[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Fri Nov 8 08:40:26 GMT 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
74bf31e7 by Moritz Muehlenhoff at 2019-11-08T08:40:06Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,13 +31,13 @@ CVE-2019-18823
 CVE-2019-18822
 	RESERVED
 CVE-2019-18821 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCu ...)
-	TODO: check
+	NOT-FOR-US: Eximious Logo Designer
 CVE-2019-18820 (Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!Rtlp ...)
-	TODO: check
+	NOT-FOR-US: Eximious Logo Designer
 CVE-2019-18819 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVe ...)
-	TODO: check
+	NOT-FOR-US: Eximious Logo Designer
 CVE-2019-18818 (strapi before 3.0.0-beta.17.5 mishandles password resets within packag ...)
-	TODO: check
+	NOT-FOR-US: strapi CMS
 CVE-2019-18817
 	RESERVED
 CVE-2019-18816 (po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows pos ...)
@@ -86,7 +86,7 @@ CVE-2019-18802
 CVE-2019-18801
 	RESERVED
 CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can capture a vict ...)
-	TODO: check
+	NOT-FOR-US: Viber
 CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...)
 	- libsass <unfixed>
 	NOTE: https://github.com/sass/libsass/issues/3001
@@ -7931,19 +7931,19 @@ CVE-2019-16880 (An issue was discovered in the linea crate through 0.9.4 for Rus
 CVE-2019-16879
 	RESERVED
 CVE-2019-16878 (Portainer before 1.22.1 has XSS (issue 2 of 2). ...)
-	TODO: check
+	NOT-FOR-US: Portainer
 CVE-2019-16877 (Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). ...)
-	TODO: check
+	NOT-FOR-US: Portainer
 CVE-2019-16876 (Portainer before 1.22.1 allows Directory Traversal. ...)
-	TODO: check
+	NOT-FOR-US: Portainer
 CVE-2019-16875
 	RESERVED
 CVE-2019-16874 (Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). ...)
-	TODO: check
+	NOT-FOR-US: Portainer
 CVE-2019-16873 (Portainer before 1.22.1 has XSS (issue 1 of 2). ...)
-	TODO: check
+	NOT-FOR-US: Portainer
 CVE-2019-16872 (Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). ...)
-	TODO: check
+	NOT-FOR-US: Portainer
 CVE-2019-16871
 	RESERVED
 CVE-2019-16870
@@ -13388,7 +13388,7 @@ CVE-2019-15007
 CVE-2019-15006
 	RESERVED
 CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior to versio ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2019-15004 (The Customer Context Filter in Atlassian Jira Service Desk Server and  ...)
 	NOT-FOR-US: Atlassian
 CVE-2019-15003 (The Customer Context Filter in Atlassian Jira Service Desk Server and  ...)
@@ -42325,7 +42325,7 @@ CVE-2019-5127 (A command injection have been found in YouPHPTube Encoder. A succ
 CVE-2019-5126
 	RESERVED
 CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...)
-	TODO: check
+	NOT-FOR-US: LEADTOOLS
 CVE-2019-5124
 	RESERVED
 CVE-2019-5123 (Specially crafted web requests can cause SQL injections in YouPHPTube  ...)
@@ -42375,9 +42375,9 @@ CVE-2019-5102
 CVE-2019-5101
 	RESERVED
 CVE-2019-5100 (An exploitable integer overflow vulnerability exists in the BMP header ...)
-	TODO: check
+	NOT-FOR-US: LEADTOOLS
 CVE-2019-5099 (An exploitable integer underflow vulnerability exists in the CMP-parsi ...)
-	TODO: check
+	NOT-FOR-US: LEADTOOLS
 CVE-2019-5098
 	RESERVED
 CVE-2019-5097
@@ -42410,7 +42410,7 @@ CVE-2019-5086
 CVE-2019-5085
 	RESERVED
 CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in the TI ...)
-	TODO: check
+	NOT-FOR-US: LEADTOOLS
 CVE-2019-5083
 	RESERVED
 CVE-2019-5082
@@ -46261,7 +46261,7 @@ CVE-2019-3424
 CVE-2019-3423
 	RESERVED
 CVE-2019-3422 (Security researcher Shen Ying from the Sec Consult Security Lab report ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...)
 	NOT-FOR-US: ZTE
 CVE-2019-3420
@@ -58982,7 +58982,7 @@ CVE-2018-18676 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject
 CVE-2018-18675 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
 	NOT-FOR-US: GNU Board
 CVE-2018-18674 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
-	TODO: check
+	NOT-FOR-US: GNU Board
 CVE-2018-18673 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
 	NOT-FOR-US: GNU Board
 CVE-2018-18672 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74bf31e7b6f05ac040622fb9116e49ec8d91e771

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/74bf31e7b6f05ac040622fb9116e49ec8d91e771
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191108/12860680/attachment.html>


More information about the debian-security-tracker-commits mailing list