Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
979cfe51 by Salvatore Bonaccorso at 2019-08-05T20:35:55Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -261,15 +261,15 @@ CVE-2017-XXXX [IPv6 mroute missing type check]
CVE-2019-14551 (Das Q before 2019-08-02 allows web sites to execute arbitrary
code on ...)
NOT-FOR-US: Das Keyboard Q
CVE-2019-14550 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS
was execut ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2019-14549 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS
was execut ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2019-14548 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS in
the bod ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2019-14547 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS
was execut ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2019-14546 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS
was execut ...)
- TODO: check
+ NOT-FOR-US: EspoCRM
CVE-2019-14545
RESERVED
CVE-2019-14544 (routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks
for route ...)
@@ -329,7 +329,7 @@ CVE-2019-14527
CVE-2019-14526
RESERVED
CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.6 and 2019.7.0
through 2019. ...)
- TODO: check
+ NOT-FOR-US: Octopus Deploy
CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722.
There is a ...)
- schism <unfixed> (bug #933808)
[jessie] - schism <no-dsa> (Minor issue)
@@ -1353,7 +1353,7 @@ CVE-2019-14350 (EspoCRM 5.6.4 is vulnerable to stored XSS
due to lack of filtrat
CVE-2019-14349 (EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack
of filtr ...)
NOT-FOR-US: EspoCRM
CVE-2019-14348 (The BearDev JoomSport plugin 3.3 for WordPress allows SQL
injection to ...)
- TODO: check
+ NOT-FOR-US: BearDev JoomSport plugin for WordPress
CVE-2019-14347
RESERVED
CVE-2019-14346
@@ -7525,7 +7525,7 @@ CVE-2019-12266
CVE-2019-12265
RESERVED
CVE-2019-12264 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has
Incorrect ...)
- TODO: check
+ NOT-FOR-US: Wind River VxWorks
CVE-2019-12263
RESERVED
CVE-2019-12262
@@ -10327,7 +10327,7 @@ CVE-2019-11200 (Dolibarr ERP/CRM 9.0.1 provides a
web-based functionality that b
CVE-2019-11199 (Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within
uploaded file ...)
- dolibarr <removed>
CVE-2019-11198 (Multiple cross-site scripting (XSS) vulnerabilities in
Sitecore CMS 9. ...)
- TODO: check
+ NOT-FOR-US: Sitecore CMS
CVE-2019-11197
RESERVED
CVE-2019-11196 (An authentication bypass vulnerability in all versions of
ValuePLUS In ...)
@@ -10868,7 +10868,7 @@ CVE-2019-10996
CVE-2019-10995
RESERVED
CVE-2019-10994 (Processing a specially crafted project file in LAquis SCADA
4.3.1.71 m ...)
- TODO: check
+ NOT-FOR-US: LAquis SCADA
CVE-2019-10993 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple
untrusted pointe ...)
NOT-FOR-US: WebAccess/SCADA
CVE-2019-10992 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and
prior. Mu ...)
@@ -10896,7 +10896,7 @@ CVE-2019-10982 (Delta Electronics CNCSoft ScreenEditor,
Versions 1.00.89 and pri
CVE-2019-10981 (In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40,
a vulner ...)
NOT-FOR-US: AVEVA
CVE-2019-10980 (A type confusion vulnerability may be exploited when LAquis
SCADA 4.3. ...)
- TODO: check
+ NOT-FOR-US: LAquis SCADA
CVE-2019-10979 (SICK MSC800 all versions prior to Version 4.0, the affected
firmware v ...)
NOT-FOR-US: SICK MSC800
CVE-2019-10978
@@ -21944,7 +21944,7 @@ CVE-2019-7002
CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP
Office Cont ...)
NOT-FOR-US: IP Office Contact Center
CVE-2019-7000 (A Cross-Site Scripting (XSS) vulnerability in the Web UI of
Avaya Aura ...)
- TODO: check
+ NOT-FOR-US: Web UI of Avaya Aura Conferencing
CVE-2019-6999
RESERVED
CVE-2019-6998
@@ -25741,7 +25741,7 @@ CVE-2019-5504
CVE-2019-5503
RESERVED
CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3
has we ...)
- TODO: check
+ NOT-FOR-US: Data ONTAP
CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may
disclose ...)
NOT-FOR-US: Data ONTAP
CVE-2019-5500
@@ -26011,7 +26011,7 @@ CVE-2019-5403
CVE-2019-5402
RESERVED
CVE-2019-5401 (A potential security vulnerability has been identified in
HP2910al-48G ...)
- TODO: check
+ NOT-FOR-US: HP HP2910al-48G
CVE-2019-5400
RESERVED
CVE-2019-5399
@@ -29744,7 +29744,7 @@ CVE-2019-3719 (Dell SupportAssist Client versions prior
to 3.2.0.90 contain a re
CVE-2019-3718 (Dell SupportAssist Client versions prior to 3.2.0.90 contain an
improp ...)
NOT-FOR-US: Dell
CVE-2019-3717 (Select Dell Client Commercial and Consumer platforms contain an
Improp ...)
- TODO: check
+ NOT-FOR-US: Select Dell Client Commercial and Consumer platforms
CVE-2019-3716 (RSA Archer versions, prior to 6.5 SP2, contain an information
exposure ...)
NOT-FOR-US: RSA
CVE-2019-3715 (RSA Archer versions, prior to 6.5 SP1, contain an information
exposure ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/979cfe516bbb0a60e0015dc9ea577aa5a03e63f5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/979cfe516bbb0a60e0015dc9ea577aa5a03e63f5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
