Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 23eefb8c by Moritz Muehlenhoff at 2019-12-03T09:05:31Z new luajit issue NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -81,7 +81,7 @@ CVE-2020-1925 CVE-2019-19517 RESERVED CVE-2019-19516 (Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp ...) - TODO: check + NOT-FOR-US: Intelbras WRN CVE-2019-19515 RESERVED CVE-2019-19514 @@ -179,7 +179,7 @@ CVE-2019-19509 CVE-2019-19508 RESERVED CVE-2019-19507 (In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can ...) - TODO: check + NOT-FOR-US: Json Pattern Validator CVE-2019-19506 RESERVED CVE-2019-19505 @@ -189,7 +189,7 @@ CVE-2019-19504 CVE-2019-19503 RESERVED CVE-2019-19502 (pluginconfig.php in the Image Uploader and Browser plugin before 4.1.9 ...) - TODO: check + NOT-FOR-US: ckeditor plugin CVE-2019-19501 RESERVED CVE-2019-19500 @@ -672,7 +672,8 @@ CVE-2019-19393 CVE-2019-19392 RESERVED CVE-2019-19391 (In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other pro ...) - TODO: check + - luajit <unfixed> + NOTE: https://github.com/LuaJIT/LuaJIT/pull/526 CVE-2019-19390 RESERVED CVE-2019-19389 @@ -970,7 +971,7 @@ CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice CVE-2019-19317 RESERVED CVE-2019-19316 (When using the Azure backend with a shared access signature (SAS), Ter ...) - TODO: check + NOT-FOR-US: Terraform CVE-2019-19315 RESERVED CVE-2019-19314 [Tokens stored in plaintext] @@ -1206,7 +1207,7 @@ CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products NOTE: https://bugs.php.net/bug.php?id=78559 NOTE: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication S ...) - TODO: check + NOT-FOR-US: NAPC Xinet Elegant 6 Asset Library CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...) - sqlite3 <unfixed> [jessie] - sqlite3 <not-affected> (Vulnerable code, i.e. window functions, not present) @@ -1789,21 +1790,21 @@ CVE-2019-19023 CVE-2019-19022 (iTerm2 through 3.3.6 has potentially insufficient documentation about ...) NOT-FOR-US: iTerm2 CVE-2019-19021 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidd ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19020 (An issue was discovered in TitanHQ WebTitan before 5.18. In the admini ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19019 (An issue was discovered in TitanHQ WebTitan before 5.18. It contains a ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19018 (An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19017 (An issue was discovered in TitanHQ WebTitan before 5.18. The appliance ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19016 (An issue was discovered in TitanHQ WebTitan before 5.18. Some function ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19015 (An issue was discovered in TitanHQ WebTitan before 5.18. The proxy ser ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19014 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudo ...) - TODO: check + NOT-FOR-US: TitanHQ WebTitan CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an ...) NOT-FOR-US: Pagekit CMS CVE-2019-19012 (An integer overflow in the search_in_range function in regexec.c in On ...) @@ -13602,7 +13603,7 @@ CVE-2019-15691 CVE-2019-15690 RESERVED CVE-2019-15689 (Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky To ...) - TODO: check + NOT-FOR-US: Kaspersky CVE-2019-15688 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) NOT-FOR-US: Kaspersky CVE-2019-15687 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) @@ -16357,6 +16358,7 @@ CVE-2019-14838 (A flaw was found in wildfly-core before 7.2.5.GA. The Management - wildfly <itp> (bug #752018) CVE-2019-14837 RESERVED + NOT-FOR-US: Keycloak CVE-2019-14836 RESERVED CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...) @@ -24101,7 +24103,7 @@ CVE-2019-12519 CVE-2017-18376 (An improper authorization check in the User API in TheHive before 2.13 ...) NOT-FOR-US: User API in TheHive Project CVE-2019-12518 (Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 ...) - TODO: check + NOT-FOR-US: Anviz CrossChex CVE-2019-12517 (An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 fo ...) NOT-FOR-US: slickquiz plugin for WordPress CVE-2019-12516 (The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injectio ...) @@ -24132,7 +24134,7 @@ CVE-2019-12505 (Due to unencrypted and unauthenticated data communication, the w CVE-2019-12504 (Due to unencrypted and unauthenticated data communication, the wireles ...) NOT-FOR-US: Inateck CVE-2019-12503 (Due to unencrypted and unauthenticated data communication, the wireles ...) - TODO: check + NOT-FOR-US: Inateck CVE-2019-12502 (There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 ca ...) NOT-FOR-US: MOBOTIX cameras CVE-2019-12501 @@ -24499,19 +24501,19 @@ CVE-2019-12396 CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check ...) NOT-FOR-US: Webbukkit Dynmap CVE-2019-12394 (Anviz access control devices allow unverified password change which al ...) - TODO: check + NOT-FOR-US: Anviz CVE-2019-12393 (Anviz access control devices are vulnerable to replay attacks which co ...) - TODO: check + NOT-FOR-US: Anviz CVE-2019-12392 (Anviz access control devices allow remote attackers to issue commands ...) - TODO: check + NOT-FOR-US: Anviz CVE-2019-12391 (The Anviz Management System for access control has insufficient loggin ...) - TODO: check + NOT-FOR-US: Anviz CVE-2019-12390 (Anviz access control devices expose private Information (pin code and ...) - TODO: check + NOT-FOR-US: Anviz CVE-2019-12389 (Anviz access control devices expose credentials (names and passwords) ...) - TODO: check + NOT-FOR-US: Anviz CVE-2019-12388 (Anviz access control devices perform cleartext transmission of sensiti ...) - TODO: check + NOT-FOR-US: Anviz CVE-2019-12387 (In Twisted before 19.2.1, twisted.web did not validate or sanitize URI ...) - twisted <unfixed> (bug #930389) [buster] - twisted <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23eefb8ce5cd1e3feffaab4f95cec9bef14ffcf1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/23eefb8ce5cd1e3feffaab4f95cec9bef14ffcf1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits