[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Wed Sep 25 22:10:24 BST 2019



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35a2cea6 by Moritz Muehlenhoff at 2019-09-25T21:09:59Z
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19008,65 +19008,65 @@ CVE-2019-10432
 CVE-2019-10431
 	RESERVED
 CVE-2019-10430 (Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10429 (Jenkins GitLab Logo Plugin stores credentials unencrypted in its globa ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10428 (Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted co ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10427 (Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configu ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10426 (Jenkins Gem Publisher Plugin stores credentials unencrypted in its glo ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10425 (Jenkins Google Calendar Plugin stores credentials unencrypted in job c ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10424 (Jenkins elOyente Plugin stores credentials unencrypted in its global c ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10423 (Jenkins CodeScan Plugin stores credentials unencrypted in its global c ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10422 (Jenkins Call Remote Job Plugin stores credentials unencrypted in job c ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10421 (Jenkins Azure Event Grid Build Notifier Plugin stores credentials unen ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10420 (Jenkins Assembla Plugin stores credentials unencrypted in its global c ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10419 (Jenkins vFabric Application Director Plugin stores credentials unencry ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10418 (Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a c ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10417 (Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a c ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10416 (Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored cr ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10415 (Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored cr ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10414 (Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unenc ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10413 (Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10412 (Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured cre ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10411 (Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configu ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10410 (Jenkins Log Parser Plugin 2.0 and earlier did not escape an error mess ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10409 (A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10408 (A cross-site request forgery vulnerability in Jenkins Project Inherita ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10407 (Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins plugin
 CVE-2019-10406 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-10405 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value o ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-10404 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-10403 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-10402 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-10401 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandabl ...)
-	TODO: check
+	NOT-FOR-US: Jenkins
 CVE-2019-10400 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62  ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2019-10399 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62  ...)
@@ -19383,7 +19383,7 @@ CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Noteb
 CVE-2019-10254 (In MISP before 2.4.105, the app/View/Layouts/default.ctp default layou ...)
 	NOT-FOR-US: MISP
 CVE-2019-10253 (A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+  ...)
-	TODO: check
+	NOT-FOR-US: TeamMate+
 CVE-2019-10252
 	RESERVED
 CVE-2019-10251 (The UCWeb UC Browser application through 2019-03-26 for Android uses H ...)
@@ -20123,7 +20123,7 @@ CVE-2019-10061 (utils/find-opencv.js in node-opencv (aka OpenCV bindings for Nod
 CVE-2019-10060 (The Verix Multi-app Conductor application 2.7 for Verifone Verix suffe ...)
 	NOT-FOR-US: Verix Multi-app Conductor application for Verifone Verix
 CVE-2019-10059 (The legacy finger service (TCP port 79) is enabled by default on vario ...)
-	TODO: check
+	NOT-FOR-US: Lexmark
 CVE-2019-10058 (Various Lexmark products have Incorrect Access Control. ...)
 	NOT-FOR-US: Lexmark
 CVE-2019-10057 (Various Lexmark products have CSRF. ...)
@@ -22086,15 +22086,15 @@ CVE-2019-9683
 CVE-2019-9682
 	RESERVED
 CVE-2019-9681 (Online upgrade information in some firmware packages of Dahua products ...)
-	TODO: check
+	NOT-FOR-US: Dahua
 CVE-2019-9680 (Some Dahua products have information leakage issues. Attackers can obt ...)
-	TODO: check
+	NOT-FOR-US: Dahua
 CVE-2019-9679 (Some of Dahua's Debug functions do not have permission separation. Low ...)
-	TODO: check
+	NOT-FOR-US: Dahua
 CVE-2019-9678 (Some Dahua products have the problem of denial of service during the l ...)
-	TODO: check
+	NOT-FOR-US: Dahua
 CVE-2019-9677 (The specific fields of CGI interface of some Dahua products are not st ...)
-	TODO: check
+	NOT-FOR-US: Dahua
 CVE-2019-9676 (Buffer overflow vulnerability found in some Dahua IP Camera devices IP ...)
 	NOT-FOR-US: Dahua IP Camera devices
 CVE-2019-9675 (** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7. ...)
@@ -24012,9 +24012,9 @@ CVE-2019-9011
 CVE-2019-9010 (An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS G ...)
 	NOT-FOR-US: 3S-Smart CODESYS V3
 CVE-2019-9009 (An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted  ...)
-	TODO: check
+	NOT-FOR-US: 3S-Smart
 CVE-2019-9008 (An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A us ...)
-	TODO: check
+	NOT-FOR-US: 3S-Smart
 CVE-2019-9007
 	RESERVED
 CVE-2019-9006
@@ -25675,13 +25675,13 @@ CVE-2019-8373
 CVE-2019-8372 (The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes f ...)
 	NOT-FOR-US: LG
 CVE-2019-8371 (OpenEMR v5.0.1-6 allows code execution. ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2019-8370
 	RESERVED
 CVE-2019-8369
 	RESERVED
 CVE-2019-8368 (OpenEMR v5.0.1-6 allows XSS. ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2019-8367
 	RESERVED
 CVE-2019-8366



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/35a2cea603c0c73ad7e5b4d94ff73dd06a3ced45

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/35a2cea603c0c73ad7e5b4d94ff73dd06a3ced45
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190925/0bc7ea26/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list