[Git][security-tracker-team/security-tracker][master] Process some further NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 24 19:48:11 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e0d906c1 by Salvatore Bonaccorso at 2019-07-24T18:46:24Z
Process some further NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2019-14245
CVE-2019-14244
RESERVED
CVE-2019-14243 (headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in t ...)
- TODO: check
+ NOT-FOR-US: mastercactapus proxyprotocol
CVE-2019-14242
RESERVED
CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of service (h ...)
@@ -6038,7 +6038,7 @@ CVE-2019-12164 (ubuntu-server.js in Status React Native Desktop before v0.57.8_m
CVE-2019-12163 (GAT-Ship Web Module through 1.30 allows remote attackers to obtain pot ...)
NOT-FOR-US: GAT-Ship Web Module
CVE-2019-12162 (Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the do ...)
- TODO: check
+ NOT-FOR-US: Upwork Time Tracker
CVE-2019-12161 (WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.p ...)
NOT-FOR-US: WPO WebPageTest
CVE-2019-12160 (GoHTTP through 2017-07-25 has a sendHeader use-after-free. ...)
@@ -8345,7 +8345,7 @@ CVE-2019-11275
CVE-2019-11274
RESERVED
CVE-2019-11273 (Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and ve ...)
- TODO: check
+ NOT-FOR-US: Pivotal Container Services
CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older unsupported ve ...)
{DLA-1848-1}
- libspring-security-2.0-java <removed>
@@ -12213,11 +12213,11 @@ CVE-2019-1010210
CVE-2019-1010209 (GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE ...)
NOT-FOR-US: GoUrl.io GoURL Wordpress Plugin
CVE-2019-1010208 (IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracryp ...)
- TODO: check
+ NOT-FOR-US: VeraCrypt
CVE-2019-1010207 (Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scrip ...)
- TODO: check
+ NOT-FOR-US: Genetechsolutions Pie Register
CVE-2019-1010206 (OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL ...)
- TODO: check
+ NOT-FOR-US: OSS Http Request (Apache Cordova Plugin)
CVE-2019-1010205 (LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247f ...)
TODO: check
CVE-2019-1010204 (GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is aff ...)
@@ -12225,9 +12225,9 @@ CVE-2019-1010204 (GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1
CVE-2019-1010203
RESERVED
CVE-2019-1010202 (Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is ...)
- TODO: check
+ NOT-FOR-US: Jeesite
CVE-2019-1010201 (Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive ...)
- TODO: check
+ NOT-FOR-US: Jeesite
CVE-2019-1010200 (Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b ...)
TODO: check
CVE-2019-1010199 (ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site ...)
@@ -12283,15 +12283,15 @@ CVE-2019-1010175
CVE-2019-1010174
RESERVED
CVE-2019-1010173 (Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is ...)
- TODO: check
+ NOT-FOR-US: Jsish
CVE-2019-1010172
RESERVED
CVE-2019-1010171 (Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impac ...)
- TODO: check
+ NOT-FOR-US: Jsish
CVE-2019-1010170 (Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: den ...)
- TODO: check
+ NOT-FOR-US: Jsish
CVE-2019-1010169 (Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: ...)
- TODO: check
+ NOT-FOR-US: Jsish
CVE-2019-1010168
RESERVED
CVE-2019-1010167
@@ -12305,7 +12305,7 @@ CVE-2019-1010164
CVE-2019-1010163
RESERVED
CVE-2019-1010162 (jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. ...)
- TODO: check
+ NOT-FOR-US: Jsish
CVE-2019-1010161
RESERVED
CVE-2019-1010160
@@ -31328,7 +31328,7 @@ CVE-2019-2833 (Vulnerability in the Oracle Hospitality Simphony component of Ora
CVE-2019-2832 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
NOT-FOR-US: Oracle
CVE-2019-2831 (Vulnerability in the PeopleSoft Enterprise FIN Project Costing compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2830 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2829 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...)
@@ -31454,7 +31454,7 @@ CVE-2019-2778 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
CVE-2019-2777 (Vulnerability in the Siebel Core - Server Framework component of Oracl ...)
NOT-FOR-US: Oracle
CVE-2019-2776 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2775 (Vulnerability in the Oracle Payments component of Oracle E-Business Su ...)
NOT-FOR-US: Oracle
CVE-2019-2774 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
@@ -31463,9 +31463,9 @@ CVE-2019-2774 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
CVE-2019-2773 (Vulnerability in the Oracle Payments component of Oracle E-Business Su ...)
NOT-FOR-US: Oracle
CVE-2019-2772 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2771 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2770 (Vulnerability in the Oracle Hyperion Planning component of Oracle Hype ...)
