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/p ...) @@ -5468,7 +5468,7 @@ CVE-2019-12412 [Remotely exploitable null pointer dereference bug] CVE-2019-16331 RESERVED CVE-2019-16330 (In NCH Express Accounts Accounting v7.02, persistent cross site script ...) - TODO: check + NOT-FOR-US: NCH Express Accounts Accounting CVE-2019-16329 RESERVED CVE-2019-16328 (In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify ...) @@ -6838,9 +6838,9 @@ CVE-2019-15852 CVE-2019-15851 REJECTED CVE-2019-15850 (eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execut ...) - TODO: check + NOT-FOR-US: eQ-3 HomeMatic CCU3 CVE-2019-15849 (eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attac ...) - TODO: check + NOT-FOR-US: eQ-3 HomeMatic CCU3 CVE-2019-15848 (JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XS ...) NOT-FOR-US: JetBrains TeamCity CVE-2019-15847 (The POWER9 backend in GNU Compiler Collection (GCC) before version 10 ...) @@ -11729,9 +11729,9 @@ CVE-2019-14426 CVE-2019-14425 RESERVED CVE-2019-14424 (A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of th ...) - TODO: check + NOT-FOR-US: eQ-3 Homematic CCU-Firmware CVE-2019-14423 (A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of t ...) - TODO: check + NOT-FOR-US: eQ-3 Homematic CCU-Firmware CVE-2019-14422 (An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI han ...) NOT-FOR-US: TortoiseSVN CVE-2019-14421 @@ -13595,7 +13595,7 @@ CVE-2019-13659 CVE-2019-13658 (CA Network Flow Analysis 9.x and 10.0.x have a default credential vuln ...) NOT-FOR-US: CA Network Flow Analysis CVE-2019-13657 (CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before ...) - TODO: check + NOT-FOR-US: CA Performance Management CVE-2019-13656 (An access vulnerability in CA Common Services DIA of CA Technologies C ...) NOT-FOR-US: CA Technologies Client Automation CVE-2019-13655 (Imgix through 2019-06-19 allows remote attackers to cause a denial of ...) @@ -15249,7 +15249,7 @@ CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injec CVE-2019-13412 RESERVED CVE-2019-13411 (An “invalid command” handler issue was discovered in HiNet ...) - TODO: check + NOT-FOR-US: HiNet GPON firmware CVE-2019-13410 RESERVED CVE-2019-13409 @@ -17370,9 +17370,9 @@ CVE-2019-12639 CVE-2019-12638 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2019-12637 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-12636 (A vulnerability in the web-based management interface of Cisco Small B ...) - TODO: check + NOT-FOR-US: Cisco CVE-2019-12635 (A vulnerability in the authorization module of Cisco Content Security ...) NOT-FOR-US: Cisco CVE-2019-12634 (A vulnerability in the web-based management interface of Cisco Integra ...) @@ -17421,7 +17421,7 @@ CVE-2019-12613 CVE-2019-12612 RESERVED CVE-2019-12611 (An issue was discovered in Bitdefender BOX firmware versions before 2. ...) - TODO: check + NOT-FOR-US: Bitdefender BOX firmware CVE-2019-12610 RESERVED CVE-2019-12609 @@ -30682,7 +30682,7 @@ CVE-2019-8073 (ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update CVE-2019-8072 (ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 a ...) NOT-FOR-US: Adobe CVE-2019-8071 (Adobe Download Manager versions 2.0.0.363 have an insecure file permis ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-8070 (Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and ear ...) NOT-FOR-US: Adobe CVE-2019-8069 (Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and ear ...) @@ -35036,7 +35036,7 @@ CVE-2019-6336 CVE-2019-6335 (A potential security vulnerability has been identified with Samsung La ...) NOT-FOR-US: Samsung Laser Printers CVE-2019-6334 (HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Prin ...) - TODO: check + NOT-FOR-US: HP printers CVE-2019-6333 (A potential security vulnerability has been identified with certain ve ...) NOT-FOR-US: HP Touchpoint Analytics CVE-2019-6332 @@ -44441,25 +44441,25 @@ CVE-2019-3028 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) CVE-2019-3027 (Vulnerability in the Oracle Application Object Library product of Orac ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-3026 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) CVE-2019-3025 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle F ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-3024 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-3023 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-3022 (Vulnerability in the Oracle Content Manager product of Oracle E-Busine ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-3021 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) CVE-2019-3020 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-3019 (Vulnerability in the Oracle Banking Digital Experience product of Orac ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-3018 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) @@ -44468,21 +44468,21 @@ CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu CVE-2019-3016 RESERVED CVE-2019-3015 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-3014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) TODO: