Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1da36d89 by Salvatore Bonaccorso at 2019-12-11T20:55:48Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1398,9 +1398,9 @@ CVE-2019-19652
CVE-2019-19651
RESERVED
CVE-2019-19650 (Zoho ManageEngine Applications Manager before 13640 allows a
remote au ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-19649 (Zoho ManageEngine Applications Manager before 13620 allows a
remote un ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA
3.11.0, ...)
- yara <unfixed>
NOTE: https://github.com/VirusTotal/yara/issues/1178
@@ -3535,7 +3535,7 @@ CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a
configuration where SSL
CVE-2019-19374
RESERVED
CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to
5.5.0.3, 5. ...)
- TODO: check
+ NOT-FOR-US: Squiz Matrix CMS
CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal
vulnera ...)
NOT-FOR-US: rConfig
CVE-2019-19371
@@ -4780,7 +4780,7 @@ CVE-2019-18962
CVE-2019-18961
RESERVED
CVE-2019-18960 (AWS Firecracker through v0.19.0 has a Buffer Overflow. ...)
- TODO: check
+ NOT-FOR-US: AWS Firecracker
CVE-2019-18959
RESERVED
CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the
directory where ...)
@@ -4830,7 +4830,7 @@ CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3
3.47.18 with the Script Par
CVE-2019-18936
RESERVED
CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023
contains a .N ...)
- TODO: check
+ NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the
ipsec modul ...)
- unbound <unfixed> (unimportant)
[stretch] - unbound <not-affected> (ipsecmod module introduced later)
@@ -8539,11 +8539,11 @@ CVE-2019-18381 (Norton Password Manager, prior to
6.6.2.5, may be susceptible to
CVE-2019-18380 (Symantec Industrial Control System Protection (ICSP), versions
6.x.x, ...)
NOT-FOR-US: Symantec
CVE-2019-18379 (Symantec Messaging Gateway, prior to 10.7.3, may be
susceptible to a s ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be
susceptible to a c ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be
susceptible to a p ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2019-18376
RESERVED
CVE-2019-18375
@@ -12185,7 +12185,7 @@ CVE-2019-17272 (All versions of ONTAP Select Deploy
administration utility are s
CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the
ajax/api/hook/getHookList ...)
NOT-FOR-US: vBulletin
CVE-2019-17270 (Yachtcontrol through 2019-10-06: It's possible to perform
direct Opera ...)
- TODO: check
+ NOT-FOR-US: Yachtcontrol
CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to
execute arbitr ...)
NOT-FOR-US: Intellian Remote Access
CVE-2019-17268
@@ -18682,11 +18682,11 @@ CVE-2019-15011
CVE-2019-15010
RESERVED
CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian
Fisheye and ...)
- TODO: check
+ NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2019-15008 (The /plugins/servlet/branchreview resource in Atlassian
Fisheye and Cr ...)
- TODO: check
+ NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2019-15007 (The review resource in Atlassian Fisheye and Crucible before
version 4 ...)
- TODO: check
+ NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2019-15006
RESERVED
CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior
to versio ...)
@@ -21624,7 +21624,7 @@ CVE-2019-14253 (An issue was discovered in
servletcontroller in the secure porta
CVE-2019-14252 (An issue was discovered in the secure portal in Publisure
2.1.2. Once ...)
NOT-FOR-US: Publisure
CVE-2019-14251 (An issue was discovered in T24 in TEMENOS Channels R15.01. The
login p ...)
- TODO: check
+ NOT-FOR-US: T24 in TEMENOS Channels R15.01
CVE-2019-14250 (An issue was discovered in GNU libiberty, as distributed in
GNU Binuti ...)
- binutils 2.33-1 (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924
@@ -59291,71 +59291,71 @@ CVE-2019-1492
CVE-2019-1491
RESERVED
CVE-2019-1490 (A spoofing vulnerability exists when a Skype for Business
Server does ...)
