[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Aug 9 23:48:22 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65946f6c by Salvatore Bonaccorso at 2019-08-09T22:47:47Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,37 +5,37 @@ CVE-2019-14807
 CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has insufficien ...)
 	TODO: check
 CVE-2019-14805 (studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the ...)
-	TODO: check
+	NOT-FOR-US: UNA
 CVE-2019-14804 (studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via t ...)
-	TODO: check
+	NOT-FOR-US: UNA
 CVE-2019-14803
 	RESERVED
 CVE-2019-14802
 	RESERVED
 CVE-2017-18486 (Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privi ...)
-	TODO: check
+	NOT-FOR-US: Jitbit Helpdesk
 CVE-2019-14801 (The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress
 CVE-2019-14800
 	RESERVED
 CVE-2019-14799 (The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress
 CVE-2019-14798 (The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authent ...)
-	TODO: check
+	NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
 CVE-2019-14797 (The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authent ...)
-	TODO: check
+	NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
 CVE-2019-14796 (The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products  ...)
-	TODO: check
+	NOT-FOR-US: mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin for WordPress
 CVE-2019-14795
 	RESERVED
 CVE-2019-14794 (The Meta Box plugin before 4.16.2 for WordPress mishandles the uploadi ...)
-	TODO: check
+	NOT-FOR-US: Meta Box plugin for WordPress
 CVE-2019-14793 (The Meta Box plugin before 4.16.3 for WordPress allows file deletion v ...)
-	TODO: check
+	NOT-FOR-US: Meta Box plugin for WordPress
 CVE-2019-14792 (The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via  ...)
-	TODO: check
+	NOT-FOR-US: WP Google Maps plugin for WordPress
 CVE-2019-14791 (The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XS ...)
-	TODO: check
+	NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
 CVE-2019-14790
 	RESERVED
 CVE-2019-14789
@@ -43,11 +43,11 @@ CVE-2019-14789
 CVE-2019-14788
 	RESERVED
 CVE-2019-14787 (The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XS ...)
-	TODO: check
+	NOT-FOR-US: Tribulant Newsletters plugin for WordPress
 CVE-2019-14786
 	RESERVED
 CVE-2019-14785 (The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress h ...)
-	TODO: check
+	NOT-FOR-US: "CP Contact Form with PayPal" plugin for WordPress
 CVE-2019-14784
 	RESERVED
 CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, Fo ...)
@@ -59,7 +59,7 @@ CVE-2019-14781
 CVE-2019-14780
 	RESERVED
 CVE-2016-10865 (The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cros ...)
-	TODO: check
+	NOT-FOR-US: Lightbox Plus Colorbox plugin for WordPress
 CVE-2019-14779
 	RESERVED
 CVE-2019-14778
@@ -1770,7 +1770,7 @@ CVE-2019-14314
 CVE-2019-14313 (A SQL injection vulnerability exists in the 10Web Photo Gallery plugin ...)
 	NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
 CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulner ...)
-	TODO: check
+	NOT-FOR-US: Aptana Jaxer
 CVE-2019-14311
 	RESERVED
 CVE-2019-14310
@@ -7934,11 +7934,11 @@ CVE-2019-12267
 CVE-2019-12266
 	RESERVED
 CVE-2019-12265 (Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Le ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12264 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect  ...)
 	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12263 (Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP comp ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12262
 	RESERVED
 CVE-2019-12261
@@ -7946,13 +7946,13 @@ CVE-2019-12261
 CVE-2019-12260
 	RESERVED
 CVE-2019-12259 (Wind River VxWorks 6.9 and vx7 has an array index error in the IGMPv3  ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12258
 	RESERVED
 CVE-2019-12257 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the DHCP clien ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 compo ...)
-	TODO: check
+	NOT-FOR-US: Wind River VxWorks
 CVE-2019-12255
 	RESERVED
 CVE-2019-12254
@@ -26208,7 +26208,7 @@ CVE-2019-5500
 CVE-2019-5499
 	RESERVED
 CVE-2019-5498 (OnCommand Insight versions through 7.3.6 may disclose sensitive accoun ...)
-	TODO: check
+	NOT-FOR-US: OnCommand Insight
 CVE-2019-5497 (NetApp AFF A700s Baseboard Management Controller (BMC) firmware versio ...)
 	NOT-FOR-US: NetApp AFF A700s Baseboard Management Controller firmware
 CVE-2019-5496 (Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP ...)
@@ -26456,33 +26456,33 @@ CVE-2019-5410
 CVE-2019-5409
 	RESERVED
 CVE-2019-5408 (Command View Advanced Edition (CVAE) products contain a vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Command View Advanced Edition (CVAE) products
 CVE-2019-5407 (A remote information disclosure vulnerability was discovered in HPE 3P ...)
-	TODO: check
+	NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media
 CVE-2019-5406 (A remote session reuse vulnerability was discovered in HPE 3PAR StoreS ...)
-	TODO: check
+	NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media
 CVE-2019-5405 (A remote authorization bypass vulnerability was discovered in HPE 3PAR ...)
-	TODO: check
+	NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media
 CVE-2019-5404 (A remote script injection vulnerability was discovered in HPE 3PAR Sto ...)
-	TODO: check
+	NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media
 CVE-2019-5403 (A remote multiple cross-site scripting vulnerability was discovered in ...)
-	TODO: check
+	NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media
 CVE-2019-5402 (A remote authorization bypass vulnerability was discovered in HPE 3PAR ...)
-	TODO: check
+	NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media
 CVE-2019-5401 (A potential security vulnerability has been identified in HP2910al-48G ...)
 	NOT-FOR-US: HP HP2910al-48G
 CVE-2019-5400 (A remote session reuse vulnerability was discovered in HPE 3PAR Servic ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2019-5399 (A remote gain authorized access vulnerability was discovered in HPE 3P ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2019-5398 (A remote multiple multiple cross-site vulnerability was discovered in  ...)
 	TODO: check
 CVE-2019-5397 (A remote bypass of security restrictions vulnerability was discovered  ...)
 	TODO: check
 CVE-2019-5396 (A remote authentication bypass vulnerability was discovered in HPE 3PA ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2019-5395 (A remote arbitrary file upload vulnerability was discovered in HPE 3PA ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2019-5394 (The HPE Nonstop Maintenance Entity family of products are vulnerable t ...)
 	NOT-FOR-US: HPE
 CVE-2019-5393 (A remote code execution vulnerability was identified in HPE Intelligen ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65946f6caade9a589df20879d0a7ed41de88420b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/65946f6caade9a589df20879d0a7ed41de88420b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190809/6b3f718f/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list