Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
335454a4 by Salvatore Bonaccorso at 2019-11-12T20:23:22Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2019-18927
RESERVED
CVE-2019-18926 (Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: Systematic IRIS Standards Management (ISM)
CVE-2019-18925 (Systematic IRIS WebForms 5.4 and its functionalities can be
accessed a ...)
- TODO: check
+ NOT-FOR-US: Systematic IRIS WebForms
CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory
traversal. By ...)
- TODO: check
+ NOT-FOR-US: Systematic IRIS WebForms
CVE-2019-18923
RESERVED
CVE-2019-18922
@@ -229,7 +229,7 @@ CVE-2019-18819 (Eximious Logo Designer 3.82 has a User Mode
Write AV starting at
CVE-2019-18818 (strapi before 3.0.0-beta.17.5 mishandles password resets
within packag ...)
NOT-FOR-US: strapi CMS
CVE-2019-18817 (Istio 1.3.x before 1.3.5 allows Denial of Service because
continue_on_ ...)
- TODO: check
+ NOT-FOR-US: Istio
CVE-2019-18816 (po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1
allows pos ...)
NOT-FOR-US: PopojiCMS
CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...)
@@ -2773,7 +2773,7 @@ CVE-2019-18657 (ClickHouse before 19.13.5.44 allows HTTP
header injection via th
CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because
bundles/AdminBu ...)
NOT-FOR-US: Pimcore
CVE-2019-18655 (File Sharing Wizard version 1.5.0 build 2008 is affected by a
Structur ...)
- TODO: check
+ NOT-FOR-US: File Sharing Wizard
CVE-2019-18654 (A Cross Site Scripting (XSS) issue exists in AVG AntiVirus
(Internet S ...)
NOT-FOR-US: AVG
CVE-2019-18653 (A Cross Site Scripting (XSS) issue exists in Avast AntiVirus
(Free, In ...)
@@ -7044,9 +7044,9 @@ CVE-2019-17362 (In LibTomCrypt through 1.18.2, the
der_decode_utf8_string functi
CVE-2019-17361
RESERVED
CVE-2019-17360 (A vulnerability in Hitachi Command Suite 7.x and 8.x before
8.7.0-00 a ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2018-21026 (A vulnerability in Hitachi Command Suite 7.x and 8.x before
8.6.5-00 a ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2019-17359 (The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63
can trigge ...)
- bouncycastle <not-affected> (Vulnerable code introduced n 1.63)
NOTE: Introduced only in 1.63, fixed in 1.64.
@@ -7287,13 +7287,13 @@ CVE-2019-17239
(includes/settings/class-alg-download-plugins-settings.php in the
CVE-2019-17238
RESERVED
CVE-2019-17237 (includes/class-coming-soon-creator.php in the igniteup plugin
through ...)
- TODO: check
+ NOT-FOR-US: igniteup plugin for WordPress
CVE-2019-17236 (includes/class-coming-soon-creator.php in the igniteup plugin
through ...)
- TODO: check
+ NOT-FOR-US: igniteup plugin for WordPress
CVE-2019-17235 (includes/class-coming-soon-creator.php in the igniteup plugin
through ...)
- TODO: check
+ NOT-FOR-US: igniteup plugin for WordPress
CVE-2019-17234 (includes/class-coming-soon-creator.php in the igniteup plugin
through ...)
- TODO: check
+ NOT-FOR-US: igniteup plugin for WordPress
CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin
through 1.8. ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin
through 1.8. ...)
@@ -11073,7 +11073,7 @@ CVE-2019-15817 (The easy-property-listings plugin
before 3.4 for WordPress has X
CVE-2019-15816 (The wp-private-content-plus plugin before 2.0 for WordPress
has no pro ...)
NOT-FOR-US: wp-private-content-plus plugin for WordPress
CVE-2019-15815 (ZyXEL P-1302-T10D v3 devices with firmware version
2.00(ABBX.3) and ea ...)
- TODO: check
+ NOT-FOR-US: ZyXEL
CVE-2019-15814 (Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could
allow auth ...)