- TODO: check
+ NOT-FOR-US: Skype
CVE-2019-1489 (An information disclosure vulnerability exists when the Windows
Remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1488 (A security feature bypass vulnerability exists when Microsoft
Defender ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1487 (An information disclosure vulnerability in Android Apps using
Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1486 (A spoofing vulnerability exists in Visual Studio Live Share
when a gue ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1485 (A remote code execution vulnerability exists in the way that
the VBScr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1484 (A remote code execution vulnerability exists when Microsoft
Windows OL ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1483 (An elevation of privilege vulnerability exists when the Windows
AppX D ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1482
RESERVED
CVE-2019-1481 (An information disclosure vulnerability exists in Windows Media
Player ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1480 (An information disclosure vulnerability exists in Windows Media
Player ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1479
RESERVED
CVE-2019-1478 (An elevation of privilege vulnerability exists when Windows
improperly ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1477 (An elevation of privilege vulnerability exists when the Windows
Printe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1476 (An elevation of privilege vulnerability exists when Windows
AppX Deplo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1475
RESERVED
CVE-2019-1474 (An information disclosure vulnerability exists when the Windows
kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1473
RESERVED
CVE-2019-1472 (An information disclosure vulnerability exists when the Windows
kernel ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1471 (A remote code execution vulnerability exists when Windows
Hyper-V on a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1470 (An information disclosure vulnerability exists when Windows
Hyper-V on ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1469 (An information disclosure vulnerability exists when the win32k
compone ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1468 (A remote code execution vulnerability exists when the Windows
font lib ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1467 (An information disclosure vulnerability exists when the Windows
GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1466 (An information disclosure vulnerability exists when the Windows
GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1465 (An information disclosure vulnerability exists when the Windows
GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1464 (An information disclosure vulnerability exists when Microsoft
Excel im ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1463 (An information disclosure vulnerability exists in Microsoft
Access sof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1462 (A remote code execution vulnerability exists in Microsoft
PowerPoint s ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1461 (A denial of service vulnerability exists in Microsoft Word
software wh ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1460
RESERVED
CVE-2019-1459
RESERVED
CVE-2019-1458 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1457 (A security feature bypass vulnerability exists in Microsoft
Office sof ...)
NOT-FOR-US: Microsoft
CVE-2019-1456 (A remote code execution vulnerability exists in Microsoft
Windows when ...)
@@ -59365,7 +59365,7 @@ CVE-2019-1455
CVE-2019-1454
RESERVED
CVE-2019-1453 (A denial of service vulnerability exists in Remote Desktop
Protocol (R ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1452
RESERVED
CVE-2019-1451
@@ -59471,7 +59471,7 @@ CVE-2019-1402 (An information disclosure vulnerability
exists in Microsoft Offic
CVE-2019-1401
RESERVED
CVE-2019-1400 (An information disclosure vulnerability exists in Microsoft
Access sof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1399 (A denial of service vulnerability exists when Microsoft Hyper-V
on a h ...)
NOT-FOR-US: Microsoft
CVE-2019-1398 (A remote code execution vulnerability exists when Windows
Hyper-V on a ...)
@@ -59631,7 +59631,7 @@ CVE-2019-1334 (An information disclosure vulnerability
exists when the Windows k
CVE-2019-1333 (A remote code execution vulnerability exists in the Windows
Remote Des ...)
NOT-FOR-US: Microsoft
CVE-2019-1332 (A cross-site scripting (XSS) vulnerability exists when
Microsoft SQL S ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1331 (A remote code execution vulnerability exists in Microsoft Excel
softwa ...)
NOT-FOR-US: Microsoft
CVE-2019-1330 (An elevation of privilege vulnerability exists in Microsoft
SharePoint ...)
@@ -200954,7 +200954,7 @@ CVE-2015-7894 (The DCMProvider service in Samsung
LibQjpeg on a Samsung SM-G925V
CVE-2015-7893 (SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email
content, ...)
NOT-FOR-US: Samsung
CVE-2015-7892 (Stack-based buffer overflow in the m2m1shot_compat_ioctl32
function in ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung
Graphics 2D ...)
NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android
CVE-2015-7890
@@ -258888,7 +258888,7 @@ CVE-2013-3693 (The BlackBerry Universal Device
Service in BlackBerry Enterprise
CVE-2013-3692 (BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10
smartphones uses ...)
NOT-FOR-US: Blackberry OS
CVE-2013-3691 (AirLive POE-2600HD allows remote attackers to cause a denial of
servic ...)
- TODO: check
+ NOT-FOR-US: AirLive POE-2600HD
CVE-2013-3690 (Cross-site request forgery (CSRF) vulnerability in
cgi-bin/users.cgi i ...)
NOT-FOR-US: Brickcom
CVE-2013-3689 (Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae,
OSD-040E, ...)
@@ -259264,7 +259264,7 @@ CVE-2013-3544
CVE-2013-3543 (The AXIS Media Control (AMC) ActiveX control
(AxisMediaControlEmb.dll) ...)
NOT-FOR-US: AXIS Media Control
CVE-2013-3542 (Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL,
GXV3611HD/LL, GXV ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2013-3541 (Directory traversal vulnerability in cgi-bin/admin/fileread in
AirLive ...)
NOT-FOR-US: AirLive
CVE-2013-3540 (Cross-site request forgery (CSRF) vulnerability in
cgi-bin/admin/usrgr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1da36d89f82cf319c2ccd8a29e80fd57afa1c58b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1da36d89f82cf319c2ccd8a29e80fd57afa1c58b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
