Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
712b1868 by Moritz Muehlenhoff at 2019-11-15T11:47:25Z
new ruby-rack-cors issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,25 +1,27 @@
CVE-2019-18988
RESERVED
CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through
1.34 for ...)
- TODO: check
+ NOT-FOR-US: AbuseFilter MediaWiki extension
CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess)
valid user ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2019-18985 (Pimcore before 6.2.2 lacks brute force protection for the 2FA
token. ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2019-18984
RESERVED
CVE-2019-18983
RESERVED
CVE-2019-18982 (bundles/AdminBundle/Controller/Admin/EmailController.php in
Pimcore be ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2019-18981 (Pimcore before 6.2.2 lacks an Access Denied outcome for a
certain scen ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb
9290022 ...)
- TODO: check
+ NOT-FOR-US: Signify Philips Taolight
CVE-2019-18979
RESERVED
CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS
Middleware) ge ...)
- TODO: check
+ - ruby-rack-cors
+ NOTE:
https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d
+ NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4
CVE-2019-18977
RESERVED
CVE-2019-18976
@@ -61,7 +63,7 @@ CVE-2019-18959
CVE-2019-18958
RESERVED
CVE-2019-18957 (Microstrategy Library in MicroStrategy before 2019 before
11.1.3 has r ...)
- TODO: check
+ NOT-FOR-US: Microstrategy Library
CVE-2019-18956
RESERVED
CVE-2019-18955
@@ -186,7 +188,7 @@ CVE-2019-18897
CVE-2019-18896
RESERVED
CVE-2019-18895 (Scanguard through 2019-11-12 on Windows has Insecure
Permissions for t ...)
- TODO: check
+ NOT-FOR-US: Scanguard
CVE-2019-18894
RESERVED
CVE-2019-18893
@@ -2939,20 +2941,20 @@ CVE-2019-18653 (A Cross Site Scripting (XSS) issue
exists in Avast AntiVirus (Fr
CVE-2019-18652
RESERVED
CVE-2019-18651 (A cross-site request forgery (CSRF) vulnerability in 3xLogic
Infinias ...)
- TODO: check
+ NOT-FOR-US: 3xLogic
CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing
token chec ...)
NOT-FOR-US: Joomla!
CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to
treat serve ...)
- jupyter-notebook 5.7.4-1
NOTE: https://github.com/jupyter/notebook/pull/3341
CVE-2019-18649 (When logged in as an admin user, the Title input field (under
Reports) ...)
- TODO: check
+ NOT-FOR-US: Untangle NG firewall
CVE-2019-18648 (When logged in as an admin user, the Untangle NG firewall
14.2.0 is vu ...)
- TODO: check
+ NOT-FOR-US: Untangle NG firewall
CVE-2019-18647 (The Untangle NG firewall 14.2.0 is vulnerable to an
authenticated comm ...)
- TODO: check
+ NOT-FOR-US: Untangle NG firewall
CVE-2019-18646 (The Untangle NG firewall 14.2.0 is vulnerable to authenticated
inline- ...)
- TODO: check
+ NOT-FOR-US: Untangle NG firewall
CVE-2019-18645 (The quarantine restoration function in Total Defense
Anti-virus 11.5.2 ...)
NOT-FOR-US: Total Defense Anti-virus
CVE-2019-18644 (The malware scan function in Total Defense Anti-virus
11.5.2.28 is vul ...)
@@ -7125,7 +7127,7 @@ CVE-2019-17393 (The Customer's Tomedo Server in Version
1.7.3 communicates to th
CVE-2019-17392
RESERVED
CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code
2016-06-0 ...)
- TODO: check
+ NOT-FOR-US: Espressif ESP32
CVE-2019-17390
RESERVED
CVE-2019-17389 (In RIOT 2019.07, the MQTT-SN implementation (asymcute)
mishandles erro ...)
@@ -10463,7 +10465,7 @@ CVE-2019-16112
CVE-2019-16111
RESERVED
CVE-2019-16110 (The network protocol of Blade Shadow though 2.13.3 allows
remote attac ...)
- TODO: check
+ NOT-FOR-US: Blade Shadow
CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1.
It confi ...)
NOT-FOR-US: Plataformatec Devise
CVE-2019-16108
@@ -11254,17 +11256,17 @@ CVE-2019-15806 (CommScope ARRIS TR4400 devices with
firmware through A1.00.004-1
CVE-2019-15805 (CommScope ARRIS TR4400 devices with firmware through
A1.00.004-180301 ...)
NOT-FOR-US: CommScope ARRIS TR4400 devices
CVE-2019-15804 (An issue was discovered on Zyxel GS1900 devices with firmware
before 2 ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2019-15803 (An issue was discovered on Zyxel GS1900 devices with firmware
before 2 ...)
- TODO: