[Git][security-tracker-team/security-tracker][master] new luajit issue

Moritz Muehlenhoff Tue, 03 Dec 2019 01:06:57 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
23eefb8c by Moritz Muehlenhoff at 2019-12-03T09:05:31Z
new luajit issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81,7 +81,7 @@ CVE-2020-1925
 CVE-2019-19517
        RESERVED
 CVE-2019-19516 (Intelbras WRN 150 1.0.18 devices allow CSRF via 
GO=system_password.asp ...)
-       TODO: check
+       NOT-FOR-US: Intelbras WRN
 CVE-2019-19515
        RESERVED
 CVE-2019-19514
@@ -179,7 +179,7 @@ CVE-2019-19509
 CVE-2019-19508
        RESERVED
 CVE-2019-19507 (In jpv (aka Json Pattern Validator) before 2.1.1, 
compareCommon() can  ...)
-       TODO: check
+       NOT-FOR-US: Json Pattern Validator
 CVE-2019-19506
        RESERVED
 CVE-2019-19505
@@ -189,7 +189,7 @@ CVE-2019-19504
 CVE-2019-19503
        RESERVED
 CVE-2019-19502 (pluginconfig.php in the Image Uploader and Browser plugin 
before 4.1.9 ...)
-       TODO: check
+       NOT-FOR-US: ckeditor plugin
 CVE-2019-19501
        RESERVED
 CVE-2019-19500
@@ -672,7 +672,8 @@ CVE-2019-19393
 CVE-2019-19392
        RESERVED
 CVE-2019-19391 (In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and 
other pro ...)
-       TODO: check
+       - luajit <unfixed>
+       NOTE: https://github.com/LuaJIT/LuaJIT/pull/526
 CVE-2019-19390
        RESERVED
 CVE-2019-19389
@@ -970,7 +971,7 @@ CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a 
crafted btrfs image twice
 CVE-2019-19317
        RESERVED
 CVE-2019-19316 (When using the Azure backend with a shared access signature 
(SAS), Ter ...)
-       TODO: check
+       NOT-FOR-US: Terraform
 CVE-2019-19315
        RESERVED
 CVE-2019-19314 [Tokens stored in plaintext]
@@ -1206,7 +1207,7 @@ CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 
7.3.x and other products
        NOTE: https://bugs.php.net/bug.php?id=78559
        NOTE: 
https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b
 CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows 
Pre-Authentication S ...)
-       TODO: check
+       NOT-FOR-US: NAPC Xinet Elegant 6 Asset Library
 CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a 
sub-sel ...)
        - sqlite3 <unfixed>
        [jessie] - sqlite3 <not-affected> (Vulnerable code, i.e. window 
functions, not present)
@@ -1789,21 +1790,21 @@ CVE-2019-19023
 CVE-2019-19022 (iTerm2 through 3.3.6 has potentially insufficient 
documentation about  ...)
        NOT-FOR-US: iTerm2
 CVE-2019-19021 (An issue was discovered in TitanHQ WebTitan before 5.18. It 
has a hidd ...)
-       TODO: check
+       NOT-FOR-US: TitanHQ WebTitan
 CVE-2019-19020 (An issue was discovered in TitanHQ WebTitan before 5.18. In 
the admini ...)
-       TODO: check
+       NOT-FOR-US: TitanHQ WebTitan
 CVE-2019-19019 (An issue was discovered in TitanHQ WebTitan before 5.18. It 
contains a ...)
-       TODO: check
+       NOT-FOR-US: TitanHQ WebTitan
 CVE-2019-19018 (An issue was discovered in TitanHQ WebTitan before 5.18. It 
exposes a  ...)
-       TODO: check
+       NOT-FOR-US: TitanHQ WebTitan
 CVE-2019-19017 (An issue was discovered in TitanHQ WebTitan before 5.18. The 
appliance ...)
-       TODO: check
+       NOT-FOR-US: TitanHQ WebTitan
 CVE-2019-19016 (An issue was discovered in TitanHQ WebTitan before 5.18. Some 
function ...)
-       TODO: check
+       NOT-FOR-US: TitanHQ WebTitan
 CVE-2019-19015 (An issue was discovered in TitanHQ WebTitan before 5.18. The 
proxy ser ...)
