[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Aug 22 21:24:53 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
78de003a by Salvatore Bonaccorso at 2019-08-22T20:24:21Z
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,9 +63,9 @@ CVE-2019-15318 (The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for Wo
 CVE-2019-15317 (The give plugin before 2.4.7 for WordPress has XSS via a donor name. ...)
 	NOT-FOR-US: give plugin for WordPress
 CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak folder perm ...)
-	TODO: check
+	NOT-FOR-US: Valve Steam Client for Windows
 CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privilege esc ...)
-	TODO: check
+	NOT-FOR-US: Valve Steam Client for Windows
 CVE-2018-20986
 	RESERVED
 CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local file inc ...)
@@ -133,7 +133,7 @@ CVE-2016-10922 (The woocommerce-store-toolkit plugin before 1.5.7 for WordPress
 CVE-2016-10921 (The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL in ...)
 	NOT-FOR-US: gallery-photo-gallery plugin for WordPress
 CVE-2016-10920 (The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: gnucommerce plugin for WordPress
 CVE-2016-10919 (The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats ...)
 	NOT-FOR-US: wassup plugin for WordPress
 CVE-2016-10918 (The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. ...)
@@ -997,7 +997,7 @@ CVE-2019-15062 (An issue was discovered in Dolibarr 11.0.0-alpha. A user can sto
 CVE-2019-15061
 	RESERVED
 CVE-2019-15060 (The traceroute function on the TP-Link TL-WR840N v4 router with firmwa ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2019-15059
 	RESERVED
 CVE-2019-15058 (stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer ov ...)
@@ -2559,7 +2559,7 @@ CVE-2019-14471 (TestLink 1.9.19 has XSS via the error.php message parameter. ...
 CVE-2019-14470
 	RESERVED
 CVE-2019-14469 (In Nexus Repository Manager before 3.18.0, users with elevated privile ...)
-	TODO: check
+	NOT-FOR-US: Nexus Repository Manager
 CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via c ...)
 	- gnucobol <unfixed> (bug #933884)
 	[buster] - gnucobol <no-dsa> (Minor issue)
@@ -8164,7 +8164,7 @@ CVE-2019-12891
 CVE-2019-12890 (RedwoodHQ 2.5.5 does not require any authentication for database opera ...)
 	NOT-FOR-US: RedwoodHQ
 CVE-2019-12889 (An unauthenticated privilege escalation exists in SailPoint Desktop Pa ...)
-	TODO: check
+	NOT-FOR-US: SailPoint Desktop Password Reset
 CVE-2019-12888
 	REJECTED
 CVE-2019-12887 (KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue ...)
@@ -13037,11 +13037,11 @@ CVE-2019-11033 (Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a fo
 CVE-2019-11032 (In EasyToRecruit (E2R) before 2.11, the upload feature and the Candida ...)
 	NOT-FOR-US: EasyToRecruit
 CVE-2019-11031 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-up ...)
-	TODO: check
+	NOT-FOR-US: Mirasys VMS
 CVE-2019-11030 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys ...)
-	TODO: check
+	NOT-FOR-US: Mirasys VMS
 CVE-2019-11029 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Downloa ...)
-	TODO: check
+	NOT-FOR-US: Mirasys VMS
 CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing  ...)
 	NOT-FOR-US: GAT-Ship Web Module
 CVE-2015-9284 (The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site ...)
@@ -13220,7 +13220,7 @@ CVE-2019-10962 (BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build
 CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, proces ...)
 	NOT-FOR-US: Advantech WebAccess HMI Designer
 CVE-2019-10960 (Zebra Industrial Printers All Versions, Zebra printers are shipped wit ...)
-	TODO: check
+	NOT-FOR-US: Zebra Industrial Printers
 CVE-2019-10959 (BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build ...)
 	NOT-FOR-US: BD Alaris Gateway
 CVE-2019-10958



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78de003aa262cc45d13bc87a7cdbe88926afe6f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/78de003aa262cc45d13bc87a7cdbe88926afe6f0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190822/a180f23f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list