NOT-FOR-US: Sentrifugo
CVE-2019-15813 (Multiple file upload restriction bypass vulnerabilities in
Sentrifugo ...)
@@ -21504,9 +21504,9 @@ CVE-2019-12722
CVE-2019-12721
RESERVED
CVE-2019-12720 (AUO SunVeillance Monitoring System before v1.1.9e is
vulnerable to mvc ...)
- TODO: check
+ NOT-FOR-US: AUO SunVeillance Monitoring System
CVE-2019-12719 (An issue was discovered in Picture_Manage_mvc.aspx in AUO
SunVeillance ...)
- TODO: check
+ NOT-FOR-US: AUO SunVeillance Monitoring System
CVE-2019-12718 (A vulnerability in the web-based interface of Cisco Small
Business Sma ...)
NOT-FOR-US: Cisco
CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization
manager ...)
@@ -43769,7 +43769,7 @@ CVE-2019-4654
CVE-2019-4653
RESERVED
CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure
file per ...)
- TODO: check
+ NOT-FOR-US: IBM Spectrum Protect Plus
CVE-2019-4651
RESERVED
CVE-2019-4650
@@ -54141,9 +54141,9 @@ CVE-2019-1459
CVE-2019-1458
RESERVED
CVE-2019-1457 (A security feature bypass vulnerability exists in Microsoft
Office sof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1456 (A remote code execution vulnerability exists in Microsoft
Windows when ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1455
RESERVED
CVE-2019-1454
@@ -54157,71 +54157,71 @@ CVE-2019-1451
CVE-2019-1450
RESERVED
CVE-2019-1449 (A security feature bypass vulnerability exists in the way that
Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1448 (A remote code execution vulnerability exists in Microsoft Excel
softwa ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1447 (A spoofing vulnerability exists when Office Online does not
validate o ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1446 (An information disclosure vulnerability exists when Microsoft
Excel im ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1445 (A spoofing vulnerability exists when Office Online does not
validate o ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1444
RESERVED
CVE-2019-1443 (An information disclosure vulnerability exists in Microsoft
SharePoint ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1442 (A security feature bypass vulnerability exists when Microsoft
Office d ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1441 (A remote code execution vulnerability exists when the Windows
font lib ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1440 (An information disclosure vulnerability exists when the win32k
compone ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1439 (An information disclosure vulnerability exists when the Windows
GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1438 (An elevation of privilege vulnerability exists when the Windows
Graphi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1437 (An elevation of privilege vulnerability exists when the Windows
Graphi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1436 (An information disclosure vulnerability exists when the win32k
compone ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1435 (An elevation of privilege vulnerability exists when the Windows
Graphi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1434 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1433 (An elevation of privilege vulnerability exists when the Windows
Graphi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1432 (An information disclosure vulnerability exists when DirectWrite
improp ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1431
RESERVED
CVE-2019-1430 (A remote code execution vulnerability exists when Windows Media
Founda ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1429 (A remote code execution vulnerability exists in the way that
the scrip ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1428 (A remote code execution vulnerability exists in the way that
the scrip ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1427 (A remote code execution vulnerability exists in the way that
the scrip ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1426 (A remote code execution vulnerability exists in the way that
the scrip ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1425 (An elevation of privilege vulnerability exists when Visual
Studio fail ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1424 (A security feature bypass vulnerability exists when Windows
Netlogon i ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1423 (An elevation of privilege vulnerability exists in the way that
the Sta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1422 (An elevation of privilege vulnerability exists in the way that
the iph ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1421
RESERVED
CVE-2019-1420 (An elevation of privilege vulnerability exists in the way that
the dss ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1419 (A remote code execution vulnerability exists in Microsoft
Windows when ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1418 (An information vulnerability exists when Windows Modules
Installer Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1417 (An elevation of privilege vulnerability exists when the Windows
Data S ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1416 (An elevation of privilege vulnerability exists due to a race
condition ...)
TODO: check
CVE-2019-1415 (An elevation of privilege vulnerability exists in Windows
Installer be ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/335454a4e881f6b227333639a1092d6f9ded60fa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/335454a4e881f6b227333639a1092d6f9ded60fa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
