[Git][security-tracker-team/security-tracker][master] NFUs

Tue, 24 Mar 2020 09:39:30 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7ea935bd by Moritz Muehlenhoff at 2020-03-24T17:38:53+01:00
NFUs
"new" bitcoin issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67982,15 +67982,15 @@ CVE-2019-5188 (A code execution vulnerability exists 
in the directory rehashing
 CVE-2019-5187 (An exploitable out-of-bounds write vulnerability exists in the 
TIFread ...)
        NOT-FOR-US: Accusoft ImageGear
 CVE-2019-5186 (An exploitable stack buffer overflow vulnerability 
vulnerability exist ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5185 (An exploitable stack buffer overflow vulnerability 
vulnerability exist ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5184 (An exploitable double free vulnerability exists in the iocheckd 
servic ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5183 (An exploitable type confusion vulnerability exists in AMD 
ATIDXX64.DLL ...)
        NOT-FOR-US: AMD ATIDXX64.DLL driver
 CVE-2019-5182 (An exploitable stack buffer overflow vulnerability 
vulnerability exist ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5181 (An exploitable stack buffer overflow vulnerability 
vulnerability exist ...)
        NOT-FOR-US: WAGO
 CVE-2019-5180 (An exploitable stack buffer overflow vulnerability 
vulnerability exist ...)
@@ -68042,19 +68042,19 @@ CVE-2019-5163 (An exploitable denial-of-service 
vulnerability exists in the UDPR
 CVE-2019-5162 (An exploitable improper access control vulnerability exists in 
the iw_ ...)
        NOT-FOR-US: Moxa
 CVE-2019-5161 (An exploitable remote code execution vulnerability exists in 
the Cloud ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5160 (An exploitable improper host validation vulnerability exists in 
the Cl ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5159 (An exploitable improper input validation vulnerability exists 
in the f ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5158 (An exploitable firmware downgrade vulnerability exists in the 
firmware ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5157 (An exploitable command injection vulnerability exists in the 
Cloud Con ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5156 (An exploitable command injection vulnerability exists in the 
cloud con ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5155 (An exploitable command injection vulnerability exists in the 
cloud con ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the 
JPEG2000 pars ...)
        NOT-FOR-US: LEADTOOLS
 CVE-2019-5153 (An exploitable remote code execution vulnerability exists in 
the iw_we ...)
@@ -68071,7 +68071,7 @@ CVE-2019-5151 (An exploitable SQL injection 
vulnerability exist in YouPHPTube 7.
 CVE-2019-5150 (An exploitable SQL injection vulnerability exist in YouPHPTube 
7.7. Wh ...)
        NOT-FOR-US: YouPHPTube
 CVE-2019-5149 (The WBM web application on firmwares prior to 03.02.02 and 
03.01.07 on ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5148 (An exploitable denial-of-service vulnerability exists in 
ServiceAgent  ...)
        NOT-FOR-US: Moxa
 CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD 
ATIDXX64 ...)
@@ -68099,9 +68099,9 @@ CVE-2019-5137 (The usage of hard-coded cryptographic 
keys within the ServiceAgen
 CVE-2019-5136 (An exploitable privilege escalation vulnerability exists in the 
iw_con ...)
        NOT-FOR-US: Moxa
 CVE-2019-5135 (An exploitable timing discrepancy vulnerability exists in the 
authenti ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5134 (An exploitable regular expression without anchors vulnerability 
exists ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5133 (An exploitable out-of-bounds write vulnerability exists in the 
igcore1 ...)
        NOT-FOR-US: ImageGear
 CVE-2019-5132 (An exploitable out-of-bounds write vulnerability exists in the 
igcore1 ...)
@@ -68158,9 +68158,9 @@ CVE-2019-5108 (An exploitable denial-of-service 
vulnerability exists in the Linu
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
        NOTE: 
https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e
 CVE-2019-5107 (A cleartext transmission vulnerability exists in the network 
communica ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5106 (A hard-coded encryption key vulnerability exists in the 
authentication ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2019-5105
        RESERVED
 CVE-2019-5104
@@ -71265,9 +71265,9 @@ CVE-2019-3772 (Spring Integration 
(spring-integration-xml and spring-integration
 CVE-2019-3771
        RESERVED
 CVE-2019-3770 (Dell Wyse Management Suite versions prior to 1.4.1 contain a 
stored cr ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2019-3769 (Dell Wyse Management Suite versions prior to 1.4.1 contain a 
stored cr ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2019-3768 (RSA Authentication Manager versions prior to 8.4 P7 contain an 
XML Ent ...)