NOT-FOR-US: Oracle
CVE-2019-2769 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
@@ -31475,9 +31475,9 @@ CVE-2019-2769 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
- openjdk-8 8u222-b10-1
- openjdk-7 <removed>
CVE-2019-2768 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2767 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2766 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
- openjdk-12 <not-affected> (Windows-specific)
- openjdk-11 <not-affected> (Windows-specific)
@@ -31518,13 +31518,13 @@ CVE-2019-2753 (Vulnerability in the Oracle Text component of Oracle Database Ser
CVE-2019-2752 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2751 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion Mid ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2750 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2749 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2748 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2747 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2746 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
@@ -31535,11 +31535,11 @@ CVE-2019-2745 (Vulnerability in the Java SE component of Oracle Java SE (subcomp
- openjdk-8 8u222-b10-1
- openjdk-7 <removed>
CVE-2019-2744 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2743 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2742 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion Mi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2741 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <unfixed> (bug #932340)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
@@ -31556,15 +31556,15 @@ CVE-2019-2737 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
- mysql-5.7 <unfixed> (bug #932340)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2736 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2735 (Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyp ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2734
RESERVED
CVE-2019-2733 (Vulnerability in the Oracle Demantra Demand Management component of Or ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2732 (Vulnerability in the Oracle Demantra Demand Management component of Or ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2731 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 5.7.24-1
CVE-2019-2730 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
@@ -31572,9 +31572,9 @@ CVE-2019-2730 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
CVE-2019-2729 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2019-2728 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2727 (Vulnerability in the Oracle Application Testing Suite component of Ora ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2726 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2019-2725 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
@@ -31703,7 +31703,7 @@ CVE-2019-2674 (Vulnerability in the Oracle One-to-One Fulfillment component of O
CVE-2019-2673 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
NOT-FOR-US: Oracle
CVE-2019-2672 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2671 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
NOT-FOR-US: Oracle
CVE-2019-2670 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
@@ -31711,11 +31711,11 @@ CVE-2019-2670 (Vulnerability in the Oracle Marketing component of Oracle E-Busin
CVE-2019-2669 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
NOT-FOR-US: Oracle
CVE-2019-2668 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2667
RESERVED
CVE-2019-2666 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2665 (Vulnerability in the Oracle Common Applications component of Oracle E- ...)
NOT-FOR-US: Oracle
CVE-2019-2664 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
@@ -31872,7 +31872,7 @@ CVE-2019-2601 (Vulnerability in the BI Publisher (formerly XML Publisher) compon
CVE-2019-2600 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
NOT-FOR-US: Oracle
CVE-2019-2599 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2598 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
NOT-FOR-US: Oracle
CVE-2019-2597 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
@@ -31935,7 +31935,7 @@ CVE-2019-2571 (Vulnerability in the RDBMS DataPump component of Oracle Database
CVE-2019-2570 (Vulnerability in the Siebel Core - Server BizLogic Script component of ...)
NOT-FOR-US: Oracle
CVE-2019-2569 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2568 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2019-2567 (Vulnerability in the Oracle Configurator component of Oracle Supply Ch ...)
@@ -31952,7 +31952,7 @@ CVE-2019-2563
CVE-2019-2562
RESERVED
CVE-2019-2561 (Vulnerability in the Oracle Retail Xstore Office component of Oracle R ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2560
RESERVED
CVE-2019-2559
@@ -32144,7 +32144,7 @@ CVE-2019-2486 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
CVE-2019-2485 (Vulnerability in the Oracle Mobile Field Service component of Oracle E ...)
NOT-FOR-US: Oracle
CVE-2019-2484 (Vulnerability in the Application Express component of Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2019-2483
RESERVED
CVE-2019-2482 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
@@ -83858,9 +83858,9 @@ CVE-2018-3318
CVE-2018-3317
RESERVED
CVE-2018-3316 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3315 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3314 (Vulnerability in the MICROS Relate CRM Software component of Oracle Re ...)
NOT-FOR-US: Oracle
CVE-2018-3313
@@ -84396,7 +84396,7 @@ CVE-2018-3113
CVE-2018-3112
RESERVED
CVE-2018-3111 (Vulnerability in the Oracle Retail Xstore Office component of Oracle R ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-3110 (A vulnerability was discovered in the Java VM component of Oracle Data ...)
NOT-FOR-US: Oracle
CVE-2018-3109 (Vulnerability in the Oracle Fusion Middleware MapViewer component of O ...)
@@ -84899,7 +84899,7 @@ CVE-2018-2885
CVE-2018-2884
RESERVED
CVE-2018-2883 (Vulnerability in the Oracle Retail Xstore Office component of Oracle R ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2018-2882 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
NOT-FOR-US: Oracle
CVE-2018-2881 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0d906c187a6f786e68b4c3f0299db7dbaac18c9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e0d906c187a6f786e68b4c3f0299db7dbaac18c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190724/a76aa9a2/attachment.html>
More information about the debian-security-tracker-commits
mailing list