[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Mon Jul 29 21:40:15 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e7e4eb60 by Salvatore Bonaccorso at 2019-07-29T20:39:47Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2019-14418 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
- TODO: check
+ NOT-FOR-US: Veritas Resiliency Platform (VRP)
CVE-2019-14417 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
- TODO: check
+ NOT-FOR-US: Veritas Resiliency Platform (VRP)
CVE-2019-14416 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
- TODO: check
+ NOT-FOR-US: Veritas Resiliency Platform (VRP)
CVE-2019-14415 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...)
- TODO: check
+ NOT-FOR-US: Veritas Resiliency Platform (VRP)
CVE-2019-14414
RESERVED
CVE-2019-14413
@@ -111,9 +111,9 @@ CVE-2017-18381
CVE-2017-18380
RESERVED
CVE-2016-10766 (edx-platform before 2016-06-06 allows CSRF. ...)
- TODO: check
+ NOT-FOR-US: Open edX
CVE-2016-10765 (edx-platform before 2016-06-10 allows account activation with a spoofe ...)
- TODO: check
+ NOT-FOR-US: Open edX
CVE-2019-14377
RESERVED
CVE-2019-14376
@@ -344,15 +344,15 @@ CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in drivers/block/
- linux <unfixed>
NOTE: Fixed by: https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6
CVE-2019-1020019 (invenio-previewer before 1.0.0a12 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: invenio-previewer
CVE-2019-1020018 (Discourse before v2.4.0.beta2 lacks a confirmation screen when logging ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2019-1020017 (Discourse before v2.4.0.beta2 lacks a confirmation screen when logging ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2019-1020016 (ASH-AIO before 2.0.0.3 allows an open redirect. ...)
TODO: check
CVE-2019-1020015 (graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishand ...)
- TODO: check
+ NOT-FOR-US: graphql-engine (aka Hasura GraphQL Engine)
CVE-2019-1020014 (docker-credential-helpers before 0.6.3 has a double free in the List f ...)
TODO: check
CVE-2019-1020013 (parse-server before 3.6.0 allows account enumeration. ...)
@@ -370,13 +370,13 @@ CVE-2019-1020008 (stacktable.js before 1.0.4 allows XSS. ...)
CVE-2019-1020007 (Dependency-Track before 3.5.1 allows XSS. ...)
TODO: check
CVE-2019-1020006 (invenio-app before 1.1.1 allows host header injection. ...)
- TODO: check
+ NOT-FOR-US: invenio-app
CVE-2019-1020005 (invenio-communities before 1.0.0a20 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: invenio-communities
CVE-2019-1020004 (Tridactyl before 1.16.0 allows fake key events. ...)
TODO: check
CVE-2019-1020003 (invenio-records before 1.2.2 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: invenio-records
CVE-2019-1020002 (Pterodactyl before 0.7.14 with 2FA allows credential sniffing. ...)
TODO: check
CVE-2019-1020001 (yard before 0.9.20 allows path traversal. ...)
@@ -2895,7 +2895,7 @@ CVE-2019-13573 (A SQL injection vulnerability exists in the FolioVision FV Flowp
CVE-2019-13572
RESERVED
CVE-2019-13571 (A SQL injection vulnerability exists in the Vsourz Digital Advanced CF ...)
- TODO: check
+ NOT-FOR-US: Vsourz Digital Advanced CF7 DB plugin for WordPress
CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection ...)
NOT-FOR-US: WordPress plugin AJdG AdRotate
CVE-2019-13569 (A SQL injection vulnerability exists in the Icegram Email Subscribers ...)
@@ -3052,7 +3052,7 @@ CVE-2019-13500
CVE-2019-13499
RESERVED
CVE-2019-13498 (One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Trans ...)
- TODO: check
+ NOT-FOR-US: One Identity Cloud Access Manager
CVE-2019-13497
RESERVED
CVE-2019-13496
@@ -5064,7 +5064,7 @@ CVE-2019-12745 (out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-
CVE-2019-12744 (SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of ...)
NOT-FOR-US: SeedDMS
CVE-2019-12743 (HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers t ...)
- TODO: check
+ NOT-FOR-US: HumHub Social Network Kit Enterprise
CVE-2019-12742 (Bludit prior to 3.9.1 allows a non-privileged user to change the passw ...)
NOT-FOR-US: bludit
CVE-2019-12741 (XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR l ...)
@@ -7194,7 +7194,7 @@ CVE-2019-11870 (Serendipity before 2.1.5 has XSS via EXIF data that is mishandle
CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it ...)
NOT-FOR-US: WordPress plugin yuzo-related-post
CVE-2019-11868 (See.sys through 4.25 in the SoftEther VPN Server allows a user to spec ...)
- TODO: check
+ NOT-FOR-US: SoftEther VPN Server
CVE-2019-11867
RESERVED
CVE-2019-11866
@@ -21322,7 +21322,7 @@ CVE-2019-6728 (This vulnerability allows remote attackers to disclose sensitive
CVE-2019-6727 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit Reader
CVE-2019-6726 (The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remot ...)
- TODO: check
+ NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2019-6725 (The rpWLANRedirect.asp ASP page is accessible without authentication o ...)
NOT-FOR-US: ZyXEL
CVE-2019-6724 (The barracudavpn component of the Barracuda VPN Client prior to versio ...)
@@ -36985,17 +36985,17 @@ CVE-2019-1139
CVE-2019-1138
RESERVED
CVE-2019-1137 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Excha ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1136 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1135
RESERVED
CVE-2019-1134 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1133
RESERVED
CVE-2019-1132 (An elevation of privilege vulnerability exists in Windows when the Win ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1131
RESERVED
CVE-2019-1130 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...)
@@ -37027,7 +37027,7 @@ CVE-2019-1118 (A remote code execution vulnerability exists in the way that Dire
CVE-2019-1117 (A remote code execution vulnerability exists in the way that DirectWri ...)
TODO: check
CVE-2019-1116 (An information disclosure vulnerability exists when the Windows GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1115
RESERVED
CVE-2019-1114
@@ -37035,35 +37035,35 @@ CVE-2019-1114
CVE-2019-1113 (A remote code execution vulnerability exists in .NET software when the ...)
TODO: check
CVE-2019-1112 (An information disclosure vulnerability exists when Microsoft Excel im ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1111 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1110 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1109 (A spoofing vulnerability exists when Microsoft Office Javascript does ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1108 (An information disclosure vulnerability exists when the Windows RDP cl ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1107 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1106 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1105 (A spoofing vulnerability exists in the way Microsoft Outlook for Andro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1104 (A remote code execution vulnerability exists in the way that Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1103 (A remote code execution vulnerability exists in the way that the Chakr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1102 (A remote code execution vulnerability exists in the way that the Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1101 (An information disclosure vulnerability exists when the Windows GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1100 (An information disclosure vulnerability exists when the Windows GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1099 (An information disclosure vulnerability exists when the Windows GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1098 (An information disclosure vulnerability exists when the Windows GDI co ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2019-1097 (An information disclosure vulnerability exists when DirectWrite improp ...)
NOT-FOR-US: Microsoft
CVE-2019-1096 (An information disclosure vulnerability exists when the win32k compone ...)
@@ -180429,7 +180429,7 @@ CVE-2015-6961 (Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 al
NOTE: Fixed by: https://github.com/web2py/web2py/commit/e31a099cb3456fef471886339653430ae59056b0 (R-2.12.1)
NOTE: https://github.com/web2py/web2py/issues/731
CVE-2015-6960 (edx-platform before 2015-09-17 allows XSS via a team name. ...)
- TODO: check
+ NOT-FOR-US: Open edX
CVE-2015-6959 (Cross-site scripting (XSS) vulnerability in Vindula 1.9. ...)
NOT-FOR-US: Vindula
CVE-2015-6958
@@ -182279,7 +182279,7 @@ CVE-2015-6255 (Cross-site scripting (XSS) vulnerability in Cisco Unified Web and
CVE-2015-6254 (The (1) Service Provider (SP) and (2) Identity Provider (IdP) in Picke ...)
NOT-FOR-US: PicketLink
CVE-2015-6253 (edx-platform before 2015-08-17 allows XSS in the Studio listing of cou ...)
- TODO: check
+ NOT-FOR-US: Open edX
CVE-2014-9743 (Cross-site scripting (XSS) vulnerability in the httpd_HtmlError functi ...)
- vlc 2.2.0~rc2-1
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
@@ -184041,7 +184041,7 @@ CVE-2015-5602 (sudoedit in Sudo before 1.8.15 allows local users to gain privile
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1277426
NOTE: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1512781
CVE-2015-5601 (edx-platform before 2015-07-20 allows code execution by privileged use ...)
- TODO: check
+ NOT-FOR-US: Open edX
CVE-2015-5600 (The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH th ...)
{DLA-1500-1 DLA-288-1}
- openssh 1:6.9p1-1 (bug #793616)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e7e4eb60d0ee4116caa17190df67b480d26f70f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e7e4eb60d0ee4116caa17190df67b480d26f70f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190729/7c9a90aa/attachment.html>
More information about the debian-security-tracker-commits
mailing list