[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Sep 13 22:41:27 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
892bdb54 by Moritz Muehlenhoff at 2019-09-13T21:41:07Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2019-16295
CVE-2019-16294
RESERVED
CVE-2019-16293 (The Create Discoveries feature of Open-AudIT before 3.2.0 allows an au ...)
- TODO: check
+ NOT-FOR-US: Open-AudIT
CVE-2019-16292
RESERVED
CVE-2019-16291
@@ -13,9 +13,9 @@ CVE-2019-16291
CVE-2019-16290
RESERVED
CVE-2019-16289 (The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPre ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID paramete ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2019-16287
RESERVED
CVE-2019-16286
@@ -77,7 +77,7 @@ CVE-2016-10957
CVE-2016-10956
RESERVED
CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x be ...)
- TODO: check
+ NOT-FOR-US: Integard
CVE-2019-XXXX [wireshark wnpa-sec-2019-21]
- wireshark 3.0.4-1 (low)
[buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
@@ -160,49 +160,49 @@ CVE-2017-18617
CVE-2017-18616
RESERVED
CVE-2017-18615 (The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18614 (The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18613 (The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18612 (The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/f ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10955 (The cysteme-finder plugin before 1.4 for WordPress has unrestricted fi ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10954 (The Neosense theme before 1.8 for WordPress has qquploader unrestricte ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10953 (The Headway theme before 3.8.9 for WordPress has XSS via the license k ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10952 (The quotes-collection plugin before 2.0.6 for WordPress has XSS via th ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10951 (The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection vi ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10950 (The sirv plugin before 1.3.2 for WordPress has SQL injection via the i ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10949 (The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL in ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10948 (The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect han ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10947 (The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10946 (The wp-d3 plugin before 2.4.1 for WordPress has CSRF. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10945 (The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?pa ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10944 (The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10943 (The zx-csv-upload plugin 1 for WordPress has SQL injection via the id ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10942 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10941 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10940 (The zm-gallery plugin 1.0 for WordPress has SQL injection via the orde ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via the i ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-16255
RESERVED
CVE-2019-16254
@@ -218,7 +218,7 @@ CVE-2019-16250 (includes/wizard/wizard.php in the Ocean Extra plugin through 1.5
CVE-2019-16249 (OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core ...)
TODO: check
CVE-2019-16248 (The "delete for" feature in Telegram before 5.11 on Android does not d ...)
- TODO: check
+ NOT-FOR-US: Telegram for Android
CVE-2019-16247 (Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommL ...)
NOT-FOR-US: Delta DCISoft
CVE-2019-16246
@@ -2751,7 +2751,7 @@ CVE-2019-15304 (Lierda Grill Temperature Monitor V1.00_50006 has a default passw
CVE-2019-15303
RESERVED
CVE-2019-15302 (The pad management logic in XWiki labs CryptPad before 3.0.0 allows a ...)
- TODO: check
+ NOT-FOR-US: CryptPad
CVE-2019-15301
RESERVED
CVE-2019-15300
@@ -7200,17 +7200,17 @@ CVE-2019-13925
CVE-2019-13924
RESERVED
CVE-2019-13923 (A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gat ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-13922 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-13921
RESERVED
CVE-2019-13920 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-13919 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-13918 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2019-13917 (Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution ...)
{DSA-4488-1}
- exim4 4.92-10
@@ -9054,7 +9054,7 @@ CVE-2019-13550
CVE-2019-13549
RESERVED
CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2019-13547
RESERVED
CVE-2019-13546
@@ -9086,7 +9086,7 @@ CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version
CVE-2019-13533
RESERVED
CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2019-13531
RESERVED
CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...)
@@ -46852,6 +46852,7 @@ CVE-2019-0208
REJECTED
CVE-2019-0207
RESERVED
+ NOT-FOR-US: Apache Tapestry
CVE-2019-0206
REJECTED
CVE-2019-0205
@@ -46894,6 +46895,7 @@ CVE-2019-0196 (A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38.
NOTE: https://svn.apache.org/r1852989
CVE-2019-0195
RESERVED
+ NOT-FOR-US: Apache Tapestry
CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 ...)
NOT-FOR-US: Apache Camel
CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular module ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/892bdb54bee2624634ee15d765e189d6ca93a4c3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/892bdb54bee2624634ee15d765e189d6ca93a4c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190913/e99a5e71/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list