check CVE-2019-3013 RESERVED CVE-2019-3012 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-3011 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) CVE-2019-3010 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-3009 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) CVE-2019-3008 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-3007 RESERVED CVE-2019-3006 @@ -44498,9 +44498,9 @@ CVE-2019-3002 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) CVE-2019-3001 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-3000 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2999 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...) - openjdk-11 11.0.5+10-1 - openjdk-8 <unfixed> @@ -44512,9 +44512,9 @@ CVE-2019-2997 (Vulnerability in the MySQL Server product of Oracle MySQL (compon CVE-2019-2996 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2019-2995 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2994 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2993 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL @@ -44525,7 +44525,7 @@ CVE-2019-2992 (Vulnerability in the Java SE, Java SE Embedded product of Oracle CVE-2019-2991 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) CVE-2019-2990 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2989 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) - openjdk-11 11.0.5+10-1 - openjdk-8 <unfixed> @@ -44537,9 +44537,9 @@ CVE-2019-2988 (Vulnerability in the Java SE, Java SE Embedded product of Oracle CVE-2019-2987 (Vulnerability in the Java SE product of Oracle Java SE (component: 2D) ...) - openjdk-11 11.0.5+10-1 CVE-2019-2986 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2985 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2984 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) @@ -44554,9 +44554,9 @@ CVE-2019-2981 (Vulnerability in the Java SE, Java SE Embedded product of Oracle - openjdk-8 <unfixed> - openjdk-7 <removed> CVE-2019-2980 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2979 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2978 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-11 11.0.5+10-1 - openjdk-8 <unfixed> @@ -44564,7 +44564,7 @@ CVE-2019-2978 (Vulnerability in the Java SE, Java SE Embedded product of Oracle CVE-2019-2977 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...) - openjdk-11 11.0.5+10-1 CVE-2019-2976 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2975 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-11 11.0.5+10-1 - openjdk-8 <unfixed> @@ -44576,11 +44576,11 @@ CVE-2019-2973 (Vulnerability in the Java SE, Java SE Embedded product of Oracle - openjdk-8 <unfixed> - openjdk-7 <removed> CVE-2019-2972 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2971 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2970 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2969 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL @@ -44591,7 +44591,7 @@ CVE-2019-2967 (Vulnerability in the MySQL Server product of Oracle MySQL (compon CVE-2019-2966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) CVE-2019-2965 (Vulnerability in the Siebel Core - DB Deployment and Configuration pro ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2964 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-11 11.0.5+10-1 - openjdk-8 <unfixed> @@ -44603,12 +44603,12 @@ CVE-2019-2962 (Vulnerability in the Java SE, Java SE Embedded product of Oracle - openjdk-8 <unfixed> - openjdk-7 <removed> CVE-2019-2961 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2960 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2959 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2958 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-11 11.0.5+10-1 - openjdk-8 <unfixed> @@ -44616,17 +44616,17 @@ CVE-2019-2958 (Vulnerability in the Java SE, Java SE Embedded product of Oracle CVE-2019-2957 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) CVE-2019-2956 (Vulnerability in the Core RDBMS (jackson-databind) component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2955 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2954 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2953 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2952 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2951 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2950 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) CVE-2019-2949 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) @@ -44637,7 +44637,7 @@ CVE-2019-2948 (Vulnerability in the MySQL Server product of Oracle MySQL (compon - mysql-5.7 <unfixed> (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2947 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) - TODO: check + NOT-FOR-US: Oracle CVE-2019-2946 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/100ffec02b546b830e5195c358056632c1e0603c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/100ffec02b546b830e5195c358056632c1e0603c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits