[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Oct 23 22:36:27 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3c130d0b by Moritz Muehlenhoff at 2019-10-23T21:36:04Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3G ...)
- TODO: check
+ - mp3gain <removed>
CVE-2019-18358
RESERVED
CVE-2019-18357 (An XSS issue was discovered in Thycotic Secret Server before 10.7 (iss ...)
- TODO: check
+ NOT-FOR-US: Thycotic Secret Server
CVE-2019-18356 (An XSS issue was discovered in Thycotic Secret Server before 10.7 (iss ...)
- TODO: check
+ NOT-FOR-US: Thycotic Secret Server
CVE-2019-18355 (An SSRF issue was discovered in the legacy Web launcher in Thycotic Se ...)
- TODO: check
+ NOT-FOR-US: Thycotic Secret Server
CVE-2019-18354
RESERVED
CVE-2019-18353
@@ -17,7 +17,7 @@ CVE-2019-18352
CVE-2019-18351
RESERVED
CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET ...)
- TODO: check
+ NOT-FOR-US: Ant Design Pro
CVE-2019-18349
RESERVED
CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...)
@@ -29,7 +29,7 @@ CVE-2019-18346
CVE-2019-18345
RESERVED
CVE-2019-18344 (Sourcecodester Online Grading System 1.0 is vulnerable to unauthentica ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Grading System
CVE-2019-18343
RESERVED
CVE-2019-18342
@@ -157,11 +157,11 @@ CVE-2019-18282
CVE-2019-18281 (An out-of-bounds memory access in the generateDirectionalRuns() functi ...)
TODO: check
CVE-2019-18280 (Sourcecodester Online Grading System 1.0 is affected by a Cross Site R ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Grading System
CVE-2019-18279
RESERVED
CVE-2019-18278 (When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, ...)
- TODO: check
+ NOT-FOR-US: VLC on Windows
CVE-2019-18277 (A flaw was found in HAProxy before 2.0.6. In legacy mode, messages fea ...)
TODO: check
CVE-2019-18276
@@ -281,9 +281,9 @@ CVE-2019-18222
CVE-2019-18221
RESERVED
CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) ...)
- TODO: check
+ NOT-FOR-US: Sitemagic CMS
CVE-2019-18219 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulner ...)
- TODO: check
+ NOT-FOR-US: Sitemagic CMS
CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...)
- file 1:5.37-6 (bug #942830)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
@@ -2545,7 +2545,7 @@ CVE-2019-17608 (HongCMS 3.0.0 has XSS via the install/index.php dbname parameter
CVE-2019-17607 (HongCMS 3.0.0 has XSS via the install/index.php servername parameter. ...)
NOT-FOR-US: HongCMS
CVE-2019-17606 (The Post editor functionality in the hexo-admin plugin versions 2.3.0 ...)
- TODO: check
+ NOT-FOR-US: hexo-admin Node module
CVE-2019-17605
RESERVED
CVE-2019-17604
@@ -2693,75 +2693,75 @@ CVE-2019-17549
CVE-2019-17548
RESERVED
CVE-2015-9536 (The Easy Digital Downloads (EDD) Twenty-Twelve theme for WordPress, as ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2015-9535 (The Easy Digital Downloads (EDD) Shoppette theme for WordPress, as use ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2015-9534 (The Easy Digital Downloads (EDD) Quota theme for WordPress, as used wi ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2015-9533 (The Easy Digital Downloads (EDD) Lattice theme for WordPress, as used ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2015-9532 (The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2015-9531 (The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, a ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9530 (The Easy Digital Downloads (EDD) Upload File extension for WordPress, ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9529 (The Easy Digital Downloads (EDD) Stripe extension for WordPress, as us ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9528 (The Easy Digital Downloads (EDD) Software Licensing extension for Word ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9527 (The Easy Digital Downloads (EDD) Simple Shipping extension for WordPre ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9526 (The Easy Digital Downloads (EDD) Reviews extension for WordPress, as u ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9525 (The Easy Digital Downloads (EDD) Recurring Payments extension for Word ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9524 (The Easy Digital Downloads (EDD) Recount Earnings extension for WordPr ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9523 (The Easy Digital Downloads (EDD) Recommended Products extension for Wo ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9522 (The Easy Digital Downloads (EDD) QR Code extension for WordPress, as u ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9521 (The Easy Digital Downloads (EDD) Pushover Notifications extension for ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9520 (The Easy Digital Downloads (EDD) Per Product Emails extension for Word ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9519 (The Easy Digital Downloads (EDD) PDF Stamper extension for WordPress, ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9518 (The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9517 (The Easy Digital Downloads (EDD) Manual Purchases extension for WordPr ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9516 (The Easy Digital Downloads (EDD) Invoices extension for WordPress, as ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9515 (The Easy Digital Downloads (EDD) htaccess Editor extension for WordPre ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9514 (The Easy Digital Downloads (EDD) Free Downloads extension for WordPres ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9513 (The Easy Digital Downloads (EDD) Favorites extension for WordPress, as ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9512 (The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9511 (The Easy Digital Downloads (EDD) Conditional Success Redirects extensi ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9510 (The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordP ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9509 (The Easy Digital Downloads (EDD) Content Restriction extension for Wor ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9508 (The Easy Digital Downloads (EDD) Commissions extension for WordPress, ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9507 (The Easy Digital Downloads (EDD) Attach Accounts to Orders extension f ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9506 (The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9505 (The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9504 (The weeklynews theme before 2.2.9 for WordPress has XSS via the s para ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9503 (The Modern theme before 1.4.2 for WordPress has XSS via the genericons ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2015-9502 (The Auberge theme before 1.4.5 for WordPress has XSS via the genericon ...)
- TODO: check
+ NOT-FOR-US: Wordpress theme
CVE-2015-9501 (The Artificial Intelligence theme before 1.2.4 for WordPress has XSS b ...)
NOT-FOR-US: Wordpress plugin
CVE-2015-9500 (The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via ...)
@@ -3885,7 +3885,7 @@ CVE-2019-17095
CVE-2019-17094
RESERVED
CVE-2019-17093 (An issue was discovered in Avast antivirus before 19.8 and AVG antivir ...)
- TODO: check
+ NOT-FOR-US: Avast
CVE-2019-17092 (An XSS vulnerability in project list in OpenProject before 9.0.4 and 1 ...)
NOT-FOR-US: OpenProject
CVE-2019-17091 (faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used ...)
@@ -4156,11 +4156,11 @@ CVE-2019-16979 (In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.ph
CVE-2019-16978 (In FusionPBX up to v4.5.7, the file app\devices\device_settings.php us ...)
NOT-FOR-US: FusionPBX
CVE-2019-16977 (In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.ph ...)
- TODO: check
+ NOT-FOR-US: FusionPBX
CVE-2019-16976 (In FusionPBX up to 4.5.7, the file app\destinations\destination_import ...)
- TODO: check
+ NOT-FOR-US: FusionPBX
CVE-2019-16975 (In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses ...)
- TODO: check
+ NOT-FOR-US: FusionPBX
CVE-2019-16974 (In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses ...)
NOT-FOR-US: FusionPBX
CVE-2019-16973 (In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses ...)
@@ -12624,7 +12624,7 @@ CVE-2019-14278 (In Knowage through 6.1.1, an unauthenticated user can enumerated
CVE-2019-14277 (** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5 ...)
NOT-FOR-US: Axway SecureTransport
CVE-2019-14276 (WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. ...)
- TODO: check
+ NOT-FOR-US: WUSTL XNAT
CVE-2019-14275 (Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arro ...)
- fig2dev 1:3.2.7a-7 (unimportant; bug #933075)
[buster] - fig2dev 1:3.2.7a-5+deb10u1
@@ -19643,7 +19643,7 @@ CVE-2019-11935
CVE-2019-11934
RESERVED
CVE-2019-11933 (A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, a ...)
