Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6218da0c by Salvatore Bonaccorso at 2019-03-09T08:27:54Z
Process NFUs
- - - - -
2d146e41 by Salvatore Bonaccorso at 2019-03-09T08:28:26Z
Try to unify used NFU formulations for Sourcetree items
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,27 +3,27 @@ CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through
3.7.2 is affected by:
CVE-2019-9635
RESERVED
CVE-2019-1003039 (An insufficiently protected credentials vulnerability exists
in ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003038 (An insufficiently protected credentials vulnerability exists
in ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003037 (An information exposure vulnerability exists in Jenkins
Azure VM ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003036 (A data modification vulnerability exists in Jenkins Azure VM
Agents ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003035 (An information exposure vulnerability exists in Jenkins
Azure VM ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003034 (A sandbox bypass vulnerability exists in Jenkins Job DSL
Plugin 1.71 ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003033 (A sandbox bypass vulnerability exists in Jenkins Groovy
Plugin 2.1 and ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003032 (A sandbox bypass vulnerability exists in Jenkins Email
Extension ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003031 (A sandbox bypass vulnerability exists in Jenkins Matrix
Project Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003030 (A sandbox bypass vulnerability exists in Jenkins Pipeline:
Groovy ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-1003029 (A sandbox bypass vulnerability exists in Jenkins Script
Security ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-9634 (Go through 1.12 on Windows misuses certain LoadLibrary
functionality, ...)
TODO: check
CVE-2019-9637 [rename() across the device may allow unwanted access during
processing]
@@ -69,7 +69,7 @@ CVE-2019-9629
CVE-2019-9628
RESERVED
CVE-2019-9627 (A buffer overflow in the kernel driver CybKernelTracker.sys in
CyberArk ...)
- TODO: check
+ NOT-FOR-US: CyberArk Endpoint Privilege Manager
CVE-2019-9626 (PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL
Injection to ...)
NOT-FOR-US: PHPSHE
CVE-2019-9625 (JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN
URI to ...)
@@ -167,7 +167,7 @@ CVE-2019-9582
CVE-2019-9581 (phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file
upload via ...)
NOT-FOR-US: phpscheduleit Booked Scheduler
CVE-2019-9580 (In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before
2.10.3, ...)
- TODO: check
+ NOT-FOR-US: StackStorm
CVE-2019-9579
RESERVED
CVE-2019-9578 (In devs.c in Yubico libu2f-host before 1.1.8, the response to
init is ...)
@@ -3163,39 +3163,39 @@ CVE-2019-8282
CVE-2019-8281
RESERVED
CVE-2019-8280 (UltraVNC revision 1203 has out-of-bounds access vulnerability
in VNC ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8279 (Multiple stored XSS in Vanilla Forums before 2.5 allow remote
...)
NOT-FOR-US: Vanilla Forums
CVE-2019-8278 (Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads
to ...)
NOT-FOR-US: Invision Power Board
CVE-2019-8277 (UltraVNC revision 1211 contains multiple memory leaks (CWE-655)
in VNC ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8276 (UltraVNC revision 1211 has a stack buffer overflow
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8275 (UltraVNC revision 1211 has multiple improper null termination
...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8274 (UltraVNC revision 1211 has a heap buffer overflow vulnerability
in VNC ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8273 (UltraVNC revision 1211 has a heap buffer overflow vulnerability
in VNC ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8272 (UltraVNC revision 1211 has multiple off-by-one vulnerabilities
in VNC ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8271 (UltraVNC revision 1211 has a heap buffer overflow vulnerability
in VNC ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8270 (UltraVNC revision 1210 has out-of-bounds read vulnerability in
VNC ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8269 (UltraVNC revision 1206 has stack-based Buffer overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8268 (UltraVNC revision 1206 has multiple off-by-one vulnerabilities
in VNC ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8267 (UltraVNC revision 1207 has out-of-bounds read vulnerability in
VNC ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8266 (UltraVNC revision 1207 has multiple out-of-bounds access ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8265 (UltraVNC revision 1207 has multiple out-of-bounds access ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8264 (UltraVNC revision 1203 has out-of-bounds access vulnerability
in VNC ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2019-8263 (UltraVNC revision 1205 has stack-based buffer overflow
vulnerability ...)