-       TODO: check
+       NOT-FOR-US: TitanHQ WebTitan
 CVE-2019-19014 (An issue was discovered in TitanHQ WebTitan before 5.18. It 
has a sudo ...)
-       TODO: check
+       NOT-FOR-US: TitanHQ WebTitan
 CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to 
upload an ...)
        NOT-FOR-US: Pagekit CMS
 CVE-2019-19012 (An integer overflow in the search_in_range function in 
regexec.c in On ...)
@@ -13602,7 +13603,7 @@ CVE-2019-15691
 CVE-2019-15690
        RESERVED
 CVE-2019-15689 (Kaspersky Secure Connection, Kaspersky Internet Security, 
Kaspersky To ...)
-       TODO: check
+       NOT-FOR-US: Kaspersky
 CVE-2019-15688 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky 
Total Sec ...)
        NOT-FOR-US: Kaspersky
 CVE-2019-15687 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky 
Total Sec ...)
@@ -16357,6 +16358,7 @@ CVE-2019-14838 (A flaw was found in wildfly-core before 
7.2.5.GA. The Management
        - wildfly <itp> (bug #752018)
 CVE-2019-14837
        RESERVED
+       NOT-FOR-US: Keycloak
 CVE-2019-14836
        RESERVED
 CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 
5.2.x, in ...)
@@ -24101,7 +24103,7 @@ CVE-2019-12519
 CVE-2017-18376 (An improper authorization check in the User API in TheHive 
before 2.13 ...)
        NOT-FOR-US: User API in TheHive Project
 CVE-2019-12518 (Anviz CrossChex access control management software 4.3.8.0 and 
4.3.12  ...)
-       TODO: check
+       NOT-FOR-US: Anviz CrossChex
 CVE-2019-12517 (An XSS issue was discovered in the slickquiz plugin through 
1.3.7.1 fo ...)
        NOT-FOR-US: slickquiz plugin for WordPress
 CVE-2019-12516 (The slickquiz plugin through 1.3.7.1 for WordPress allows SQL 
Injectio ...)
@@ -24132,7 +24134,7 @@ CVE-2019-12505 (Due to unencrypted and unauthenticated 
data communication, the w
 CVE-2019-12504 (Due to unencrypted and unauthenticated data communication, the 
wireles ...)
        NOT-FOR-US: Inateck
 CVE-2019-12503 (Due to unencrypted and unauthenticated data communication, the 
wireles ...)
-       TODO: check
+       NOT-FOR-US: Inateck
 CVE-2019-12502 (There is a lack of CSRF countermeasures on MOBOTIX S14 
MX-V4.2.1.61 ca ...)
        NOT-FOR-US: MOBOTIX cameras
 CVE-2019-12501
@@ -24499,19 +24501,19 @@ CVE-2019-12396
 CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing 
login check  ...)
        NOT-FOR-US: Webbukkit Dynmap
 CVE-2019-12394 (Anviz access control devices allow unverified password change 
which al ...)
-       TODO: check
+       NOT-FOR-US: Anviz
 CVE-2019-12393 (Anviz access control devices are vulnerable to replay attacks 
which co ...)
-       TODO: check
+       NOT-FOR-US: Anviz
 CVE-2019-12392 (Anviz access control devices allow remote attackers to issue 
commands  ...)
-       TODO: check
+       NOT-FOR-US: Anviz
 CVE-2019-12391 (The Anviz Management System for access control has 
insufficient loggin ...)
-       TODO: check
+       NOT-FOR-US: Anviz
 CVE-2019-12390 (Anviz access control devices expose private Information (pin 
code and  ...)
-       TODO: check
+       NOT-FOR-US: Anviz
 CVE-2019-12389 (Anviz access control devices expose credentials (names and 
passwords)  ...)
-       TODO: check
+       NOT-FOR-US: Anviz
 CVE-2019-12388 (Anviz access control devices perform cleartext transmission of 
sensiti ...)
-       TODO: check
+       NOT-FOR-US: Anviz
 CVE-2019-12387 (In Twisted before 19.2.1, twisted.web did not validate or 
sanitize URI ...)
        - twisted <unfixed> (bug #930389)
        [buster] - twisted <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23eefb8ce5cd1e3feffaab4f95cec9bef14ffcf1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/23eefb8ce5cd1e3feffaab4f95cec9bef14ffcf1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new luajit issue

Reply via email to