Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c3c96b6 by Moritz Muehlenhoff at 2019-12-20T08:31:46Z
NFUs
new gitlab issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2019-19912
CVE-2019-19911
TODO: check
CVE-2019-19910
- TODO: check
+ NOT-FOR-US: Mediawiki skin
CVE-2019-19909
NOT-FOR-US: Public Knowledge Project (PKP) pkp-lib
CVE-2019-19908
@@ -24,7 +24,7 @@ CVE-2019-19901 (An issue was discovered in Backdrop CMS
1.13.x before 1.13.5 and
CVE-2019-19900 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5
and 1.14. ...)
- backdrop <itp> (bug #914257)
CVE-2019-19899 (Pebble Templates 3.1.2 allows attackers to bypass a protection
mechani ...)
- TODO: check
+ NOT-FOR-US: Pebble Templates
CVE-2019-19898
RESERVED
CVE-2019-19897
@@ -6793,13 +6793,13 @@ CVE-2019-18999
CVE-2019-18998
RESERVED
CVE-2019-18997 (The HMISimulator component of ABB PB610 Panel Builder 600 uses
the rea ...)
- TODO: check
+ NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18996 (Path settings in HMIStudio component of ABB PB610 Panel
Builder 600 ve ...)
- TODO: check
+ NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18995 (The HMISimulator component of ABB PB610 Panel Builder 600
versions 2.8 ...)
- TODO: check
+ NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18994 (Due to a lack of file length check, the HMIStudio component of
ABB PB6 ...)
- TODO: check
+ NOT-FOR-US: ABB PB610 Panel Builder
CVE-2019-18993 (OpenWrt 18.06.4 allows XSS via the "New port forward" Name
field to th ...)
NOT-FOR-US: OpenWrt
CVE-2019-18992 (OpenWrt 18.06.4 allows XSS via these Name fields to the
cgi-bin/luci/a ...)
@@ -6882,10 +6882,10 @@ CVE-2019-18958 (Nitro Pro before 13.2 creates a
debug.log file in the directory
CVE-2019-18957 (Microstrategy Library in MicroStrategy before 2019 before
11.1.3 has r ...)
NOT-FOR-US: Microstrategy Library
CVE-2019-18956 (Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8,
9.8.43 an ...)
- TODO: check
+ NOT-FOR-US: Divisa Proxia Suite
CVE-2019-18955
RESERVED
- TODO: check
+ NOT-FOR-US: Lansweeper
CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data.
A malici ...)
NOT-FOR-US: Pomelo
CVE-2019-18953
@@ -9886,7 +9886,7 @@ CVE-2019-18616
RESERVED
CVE-2019-18615
RESERVED
- TODO: check
+ NOT-FOR-US: CloudVision Portal
CVE-2019-18614
RESERVED
CVE-2019-18613
@@ -9977,11 +9977,11 @@ CVE-2019-18575 (Dell Command Configure versions prior
to 4.2.1 contain an uncont
CVE-2019-18574 (RSA Authentication Manager software versions prior to 8.4 P8
contain a ...)
NOT-FOR-US: RSA Authentication Manager software
CVE-2019-18573 (The RSA Identity Governance and Lifecycle and RSA Via
Lifecycle and Go ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-18572 (The RSA Identity Governance and Lifecycle and RSA Via
Lifecycle and Go ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2019-18571 (The RSA Identity Governance and Lifecycle and RSA Via
Lifecycle and Go ...)
- TODO: check
+ NOT-FOR-US: RSA
CVE-2020-0600
RESERVED
CVE-2020-0599
@@ -10900,7 +10900,7 @@ CVE-2019-18269 (In Omron PLC CJ series, all versions,
and Omron PLC CS series, a
CVE-2019-18268
RESERVED
CVE-2019-18267 (An issue was found in GE S2020/S2020G Fast Switch 61850,
S2020/S2020G ...)
- TODO: check
+ NOT-FOR-US: GE
CVE-2019-18266
RESERVED
CVE-2019-18265
@@ -13182,7 +13182,7 @@ CVE-2019-17634
RESERVED
CVE-2019-17633
RESERVED
- TODO: check
+ NOT-FOR-US: Eclipse Che
CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022,
and 9.4. ...)
