[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Nov 8 08:40:26 GMT 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
74bf31e7 by Moritz Muehlenhoff at 2019-11-08T08:40:06Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,13 +31,13 @@ CVE-2019-18823
CVE-2019-18822
RESERVED
CVE-2019-18821 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCu ...)
- TODO: check
+ NOT-FOR-US: Eximious Logo Designer
CVE-2019-18820 (Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!Rtlp ...)
- TODO: check
+ NOT-FOR-US: Eximious Logo Designer
CVE-2019-18819 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVe ...)
- TODO: check
+ NOT-FOR-US: Eximious Logo Designer
CVE-2019-18818 (strapi before 3.0.0-beta.17.5 mishandles password resets within packag ...)
- TODO: check
+ NOT-FOR-US: strapi CMS
CVE-2019-18817
RESERVED
CVE-2019-18816 (po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows pos ...)
@@ -86,7 +86,7 @@ CVE-2019-18802
CVE-2019-18801
RESERVED
CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can capture a vict ...)
- TODO: check
+ NOT-FOR-US: Viber
CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...)
- libsass <unfixed>
NOTE: https://github.com/sass/libsass/issues/3001
@@ -7931,19 +7931,19 @@ CVE-2019-16880 (An issue was discovered in the linea crate through 0.9.4 for Rus
CVE-2019-16879
RESERVED
CVE-2019-16878 (Portainer before 1.22.1 has XSS (issue 2 of 2). ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2019-16877 (Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2019-16876 (Portainer before 1.22.1 allows Directory Traversal. ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2019-16875
RESERVED
CVE-2019-16874 (Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2019-16873 (Portainer before 1.22.1 has XSS (issue 1 of 2). ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2019-16872 (Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2019-16871
RESERVED
CVE-2019-16870
@@ -13388,7 +13388,7 @@ CVE-2019-15007
CVE-2019-15006
RESERVED
CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior to versio ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-15004 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...)
NOT-FOR-US: Atlassian
CVE-2019-15003 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...)
@@ -42325,7 +42325,7 @@ CVE-2019-5127 (A command injection have been found in YouPHPTube Encoder. A succ
CVE-2019-5126
RESERVED
CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
- TODO: check
+ NOT-FOR-US: LEADTOOLS
CVE-2019-5124
RESERVED
CVE-2019-5123 (Specially crafted web requests can cause SQL injections in YouPHPTube ...)
@@ -42375,9 +42375,9 @@ CVE-2019-5102
CVE-2019-5101
RESERVED
CVE-2019-5100 (An exploitable integer overflow vulnerability exists in the BMP header ...)
- TODO: check
+ NOT-FOR-US: LEADTOOLS
CVE-2019-5099 (An exploitable integer underflow vulnerability exists in the CMP-parsi ...)
- TODO: check
+ NOT-FOR-US: LEADTOOLS
CVE-2019-5098
RESERVED
CVE-2019-5097
@@ -42410,7 +42410,7 @@ CVE-2019-5086
CVE-2019-5085
RESERVED
CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in the TI ...)
- TODO: check
+ NOT-FOR-US: LEADTOOLS
CVE-2019-5083
RESERVED
CVE-2019-5082
@@ -46261,7 +46261,7 @@ CVE-2019-3424
CVE-2019-3423
RESERVED
CVE-2019-3422 (Security researcher Shen Ying from the Sec Consult Security Lab report ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)
NOT-FOR-US: ZTE
CVE-2019-3420
@@ -58982,7 +58982,7 @@ CVE-2018-18676 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject
CVE-2018-18675 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
NOT-FOR-US: GNU Board
CVE-2018-18674 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
- TODO: check
+ NOT-FOR-US: GNU Board
CVE-2018-18673 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
NOT-FOR-US: GNU Board
CVE-2018-18672 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74bf31e7b6f05ac040622fb9116e49ec8d91e771
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74bf31e7b6f05ac040622fb9116e49ec8d91e771
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191108/12860680/attachment.html>
More information about the debian-security-tracker-commits
mailing list