Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18b385e7 by Moritz Muehlenhoff at 2019-12-04T17:06:34Z
NFUs
new zabbix issue (more of a hardening than a real vulnerability)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -736,7 +736,9 @@ CVE-2019-19396 (illumos, as used in OmniOS Community
Edition before r151030y, al
CVE-2019-19395
RESERVED
CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with
unsalte ...)
- TODO: check
+ - zabbix <unfixed>
+ [buster] - zabbix <no-dsa> (Minor issue)
+ [stretch] - zabbix <no-dsa> (Minor issue)
CVE-2020-1784
RESERVED
CVE-2020-1783
@@ -803,7 +805,7 @@ CVE-2019-19385 (A cross-site scripting (XSS) vulnerability
in app/dialplans/dial
CVE-2019-19384 (A cross-site scripting (XSS) vulnerability in
app/fax/fax_log_view.php ...)
NOT-FOR-US: FusionPBX
CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a
crafted ...)
- TODO: check
+ NOT-FOR-US: freeFTPd
CVE-2019-19382 (Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions
on the ...)
NOT-FOR-US: Max Secure Anti Virus Plus
CVE-2019-19381
@@ -31409,7 +31411,7 @@ CVE-2019-9974 (diag_tool.cgi on DASAN H660RM GPON
routers with firmware 1.03-002
CVE-2019-9973
RESERVED
CVE-2019-10013 (The asn1_signature function in asn1.c in Cameron Hamilton-Rich
axTLS t ...)
- TODO: check
+ - axtls <itp> (bug #932027)
CVE-2019-10012 (Jenzabar JICS (aka Internet Campus Solution) before 9 allows
remote at ...)
NOT-FOR-US: Jenzabar
CVE-2019-10011 (ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka
Internet Campu ...)
@@ -45095,9 +45097,9 @@ CVE-2019-5135
CVE-2019-5134
RESERVED
CVE-2019-5133 (An exploitable out-of-bounds write vulnerability exists in the
igcore1 ...)
- TODO: check
+ NOT-FOR-US: ImageGear
CVE-2019-5132 (An exploitable out-of-bounds write vulnerability exists in the
igcore1 ...)
- TODO: check
+ NOT-FOR-US: ImageGear
CVE-2019-5131
RESERVED
CVE-2019-5130
@@ -45137,13 +45139,13 @@ CVE-2019-5114 (An exploitable SQL injection
vulnerability exists in the authenti
CVE-2019-5113
RESERVED
CVE-2019-5112 (Exploitable SQL injection vulnerability exists in the
authenticated po ...)
- TODO: check
+ NOT-FOR-US: Forma LMS
CVE-2019-5111 (Exploitable SQL injection vulnerability exists in the
authenticated po ...)
- TODO: check
+ NOT-FOR-US: Forma LMS
CVE-2019-5110 (Exploitable SQL injection vulnerabilities exist in the
authenticated p ...)
- TODO: check
+ NOT-FOR-US: Forma LMS
CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the
authenticated ...)
- TODO: check
+ NOT-FOR-US: Forma LMS
CVE-2019-5108
RESERVED
CVE-2019-5107
@@ -45167,9 +45169,9 @@ CVE-2019-5099 (An exploitable integer underflow
vulnerability exists in the CMP-
CVE-2019-5098
RESERVED
CVE-2019-5097 (A denial-of-service vulnerability exists in the processing of
multi-pa ...)
- TODO: check
+ NOT-FOR-US: GoAhead
CVE-2019-5096 (An exploitable code execution vulnerability exists in the
processing o ...)
- TODO: check
+ NOT-FOR-US: GoAhead
CVE-2019-5095 (An issue summary information disclosure vulnerability exists in
Atlass ...)
NOT-FOR-US: Atlassian
CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota
file f ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18b385e7d31049e768787f2bfcf99cf495c40002
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/18b385e7d31049e768787f2bfcf99cf495c40002
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