NOT-FOR-US: UltraVNC
CVE-2019-8262 (UltraVNC revision 1203 has multiple heap buffer overflow ...)
@@ -15651,11 +15651,11 @@ CVE-2018-20238 (Various rest resources in Atlassian
Crowd before version 3.2.7 a
CVE-2018-20237 (Atlassian Confluence Server and Data Center before version
6.13.1 ...)
NOT-FOR-US: Atlassian
CVE-2018-20236 (There was an command injection vulnerability in Sourcetree for
Windows ...)
- TODO: check
+ NOT-FOR-US: Atlassian Sourcetree
CVE-2018-20235 (There was an argument injection vulnerability in Atlassian
Sourcetree ...)
- TODO: check
+ NOT-FOR-US: Atlassian Sourcetree
CVE-2018-20234 (There was an argument injection vulnerability in Atlassian
Sourcetree ...)
- TODO: check
+ NOT-FOR-US: Atlassian Sourcetree
CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin
Manager ...)
NOT-FOR-US: Atlassian
CVE-2018-20232 (The labels widget gadget in Atlassian Jira before version
7.6.11 and ...)
@@ -20193,23 +20193,23 @@ CVE-2019-1611
CVE-2019-1610
RESERVED
CVE-2019-1609 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1608 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1607 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1606 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1605 (A vulnerability in the NX-API feature of Cisco NX-OS Software
could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1604 (A vulnerability in the user account management interface of
Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1603 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1602 (A vulnerability in the filesystem permissions of Cisco NX-OS
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1601 (A vulnerability in the filesystem permissions of Cisco NX-OS
Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2019-1600 (A vulnerability in the file system permissions of Cisco FXOS
Software ...)
NOT-FOR-US: Cisco
CVE-2019-1599 (A vulnerability in the network stack of Cisco NX-OS Software
could ...)
@@ -40193,9 +40193,9 @@ CVE-2018-13399 (The Microsoft Windows Installer for
Atlassian Fisheye and Crucib
CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye
and ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2018-13397 (There was an argument injection vulnerability in Sourcetree
for ...)
- NOT-FOR-US: Sourcetree for Windows
+ NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13396 (There was an argument injection vulnerability in Sourcetree
for macOS ...)
- NOT-FOR-US: Sourcetree for macOS
+ NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from
version ...)
NOT-FOR-US: Atlassian Jira
CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions
before ...)
@@ -40215,9 +40215,9 @@ CVE-2018-13388 (The review attachment resource in
Atlassian Fisheye and Crucible
CVE-2018-13387 (The IncomingMailServers resource in Atlassian JIRA Server
before ...)
NOT-FOR-US: Atlassian
CVE-2018-13386 (There was an argument injection vulnerability in Sourcetree
for ...)
- NOT-FOR-US: Sourcetree
+ NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree
for macOS ...)
- NOT-FOR-US: Sourcetree
+ NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13384
RESERVED
CVE-2018-13383
@@ -86448,9 +86448,9 @@ CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in
a SQL query could lead t
CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira
before ...)
NOT-FOR-US: Atlassian Jira
CVE-2017-14593 (Sourcetree for Windows had several argument and command
injection bugs ...)
- NOT-FOR-US: Sourcetree
+ NOT-FOR-US: Atlassian Sourcetree
CVE-2017-14592 (Sourcetree for macOS had several argument and command
injection bugs ...)
- NOT-FOR-US: Sourcetree
+ NOT-FOR-US: Atlassian Sourcetree
CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and
version ...)
NOT-FOR-US: Atlassian
CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8c7af00247d8bed21383ebf5b94b2176738198b0...2d146e4117aa780cc4a08e7c545f643e0edf5c4b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/8c7af00247d8bed21383ebf5b94b2176738198b0...2d146e4117aa780cc4a08e7c545f643e0edf5c4b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
