Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
30f75ae0 by Salvatore Bonaccorso at 2019-12-26T21:32:57Z
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5816,7 +5816,7 @@ CVE-2019-19400
CVE-2019-19399
RESERVED
CVE-2019-19398 (M5 lite 10 with versions of 8.0.0.182(C00) have an
insufficient input ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2019-19397 (There is a weak algorithm vulnerability in some Huawei
products. The a ...)
NOT-FOR-US: Huawei
CVE-2019-19396 (illumos, as used in OmniOS Community Edition before r151030y,
allows a ...)
@@ -42491,7 +42491,7 @@ CVE-2019-8295
CVE-2019-8294
RESERVED
CVE-2019-8293 (Due to a logic error in the code, upload-image-with-ajax v1.0
allows a ...)
- TODO: check
+ NOT-FOR-US: upload-image-with-ajax
CVE-2019-8292 (Online Store System v1.0 delete_product.php doesn't check to
see if a ...)
NOT-FOR-US: Online Store System
CVE-2019-8291 (Online Store System v1.0 delete_file.php doesn't check to see
if a use ...)
@@ -42570,7 +42570,7 @@ CVE-2019-8257
CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure
inherited pe ...)
TODO: check
CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2019-8254 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before
21.0.2 hav ...)
NOT-FOR-US: Adobe
CVE-2019-8253 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before
21.0.2 hav ...)
@@ -47610,7 +47610,7 @@ CVE-2019-6237 (Multiple memory corruption issues were
addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-6236 (A race condition existed during the installation of iCloud for
Windows ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6235 (A memory corruption issue was addressed with improved
validation. This ...)
NOT-FOR-US: Apple
CVE-2019-6234 (A memory corruption issue was addressed with improved memory
handling. ...)
@@ -47620,7 +47620,7 @@ CVE-2019-6233 (A memory corruption issue was addressed
with improved memory hand
- webkit2gtk 2.22.4-1 (unimportant)
NOTE: Not covered by security support
CVE-2019-6232 (A race condition existed during the installation of iTunes for
Windows ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6231 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
CVE-2019-6230 (A memory initialization issue was addressed with improved
memory handl ...)
@@ -47643,7 +47643,7 @@ CVE-2019-6224 (A buffer overflow issue was addressed
with improved memory handli
CVE-2019-6223 (A logic issue existed in the handling of Group FaceTime calls.
The iss ...)
NOT-FOR-US: Apple
CVE-2019-6222 (A consistency issue was addressed with improved state handling.
This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6221 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
CVE-2019-6220 (An out-of-bounds read was addressed with improved input
validation. Th ...)
@@ -47677,13 +47677,13 @@ CVE-2019-6209 (An out-of-bounds read issue existed
that led to the disclosure of
CVE-2019-6208 (A memory initialization issue was addressed with improved
memory handl ...)
NOT-FOR-US: Apple
CVE-2019-6207 (An out-of-bounds read issue existed that led to the disclosure
of kern ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6206 (An issue existed with autofill resuming after it was canceled.
The iss ...)
NOT-FOR-US: autofill in iOS
CVE-2019-6205 (A memory corruption issue was addressed with improved lock
state check ...)
NOT-FOR-US: Apple
CVE-2019-6204 (A logic issue was addressed with improved validation. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-6203
RESERVED
CVE-2019-6202 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
@@ -47800,7 +47800,7 @@ CVE-2019-6149 (An unquoted search path vulnerability
was identified in Lenovo Dy
CVE-2019-6148
RESERVED
CVE-2019-6147 (Forcepoint NGFW Security Management Center (SMC) versions lower
than 6 ...)
- TODO: check
+ NOT-FOR-US: Forcepoint NGFW Security Management Center
CVE-2019-6146
RESERVED
CVE-2019-6145 (Forcepoint VPN Client for Windows versions lower than 6.6.1
have an un ...)
@@ -48110,17 +48110,17 @@ CVE-2019-6034 (a-blog cms versions prior to
Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26
CVE-2019-6033 (Cross-site scripting vulnerability in a-blog cms versions prior
to Ver ...)
NOT-FOR-US: a-blog cms
CVE-2019-6032 (The NTV News24 prior to Ver.3.0.0 does not verify X.509
certificates f ...)
- TODO: check
+ NOT-FOR-US: NTV News24
CVE-2019-6031 (Cross-site scripting vulnerability in KINZA for Windows version
5.9.2 ...)
- TODO: check
+ NOT-FOR-US: KINZA for Windows
CVE-2019-6030 (Cross-site request forgery (CSRF) vulnerability in Custom Body
Class 0 ...)
- TODO: check
+ NOT-FOR-US: Custom Body Class
CVE-2019-6029 (Cross-site scripting vulnerability in Custom Body Class 0.6.0
and earl ...)
- TODO: check
+ NOT-FOR-US: Custom Body Class
CVE-2019-6028
RESERVED
CVE-2019-6027 (Cross-site request forgery (CSRF) vulnerability in WP Spell
Check 7.1. ...)
- TODO: check
+ NOT-FOR-US: WP Spell Check Wordpress Plugin
CVE-2019-6026 (Privilege escalation vulnerability in Multiple MOTEX products
(LanScop ...)
NOT-FOR-US: MOTEX
CVE-2019-6025 (Open redirect vulnerability in Movable Type series Movable Type
7 r.46 ...)
