Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8403353a by Salvatore Bonaccorso at 2019-04-30T20:47:19Z
Process NFUs
- - - - -
5d980900 by Salvatore Bonaccorso at 2019-04-30T20:57:23Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,7 +35,7 @@ CVE-2018-20825
CVE-2018-20824
RESERVED
CVE-2015-9286 (Controllers.outgoing in controllers/index.js in NodeBB before
0.7.3 ha ...)
- TODO: check
+ NOT-FOR-US: NodeBB
CVE-2019-XXXX [gpg-key2ps: Shell injection vulnerability in UIDs rendering]
- signing-party <unfixed> (bug #928256)
[stretch] - signing-party <no-dsa> (Will be fixed via point release)
@@ -60,11 +60,11 @@ CVE-2019-11596 (In memcached before 1.5.14, a NULL pointer
dereference was found
CVE-2019-11595 (In uBlock before 0.9.5.15, the $rewrite filter option allows
filter-li ...)
TODO: check
CVE-2019-11594 (In AdBlock before 3.45.0, the $rewrite filter option allows
filter-lis ...)
- TODO: check
+ NOT-FOR-US: AdBlock
CVE-2019-11593 (In Adblock Plus before 3.5.2, the $rewrite filter option
allows filter ...)
- TODO: check
+ NOT-FOR-US: AdBlock Plus
CVE-2019-11592 (WeBid 1.2.2 has reflected XSS via the id parameter to
admin/deletenews ...)
- TODO: check
+ NOT-FOR-US: WeBid Auction Script
CVE-2019-11589
RESERVED
CVE-2019-11588
@@ -1587,11 +1587,11 @@ CVE-2019-10952
CVE-2019-10951 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor
Version 1.00 ...)
NOT-FOR-US: Delta Electronics
CVE-2019-10950 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions
CR-IR 357 F ...)
- TODO: check
+ NOT-FOR-US: Fujifilm
CVE-2019-10949 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor
Version 1.00 ...)
NOT-FOR-US: Delta Electronics
CVE-2019-10948 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions
CR-IR 357 F ...)
- TODO: check
+ NOT-FOR-US: Fujifilm
CVE-2019-10947 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor
Version 1.00 ...)
NOT-FOR-US: Delta Electronics
CVE-2019-10946 (An issue was discovered in Joomla! before 3.9.5. The "refresh
list of ...)
@@ -3087,29 +3087,29 @@ CVE-2019-10320
CVE-2019-10319
RESERVED
CVE-2019-10318 (Jenkins Azure AD Plugin 0.3.3 and earlier stored the client
secret une ...)
- TODO: check
+ NOT-FOR-US: Jenkins Azure AD Plugin
CVE-2019-10317 (Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS
and hostna ...)
- TODO: check
+ NOT-FOR-US: Jenkins SiteMonitor Plugin
CVE-2019-10316 (Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored
credentials ...)
- TODO: check
+ NOT-FOR-US: Jenkins Aqua MicroScanner Plugin
CVE-2019-10315 (Jenkins GitHub Authentication Plugin 0.31 and earlier did not
use the ...)
- TODO: check
+ NOT-FOR-US: Jenkins GitHub Authentication Plugin
CVE-2019-10314 (Jenkins Koji Plugin disables SSL/TLS and hostname verification
globall ...)
- TODO: check
+ NOT-FOR-US: Jenkins Koji Plugin
CVE-2019-10313 (Jenkins Twitter Plugin stores credentials unencrypted in its
global co ...)
- TODO: check
+ NOT-FOR-US: Jenkins Twitter Plugin
CVE-2019-10312 (A missing permission check in Jenkins Ansible Tower Plugin
0.9.1 and e ...)
- TODO: check
+ NOT-FOR-US: Jenkins Ansible Tower Plugin
CVE-2019-10311 (A missing permission check in Jenkins Ansible Tower Plugin
0.9.1 and e ...)
- TODO: check
+ NOT-FOR-US: Jenkins Ansible Tower Plugin
CVE-2019-10310 (A cross-site request forgery vulnerability in Jenkins Ansible
Tower Pl ...)
- TODO: check
+ NOT-FOR-US: Jenkins Ansible Tower Plugin
CVE-2019-10309 (Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients
that use ...)
- TODO: check
+ NOT-FOR-US: Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients
CVE-2019-10308 (A missing permission check in Jenkins Static Analysis
Utilities Plugin ...)
- TODO: check
+ NOT-FOR-US: Jenkins Static Analysis Utilities Plugin
CVE-2019-10307 (A cross-site request forgery vulnerability in Jenkins Static
Analysis ...)
- TODO: check
+ NOT-FOR-US: Jenkins Static Analysis Utilities Plugin
CVE-2019-10306 (A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4
and earli ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10305 (A missing permission check in Jenkins XebiaLabs XL Deploy
Plugin in th ...)
@@ -5946,7 +5946,7 @@ CVE-2018-20798 (The expiretable configuration in pfSense
2.4.4_1 establishes blo
CVE-2019-9487
RESERVED
CVE-2019-9486 (STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from
a SYSTE ...)
- TODO: check
+ NOT-FOR-US: STRATO HiDrive Desktop Client
CVE-2019-9485 [Privilege escalation impersonate user]
RESERVED
[experimental] - gitlab 11.8.2-1
@@ -8458,7 +8458,7 @@ CVE-2019-8456 (Check Point IKEv2 IPsec VPN up to R80.30,
in some less common con
CVE-2019-8455 (A hard-link created from the log file of Check Point ZoneAlarm
up to 1 ...)
NOT-FOR-US: Check Point ZoneAlarm
CVE-2019-8454 (A local attacker can create a hard-link between a file to which
the Ch ...)
- TODO: check
+ NOT-FOR-US: Check Point Endpoint Security client for Windows
CVE-2019-8453 (Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062
are ta ...)
NOT-FOR-US: Check Point ZoneAlarm
CVE-2019-8452 (A hard-link created from log file archive of Check Point
ZoneAlarm up ...)
@@ -18485,7 +18485,7 @@ CVE-2019-4168
CVE-2019-4167
RESERVED
CVE-2019-4166 (IBM StoredIQ 7.6 could allow a remote attacker to conduct
phishing att ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4165
RESERVED
CVE-2019-4164
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ad63451cf390299c246edb41f9fccae582597f67...5d9809007433f2bb20b67e38c4e5ceb546067c7e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ad63451cf390299c246edb41f9fccae582597f67...5d9809007433f2bb20b67e38c4e5ceb546067c7e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
