Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
26944dac by Salvatore Bonaccorso at 2019-12-21T08:47:58Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61,7 +61,7 @@ CVE-2019-19910 (The MinervaNeue Skin in MediaWiki from
2019-11-05 to 2019-12-13
CVE-2019-19909 (An issue was discovered in Public Knowledge Project (PKP)
pkp-lib befo ...)
NOT-FOR-US: Public Knowledge Project (PKP) pkp-lib
CVE-2019-19908 (phpMyChat-Plus 1.98 is vulnerable to reflected XSS via
JavaScript inje ...)
- TODO: check
+ NOT-FOR-US: phpMyChat
CVE-2019-19907 (HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano
Groupware Core ...)
- kopanocore <unfixed>
NOTE:
https://stash.kopano.io/projects/KC/repos/kopanocore/commits/4e02b420fff
@@ -964,7 +964,7 @@ CVE-2019-19791
CVE-2019-19790 (Path traversal in RadChart in Telerik UI for ASP.NET AJAX
allows a rem ...)
NOT-FOR-US: Telerik UI for ASP.NET AJAX
CVE-2019-19789 (3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS
Runtime Tool ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2019-19788 (Opera for Android before 54.0.2669.49432 is vulnerable to a
sandboxed ...)
NOT-FOR-US: Opera for Android
CVE-2019-19787 (ATasm 1.06 has a stack-based buffer overflow in the
get_signed_express ...)
@@ -2067,7 +2067,7 @@ CVE-2019-19749
CVE-2019-19748 (The Work Time Calendar app before 4.7.1 for Jira allows XSS.
...)
NOT-FOR-US: Work Time Calendar app for Jira
CVE-2019-19747 (NeuVector 3.1 when configured to allow authentication via
Active Direc ...)
- TODO: check
+ NOT-FOR-US: NeuVector
CVE-2019-19746 (make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a
segmentation fau ...)
- fig2dev <unfixed> (unimportant; bug #946628)
- transfig <removed> (unimportant)
@@ -6236,7 +6236,7 @@ CVE-2019-19233
CVE-2019-19232 (In Sudo through 1.8.29, an attacker with access to a Runas ALL
sudoer ...)
TODO: check
CVE-2019-19231 (An insecure file access vulnerability exists in CA Client
Automation 1 ...)
- TODO: check
+ NOT-FOR-US: CA Client Automation
CVE-2019-19230 (An unsafe deserialization vulnerability exists in CA Release
Automatio ...)
NOT-FOR-US: CA Release Automation (Nolio)
CVE-2019-19229 (admincgi-bin/service.fcgi on Fronius Solar Inverter devices
before 3.1 ...)
@@ -6439,7 +6439,7 @@ CVE-2019-19143
CVE-2019-19142
RESERVED
CVE-2019-19141 (The Camera Upload functionality in Plex Media Server through
1.18.2.20 ...)
- TODO: check
+ NOT-FOR-US: Plex Media Server
CVE-2019-19140
RESERVED
CVE-2019-19139
@@ -10964,7 +10964,7 @@ CVE-2019-18265
CVE-2019-18264
RESERVED
CVE-2019-18263 (An issue was found in Philips Veradius Unity, Pulsera, and
Endura Dual ...)
- TODO: check
+ NOT-FOR-US: Philips
CVE-2019-18262
RESERVED
CVE-2019-18261 (In Omron PLC CS series, all versions, Omron PLC CJ series, all
version ...)
@@ -12146,7 +12146,7 @@ CVE-2019-18183
CVE-2019-18182
RESERVED
CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2
Code train ...)
- TODO: check
+ NOT-FOR-US: CloudVision Portal
CVE-2019-18180 (Improper Check for filenames with overly long extensions in
PostMaster ...)
- otrs2 <unfixed> (bug #945251)
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -13696,7 +13696,7 @@ CVE-2019-17529 (An issue was discovered in Bento4
1.5.1.0. There is a heap-based
CVE-2019-17528 (An issue was discovered in Bento4 1.5.1.0. There is a SEGV in
the func ...)
NOT-FOR-US: Bento4
CVE-2019-17527 (dataForDepandantField in models/custormfields.php in the JS
JOBS FREE ...)
- TODO: check
+ NOT-FOR-US: JS JOBS FREE extension for Joomla!
CVE-2019-17526 (** DISPUTED ** An issue was discovered in SageMath Sage Cell
Server th ...)
NOT-FOR-US: Sage Cell Server (not part of SafeMath as packaged in
Debian)
CVE-2019-17525
@@ -13940,7 +13940,7 @@ CVE-2019-17442
CVE-2019-17441
RESERVED
CVE-2019-17440 (Improper restriction of communications to Log Forwarding Card
(LFC) on ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2019-17439
RESERVED
CVE-2019-17438
@@ -15369,7 +15369,7 @@ CVE-2019-16873 (Portainer before 1.22.1 has XSS (issue
1 of 2). ...)
CVE-2019-16872 (Portainer before 1.22.1 has Incorrect Access Control (issue 1
of 4). ...)
NOT-FOR-US: Portainer
CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 3.1.4024.0, and
Beckhoff Twinca ...)
- TODO: check
+ NOT-FOR-US: Beckhoff
CVE-2019-16870
RESERVED
CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the
colon in HT ...)
@@ -18068,17 +18068,17 @@ CVE-2019-15916 (An issue was discovered in the Linux
kernel before 5.0.1. There
[jessie] - linux 3.16.70-1
NOTE:
https://git.kernel.org/linus/895a5e96dbd6386c8e78e5b78e067dcc67b7f0ab
CVE-2019-15915 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM,
MCCGQ01LM, RTCG ...)
- TODO: check
+ NOT-FOR-US: Xiaomi devices
CVE-2019-15914 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM,
MCCGQ01LM, WSDC ...)
- TODO: check
+ NOT-FOR-US: Xiaomi devices
CVE-2019-15913 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM,
MCCGQ01LM, WSDC ...)
- TODO: check
+ NOT-FOR-US: Xiaomi devices
CVE-2019-15912 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101,
AS-101, ...)
- TODO: check
+ NOT-FOR-US: ASUS devices
CVE-2019-15911 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101,
AS-101, ...)
- TODO: check
+ NOT-FOR-US: ASUS devices
CVE-2019-15910 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101,
AS-101, ...)
- TODO: check
+ NOT-FOR-US: ASUS devices
CVE-2019-15909
RESERVED
CVE-2019-15908
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/26944dac4d1a3f995b86e33e77aa3f684baebc2d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/26944dac4d1a3f995b86e33e77aa3f684baebc2d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