        NOT-FOR-US: RSA Authentication Manager
 CVE-2019-3767 (Dell ImageAssist versions prior to 8.7.15 contain an 
information discl ...)
@@ -71281,7 +71281,7 @@ CVE-2019-3764 (Dell EMC iDRAC7 versions prior to 
2.65.65.65, iDRAC8 versions pri
 CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via 
Lifecyc ...)
        NOT-FOR-US: RSA
 CVE-2019-3762 (Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 
19.1 cont ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2019-3761 (The RSA Identity Governance and Lifecycle software and RSA Via 
Lifecyc ...)
        NOT-FOR-US: RSA
 CVE-2019-3760 (The RSA Identity Governance and Lifecycle software and RSA Via 
Lifecyc ...)
@@ -71450,7 +71450,7 @@ CVE-2019-3684 (SUSE Manager until version 4.0.7 and 
Uyuni until commit 1b426ad5e
 CVE-2019-3683 (The keystone-json-assignment package in SUSE Openstack Cloud 8 
before  ...)
        TODO: check
 CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 
17.09.1_ce-7 ...)
-       TODO: check
+       NOT-FOR-US: SuSE
 CVE-2019-3681
        RESERVED
 CVE-2019-3680
@@ -71729,7 +71729,7 @@ CVE-2019-3555
 CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when 
acceptin ...)
        NOT-FOR-US: Facebook Wangle
 CVE-2019-3553 (C++ Facebook Thrift servers would not error upon receiving 
messages de ...)
-       TODO: check
+       NOT-FOR-US: Thrift servers
 CVE-2019-3552 (C++ Facebook Thrift servers (using cpp2) would not error upon 
receivin ...)
        NOT-FOR-US: Thrift servers
 CVE-2019-3551
@@ -72233,7 +72233,7 @@ CVE-2018-20587 (Bitcoin Core 0.12.0 through 0.17.1 and 
Bitcoin Knots 0.12.0 thro
        - bitcoin <unfixed>
        NOTE: 
https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587
 CVE-2018-20586 (bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of 
arbitrary d ...)
-       TODO: check
+       - bitcoin 0.17.1~dfsg-1
 CVE-2018-20585
        RESERVED
 CVE-2018-20584 (JasPer 2.0.14 allows remote attackers to cause a denial of 
service (ap ...)
@@ -73034,11 +73034,11 @@ CVE-2018-20337 (There is a stack-based buffer 
overflow in the parse_makernote fu
 CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is 
a stack ...)
        NOT-FOR-US: ASUSWRT
 CVE-2018-20335 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An 
unauthenticat ...)
-       TODO: check
+       NOT-FOR-US: ASUSWRT
 CVE-2018-20334 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When 
processing  ...)
-       TODO: check
+       NOT-FOR-US: ASUSWRT
 CVE-2018-20333 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An 
unauthenticat ...)
-       TODO: check
+       NOT-FOR-US: ASUSWRT
 CVE-2018-20332 (An issue has been discovered in the OpenWebif plugin through 
1.2.4 for ...)
        NOT-FOR-US: OpenWebif plugin
 CVE-2018-20331 (Local attackers can trigger a Kernel Pool Buffer Overflow in 
Antiy AVL ...)
@@ -73317,7 +73317,7 @@ CVE-2019-3406
 CVE-2019-3405
        RESERVED
 CVE-2019-3404 (By adding some special fields to the uri ofrouter app function, 
the us ...)
-       TODO: check
+       NOT-FOR-US: ofrouter
 CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before 
version 7.13. ...)
        NOT-FOR-US: Atlassian Jira
 CVE-2019-3402 (The ConfigurePortalPages.jspa resource in Jira before version 
7.13.3 a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea935bd1ae05139a6612c4a29761c23768deac7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea935bd1ae05139a6612c4a29761c23768deac7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to