Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
874c85ee by Salvatore Bonaccorso at 2019-11-25T20:23:50Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26,7 +26,7 @@ CVE-2019-19252 (vcs_write in drivers/tty/vt/vc_screen.c in
the Linux kernel thro
CVE-2019-19251
RESERVED
CVE-2019-19250 (OpenTrade before 2019-11-23 allows SQL injection, related to
server/mo ...)
- TODO: check
+ NOT-FOR-US: OpenTrade
CVE-2019-19249 (Controllers/InvitationsController.cs in QueryTree before
3.0.99-beta m ...)
TODO: check
CVE-2019-19248
@@ -4431,7 +4431,7 @@ CVE-2019-18376
CVE-2019-18375
RESERVED
CVE-2019-18374 (Symantec Critical System Protection (CSP), versions 8.0, 8.0
HF1 & ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2019-18373 (Norton App Lock, prior to 1.4.0.503, may be susceptible to a
bypass ex ...)
NOT-FOR-US: Norton
CVE-2019-18372 (Symantec Endpoint Protection, prior to 14.2 RU2, may be
susceptible to ...)
@@ -7750,13 +7750,13 @@ CVE-2019-XXXX [Remote code execution vulnerability]
NOTE:
https://github.com/libguestfs/libnbd/commit/f75f602a6361c0c5f42debfeea6980f698ce7f09
(1.1.4)
NOTE:
https://github.com/libguestfs/libnbd/commit/2c1987fc23d6d0f537edc6d4701e95a2387f7917
(stable-1.0)
CVE-2019-17406 (Nokia IMPACT < 18A has path traversal that may lead to RCE
if chain ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2019-17405 (Nokia IMPACT < 18A: has Reflected self XSS ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2019-17404 (Nokia IMPACT < 18A: allows full path disclosure ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2019-17403 (Nokia IMPACT < 18A: An unrestricted File Upload
vulnerability was f ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2019-17402 (Exiv2 0.27.2 allows attackers to trigger a crash in
Exiv2::getULong in ...)
TODO: check
CVE-2019-17401 (** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer
over-rea ...)
@@ -10497,7 +10497,7 @@ CVE-2019-16289 (The insert-php (aka Woody ad snippets)
plugin before 2.2.8 for W
CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID
paramete ...)
NOT-FOR-US: Tenda
CVE-2019-16287 (An attacker may be able to leverage the application filter
bypass vuln ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2019-16286 (An attacker may be able to bypass the OS application filter
meant to r ...)
NOT-FOR-US: HP
CVE-2019-16285 (If a local user has been configured and logged in, an
unauthenticated ...)
@@ -12330,7 +12330,7 @@ CVE-2019-15686
CVE-2019-15685
RESERVED
CVE-2019-15684 (Kaspersky Protection extension for web browser Google Chrome
prior to ...)
- TODO: check
+ NOT-FOR-US: Kaspersky Protection extension for web browser Google Chrome
CVE-2019-15683 (TurboVNC server code contains stack buffer overflow
vulnerability in c ...)
NOT-FOR-US: TurboVNC
CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access
read vuln ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/874c85ee87226ee7cc4198863aa54ede831534cc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/874c85ee87226ee7cc4198863aa54ede831534cc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