@@ -48134,11 +48134,11 @@ CVE-2019-6022 (Directory traversal vulnerability in
Cybozu Office 10.0.0 to 10.8
CVE-2019-6021 (Open redirect vulnerability in Library Information Management
System L ...)
NOT-FOR-US: Library Information Management System LIMEDIO
CVE-2019-6020 (Open redirect vulnerability in PowerCMS 5.12 and earlier
(PowerCMS 5.x ...)
- TODO: check
+ NOT-FOR-US: PowerCMS
CVE-2019-6019 (Untrusted search path vulnerability in STAMP Workbench
installer all v ...)
- TODO: check
+ NOT-FOR-US: STAMP Workbench installer
CVE-2019-6018 (Cross-site scripting vulnerability in NetCommons 3.2.2 and
earlier (Ne ...)
- TODO: check
+ NOT-FOR-US: NetCommons
CVE-2019-6017 (REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and
earlier ...)
NOT-FOR-US: REMISE Payment Module
CVE-2019-6016 (Cross-site scripting vulnerability in REMISE Payment Module
(2.11, 2.1 ...)
@@ -48150,15 +48150,15 @@ CVE-2019-6014 (DBA-1510P firmware 1.70b009 and
earlier allows an attacker to exe
CVE-2019-6013 (DBA-1510P firmware 1.70b009 and earlier allows authenticated
attackers ...)
NOT-FOR-US: DBA-1510P firmware
CVE-2019-6012 (SQL injection vulnerability in the wpDataTables Lite Version
2.0.11 an ...)
- TODO: check
+ NOT-FOR-US: wpDataTables Lite
CVE-2019-6011 (Cross-site scripting vulnerability in wpDataTables Lite Version
2.0.11 ...)
- TODO: check
+ NOT-FOR-US: wpDataTables Lite
CVE-2019-6010 (Integer overflow vulnerability in LINE(Android) from 4.4.0 to
the vers ...)
NOT-FOR-US: LINE(Android)
CVE-2019-6009 (Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier
allows rem ...)
NOT-FOR-US: SHIRASAGI
CVE-2019-6008 (An unquoted search path vulnerability in Multiple Yokogawa
products fo ...)
- TODO: check
+ NOT-FOR-US: Yokogawa
CVE-2019-6007 (Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0
allows ...)
NOT-FOR-US: apng-drawable
CVE-2019-6006
@@ -49082,7 +49082,7 @@ CVE-2019-5704
CVE-2019-5703
RESERVED
CVE-2019-5702 (NVIDIA GeForce Experience, all versions prior to 3.20.2,
contains a vu ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.1,
contains a vu ...)
NOT-FOR-US: NVIDIA GeForce Experience
CVE-2019-5700 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra
software con ...)
@@ -50458,23 +50458,23 @@ CVE-2019-5083 (An exploitable out-of-bounds write
vulnerability exists in the ig
CVE-2019-5082
RESERVED
CVE-2019-5081 (An exploitable heap buffer overflow vulnerability exists in the
iochec ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2019-5080 (An exploitable denial-of-service vulnerability exists in the
iocheckd ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2019-5079 (An exploitable heap buffer overflow vulnerability exists in the
iochec ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2019-5078 (An exploitable denial of service vulnerability exists in the
iocheckd ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2019-5077 (An exploitable denial-of-service vulnerability exists in the
iocheckd ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2019-5076 (An exploitable out-of-bounds write vulnerability exists in the
igcore1 ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2019-5075 (An exploitable stack buffer overflow vulnerability exists in
the comma ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2019-5074 (An exploitable stack buffer overflow vulnerability exists in
the ioche ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2019-5073 (An exploitable information exposure vulnerability exists in the
iochec ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2019-5072 (An exploitable command injection vulnerability exists in the
/goform/W ...)
NOT-FOR-US: Tenda
CVE-2019-5071 (An exploitable command injection vulnerability exists in the
/goform/W ...)
@@ -52727,15 +52727,15 @@ CVE-2019-3998
CVE-2019-3997
RESERVED
CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request
proxy ...)
- TODO: check
+ NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-3995 (ELOG 3.1.4-57bea22 and below is affected by a denial of service
vulner ...)
- TODO: check
+ NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-3994 (ELOG 3.1.4-57bea22 and below is affected by a denial of service
vulner ...)
- TODO: check
+ NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-3993 (ELOG 3.1.4-57bea22 and below is affected by an information
disclosure ...)
- TODO: check
+ NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-3992 (ELOG 3.1.4-57bea22 and below is affected by an information
disclosure ...)
- TODO: check
+ NOT-FOR-US: Electronic Logbook (ELOG)
CVE-2019-3991
RESERVED
CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present
in the ...)
@@ -120662,7 +120662,7 @@ CVE-2017-16785 (Cacti 1.1.27 has reflected XSS via
the PATH_INFO to host.php. ..
CVE-2017-16779
RESERVED
CVE-2017-16778 (An access control weakness in the DTMF tone receiver of Fermax
Outdoor ...)
- TODO: check
+ NOT-FOR-US: Fermax Outdoor Panel
CVE-2017-16777 (If HashiCorp Vagrant VMware Fusion plugin (aka
vagrant-vmware-fusion) ...)
NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-16776 (Security researchers discovered an authentication bypass
vulnerability ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/30f75ae06297e411872f9d03c3513843e78537ad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/30f75ae06297e411872f9d03c3513843e78537ad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
