[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso Thu, 22 Aug 2019 13:25:07 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
78de003a by Salvatore Bonaccorso at 2019-08-22T20:24:21Z
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,9 +63,9 @@ CVE-2019-15318 (The yikes-inc-easy-mailchimp-extender plugin 
before 6.5.3 for Wo
 CVE-2019-15317 (The give plugin before 2.4.7 for WordPress has XSS via a donor 
name. ...)
        NOT-FOR-US: give plugin for WordPress
 CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak 
folder perm ...)
-       TODO: check
+       NOT-FOR-US: Valve Steam Client for Windows
 CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows 
privilege esc ...)
-       TODO: check
+       NOT-FOR-US: Valve Steam Client for Windows
 CVE-2018-20986
        RESERVED
 CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local 
file inc ...)
@@ -133,7 +133,7 @@ CVE-2016-10922 (The woocommerce-store-toolkit plugin before 
1.5.7 for WordPress
 CVE-2016-10921 (The gallery-photo-gallery plugin before 1.0.1 for WordPress 
has SQL in ...)
        NOT-FOR-US: gallery-photo-gallery plugin for WordPress
 CVE-2016-10920 (The gnucommerce plugin before 0.5.7-BETA for WordPress has 
XSS. ...)
-       TODO: check
+       NOT-FOR-US: gnucommerce plugin for WordPress
 CVE-2016-10919 (The wassup plugin before 1.9.1 for WordPress has XSS via the 
Top stats ...)
        NOT-FOR-US: wassup plugin for WordPress
 CVE-2016-10918 (The gallery-by-supsystic plugin before 1.8.6 for WordPress has 
CSRF. ...)
@@ -997,7 +997,7 @@ CVE-2019-15062 (An issue was discovered in Dolibarr 
11.0.0-alpha. A user can sto
 CVE-2019-15061
        RESERVED
 CVE-2019-15060 (The traceroute function on the TP-Link TL-WR840N v4 router 
with firmwa ...)
-       TODO: check
+       NOT-FOR-US: TP-Link
 CVE-2019-15059
        RESERVED
 CVE-2019-15058 (stb_image.h (aka the stb image loader) 2.23 has a heap-based 
buffer ov ...)
@@ -2559,7 +2559,7 @@ CVE-2019-14471 (TestLink 1.9.19 has XSS via the error.php 
message parameter. ...
 CVE-2019-14470
        RESERVED
 CVE-2019-14469 (In Nexus Repository Manager before 3.18.0, users with elevated 
privile ...)
-       TODO: check
+       NOT-FOR-US: Nexus Repository Manager
 CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in 
cobc/field.c via c ...)
        - gnucobol <unfixed> (bug #933884)
        [buster] - gnucobol <no-dsa> (Minor issue)
@@ -8164,7 +8164,7 @@ CVE-2019-12891
 CVE-2019-12890 (RedwoodHQ 2.5.5 does not require any authentication for 
database opera ...)
        NOT-FOR-US: RedwoodHQ
 CVE-2019-12889 (An unauthenticated privilege escalation exists in SailPoint 
Desktop Pa ...)
-       TODO: check
+       NOT-FOR-US: SailPoint Desktop Password Reset
 CVE-2019-12888
        REJECTED
 CVE-2019-12887 (KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access 
Control (issue ...)
@@ -13037,11 +13037,11 @@ CVE-2019-11033 (Applaud HCM 4.0.42+ uses HTML tag 
fields for HTML inputs in a fo
 CVE-2019-11032 (In EasyToRecruit (E2R) before 2.11, the upload feature and the 
Candida ...)
        NOT-FOR-US: EasyToRecruit
 CVE-2019-11031 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the 
auto-up ...)
-       TODO: check
+       NOT-FOR-US: Mirasys VMS
 CVE-2019-11030 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the 
Mirasys ...)
-       TODO: check
+       NOT-FOR-US: Mirasys VMS
 CVE-2019-11029 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the 
Downloa ...)
-       TODO: check
+       NOT-FOR-US: Mirasys VMS
 CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability 
allowing  ...)
        NOT-FOR-US: GAT-Ship Web Module
 CVE-2015-9284 (The request phase of the OmniAuth Ruby gem is vulnerable to 
Cross-Site ...)
@@ -13220,7 +13220,7 @@ CVE-2019-10962 (BD Alaris Gateway versions, 
1.0.13,1.1.3 Build 10,1.1.3 MR Build
 CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and 
prior, proces ...)
        NOT-FOR-US: Advantech WebAccess HMI Designer
 CVE-2019-10960 (Zebra Industrial Printers All Versions, Zebra printers are 
shipped wit ...)
-       TODO: check
+       NOT-FOR-US: Zebra Industrial Printers
 CVE-2019-10959 (BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 
MR Build ...)
        NOT-FOR-US: BD Alaris Gateway
 CVE-2019-10958



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/78de003aa262cc45d13bc87a7cdbe88926afe6f0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/78de003aa262cc45d13bc87a7cdbe88926afe6f0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process more NFUs

Reply via email to