[Git][security-tracker-team/security-tracker][master] gdnsd non-issues
Moritz Muehlenhoff
jmm at debian.org
Fri Jul 19 10:10:36 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5b356fcb by Moritz Muehlenhoff at 2019-07-19T09:10:11Z
gdnsd non-issues
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2019-13978 (Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php ...)
- TODO: check
+ NOT-FOR-US: Ovidentia
CVE-2019-13977 (index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&id ...)
- TODO: check
+ NOT-FOR-US: Ovidentia
CVE-2019-13976
RESERVED
CVE-2019-13975
RESERVED
CVE-2019-13974 (LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. ...)
- TODO: check
+ NOT-FOR-US: LayerBB
CVE-2019-13973 (LayerBB 1.1.3 allows admin/general.php arbitrary file upload because t ...)
- TODO: check
+ NOT-FOR-US: LayerBB
CVE-2019-13972 (LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title ...)
- TODO: check
+ NOT-FOR-US: LayerBB
CVE-2019-13971 (OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=aut ...)
- TODO: check
+ NOT-FOR-US: OTCMS
CVE-2019-13970 (In antSword before 2.1.0, self-XSS in the database configuration leads ...)
- TODO: check
+ NOT-FOR-US: antSword
CVE-2019-13969 (Metinfo 6.x allows SQL Injection via the id parameter in an admin/inde ...)
- TODO: check
+ NOT-FOR-US: Metinfo
CVE-2019-13968
RESERVED
CVE-2019-13967
@@ -33,7 +33,7 @@ CVE-2019-13963
CVE-2019-13962 (lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC medi ...)
TODO: check
CVE-2019-13961 (A CSRF vulnerability was found in flatCore before 1.5, leading to the ...)
- TODO: check
+ NOT-FOR-US: flatCore
CVE-2019-13960 (** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be ...)
TODO: check
CVE-2019-13959 (In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reall ...)
@@ -51,11 +51,13 @@ CVE-2019-13954
CVE-2019-13953
RESERVED
CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack ...)
- - gdnsd <unfixed> (bug #932407)
+ - gdnsd <unfixed> (unimportant; bug #932407)
NOTE: https://github.com/gdnsd/gdnsd/issues/185
+ NOTE: No security impact, data is under administrative control
CVE-2019-13951 (The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack ...)
- - gdnsd <unfixed> (bug #932407)
+ - gdnsd <unfixed> (unimportant; bug #932407)
NOTE: https://github.com/gdnsd/gdnsd/issues/185
+ NOTE: No security impact, data is under administrative control
CVE-2019-13950 (index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored ...)
NOT-FOR-US: SyGuestBook A5
CVE-2019-13949 (SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demons ...)
@@ -127,7 +129,7 @@ CVE-2019-13917
CVE-2019-13916
RESERVED
CVE-2019-13915 (b3log Wide before 1.6.0 allows three types of attacks to access arbitr ...)
- TODO: check
+ NOT-FOR-US: b3log Wide
CVE-2019-13914
RESERVED
CVE-2019-13913
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b356fcb7e6615c5f3eb4b7c778c2eabd21c727a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5b356fcb7e6615c5f3eb4b7c778c2eabd21c727a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190719/4d71ec6d/attachment.html>
More information about the debian-security-tracker-commits
mailing list