Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8567e9b3 by Moritz Muehlenhoff at 2019-07-09T07:43:22Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,9 +59,9 @@ CVE-2019-13416
CVE-2019-13415
RESERVED
CVE-2019-13414 (The Rencontre plugin before 3.1.3 for WordPress allows XSS via
inc/ren ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL
Injection v ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-13412
RESERVED
CVE-2019-13411
@@ -183,7 +183,7 @@ CVE-2019-13356
CVE-2019-13355
RESERVED
CVE-2019-13354 (The strong_password gem 0.0.7 for Ruby, as distributed on
RubyGems.org ...)
- TODO: check
+ NOT-FOR-US: strong_password gem
CVE-2019-13353
RESERVED
CVE-2019-13352 (WolfVision Cynap before 1.30j uses a static, hard-coded
cryptographic ...)
@@ -3234,13 +3234,13 @@ CVE-2019-12176 (Privilege escalation in the "HTC
Account Service" and "ViveportD
CVE-2019-12175
RESERVED
CVE-2019-12174 (hide.me before 2.4.4 on macOS suffers from a privilege
escalation vuln ...)
- TODO: check
+ NOT-FOR-US: hide.me
CVE-2019-12173 (MacDown 0.7.1 (870) allows remote code execution via a
file:\\\ URI, w ...)
NOT-FOR-US: MacDown
CVE-2019-12172 (Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a
modifie ...)
NOT-FOR-US: Typora
CVE-2019-12171 (Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in
the Drop ...)
- TODO: check
+ NOT-FOR-US: Dropbox desktop application
CVE-2019-12170 (ATutor through 2.2.4 is vulnerable to arbitrary file uploads
via the m ...)
NOT-FOR-US: ATutor
CVE-2019-12169 (ATutor 2.2.4 allows Arbitrary File Upload and Directory
Traversal, res ...)
@@ -6264,7 +6264,7 @@ CVE-2019-10975 (An out-of-bounds read vulnerability has
been identified in Fuji
CVE-2019-10974
RESERVED
CVE-2019-10973 (Quest KACE, all versions prior to version 8.0.x, 8.1.x, and
9.0.x, all ...)
- TODO: check
+ NOT-FOR-US: Quest KACE
CVE-2019-10972
RESERVED
CVE-2019-10971 (The application (Network Configurator for DeviceNet Safety
3.41 and pr ...)
@@ -10568,9 +10568,9 @@ CVE-2019-9631 (Poppler 0.74.0 has a heap-based buffer
over-read in the CairoResc
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/736
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/8122f6d6d409b53151a20c5578fc525ee97315e8
CVE-2019-9630 (Sonatype Nexus Repository Manager before 3.17.0 has a weak
default of ...)
- TODO: check
+ NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2019-9629 (Sonatype Nexus Repository Manager before 3.17.0 establishes a
default ...)
- TODO: check
+ NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2019-9628 (The XMLTooling library all versions prior to V3.0.4, provided
with the ...)
{DSA-4407-1 DLA-1710-1}
- xmltooling 3.0.4-1 (bug #924346)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8567e9b31a57a68818ae4e177581caa41964ee49
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/8567e9b31a57a68818ae4e177581caa41964ee49
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
