[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Oct 11 09:22:45 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4e64d3a6 by Moritz Muehlenhoff at 2019-10-11T08:22:17Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
CVE-2019-17497 (Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft ...)
- TODO: check
+ NOT-FOR-US: Tracker PDF-XChange Editor
CVE-2019-17496 (Craft CMS before 3.3.8 has stored XSS via a name field. This field is ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2019-17495 (A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI b ...)
TODO: check
CVE-2019-17494 (laravel-bjyblog 6.1.1 has XSS via a crafted URL. ...)
- TODO: check
+ NOT-FOR-US: laravel-bjyblog
CVE-2019-17493 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_ ...)
- TODO: check
+ NOT-FOR-US: Jiangnan Online Judge
CVE-2019-17492
RESERVED
CVE-2019-17491 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[descrip ...)
- TODO: check
+ NOT-FOR-US: Jiangnan Online Judge
CVE-2019-17490 (app\modules\polygon\controllers\ProblemController in Jiangnan Online J ...)
- TODO: check
+ NOT-FOR-US: Jiangnan Online Judge
CVE-2019-17489 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] ...)
- TODO: check
+ NOT-FOR-US: Jiangnan Online Judge
CVE-2019-17488 (b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent ...)
- TODO: check
+ NOT-FOR-US: b3log Symphony
CVE-2019-17487
RESERVED
CVE-2019-17486
@@ -197,7 +197,7 @@ CVE-2019-17427 (In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS
- redmine 4.0.4-1
NOTE: Fixed in 3.4.11 and 4.0.4
CVE-2019-17426 (Automattic Mongoose through 5.7.4 allows attackers to bypass access co ...)
- TODO: check
+ NOT-FOR-US: Automattic Mongoose (different from Cesenta Mongoose)
CVE-2019-17425
RESERVED
CVE-2019-17424
@@ -286,7 +286,7 @@ CVE-2019-17388
CVE-2019-17387
RESERVED
CVE-2019-17386 (The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimat ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-17385 (The animate-it plugin before 2.3.5 for WordPress has XSS. ...)
NOT-FOR-US: animate-it plugin for WordPress
CVE-2019-17384 (The animate-it plugin before 2.3.4 for WordPress has XSS. ...)
@@ -895,7 +895,7 @@ CVE-2019-17094
CVE-2019-17093
RESERVED
CVE-2019-17092 (An XSS vulnerability in project list in OpenProject before 9.0.4 and 1 ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2019-17091 (faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used ...)
TODO: check
CVE-2019-17090
@@ -6643,7 +6643,7 @@ CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication creden
NOTE: https://github.com/gradle/gradle/pull/10176
NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95
CVE-2019-15051 (An issue was discovered in Softing uaGate (SI, MB, 840D) firmware thro ...)
- TODO: check
+ NOT-FOR-US: Softing uaGate
CVE-2019-15050 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
NOT-FOR-US: Bento4
CVE-2019-15049 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...)
@@ -10351,7 +10351,7 @@ CVE-2019-13931
CVE-2019-13930
RESERVED
CVE-2019-13929 (A vulnerability has been identified in SIMATIC IT UADM (All versions & ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-13928
RESERVED
CVE-2019-13927
@@ -10367,7 +10367,7 @@ CVE-2019-13923 (A vulnerability has been identified in IE/WSN-PA Link WirelessHA
CVE-2019-13922 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
NOT-FOR-US: Siemens
CVE-2019-13921 (A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-13920 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
NOT-FOR-US: Siemens
CVE-2019-13919 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
@@ -17753,9 +17753,9 @@ CVE-2019-11530
CVE-2019-11529
RESERVED
CVE-2019-11528 (An issue was discovered in Softing uaGate SI 1.60.01. A system default ...)
- TODO: check
+ NOT-FOR-US: Softing uaGate
CVE-2019-11527 (An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is ...)
- TODO: check
+ NOT-FOR-US: Softing uaGate
CVE-2019-11526 (An issue was discovered in Softing uaGate SI 1.60.01. A maintenance sc ...)
NOT-FOR-US: Softing uaGate
CVE-2019-11525
@@ -19316,7 +19316,7 @@ CVE-2019-10938 (A vulnerability has been identified in Ethernet plug-in communic
CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All version ...)
NOT-FOR-US: SIMATIC TDC CP51M1
CVE-2019-10936 (A vulnerability has been identified in Development/Evaluation Kits for ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
CVE-2019-10934
@@ -19342,7 +19342,7 @@ CVE-2019-10925 (A vulnerability has been identified in SIMATIC Ident MV420 famil
CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
NOT-FOR-US: Siemens
CVE-2019-10923 (A vulnerability has been identified in CP1604 (All versions < V2.8) ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
CVE-2019-10921 (A vulnerability has been identified in LOGO!8 BM (All versions). Unenc ...)
@@ -19784,7 +19784,7 @@ CVE-2019-10759
CVE-2019-10758
RESERVED
CVE-2019-10757 (knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. ...)
- TODO: check
+ NOT-FOR-US: knex.js
CVE-2019-10756 (It is possible to inject JavaScript within node-red-dashboard versions ...)
TODO: check
CVE-2019-10755 (The SAML identifier generated within SAML2Utils.java was found to make ...)
@@ -24152,19 +24152,19 @@ CVE-2019-9537
CVE-2019-9536
RESERVED
CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with tmux's c ...)
- TODO: check
+ NOT-FOR-US: iTerm2
CVE-2019-9534 (The Cobham EXPLORER 710, firmware version 1.07, does not validate its ...)
- TODO: check
+ NOT-FOR-US: Cobham EXPLORER
CVE-2019-9533 (The root password of the Cobham EXPLORER 710 is the same for all versi ...)
- TODO: check
+ NOT-FOR-US: Cobham EXPLORER
CVE-2019-9532 (The web application portal of the Cobham EXPLORER 710, firmware versio ...)
- TODO: check
+ NOT-FOR-US: Cobham EXPLORER
CVE-2019-9531 (The web application portal of the Cobham EXPLORER 710, firmware versio ...)
- TODO: check
+ NOT-FOR-US: Cobham EXPLORER
CVE-2019-9530 (The web root directory of the Cobham EXPLORER 710, firmware version 1. ...)
- TODO: check
+ NOT-FOR-US: Cobham EXPLORER
CVE-2019-9529 (The web application portal of the Cobham EXPLORER 710, firmware versio ...)
- TODO: check
+ NOT-FOR-US: Cobham EXPLORER
CVE-2019-9528
RESERVED
CVE-2019-9527
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e64d3a648a9eae1b587ebc7e7a812eba31644ff
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4e64d3a648a9eae1b587ebc7e7a812eba31644ff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191011/3dd5a75d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list