- jetty9 <unfixed>
[buster] - jetty9 <no-dsa> (Minor issue)
@@ -18966,11 +18966,11 @@ CVE-2019-15593 (GitLab 12.2.3 contains a security
vulnerability that allows a us
CVE-2019-15592
RESERVED
CVE-2019-15591 (An improper access control vulnerability exists in GitLab
<12.3.3 t ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2019-15590
RESERVED
CVE-2019-15589 (An improper access control vulnerability exists in Gitlab
<v12.3.2, ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2019-15588 (There is an OS Command Injection in Nexus Repository Manager
<= 2.1 ...)
NOT-FOR-US: Nexus Repository Manager
CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized
JavaScript may o ...)
@@ -18990,17 +18990,17 @@ CVE-2019-15582
CVE-2019-15581
RESERVED
CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com
<v12.3.2 ...)
- TODO: check
+ - gitlab <not-affected> (Only affects EE)
CVE-2019-15579
RESERVED
CVE-2019-15578
RESERVED
CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE
<v12 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2019-15576 (An information disclosure vulnerability exists in GitLab CE/EE
<v12 ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2019-15575 (A command injection exists in GitLab CE/EE <v12.3.2,
<v12.2.6, a ...)
- TODO: check
+ - gitlab <unfixed>
CVE-2019-15574 (Gesior-AAC before 2019-05-01 allows serviceID SQL injection in
account ...)
NOT-FOR-US: Gesior-AAC
CVE-2019-15573 (Gesior-AAC before 2019-05-01 allows SQL injection in
tankyou.php. ...)
@@ -22172,9 +22172,9 @@ CVE-2019-14593
CVE-2019-14592
RESERVED
CVE-2019-14591 (Improper input validation in the API for Intel(R) Graphics
Driver vers ...)
- NOT-FOR-US: Intel
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-14590 (Improper access control in the API for the Intel(R) Graphics
Driver ve ...)
- NOT-FOR-US: Intel
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-14589
RESERVED
CVE-2019-14588
@@ -22206,7 +22206,7 @@ CVE-2019-14576
CVE-2019-14575
RESERVED
CVE-2019-14574 (Out of bounds read in a subsystem for Intel(R) Graphics Driver
version ...)
- NOT-FOR-US: Intel
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-14573
RESERVED
CVE-2019-14572
@@ -33247,11 +33247,11 @@ CVE-2019-11115
CVE-2019-11114 (Insufficient input validation in Intel(R) Driver & Support
Assista ...)
NOT-FOR-US: Intel(R) Driver & Support Assistant
CVE-2019-11113 (Buffer overflow in Kernel Mode module for Intel(R) Graphics
Driver bef ...)
- TODO: check
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-11112 (Memory corruption in Kernel Mode Driver in Intel(R) Graphics
Driver be ...)
- TODO: check
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-11111 (Pointer corruption in the Unified Shader Compiler in Intel(R)
Graphics ...)
- NOT-FOR-US: Intel
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-11110 (Authentication bypass in the subsystem for Intel(R) CSME
before versio ...)
NOT-FOR-US: Intel
CVE-2019-11109 (Logic issue in the subsystem for Intel(R) SPS before versions
SPS_E5_0 ...)
@@ -33305,7 +33305,7 @@ CVE-2019-11091 (Microarchitectural Data Sampling
Uncacheable Memory (MDSUM): Unc
CVE-2019-11090 (Cryptographic timing conditions in the subsystem for Intel(R)
PTT befo ...)
NOT-FOR-US: Intel
CVE-2019-11089 (Insufficient input validation in Kernel Mode module for
Intel(R) Graph ...)
- TODO: check
+ NOT-FOR-US: Intel Windows graphics driver
CVE-2019-11088 (Insufficient input validation in subsystem in Intel(R) AMT
before vers ...)
NOT-FOR-US: Intel
CVE-2019-11087 (Insufficient input validation in the subsystem for Intel(R)
CSME befor ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c3c96b68d4fca2fc11e2d050bf643f44525bef3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7c3c96b68d4fca2fc11e2d050bf643f44525bef3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
