[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Sep 25 21:49:27 BST 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14c6455c by Moritz Muehlenhoff at 2019-09-25T20:49:01Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2019-16888
 	RESERVED
 CVE-2019-16887 (In IrfanView 4.53, Data from a Faulting Address controls a subsequent  ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2019-16886
 	RESERVED
 CVE-2019-16885
@@ -11,11 +11,11 @@ CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and
 CVE-2019-16883
 	RESERVED
 CVE-2019-16882 (An issue was discovered in the string-interner crate before 0.7.1 for  ...)
-	TODO: check
+	NOT-FOR-US: Rust string-interner crate
 CVE-2019-16881 (An issue was discovered in the portaudio-rs crate through 0.3.1 for Ru ...)
-	TODO: check
+	NOT-FOR-US: Rustportaudio-rs crate
 CVE-2019-16880 (An issue was discovered in the linea crate through 0.9.4 for Rust. The ...)
-	TODO: check
+	NOT-FOR-US: Rust linea crate
 CVE-2019-16879
 	RESERVED
 CVE-2019-16878
@@ -39,9 +39,9 @@ CVE-2019-16870
 CVE-2019-16869
 	RESERVED
 CVE-2019-16868 (emlog through 6.0.0beta has an arbitrary file deletion vulnerability v ...)
-	TODO: check
+	NOT-FOR-US: emlog
 CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file par ...)
-	TODO: check
+	NOT-FOR-US: HongCMS
 CVE-2019-16866
 	RESERVED
 CVE-2015-9449
@@ -125,7 +125,7 @@ CVE-2015-9411
 CVE-2015-9410
 	RESERVED
 CVE-2015-9409 (The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resu ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2019-16865
 	RESERVED
 CVE-2019-16864
@@ -475,7 +475,7 @@ CVE-2019-16703 (admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. ...)
 CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary c ...)
 	NOT-FOR-US: Integard Pro
 CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection vi ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2019-16700
 	RESERVED
 CVE-2019-16699
@@ -1271,7 +1271,7 @@ CVE-2016-10975 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress
 CVE-2016-10974 (The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has f ...)
 	NOT-FOR-US: fluid-responsive-slideshow plugin for WordPress
 CVE-2019-16377 (The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Co ...)
-	TODO: check
+	NOT-FOR-US: makandra consul gem
 CVE-2019-16376
 	RESERVED
 CVE-2019-16375
@@ -1862,7 +1862,7 @@ CVE-2019-16196
 CVE-2019-16195
 	RESERVED
 CVE-2019-16194 (SQL injection vulnerabilities in Centreon through 19.04 allow attacks  ...)
-	TODO: check
+	NOT-FOR-US: Centreon web UI (not packaged in Debian)
 CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to t ...)
 	NOT-FOR-US: ArcGIS Enterprise
 CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php in DocCms ...)
@@ -1874,7 +1874,7 @@ CVE-2019-16190 (SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-8
 CVE-2019-16189
 	RESERVED
 CVE-2019-16188 (HCL AppScan Source before 9.03.13 is susceptible to XML External Entit ...)
-	TODO: check
+	NOT-FOR-US: HCL AppScan Source
 CVE-2017-18611 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
 	NOT-FOR-US: magic-fields plugin for WordPress
 CVE-2017-18610 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
@@ -3394,7 +3394,7 @@ CVE-2019-15637 (Numerous Tableau products are vulnerable to XXE via a malicious
 CVE-2019-15636
 	RESERVED
 CVE-2019-15635 (An issue was discovered in Grafana 5.4.0. Passwords for data sources u ...)
-	TODO: check
+	- grafana <removed>
 CVE-2019-15634
 	RESERVED
 CVE-2019-15633
@@ -5064,11 +5064,11 @@ CVE-2019-15071
 CVE-2019-15070
 	RESERVED
 CVE-2019-15069 (An unsafe authentication interface was discovered in Smart Battery A4, ...)
-	TODO: check
+	NOT-FOR-US: Smart Battery
 CVE-2019-15068 (A broken access control vulnerability in Smart Battery A4, a multifunc ...)
-	TODO: check
+	NOT-FOR-US: Smart Battery
 CVE-2019-15067 (An authentication bypass vulnerability discovered in Smart Battery A2- ...)
-	TODO: check
+	NOT-FOR-US: Smart Battery
 CVE-2019-15066
 	RESERVED
 CVE-2019-15065
@@ -10668,7 +10668,7 @@ CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple ou
 CVE-2019-13543
 	RESERVED
 CVE-2019-13542 (3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all version ...)
-	TODO: check
+	NOT-FOR-US: 3S-Smart
 CVE-2019-13541
 	RESERVED
 CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-ba ...)
@@ -10676,7 +10676,7 @@ CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple st
 CVE-2019-13539
 	RESERVED
 CVE-2019-13538 (3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versi ...)
-	TODO: check
+	NOT-FOR-US: 3S-Smart
 CVE-2019-13537
 	RESERVED
 CVE-2019-13536 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-bas ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14c6455c758185da8d6bb9542db36376234c7689

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14c6455c758185da8d6bb9542db36376234c7689
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190925/95d7a4f8/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list