Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
712b1868 by Moritz Muehlenhoff at 2019-11-15T11:47:25Z
new ruby-rack-cors issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,27 @@
CVE-2019-18988
RESERVED
CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through
1.34 for ...)
- TODO: check
+ NOT-FOR-US: AbuseFilter MediaWiki extension
CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess)
valid user ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2019-18985 (Pimcore before 6.2.2 lacks brute force protection for the 2FA
token. ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2019-18984
RESERVED
CVE-2019-18983
RESERVED
CVE-2019-18982 (bundles/AdminBundle/Controller/Admin/EmailController.php in
Pimcore be ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2019-18981 (Pimcore before 6.2.2 lacks an Access Denied outcome for a
certain scen ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb
9290022 ...)
- TODO: check
+ NOT-FOR-US: Signify Philips Taolight
CVE-2019-18979
RESERVED
CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS
Middleware) ge ...)
- TODO: check
+ - ruby-rack-cors <unfixed>
+ NOTE:
https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d
+ NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4
CVE-2019-18977
RESERVED
CVE-2019-18976
@@ -61,7 +63,7 @@ CVE-2019-18959
CVE-2019-18958
RESERVED
CVE-2019-18957 (Microstrategy Library in MicroStrategy before 2019 before
11.1.3 has r ...)
- TODO: check
+ NOT-FOR-US: Microstrategy Library
CVE-2019-18956
RESERVED
CVE-2019-18955
@@ -186,7 +188,7 @@ CVE-2019-18897
CVE-2019-18896
RESERVED
CVE-2019-18895 (Scanguard through 2019-11-12 on Windows has Insecure
Permissions for t ...)
- TODO: check
+ NOT-FOR-US: Scanguard
CVE-2019-18894
RESERVED
CVE-2019-18893
@@ -2939,20 +2941,20 @@ CVE-2019-18653 (A Cross Site Scripting (XSS) issue
exists in Avast AntiVirus (Fr
CVE-2019-18652
RESERVED
CVE-2019-18651 (A cross-site request forgery (CSRF) vulnerability in 3xLogic
Infinias ...)
- TODO: check
+ NOT-FOR-US: 3xLogic
CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing
token chec ...)
NOT-FOR-US: Joomla!
CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to
treat serve ...)
- jupyter-notebook 5.7.4-1
NOTE: https://github.com/jupyter/notebook/pull/3341
CVE-2019-18649 (When logged in as an admin user, the Title input field (under
Reports) ...)
- TODO: check
+ NOT-FOR-US: Untangle NG firewall
CVE-2019-18648 (When logged in as an admin user, the Untangle NG firewall
14.2.0 is vu ...)
- TODO: check
+ NOT-FOR-US: Untangle NG firewall
CVE-2019-18647 (The Untangle NG firewall 14.2.0 is vulnerable to an
authenticated comm ...)
- TODO: check
+ NOT-FOR-US: Untangle NG firewall
CVE-2019-18646 (The Untangle NG firewall 14.2.0 is vulnerable to authenticated
inline- ...)
- TODO: check
+ NOT-FOR-US: Untangle NG firewall
CVE-2019-18645 (The quarantine restoration function in Total Defense
Anti-virus 11.5.2 ...)
NOT-FOR-US: Total Defense Anti-virus
CVE-2019-18644 (The malware scan function in Total Defense Anti-virus
11.5.2.28 is vul ...)
@@ -7125,7 +7127,7 @@ CVE-2019-17393 (The Customer's Tomedo Server in Version
1.7.3 communicates to th
CVE-2019-17392
RESERVED
CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code
2016-06-0 ...)
- TODO: check
+ NOT-FOR-US: Espressif ESP32
CVE-2019-17390
RESERVED
CVE-2019-17389 (In RIOT 2019.07, the MQTT-SN implementation (asymcute)
mishandles erro ...)
@@ -10463,7 +10465,7 @@ CVE-2019-16112
CVE-2019-16111
RESERVED
CVE-2019-16110 (The network protocol of Blade Shadow though 2.13.3 allows
remote attac ...)
- TODO: check
+ NOT-FOR-US: Blade Shadow
CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1.
It confi ...)
NOT-FOR-US: Plataformatec Devise
CVE-2019-16108
@@ -11254,17 +11256,17 @@ CVE-2019-15806 (CommScope ARRIS TR4400 devices with
firmware through A1.00.004-1
CVE-2019-15805 (CommScope ARRIS TR4400 devices with firmware through
A1.00.004-180301 ...)
NOT-FOR-US: CommScope ARRIS TR4400 devices
CVE-2019-15804 (An issue was discovered on Zyxel GS1900 devices with firmware
before 2 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2019-15803 (An issue was discovered on Zyxel GS1900 devices with firmware
before 2 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2019-15802 (An issue was discovered on Zyxel GS1900 devices with firmware
before 2 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2019-15801 (An issue was discovered on Zyxel GS1900 devices with firmware
before 2 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2019-15800 (An issue was discovered on Zyxel GS1900 devices with firmware
before 2 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2019-15799 (An issue was discovered on Zyxel GS1900 devices with firmware
before 2 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2019-15798
RESERVED
CVE-2019-15797
@@ -14815,7 +14817,7 @@ CVE-2019-14680 (The admin-renamer-extended (aka Admin
renamer extended) plugin 3
CVE-2019-14679 (core/views/arprice_import_export.php in the ARPrice Lite
plugin 2.2 fo ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-14678 (SAS XML Mapper 9.45 has an XML External Entity (XXE)
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-14677
RESERVED
CVE-2019-14676
@@ -23687,7 +23689,7 @@ CVE-2019-11933 (A heap buffer overflow bug in
libpl_droidsonroids_gif before 1.2
CVE-2019-11932 (A double free vulnerability in the DDGifSlurp function in
decoding.c i ...)
NOT-FOR-US: libpl_droidsonroids_gif
CVE-2019-11931 (A stack-based buffer overflow could be triggered in WhatsApp
by sendin ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2019-11930
RESERVED
CVE-2019-11929 (Insufficient boundary checks when formatting numbers in
number_format ...)
@@ -35139,7 +35141,7 @@ CVE-2019-8250
CVE-2019-8249
RESERVED
CVE-2019-8248 (Adobe Illustrator CC versions 23.1 and earlier have a memory
corruptio ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8247 (Adobe Illustrator CC versions 23.1 and earlier have a memory
corruptio ...)
NOT-FOR-US: Adobe
CVE-2019-8246 (Adobe Media Encoder versions 13.1 and earlier have an
out-of-bounds wr ...)
@@ -255301,7 +255303,7 @@ CVE-2013-3075 (Multiple buffer overflows in
ActUWzd.dll 1.0.0.1 in Mitsubishi MX
CVE-2013-3074
RESERVED
CVE-2013-3073 (A Symlink Traversal vulnerability exists in NETGEAR Centria
WNDR4700 F ...)
- TODO: check
+ NOT-FOR-US: NETGEAR
CVE-2013-3072 (An Authentication Bypass vulnerability exists in NETGEAR
Centria WNDR4 ...)
NOT-FOR-US: NETGEAR
CVE-2013-3071
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/712b1868a6b664ffc03c7aa92022c7be97dfd457
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/712b1868a6b664ffc03c7aa92022c7be97dfd457
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
