[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Sep 25 21:49:27 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
14c6455c by Moritz Muehlenhoff at 2019-09-25T20:49:01Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2019-16888
RESERVED
CVE-2019-16887 (In IrfanView 4.53, Data from a Faulting Address controls a subsequent ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2019-16886
RESERVED
CVE-2019-16885
@@ -11,11 +11,11 @@ CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and
CVE-2019-16883
RESERVED
CVE-2019-16882 (An issue was discovered in the string-interner crate before 0.7.1 for ...)
- TODO: check
+ NOT-FOR-US: Rust string-interner crate
CVE-2019-16881 (An issue was discovered in the portaudio-rs crate through 0.3.1 for Ru ...)
- TODO: check
+ NOT-FOR-US: Rustportaudio-rs crate
CVE-2019-16880 (An issue was discovered in the linea crate through 0.9.4 for Rust. The ...)
- TODO: check
+ NOT-FOR-US: Rust linea crate
CVE-2019-16879
RESERVED
CVE-2019-16878
@@ -39,9 +39,9 @@ CVE-2019-16870
CVE-2019-16869
RESERVED
CVE-2019-16868 (emlog through 6.0.0beta has an arbitrary file deletion vulnerability v ...)
- TODO: check
+ NOT-FOR-US: emlog
CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file par ...)
- TODO: check
+ NOT-FOR-US: HongCMS
CVE-2019-16866
RESERVED
CVE-2015-9449
@@ -125,7 +125,7 @@ CVE-2015-9411
CVE-2015-9410
RESERVED
CVE-2015-9409 (The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resu ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-16865
RESERVED
CVE-2019-16864
@@ -475,7 +475,7 @@ CVE-2019-16703 (admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. ...)
CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary c ...)
NOT-FOR-US: Integard Pro
CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection vi ...)
- TODO: check
+ NOT-FOR-US: pfSense
CVE-2019-16700
RESERVED
CVE-2019-16699
@@ -1271,7 +1271,7 @@ CVE-2016-10975 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress
CVE-2016-10974 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has f ...)
NOT-FOR-US: fluid-responsive-slideshow plugin for WordPress
CVE-2019-16377 (The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Co ...)
- TODO: check
+ NOT-FOR-US: makandra consul gem
CVE-2019-16376
RESERVED
CVE-2019-16375
@@ -1862,7 +1862,7 @@ CVE-2019-16196
CVE-2019-16195
RESERVED
CVE-2019-16194 (SQL injection vulnerabilities in Centreon through 19.04 allow attacks ...)
- TODO: check
+ NOT-FOR-US: Centreon web UI (not packaged in Debian)
CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to t ...)
NOT-FOR-US: ArcGIS Enterprise
CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php in DocCms ...)
@@ -1874,7 +1874,7 @@ CVE-2019-16190 (SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-8
CVE-2019-16189
RESERVED
CVE-2019-16188 (HCL AppScan Source before 9.03.13 is susceptible to XML External Entit ...)
- TODO: check
+ NOT-FOR-US: HCL AppScan Source
CVE-2017-18611 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
NOT-FOR-US: magic-fields plugin for WordPress
CVE-2017-18610 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
@@ -3394,7 +3394,7 @@ CVE-2019-15637 (Numerous Tableau products are vulnerable to XXE via a malicious
CVE-2019-15636
RESERVED
CVE-2019-15635 (An issue was discovered in Grafana 5.4.0. Passwords for data sources u ...)
- TODO: check
+ - grafana <removed>
CVE-2019-15634
RESERVED
CVE-2019-15633
@@ -5064,11 +5064,11 @@ CVE-2019-15071
CVE-2019-15070
RESERVED
CVE-2019-15069 (An unsafe authentication interface was discovered in Smart Battery A4, ...)
- TODO: check
+ NOT-FOR-US: Smart Battery
CVE-2019-15068 (A broken access control vulnerability in Smart Battery A4, a multifunc ...)
- TODO: check
+ NOT-FOR-US: Smart Battery
CVE-2019-15067 (An authentication bypass vulnerability discovered in Smart Battery A2- ...)
- TODO: check
+ NOT-FOR-US: Smart Battery
CVE-2019-15066
RESERVED
CVE-2019-15065
@@ -10668,7 +10668,7 @@ CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple ou
CVE-2019-13543
RESERVED
CVE-2019-13542 (3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all version ...)
- TODO: check
+ NOT-FOR-US: 3S-Smart
CVE-2019-13541
RESERVED
CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-ba ...)
@@ -10676,7 +10676,7 @@ CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple st
CVE-2019-13539
RESERVED
CVE-2019-13538 (3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versi ...)
- TODO: check
+ NOT-FOR-US: 3S-Smart
CVE-2019-13537
RESERVED
CVE-2019-13536 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-bas ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14c6455c758185da8d6bb9542db36376234c7689
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14c6455c758185da8d6bb9542db36376234c7689
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190925/95d7a4f8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list