[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Aug 9 11:05:23 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df7da2d6 by Moritz Muehlenhoff at 2019-08-09T10:04:53Z
NFUs
werkzeug n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2019-14785
 CVE-2019-14784
 	RESERVED
 CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, Fo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2019-14782
 	RESERVED
 CVE-2019-14781
@@ -61,9 +61,9 @@ CVE-2019-XXXX [clamav zip DoS]
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/3
 	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=12356
 CVE-2019-14774 (The woo-variation-swatches (aka Variation Swatches for WooCommerce) pl ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-14773 (admin/includes/class.actions.snippet.php in the "Woody ad snippets" pl ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-14772 (verdaccio before 3.12.0 allows XSS. ...)
 	NOT-FOR-US: verdaccio
 CVE-2019-14771 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the  ...)
@@ -103,7 +103,7 @@ CVE-2019-14755
 CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL Injection via t ...)
 	NOT-FOR-US: Open-School
 CVE-2018-20962 (The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows X ...)
-	TODO: check
+	NOT-FOR-US: Backpack\CRUD Backpack
 CVE-2019-14753
 	RESERVED
 CVE-2019-14752
@@ -117,7 +117,7 @@ CVE-2019-14749 (An issue was discovered in osTicket before 1.10.7 and 1.12.x bef
 CVE-2019-14748 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)
 	NOT-FOR-US: osTicket
 CVE-2019-14747 (DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-de ...)
-	TODO: check
+	NOT-FOR-US: DWSurvey
 CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by  ...)
 	NOT-FOR-US: KuaiFanCMS
 CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exists in b ...)
@@ -262,15 +262,15 @@ CVE-2019-14685
 CVE-2019-14684
 	RESERVED
 CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-14682 (The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-14681 (The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admi ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-14680 (The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 f ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-14679 (core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 fo ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-14678
 	RESERVED
 CVE-2019-14677
@@ -296,7 +296,7 @@ CVE-2019-14668 (Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack
 CVE-2019-14667 (Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due t ...)
 	NOT-FOR-US: Firefly
 CVE-2015-9292 (6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code p ...)
-	TODO: check
+	NOT-FOR-US: 6kbbs
 CVE-2019-14666
 	RESERVED
 CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...)
@@ -320,25 +320,25 @@ CVE-2018-20961 (In the Linux kernel before 4.16.4, a double free vulnerability i
 	[stretch] - linux 4.9.107-1
 	NOTE: Fixed by: https://git.kernel.org/linus/7fafcfdf6377b18b2a726ea554d6e593ba44349f
 CVE-2018-20960 (Nespresso Prodigio devices lack Bluetooth connection security. ...)
-	TODO: check
+	NOT-FOR-US: Nespresso Prodigio
 CVE-2018-20959 (Jura E8 devices lack Bluetooth connection security. ...)
 	NOT-FOR-US: Jura E8 devices
 CVE-2018-20958 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...)
 	NOT-FOR-US: Tapplock devices
 CVE-2018-20957 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...)
-	TODO: check
+	NOT-FOR-US: Tapplock devices
 CVE-2018-20956 (Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory re ...)
-	TODO: check
+	NOT-FOR-US: Swann
 CVE-2018-20955 (Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to ...)
-	TODO: check
+	NOT-FOR-US: Swann
 CVE-2017-18485 (Cognitoys Dino devices allow profiles_add.html CSRF. ...)
-	TODO: check
+	NOT-FOR-US: Cognitoys Dino
 CVE-2017-18484 (Cognitoys Dino devices allow XSS via the SSID. ...)
-	TODO: check
+	NOT-FOR-US: Cognitoys Dino
 CVE-2016-10864 (NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. ...)
 	NOT-FOR-US: NETGEAR
 CVE-2016-10863 (Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with  ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2019-14661
 	RESERVED
 CVE-2019-14660
@@ -356,7 +356,7 @@ CVE-2019-14655
 CVE-2019-14654 (In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authoris ...)
 	NOT-FOR-US: Joomla!
 CVE-2018-20954 (The "Security and Privacy" Encryption feature in Mailpile before 1.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Mailpile
 CVE-2019-XXXX [Buffer overflow during processing of large server replies]
 	- pump <unfixed> (bug #933674)
 CVE-2019-14653 (pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP e ...)
@@ -600,13 +600,13 @@ CVE-2019-14539
 CVE-2019-14538
 	RESERVED
 CVE-2019-14537 (YOURLS through 1.7.3 is affected by a type juggling vulnerability in t ...)
-	TODO: check
+	NOT-FOR-US: YOURLS
 CVE-2019-14536
 	RESERVED
 CVE-2017-18483 (ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a  ...)
 	NOT-FOR-US: ANNKE SP1 HD wireless camera devices
 CVE-2016-10862 (Neet AirStream NAS1.1 devices have a password of ifconfig for the root ...)
-	TODO: check
+	NOT-FOR-US: Neet AirStream NAS1.1 devices
 CVE-2016-10861 (Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settin ...)
 	NOT-FOR-US: Neet AirStream NAS1.1 devices
 CVE-2019-14535
@@ -1728,7 +1728,7 @@ CVE-2019-14324
 CVE-2019-14323 (SSDP Responder 1.x through 1.5 mishandles incoming network messages, l ...)
 	NOT-FOR-US: SSDP Responder
 CVE-2019-14322 (In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles dri ...)
-	TODO: check
+	- python-werkzeug <not-affected> (Windows-specific)
 CVE-2019-14321
 	RESERVED
 CVE-2019-14320



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df7da2d607da78abcae3a45e4c6adba253a4534a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/df7da2d607da78abcae3a45e4c6adba253a4534a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190809/060f5928/attachment.html>

More information about the debian-security-tracker-commits mailing list