Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
35a2cea6 by Moritz Muehlenhoff at 2019-09-25T21:09:59Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19008,65 +19008,65 @@ CVE-2019-10432
CVE-2019-10431
RESERVED
CVE-2019-10430 (Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier
stored ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10429 (Jenkins GitLab Logo Plugin stores credentials unencrypted in
its globa ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10428 (Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier
transmitted co ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10427 (Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted
configu ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10426 (Jenkins Gem Publisher Plugin stores credentials unencrypted in
its glo ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10425 (Jenkins Google Calendar Plugin stores credentials unencrypted
in job c ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10424 (Jenkins elOyente Plugin stores credentials unencrypted in its
global c ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10423 (Jenkins CodeScan Plugin stores credentials unencrypted in its
global c ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10422 (Jenkins Call Remote Job Plugin stores credentials unencrypted
in job c ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10421 (Jenkins Azure Event Grid Build Notifier Plugin stores
credentials unen ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10420 (Jenkins Assembla Plugin stores credentials unencrypted in its
global c ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10419 (Jenkins vFabric Application Director Plugin stores credentials
unencry ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10418 (Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin
provides a c ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10417 (Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
provides a c ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10416 (Jenkins Violation Comments to GitLab Plugin 2.28 and earlier
stored cr ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10415 (Jenkins Violation Comments to GitLab Plugin 2.28 and earlier
stored cr ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10414 (Jenkins Git Changelog Plugin 2.17 and earlier stored
credentials unenc ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10413 (Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored
credentials ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10412 (Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted
configured cre ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10411 (Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted
configu ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10410 (Jenkins Log Parser Plugin 2.0 and earlier did not escape an
error mess ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10409 (A missing permission check in Jenkins Project Inheritance
Plugin 2.0.0 ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10408 (A cross-site request forgery vulnerability in Jenkins Project
Inherita ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10407 (Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed
a list ...)
- TODO: check
+ NOT-FOR-US: Jenkins plugin
CVE-2019-10406 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not
restrict or ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2019-10405 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the
value o ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2019-10404 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not
escape the ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2019-10403 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not
escape the ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2019-10402 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the
f:combobox ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2019-10401 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the
f:expandabl ...)
- TODO: check
+ NOT-FOR-US: Jenkins
CVE-2019-10400 (A sandbox bypass vulnerability in Jenkins Script Security
Plugin 1.62 ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10399 (A sandbox bypass vulnerability in Jenkins Script Security
Plugin 1.62 ...)
@@ -19383,7 +19383,7 @@ CVE-2019-10255 (An Open Redirect vulnerability for all
browsers in Jupyter Noteb
CVE-2019-10254 (In MISP before 2.4.105, the app/View/Layouts/default.ctp
default layou ...)
NOT-FOR-US: MISP
CVE-2019-10253 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
TeamMate+ ...)
- TODO: check
+ NOT-FOR-US: TeamMate+
CVE-2019-10252
RESERVED
CVE-2019-10251 (The UCWeb UC Browser application through 2019-03-26 for
Android uses H ...)
@@ -20123,7 +20123,7 @@ CVE-2019-10061 (utils/find-opencv.js in node-opencv
(aka OpenCV bindings for Nod
CVE-2019-10060 (The Verix Multi-app Conductor application 2.7 for Verifone
Verix suffe ...)
NOT-FOR-US: Verix Multi-app Conductor application for Verifone Verix
CVE-2019-10059 (The legacy finger service (TCP port 79) is enabled by default
on vario ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2019-10058 (Various Lexmark products have Incorrect Access Control. ...)
NOT-FOR-US: Lexmark
CVE-2019-10057 (Various Lexmark products have CSRF. ...)
@@ -22086,15 +22086,15 @@ CVE-2019-9683
CVE-2019-9682
RESERVED
CVE-2019-9681 (Online upgrade information in some firmware packages of Dahua
products ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2019-9680 (Some Dahua products have information leakage issues. Attackers
can obt ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2019-9679 (Some of Dahua's Debug functions do not have permission
separation. Low ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2019-9678 (Some Dahua products have the problem of denial of service
during the l ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2019-9677 (The specific fields of CGI interface of some Dahua products are
not st ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2019-9676 (Buffer overflow vulnerability found in some Dahua IP Camera
devices IP ...)
NOT-FOR-US: Dahua IP Camera devices
CVE-2019-9675 (** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27
and 7. ...)
@@ -24012,9 +24012,9 @@ CVE-2019-9011
CVE-2019-9010 (An issue was discovered in 3S-Smart CODESYS V3 products. The
CODESYS G ...)
NOT-FOR-US: 3S-Smart CODESYS V3
CVE-2019-9009 (An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 .
Crafted ...)
- TODO: check
+ NOT-FOR-US: 3S-Smart
CVE-2019-9008 (An issue was discovered in 3S-Smart CODESYS V3 through
3.5.12.30. A us ...)
- TODO: check
+ NOT-FOR-US: 3S-Smart
CVE-2019-9007
RESERVED
CVE-2019-9006
@@ -25675,13 +25675,13 @@ CVE-2019-8373
CVE-2019-8372 (The LHA.sys driver before 1.1.1811.2101 in LG Device Manager
exposes f ...)
NOT-FOR-US: LG
CVE-2019-8371 (OpenEMR v5.0.1-6 allows code execution. ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2019-8370
RESERVED
CVE-2019-8369
RESERVED
CVE-2019-8368 (OpenEMR v5.0.1-6 allows XSS. ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2019-8367
RESERVED
CVE-2019-8366
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/35a2cea603c0c73ad7e5b4d94ff73dd06a3ced45
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/35a2cea603c0c73ad7e5b4d94ff73dd06a3ced45
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