- TODO: check
+ NOT-FOR-US: libpl_droidsonroids_gif
CVE-2019-11932 (A double free vulnerability in the DDGifSlurp function in decoding.c i ...)
NOT-FOR-US: libpl_droidsonroids_gif
CVE-2019-11931
@@ -21582,9 +21582,9 @@ CVE-2019-11285
CVE-2019-11284 (Pivotal Reactor Netty, versions prior to 0.8.11, passes headers throug ...)
NOT-FOR-US: Pivotal
CVE-2019-11283 (Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outpu ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2019-11282 (Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint tha ...)
- TODO: check
+ NOT-FOR-US: Cloud Foundry
CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, ver ...)
- rabbitmq-server 3.7.18-1 (low)
[jessie] - rabbitmq-server <no-dsa> (Minor issue; one plugin not vulnerable, the other only exploitable by malicious admin)
@@ -23688,7 +23688,7 @@ CVE-2019-10478 (An issue was discovered on Glory RBW-100 devices with firmware I
CVE-2019-10477 (The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 fo ...)
NOT-FOR-US: GLPI plugin
CVE-2019-10476 (Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10475 (A reflected cross-site scripting vulnerability in Jenkins build-metric ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10474 (A missing permission check in Jenkins Global Post Script Plugin in all ...)
@@ -27156,9 +27156,9 @@ CVE-2019-9599 (The AirDroid application through 4.2.1.6 for Android allows remot
CVE-2019-9598 (An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF ...)
NOT-FOR-US: Cscms
CVE-2019-9597 (Darktrace Enterprise Immune System before 3.1 allows CSRF via the /con ...)
- TODO: check
+ NOT-FOR-US: Darktrace Enterprise Immune System
CVE-2019-9596 (Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whi ...)
- TODO: check
+ NOT-FOR-US: Darktrace Enterprise Immune System
CVE-2019-9595 (AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter ...)
NOT-FOR-US: AppCMS
CVE-2019-9594 (BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploa ...)
@@ -36053,7 +36053,7 @@ CVE-2019-6146
CVE-2019-6145 (Forcepoint VPN Client for Windows versions lower than 6.6.1 have an un ...)
NOT-FOR-US: Forcepoint
CVE-2019-6144 (This vulnerability allows a normal (non-admin) user to disable the For ...)
- TODO: check
+ NOT-FOR-US: Forcepoint
CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4 ...)
NOT-FOR-US: Forcepoint Next Generation Firewall (Forcepoint NGFW)
CVE-2019-6142
@@ -41003,7 +41003,7 @@ CVE-2019-3984
CVE-2019-3983
RESERVED
CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a Denial of Se ...)
- TODO: check
+ NOT-FOR-US: Nessus
CVE-2019-3981
RESERVED
CVE-2019-3980 (The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports s ...)
@@ -233884,7 +233884,7 @@ CVE-2014-2306
CVE-2014-2305
RESERVED
CVE-2014-2304 (A vulnerability in version 0.90 of the Open Floodlight SDN controller ...)
- TODO: check
+ NOT-FOR-US: Open Floodlight
CVE-2014-2303 (Multiple SQL injection vulnerabilities in the file browser component ( ...)
NOT-FOR-US: webEdition CMS
CVE-2014-2302 (The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x befor ...)
@@ -233951,7 +233951,7 @@ CVE-2014-2281 (The nfs_name_snoop_add_name function in epan/dissectors/packet-nf
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-01.html
CVE-2013-7333 (A vulnerability in version 0.90 of the Open Floodlight SDN controller ...)
- TODO: check
+ NOT-FOR-US: Open Floodlight
CVE-2014-2309 (The ip6_route_add function in net/ipv6/route.c in the Linux kernel thr ...)
- linux 3.13.6-1
[wheezy] - linux 3.2.57-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c130d0befe7ded291c87a81f1590ca5c1be50ee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3c130d0befe7ded291c87a81f1590ca5c1be50ee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191023/e33336a3/attachment.html>
More information about the debian-security-tracker-commits
mailing list